Security and Privacy Protection of Contactless Devices

  • Olivier Savry
  • François Vacherand
Conference paper


This chapter presents some new developments for the security and privacy protection of the future contactless smart devices. The main objective is to anticipate the forthcoming expectation from consumers and citizens for high level of trust and confidence about the next contactless nomadic devices by creating a private sphere where they will have full control to manage contactless transactions. The first objective is to build some mechanism and probably associated specific devices to offer to the user the capabilities for privacy management with the awareness of the local RF activity, the avoidance of any digital transaction without the consent of the owner of the data, the control of all the exchanged data with checking through a display, and the personal management of black lists of nonauthorized devices. To raise trust and confidence, these functions would be managed by a specific device, a so-called Contactless Privacy Manager that will be user-centric. The second objective is to secure the contactless link in order to provide a private data exchange with noisy readers.


Smart Device Differential Power Analysis Electronic Purse Relay Attack Contactless Card 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Federal Office for Information Security (2004) Security aspects and prospective applications of RFID systems. GermanyGoogle Scholar
  2. 2.
    Ko G, Karger P (2004) Preventing security and privacy attacks on machine readable travel documents. In: Security and Privacy for Emerging Areas in Communications Networks, SecureComm 2005, pp. 47–58, University of Columbia and IBM Research DivisionGoogle Scholar
  3. 3.
    Schneier B (2005) Fatal flaw weakens RFID passports. In: Wired News, n°69453Google Scholar
  4. 4.
    Savry O, Vacherand F, Crochon E (2004) Contactless privacy protection device. Patent WO2006/035177Google Scholar
  5. 5.
    Kfir Z, Wool A (2004) Picking virtual pockets using relay attacks on contactless smartcard systems. In: Security and Privacy for Emerging Areas in Communications Networks, SecureComm 2005, pp. 47–58Google Scholar
  6. 6.
    Hancke G (2004) A practical relay Attack on ISO 14443 Proximity Cards. In: IEEE Symposium on Security and Privacy (S&P’06)Google Scholar
  7. 7.
    Juels A et al (2003) The blocker tag: selective blocking of RFID tags for consumer privacy. In: 8th ACM Conference on Computer and Communications Security, pp. 103–111, ACM PressGoogle Scholar
  8. 8.
    Garfinkel SL, Juels A, Pappu R (2005) RFID privacy: An overview of problems and proposed solutions. In: IEEE security and privacy, vol. 3, no. 3, pp. 34–43, IEEE Computer SocietyGoogle Scholar
  9. 9.
    Castelluccia C, Avoine G (2006) Noisy tags: a pretty good key exchange protocol for RFID. In: Domingo-Ferrer J, Posegga J, Schreckling D (eds.) CARDIS No7, vol. 3928, pp. 289–299, Springer-Verlag, Tarragona, ESPAGNE (2006)Google Scholar
  10. 10.
    Savry O, Pebay-Peyroula F, Reverdy J, Robert G (2007) The RFID noisy reader: how to prevent from the eavesdropping on the communication. In: Paillier P, Verbauwhede I (eds.) Cryptographic Hardware and Embedded Systems - CHES 2007, vol. 4727, pp. 334–345, SpringerGoogle Scholar
  11. 11.
    Kirschenbaum I, Wool A (2006) How to build a low-cost, extended-range RFID skimmer. In: Proceedings of the 15th conference on USENIX Security Symposium, vol. 15, USENIX AssociationGoogle Scholar
  12. 12.
    Rieback M et al (2006) A platform for RFID security and privacy administration. In: Proceedings of the 20th conference on Large Installation System Administration, pp. 8–16, Usenix AssociationGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  1. 1.Commissariat à l’énergie atomique, LETIGrenobleFrance

Personalised recommendations