Abstract
This book aims for assessing the actual state of Near Field Communication (NFC) security, for discovering new attack scenarios and for providing concepts and solutions to overcome any identified unresolved issues. This chapter gives an overview of the motivation, the objectives, the approach, the contributions and the outline of this work.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Examples for application market places are Google’s Play Store and Apple’s App store.
References
Anderson, R.: Position statement in RFID S&P panel: RFID and the middleman. In: Financial Cryptography and Data Security. LNCS, vol. 4886/2007, pp. 46–49. Springer, Berlin (2007). doi:10.1007/978-3-540-77366-5_6
Berger, P.: RIM adds two more NFC BlackBerrys. Near Field Communications World. http://www.nfcworld.com/2011/11/21/311404/ (2011)
Clark, M.: Virgin mobile adds gWallet phone. Near Field Communications World. http://www.nfcworld.com/2012/05/11/315619/ (2012)
Clark, S.: NFC Forum spec adds digital signatures to prevent tag tampering. Near Field Communications World. http://www.nfcworld.com/2010/02/11/32704/ (2010)
Clark, S.: 630m NFC phones in 2015. Near Field Communications World. http://www.nfcworld.com/2011/09/30/310342/ (2011)
Clark, S.: Acer to include NFC in all its Android phones. Near Field Communications World. http://www.nfcworld.com/2011/11/08/311164/ (2011)
Clark, S.: Nokia unveils N9 NFC phone. Near Field Communications World. http://www.nfcworld.com/2011/06/21/38138/ (2011)
Clark, S.: RIM unveils BlackBerry Bold 9900 and 9930 NFC phones. Near Field Communications World. http://www.nfcworld.com/2011/05/02/37197/ (2011)
Clark, S.: Samsung and Google unveil Galaxy Nexus NFC phone. Near Field Communications World. http://www.nfcworld.com/2011/10/19/310772/ (2011)
Clark, S.: 200m NFC phones in 2012. Near Field Communications World. http://www.nfcworld.com/2012/01/25/312711/ (2012)
Clark, S.: Samsung Galaxy S III expands NFC P2P capabilities with S Beam for faster file transfers. Near Field Communications World. http://www.nfcworld.com/2012/05/04/315501/ (2012)
Davies, J.: Hands on: The Lumia 610, Nokia’s first Windows NFC phone. Near Field Communications World. http://www.nfcworld.com/2012/04/11/315025/ (2012)
Die Presse: Linzer Forscher löst Sicherheitsproblem für Google. DiePresse.com. http://diepresse.com/home/techscience/mobil/android/1304511/ (2012)
Epstein, Z.: Berg: Smartphone shipments grew 74 % in 2010. BGR. http://www.bgr.com/2011/03/10/berg-smartphone-shipments-grew-74-in-2010/ (2011)
European Payments Council (EPC) and GSMA: Mobile contactless payments service management roles requirements and specifications, version 2.0. Technical report EPC 220–08. http://www.gsma.com/mobilenfc/mobile-contactless-payments-service-management-roles-requirements-and-specifications-october-2010/ (2010)
Francis, L., Hancke, G.P., Mayes, K.E., Markantonakis, K.: Practical NFC peer-to-peer relay attack using mobile phones. In: Radio Frequency Identification: Security and Privacy Issues. LNCS, vol. 6370/2010, pp. 35–49. Springer, Berlin (2010). doi:10.1007/978-3-642-16822-2_4
Francis, L., Hancke, G.P., Mayes, K.E., Markantonakis, K.: Practical relay attack on contactless transactions by using NFC mobile phones. Cryptology ePrint Archive, Report 2011/618. http://eprint.iacr.org/2011/618 (2011)
GlobalPlatform: GlobalPlatform’s Proposition for NFC Mobile: Secure Element Management and Messaging. White paper. http://www.globalplatform.org/documents/GlobalPlatform_NFC_Mobile_White_Paper.pdf (2009)
GlobalPlatform Mobile Task Force: Requirements for NFC mobile: management of multiple secure elements, version 1.0. Technical report GP\_REQ\_004. http://www.globalplatform.org/documents/whitepapers/GlobalPlatform_Requirements_Secure_Elements.pdf (2010)
Google: Google—Application Security—Hall of Fame—Honorable Mention. http://www.google.com/about/appsecurity/hall-of-fame/distinction/ (2014). Accessed Dec 2014
GSMA: Mobile NFC services, version 1.0. White paper (2007)
GSMA: Mobile NFC technical guidelines, version 2.0. White paper (2007)
GSMA: Pay-Buy-Mobile–Business opportunity analysis, version 1.0. White paper. http://www.gsma.com/mobilenfc/pay-buy-mobile-business-opportunity-analysis-november-2007/ (2007)
Habringer, A.: Drei Buchstaben beherrschen seine Welt. Oberösterreichische Nachrichten. http://www.nachrichten.at/oberoesterreich/art4,996318 (2012)
Hancke, G.P.: A practical relay attack on ISO 14443 proximity cards. http://www.rfidblog.org.uk/hancke-rfidrelay.pdf (2005). Accessed Sept 2011
Hancke, G.P., Mayes, K.E., Markantonakis, K.: Confidence in smart token proximity: relay attacks revisited. Comput. Secur. 28(7), 615–627 (2009). doi:10.1016/j.cose.2009.06.001
Haselsteiner, E., Breitfuß, K.: Security in Near Field Communication (NFC)–strengths and weaknesses. In: Workshop on RFID Security 2006 (RFIDsec 06). Graz, Austria. http://events.iaik.tugraz.at/RFIDSec06/Program/papers/002%20-%20Security%20in%20NFC.pdf (2006)
Kfir, Z., Wool, A.: Picking virtual pockets using relay attacks on contactless smartcard. In: Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm 2005), pp. 47–58. IEEE, Athens, Greece (2005). doi:10.1109/SECURECOMM.2005.32
Langer, J., Roland, M.: Anwendungen und Technik von Near Field Communication (NFC). Springer, Berlin Heidelberg (2010)
Madlmayr, G.: A mobile trusted computing architecture for a Near Field Communication ecosystem. In: Proceedings of the 10th International Conference on Information Integration and Web-based Applications and Services (iiWAS2008), pp. 563–566. ACM, Linz, Austria (2008). doi:10.1145/1497308.1497411
Madlmayr, G.: Eine mobile Service Architektur für ein sicheres NFC Ökosystem. Ph.D. thesis, Johannes Kepler Universität Linz, Institut für Computational Perception (2009)
Madlmayr, G., Dillinger, O., Langer, J., Scharinger, J.: Management of multiple cards in NFC-Devices. In: Smart card research and advanced applications. LNCS, vol. 5189/2008, pp. 149–161. Springer, London (2008). doi:10.1007/978-3-540-85893-5_11
Madlmayr, G., Langer, J., Kantner, C., Scharinger, J.: NFC devices: security and privacy. In: Proceedings of the Third International Conference on Availability, Reliability and Security (ARES ’08), pp. 642–647. IEEE, Barcelona, Spain (2008). doi:10.1109/ARES.2008.105
Madlmayr, G., Langer, J., Kantner, C., Scharinger, J., Schaumüller-Bichl, I.: Risk analysis of over-the-air transactions in an NFC ecosystem. In: Proceedings of the First International Workshop on Near Field Communication (NFC ’09), pp. 87–92. IEEE, Hagenberg, Austria (2009). doi:10.1109/NFC.2009.17
Madlmayr, G., Langer, J., Scharinger, J.: Managing an NFC ecosystem. In: Proceedings of the 7th International Conference on Mobile Business (ICMB 2008), pp. 95–101. IEEE, Barcelona, Spain (2008). doi:10.1109/ICMB.2008.30
Miller, C.: Don’t stand so close to me: an analysis of the NFC attack surface. Briefing at BlackHat USA. Las Vegas, NV, USA (2012)
Mobey Forum, Mobile Financial Services Ltd.: Mobile device security element: key findings from technical analysis version 1.0. White paper. http://www.mobeyforum.org/content/download/344/2168/file/mobey%20forum%20security%20element%20analysis%20summary%202005.pdf (2005)
Mulliner, C.: Vulnerability analysis and attacks on NFC-enabled mobile phones. In: Proceedings of the International Conference on Availability, Reliability and Security (ARES ’09), pp. 695–700. IEEE, Fukuoka, Japan (2009). doi:10.1109/ARES.2009.46
Mulliner, C.: Hacking NFC and NDEF: why I go and look at it again. Talk at NinjaCon. Vienna, Austria. http://www.mulliner.org/nfc/feed/nfc_ndef_security_ninjacon_2011.pdf (2011)
NFC Forum: Essentials for successful NFC mobile ecosystems. White paper. http://www.nfc-forum.org/resources/white_papers/NFC_Forum_Mobile_NFC_Ecosystem_White_Paper.pdf (2008)
Nielsen: Generation app: 62 % of mobile users 25–34 own smartphones. Nielsenwire. http://blog.nielsen.com/nielsenwire/?p=29786 (2011)
ORF: Sicherheitslücke beim Bezahlen per Handy. ORF.at. http://ooe.orf.at/news/stories/2555729/ (2012)
Pumhösel, A.: Googles Geldtasche gehackt. derStandard.at. http://derstandard.at/1350260526386/Googles-Geldtasche-gehackt (2012)
Reveilhac, M., Pasquet, M.: Promising secure element alternatives for NFC technology. In: Proceedings of the First International Workshop on Near Field Communication (NFC ’09), pp. 75–80. IEEE, Hagenberg, Austria (2009). doi:10.1109/NFC.2009.14
Roland, M.: Applying recent secure element relay attack scenarios to the real world: Google Wallet relay attack. Computing Research Repository (CoRR). arXiv:1209.0875 (cs.CR) (2012). http://arxiv.org/abs/1209.0875
Roland, M.: Security and privacy issues of the signature RTD. In: Report to the NFC Forum Security Technical Working Group. http://www.mroland.at/fileadmin/mroland/papers/201202_SignatureRTD_Security_Issues.pdf (2012)
Roland, M.: Software card emulation in NFC-enabled mobile phones: great advantage or security nightmare? In: 4th International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use. Newcastle, UK. http://www.medien.ifi.lmu.de/iwssi2012/papers/iwssi-spmu2012-roland.pdf (2012)
Roland, M., Langer, J.: Digital signature records for the NFC data exchange format. In: Proceedings of the Second International Workshop on Near Field Communication (NFC 2010), pp. 71–76. IEEE, Monaco (2010). doi:10.1109/NFC.2010.10
Roland, M., Langer, J., Bogner, M., Wiesinger, F.: NFC im Automobil: Software bringt Ökonomie und braucht Sicherheit. In: Höfler, L., Kastner, J., Kern, T., Zauner, G. (eds.) Energieeffiziente Mobilität, Informations- und Kommunikationstechnologie, pp. 112–119. Shaker, Aachen (2010)
Roland, M., Langer, J., Scharinger, J.: Security vulnerabilities of the NDEF signature record type. In: Proceedings of the Third International Workshop on Near Field Communication (NFC 2011), pp. 65–70. IEEE, Hagenberg, Austria (2011). doi:10.1109/NFC.2011.9
Roland, M., Langer, J., Scharinger, J.: Practical attack scenarios on secure element-enabled mobile devices. In: Proceedings of the Fourth International Workshop on Near Field Communication (NFC 2012), pp. 19–24. IEEE, Helsinki, Finland (2012). doi:10.1109/NFC.2012.10
Roland, M., Langer, J., Scharinger, J.: Relay attacks on secure element-enabled mobile devices: virtual pickpocketing revisited. In: Information Security and Privacy Research, IFIP AICT, vol. 376/2012, pp. 1–12. Springer, Heraklion, Creete, Greece (2012). doi:10.1007/978-3-642-30436-1_1
Roland, M., Langer, J., Scharinger, J.: Applying relay attacks to Google Wallet. In: Proceedings of the Fifth International Workshop on Near Field Communication (NFC 2013). IEEE, Zurich, Switzerland (2013). doi:10.1109/NFC.2013.6482441
Rubin, A.: Introducing Nexus S with Gingerbread. Official Google Blog. http://googleblog.blogspot.com/2010/12/introducing-nexus-s-with-gingerbread.html (2010)
Schoo, P., Paolucci, M.: Do you talk to each poster? Security and privacy for interactions with web service by means of contact free tag readings. In: Proceedings of the First International Workshop on Near Field Communication (NFC ’09), pp. 81–86. IEEE, Hagenberg, Austria (2009). doi:10.1109/NFC.2009.20
Smart Card Alliance Contactless Payments Council: Proximity mobile payments: leveraging NFC and the contactless financial payments infrastructure. White paper. http://www.smartcardalliance.org/resources/lib/Proximity_Mobile_Payments_200709.pdf (2007)
StoLPaN: Dynamic management of multi-application secure elements. White paper. http://www.nfc-forum.org/resources/white_papers/Stolpan_White_Paper_08.pdf (2008)
Verdult, R., Kooman, F.: Practical attacks on NFC enabled cell phones. In: Proceedings of the Third International Workshop on Near Field Communication (NFC 2011), pp. 77–82. IEEE, Hagenberg, Austria (2011). doi:10.1109/NFC.2011.16
Wimmer, B.: Österreicher deckt NFC-Lücke bei Google auf. Futurezone.at Technology News. http://futurezone.at/science/oesterreicher-deckt-nfc-luecke-bei-google-auf/24.586.384 (2012)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Roland, M. (2015). Introduction. In: Security Issues in Mobile NFC Devices. T-Labs Series in Telecommunication Services. Springer, Cham. https://doi.org/10.1007/978-3-319-15488-6_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-15488-6_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-15487-9
Online ISBN: 978-3-319-15488-6
eBook Packages: EngineeringEngineering (R0)