Skip to main content
SpringerLink
Log in

Introduction

  • Chapter
  • First Online:
Book cover Security Issues in Mobile NFC Devices

Part of the book series: T-Labs Series in Telecommunication Services ((TLABS))

  • 1808 Accesses

Abstract

This book aims for assessing the actual state of Near Field Communication (NFC) security, for discovering new attack scenarios and for providing concepts and solutions to overcome any identified unresolved issues. This chapter gives an overview of the motivation, the objectives, the approach, the contributions and the outline of this work.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Examples for application market places are Google’s Play Store and Apple’s App store.

References

  1. Anderson, R.: Position statement in RFID S&P panel: RFID and the middleman. In: Financial Cryptography and Data Security. LNCS, vol. 4886/2007, pp. 46–49. Springer, Berlin (2007). doi:10.1007/978-3-540-77366-5_6

  2. Berger, P.: RIM adds two more NFC BlackBerrys. Near Field Communications World. http://www.nfcworld.com/2011/11/21/311404/ (2011)

  3. Clark, M.: Virgin mobile adds gWallet phone. Near Field Communications World. http://www.nfcworld.com/2012/05/11/315619/ (2012)

  4. Clark, S.: NFC Forum spec adds digital signatures to prevent tag tampering. Near Field Communications World. http://www.nfcworld.com/2010/02/11/32704/ (2010)

  5. Clark, S.: 630m NFC phones in 2015. Near Field Communications World. http://www.nfcworld.com/2011/09/30/310342/ (2011)

  6. Clark, S.: Acer to include NFC in all its Android phones. Near Field Communications World. http://www.nfcworld.com/2011/11/08/311164/ (2011)

  7. Clark, S.: Nokia unveils N9 NFC phone. Near Field Communications World. http://www.nfcworld.com/2011/06/21/38138/ (2011)

  8. Clark, S.: RIM unveils BlackBerry Bold 9900 and 9930 NFC phones. Near Field Communications World. http://www.nfcworld.com/2011/05/02/37197/ (2011)

  9. Clark, S.: Samsung and Google unveil Galaxy Nexus NFC phone. Near Field Communications World. http://www.nfcworld.com/2011/10/19/310772/ (2011)

  10. Clark, S.: 200m NFC phones in 2012. Near Field Communications World. http://www.nfcworld.com/2012/01/25/312711/ (2012)

  11. Clark, S.: Samsung Galaxy S III expands NFC P2P capabilities with S Beam for faster file transfers. Near Field Communications World. http://www.nfcworld.com/2012/05/04/315501/ (2012)

  12. Davies, J.: Hands on: The Lumia 610, Nokia’s first Windows NFC phone. Near Field Communications World. http://www.nfcworld.com/2012/04/11/315025/ (2012)

  13. Die Presse: Linzer Forscher löst Sicherheitsproblem für Google. DiePresse.com. http://diepresse.com/home/techscience/mobil/android/1304511/ (2012)

  14. Epstein, Z.: Berg: Smartphone shipments grew 74 % in 2010. BGR. http://www.bgr.com/2011/03/10/berg-smartphone-shipments-grew-74-in-2010/ (2011)

  15. European Payments Council (EPC) and GSMA: Mobile contactless payments service management roles requirements and specifications, version 2.0. Technical report EPC 220–08. http://www.gsma.com/mobilenfc/mobile-contactless-payments-service-management-roles-requirements-and-specifications-october-2010/ (2010)

  16. Francis, L., Hancke, G.P., Mayes, K.E., Markantonakis, K.: Practical NFC peer-to-peer relay attack using mobile phones. In: Radio Frequency Identification: Security and Privacy Issues. LNCS, vol. 6370/2010, pp. 35–49. Springer, Berlin (2010). doi:10.1007/978-3-642-16822-2_4

  17. Francis, L., Hancke, G.P., Mayes, K.E., Markantonakis, K.: Practical relay attack on contactless transactions by using NFC mobile phones. Cryptology ePrint Archive, Report 2011/618. http://eprint.iacr.org/2011/618 (2011)

  18. GlobalPlatform: GlobalPlatform’s Proposition for NFC Mobile: Secure Element Management and Messaging. White paper. http://www.globalplatform.org/documents/GlobalPlatform_NFC_Mobile_White_Paper.pdf (2009)

  19. GlobalPlatform Mobile Task Force: Requirements for NFC mobile: management of multiple secure elements, version 1.0. Technical report GP\_REQ\_004. http://www.globalplatform.org/documents/whitepapers/GlobalPlatform_Requirements_Secure_Elements.pdf (2010)

  20. Google: Google—Application Security—Hall of Fame—Honorable Mention. http://www.google.com/about/appsecurity/hall-of-fame/distinction/ (2014). Accessed Dec 2014

  21. GSMA: Mobile NFC services, version 1.0. White paper (2007)

    Google Scholar 

  22. GSMA: Mobile NFC technical guidelines, version 2.0. White paper (2007)

    Google Scholar 

  23. GSMA: Pay-Buy-Mobile–Business opportunity analysis, version 1.0. White paper. http://www.gsma.com/mobilenfc/pay-buy-mobile-business-opportunity-analysis-november-2007/ (2007)

  24. Habringer, A.: Drei Buchstaben beherrschen seine Welt. Oberösterreichische Nachrichten. http://www.nachrichten.at/oberoesterreich/art4,996318 (2012)

  25. Hancke, G.P.: A practical relay attack on ISO 14443 proximity cards. http://www.rfidblog.org.uk/hancke-rfidrelay.pdf (2005). Accessed Sept 2011

  26. Hancke, G.P., Mayes, K.E., Markantonakis, K.: Confidence in smart token proximity: relay attacks revisited. Comput. Secur. 28(7), 615–627 (2009). doi:10.1016/j.cose.2009.06.001

    Article  Google Scholar 

  27. Haselsteiner, E., Breitfuß, K.: Security in Near Field Communication (NFC)–strengths and weaknesses. In: Workshop on RFID Security 2006 (RFIDsec 06). Graz, Austria. http://events.iaik.tugraz.at/RFIDSec06/Program/papers/002%20-%20Security%20in%20NFC.pdf (2006)

  28. Kfir, Z., Wool, A.: Picking virtual pockets using relay attacks on contactless smartcard. In: Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm 2005), pp. 47–58. IEEE, Athens, Greece (2005). doi:10.1109/SECURECOMM.2005.32

  29. Langer, J., Roland, M.: Anwendungen und Technik von Near Field Communication (NFC). Springer, Berlin Heidelberg (2010)

    Book  Google Scholar 

  30. Madlmayr, G.: A mobile trusted computing architecture for a Near Field Communication ecosystem. In: Proceedings of the 10th International Conference on Information Integration and Web-based Applications and Services (iiWAS2008), pp. 563–566. ACM, Linz, Austria (2008). doi:10.1145/1497308.1497411

  31. Madlmayr, G.: Eine mobile Service Architektur für ein sicheres NFC Ökosystem. Ph.D. thesis, Johannes Kepler Universität Linz, Institut für Computational Perception (2009)

    Google Scholar 

  32. Madlmayr, G., Dillinger, O., Langer, J., Scharinger, J.: Management of multiple cards in NFC-Devices. In: Smart card research and advanced applications. LNCS, vol. 5189/2008, pp. 149–161. Springer, London (2008). doi:10.1007/978-3-540-85893-5_11

  33. Madlmayr, G., Langer, J., Kantner, C., Scharinger, J.: NFC devices: security and privacy. In: Proceedings of the Third International Conference on Availability, Reliability and Security (ARES ’08), pp. 642–647. IEEE, Barcelona, Spain (2008). doi:10.1109/ARES.2008.105

  34. Madlmayr, G., Langer, J., Kantner, C., Scharinger, J., Schaumüller-Bichl, I.: Risk analysis of over-the-air transactions in an NFC ecosystem. In: Proceedings of the First International Workshop on Near Field Communication (NFC ’09), pp. 87–92. IEEE, Hagenberg, Austria (2009). doi:10.1109/NFC.2009.17

  35. Madlmayr, G., Langer, J., Scharinger, J.: Managing an NFC ecosystem. In: Proceedings of the 7th International Conference on Mobile Business (ICMB 2008), pp. 95–101. IEEE, Barcelona, Spain (2008). doi:10.1109/ICMB.2008.30

  36. Miller, C.: Don’t stand so close to me: an analysis of the NFC attack surface. Briefing at BlackHat USA. Las Vegas, NV, USA (2012)

    Google Scholar 

  37. Mobey Forum, Mobile Financial Services Ltd.: Mobile device security element: key findings from technical analysis version 1.0. White paper. http://www.mobeyforum.org/content/download/344/2168/file/mobey%20forum%20security%20element%20analysis%20summary%202005.pdf (2005)

  38. Mulliner, C.: Vulnerability analysis and attacks on NFC-enabled mobile phones. In: Proceedings of the International Conference on Availability, Reliability and Security (ARES ’09), pp. 695–700. IEEE, Fukuoka, Japan (2009). doi:10.1109/ARES.2009.46

  39. Mulliner, C.: Hacking NFC and NDEF: why I go and look at it again. Talk at NinjaCon. Vienna, Austria. http://www.mulliner.org/nfc/feed/nfc_ndef_security_ninjacon_2011.pdf (2011)

  40. NFC Forum: Essentials for successful NFC mobile ecosystems. White paper. http://www.nfc-forum.org/resources/white_papers/NFC_Forum_Mobile_NFC_Ecosystem_White_Paper.pdf (2008)

  41. Nielsen: Generation app: 62 % of mobile users 25–34 own smartphones. Nielsenwire. http://blog.nielsen.com/nielsenwire/?p=29786 (2011)

  42. ORF: Sicherheitslücke beim Bezahlen per Handy. ORF.at. http://ooe.orf.at/news/stories/2555729/ (2012)

  43. Pumhösel, A.: Googles Geldtasche gehackt. derStandard.at. http://derstandard.at/1350260526386/Googles-Geldtasche-gehackt (2012)

  44. Reveilhac, M., Pasquet, M.: Promising secure element alternatives for NFC technology. In: Proceedings of the First International Workshop on Near Field Communication (NFC ’09), pp. 75–80. IEEE, Hagenberg, Austria (2009). doi:10.1109/NFC.2009.14

  45. Roland, M.: Applying recent secure element relay attack scenarios to the real world: Google Wallet relay attack. Computing Research Repository (CoRR). arXiv:1209.0875 (cs.CR) (2012). http://arxiv.org/abs/1209.0875

  46. Roland, M.: Security and privacy issues of the signature RTD. In: Report to the NFC Forum Security Technical Working Group. http://www.mroland.at/fileadmin/mroland/papers/201202_SignatureRTD_Security_Issues.pdf (2012)

  47. Roland, M.: Software card emulation in NFC-enabled mobile phones: great advantage or security nightmare? In: 4th International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use. Newcastle, UK. http://www.medien.ifi.lmu.de/iwssi2012/papers/iwssi-spmu2012-roland.pdf (2012)

  48. Roland, M., Langer, J.: Digital signature records for the NFC data exchange format. In: Proceedings of the Second International Workshop on Near Field Communication (NFC 2010), pp. 71–76. IEEE, Monaco (2010). doi:10.1109/NFC.2010.10

  49. Roland, M., Langer, J., Bogner, M., Wiesinger, F.: NFC im Automobil: Software bringt Ökonomie und braucht Sicherheit. In: Höfler, L., Kastner, J., Kern, T., Zauner, G. (eds.) Energieeffiziente Mobilität, Informations- und Kommunikationstechnologie, pp. 112–119. Shaker, Aachen (2010)

    Google Scholar 

  50. Roland, M., Langer, J., Scharinger, J.: Security vulnerabilities of the NDEF signature record type. In: Proceedings of the Third International Workshop on Near Field Communication (NFC 2011), pp. 65–70. IEEE, Hagenberg, Austria (2011). doi:10.1109/NFC.2011.9

  51. Roland, M., Langer, J., Scharinger, J.: Practical attack scenarios on secure element-enabled mobile devices. In: Proceedings of the Fourth International Workshop on Near Field Communication (NFC 2012), pp. 19–24. IEEE, Helsinki, Finland (2012). doi:10.1109/NFC.2012.10

  52. Roland, M., Langer, J., Scharinger, J.: Relay attacks on secure element-enabled mobile devices: virtual pickpocketing revisited. In: Information Security and Privacy Research, IFIP AICT, vol. 376/2012, pp. 1–12. Springer, Heraklion, Creete, Greece (2012). doi:10.1007/978-3-642-30436-1_1

  53. Roland, M., Langer, J., Scharinger, J.: Applying relay attacks to Google Wallet. In: Proceedings of the Fifth International Workshop on Near Field Communication (NFC 2013). IEEE, Zurich, Switzerland (2013). doi:10.1109/NFC.2013.6482441

  54. Rubin, A.: Introducing Nexus S with Gingerbread. Official Google Blog. http://googleblog.blogspot.com/2010/12/introducing-nexus-s-with-gingerbread.html (2010)

  55. Schoo, P., Paolucci, M.: Do you talk to each poster? Security and privacy for interactions with web service by means of contact free tag readings. In: Proceedings of the First International Workshop on Near Field Communication (NFC ’09), pp. 81–86. IEEE, Hagenberg, Austria (2009). doi:10.1109/NFC.2009.20

  56. Smart Card Alliance Contactless Payments Council: Proximity mobile payments: leveraging NFC and the contactless financial payments infrastructure. White paper. http://www.smartcardalliance.org/resources/lib/Proximity_Mobile_Payments_200709.pdf (2007)

  57. StoLPaN: Dynamic management of multi-application secure elements. White paper. http://www.nfc-forum.org/resources/white_papers/Stolpan_White_Paper_08.pdf (2008)

  58. Verdult, R., Kooman, F.: Practical attacks on NFC enabled cell phones. In: Proceedings of the Third International Workshop on Near Field Communication (NFC 2011), pp. 77–82. IEEE, Hagenberg, Austria (2011). doi:10.1109/NFC.2011.16

  59. Wimmer, B.: Österreicher deckt NFC-Lücke bei Google auf. Futurezone.at Technology News. http://futurezone.at/science/oesterreicher-deckt-nfc-luecke-bei-google-auf/24.586.384 (2012)

Download references

Author information

Authors and Affiliations

  1. School of Informatics/Communications/Media, University of Applied Sciences Upper Austria, Hagenberg, Austria

    Michael Roland

Authors
  1. Michael Roland
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michael Roland .

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Roland, M. (2015). Introduction. In: Security Issues in Mobile NFC Devices. T-Labs Series in Telecommunication Services. Springer, Cham. https://doi.org/10.1007/978-3-319-15488-6_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-15488-6_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-15487-9

  • Online ISBN: 978-3-319-15488-6

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation