Contactless Security Token Enhanced Security by Using New Hardware Features in Cryptographic-Based Security Mechanisms

  • Markus UllmannEmail author
  • Matthias Vögeler
Part of the Information Security and Cryptography book series (ISC)


Contact-based smart cards are widely accepted. What are then the reasons for focussing on contactless cards in recent times? First, because of the abrasion of the physical contacts, contact-based smart cards have a shorter lifetime compared to contactless cards. Second, contactless interfaces do not need to comply with mechanical form factors.


Time Server Smart Card Time Stamp Time Synchronization Authentication Protocol 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    M. Abdalla, P.A. Fouque, D. Pointcheval, in Password-Based Authenticated Key Exchange in the Three-Party Setting. Proceedings Public Key Cryptography (PKC 2005). Lecture Notes in Computer Science, vol. 3386 (Springer, Heidelberg, 2005), pp. 65–84Google Scholar
  2. 2.
    M. Bellare, D. Pointcheval, P. Rogaway, in Authenticated Key Exchange Secure Against Dictionary Attacks. Proceedings Eurocrypt 2000. Lecture Notes in Computer Science, vol. 1807 (Springer, Heidelberg, 2000), pp. 139–155Google Scholar
  3. 3.
    S.M. Bellovin, M. Merritt, in Augmented Encrypted Key Exchange: Password-Based Protocol Secure Against Dictionary Attacks. Proceedings of the Symposium on Research in Security and Privacy (IEEE Computer Society Press, Oakland, CA, 1992)Google Scholar
  4. 4.
    J. Bender, M. Fischlin, D. Kügler, in Security Analysis of the PACE Key-Agreement Protocol. Proceedings Information Security Conference 2009. Lectures Notes in Computer Science, vol. 5735 (Springer, Berlin, Heidelberg, 2009), pp. 33–48Google Scholar
  5. 5.
    T. Bert, H.D. Smert, F. Beunis, K. Neyts, Complete electrical and optical simulation of electronic paper. Displays J. 27(2), 50–55 (2006)CrossRefGoogle Scholar
  6. 6.
    Brainpool: ECC Brainpool Standard Curves and Curve Generation, Version 1.0, available online at, 2005
  7. 7.
    BSI: Technical Guideline TR-03110: Advanced Security Mechanisms for Machine Readable Travel Documents Extended Access Control (EAC) and Password Authenticated Connection Establishment (PACE). Version 2.0, February 2008Google Scholar
  8. 8.
    BSI: Technical Guideline TR-03111, Elliptic Curve Cryptography, Version 1.10, available online at:, 2008
  9. 9.
    European Radiocommunication Committee (ERC) within the European Conference of Postal, Telecommunications Administrations: Propagation Model and Interference Range Calculation for Inductive Systems 10 KHz–30 MHz. Marbella, Feb 1999Google Scholar
  10. 10.
    IETF: Network Time Protocol (Version 3), Mills, D., March 1992Google Scholar
  11. 11.
    ISO/IEC: ISO/IEC 144443 contactless Integrated Circuits Cards, Part 1–4: Physical Characteristics (1), Radio Frequency Power and Signal Interface (2), Initialization and Anticollision (3) and, Transmission Protocol (4), 2000Google Scholar
  12. 12.
    D. Jablon, List of Research Paper on Password-Based Cryptography, available online at, 2008
  13. 13.
    Z. Kfir, A. Wool, in Picking Virtual Pockets Using Relay Attacks on Contact-less Smartcard Systems. Proceedings of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks (IEEE Computer Society Press, Silver Spring, MD, 2005)Google Scholar
  14. 14.
    T. Kwon, Practical Authenticated Key Agreement Using Passwords, long paper available online:, 2003
  15. 15.
    T. Kwon, in Practical Authenticated Key Agreement using Passwords. Information Security. Lecture Notes in Computer Science, vol. 3225 (Springer, Berlin, Heidelberg, Sept 2004), pp. 1–12Google Scholar
  16. 16.
    R. Nithyanand, G. Tsudik, E. Uzun, Readers Behaving Badly: Reader Revocation in PKI-Based RFID Systems. Cryptology ePrint Archive, Report 2009/465, 2009.
  17. 17.
    NXP: ISO/IEC 14443 Eavesdropping and Activation Distance, 13,56 MHz Proximity Smart Cards, Application Note. Rev. 1.01, Jan 2008Google Scholar
  18. 18.
    Physikalisch-Technische Bundesanstalt: Coordinated Universal Time, available online at
  19. 19.
    J. Tsang, K. Beznosov, in A Security Analysis of the Precise Time Protocol (Short Paper). Proceedings of the 8th International Conference on Information and Communication Security (ICICS 2006), Raleigh, NC, USA, Nov 2006, pp. 50–59Google Scholar
  20. 20.
    M. Ullmann, in Flexible Visual Display Unit as Security Enforcing Component for Contactless Smart Card Systems. 1st International EURASIP Workshop on RFID Technology (RFID 2007), Vienna, Austria, 2007, pp. 87–90Google Scholar
  21. 21.
    M. Ullmann, D. Kügler, H. Neumann, S. Stappert, M. Vögeler, in Password Authenticated Key Agreement for Contactless Smart Cards. 4th Workshop on RFID Security (RFIDSec 2008), Budapest, Hungary, 2008, pp. 140–161Google Scholar
  22. 22.
    M. Ullmann, M. Vögeler, in Delay Attacks - Implication on NTP and PTP Time Synchronization. Proceedings of the International IEEE Symposium on Precision Clock Synchronization for Measurement, Control and Communication, ISPCS 2009, Brescia, Italy, 2009, pp. 97–102Google Scholar
  23. 23.
    L. Viganò, Automated security protocol analysis with the AVISPA tool. Electr. Notes Theor. Comput. Sci. 155, 61–86 (2006)CrossRefGoogle Scholar
  24. 24.
    Wikipedia: Unix time, available online at

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  1. 1.Bonn-Rhine-Sieg University of Applied SciencesSankt AugustinGermany
  2. 2.Bundesamt für Sicherheit in der InformationstechnikBonnGermany
  3. 3.NXP SemiconductorsBusiness Line IdentificationHamburgGermany

Personalised recommendations