Rights Management with NFC Smartphones and Electronic ID Cards: A Proof of Concept for Modern Car Sharing

  • Timo Kasper
  • Alexander Kühn
  • David Oswald
  • Christian Zenger
  • Christof Paar
Conference paper

DOI: 10.1007/978-3-642-41332-2_3

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8262)
Cite this paper as:
Kasper T., Kühn A., Oswald D., Zenger C., Paar C. (2013) Rights Management with NFC Smartphones and Electronic ID Cards: A Proof of Concept for Modern Car Sharing. In: Hutter M., Schmidt JM. (eds) Radio Frequency Identification. RFIDSec 2013. Lecture Notes in Computer Science, vol 8262. Springer, Berlin, Heidelberg

Abstract

Numerous contactless smartcards (and the corresponding RFID readers) are compatible with NFC, e.g., Mifare cards and the governmental ID card in Germany called nPA. NFC-enabled smartphones and other NFC objects such as door locks have become widespread. Existing and future applications of the up-and-coming technology require a secure way of assigning and transporting user rights, e.g., for opening and starting a car or access control to a building. In this paper, we propose a scheme that securely identifies a customer on a website and creates a (personalized) credential containing the booked access permissions. This credential is safely transported via the Internet to the user’s smartphone and finally grants access to an NFC-enabled object. In our proof-of-concept implementation, an application on a commercial smartphone is used for communicating with a web server of a car rental agency. During the booking process, the phone operates as an RFID reader to interrogate the nPA of the user and utilizes the security mechanisms of the nPA, including the PACE protocol, for identifying the customer. After having obtained the credential, the smartphone emulates a Mifare DESFire card that is read by the NFC door lock of a rental car to verify the validity of the access permission. We discuss security issues and limitations of our approach.

Keywords

German electronic identity card User rights management Car sharing Smartphone NFC Contactless smartcard emulation 

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Timo Kasper
    • 1
  • Alexander Kühn
    • 1
  • David Oswald
    • 1
  • Christian Zenger
    • 1
  • Christof Paar
    • 1
  1. 1.Horst Görtz Institute for IT SecurityRuhr-University BochumBochumGermany

Personalised recommendations