Rights Management with NFC Smartphones and Electronic ID Cards: A Proof of Concept for Modern Car Sharing

  • Timo KasperEmail author
  • Alexander Kühn
  • David Oswald
  • Christian Zenger
  • Christof Paar
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8262)


Numerous contactless smartcards (and the corresponding RFID readers) are compatible with NFC, e.g., Mifare cards and the governmental ID card in Germany called nPA. NFC-enabled smartphones and other NFC objects such as door locks have become widespread. Existing and future applications of the up-and-coming technology require a secure way of assigning and transporting user rights, e.g., for opening and starting a car or access control to a building. In this paper, we propose a scheme that securely identifies a customer on a website and creates a (personalized) credential containing the booked access permissions. This credential is safely transported via the Internet to the user’s smartphone and finally grants access to an NFC-enabled object. In our proof-of-concept implementation, an application on a commercial smartphone is used for communicating with a web server of a car rental agency. During the booking process, the phone operates as an RFID reader to interrogate the nPA of the user and utilizes the security mechanisms of the nPA, including the PACE protocol, for identifying the customer. After having obtained the credential, the smartphone emulates a Mifare DESFire card that is read by the NFC door lock of a rental car to verify the validity of the access permission. We discuss security issues and limitations of our approach.


German electronic identity card User rights management Car sharing Smartphone NFC Contactless smartcard emulation 


  1. 1.
    Emulating a PKI smart card with CyanogenMod 9.1.
  2. 2.
    Eastlake III, D., Hansen, T.: RFC 4634 - US Secure Hash Algorithms (SHA and HMAC-SHA). Motorola Labs and AT &T Labs, July 2006Google Scholar
  3. 3.
    ACG id. HF Multi ISO RFID Reader User Manual (2006)Google Scholar
  4. 4.
    BlackBerry. BlackBerry Bold 9900/9930 Smartphones - Safety and Product InformationGoogle Scholar
  5. 5.
    BlackBerry Support Community. Java Development - NFC Primer for Developers.
  6. 6.
    Bundesamt für Sicherheit in der Informationstechnik. Worked Example for Extended Access Control (EAC) (PACE, Chip Authentication and Terminal Authentication) (2010)Google Scholar
  7. 7.
    Carlisle Adams, S.L.: Understanding PKI: Concepts, Standards, and Deployment Considerations. Pearson Education Inc., Boston (2003)Google Scholar
  8. 8.
    Chaos Computer Club. Praktische Demonstration erheblicher Sicherheitsprobleme bei Schweizer SuisseID und deutschem elektronischen Personalausweis (2010)Google Scholar
  9. 9.
    Christina Brzuska, M.F., Dagdelen, Ö.: TLS, PACE, and EAC: A Cryptographic View at Modern Key Exchange ProtocolsGoogle Scholar
  10. 10.
  11. 11.
    Dierks, T., Rescorla, E.: RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2. RTFM, IETF, August 2008Google Scholar
  12. 12.
    Dworkin, M.: NIST Special Publication 800–38B (Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication). NIST (2005)Google Scholar
  13. 13.
    Federal Information Processing Standards. Federal Information Processing Standards Publication 180–2 - Secure Hash Standard, February 2004Google Scholar
  14. 14.
    Federal Ministry of the Interior, German Federal Republic. White Paper - Neuer Personalausweis - eID-Server und eID-Service (2011)Google Scholar
  15. 15.
    Federal Office for Information Security, German Federal Republic. Technical Guideline TR-03119 (Requirements for Smart Card Readers Supporting eID and eSign Based on Extended Access Control) (2011)Google Scholar
  16. 16.
    Federal Office for Information Security, German Federal Republic. Technical Guideline TR-03127 (Architecture electronic Identity Card and electronic Resident Permitl) (2012)Google Scholar
  17. 17.
    Federal Office for Information Security, German Federal Republic. TR-03110-2 (Advanced Security Mechanisms for Machine Readable Travel Documents – Part 2 – Extended Access Control Version 2 (EACv2), Password Authenticated Connection Establishment (PACE), and Restricted Identification (RI)) (2012)Google Scholar
  18. 18.
    Federal Office for Information Security, German Federal Republic. TR-03110-3 (Advanced Security Mechanisms for Machine Readable Travel Documents – Part 3 – Common Specifications) (2012)Google Scholar
  19. 19.
    Finke, T., Kelter, H.: Radio Frequency Identification - Abhörmöglichkeiten der Kommunikation zwischen Lesegerät und Transponder am Beispiel eines ISO14443-Systems. BSI - Bundesamt für Sicherheit in der InformationstechnikGoogle Scholar
  20. 20.
    Finkenzeller, K.: RFID-Handbuch, 3rd edn. Hanser Fachbuchverlag, München (2002)Google Scholar
  21. 21.
    Francis, L., Hancke, G., Mayes, K., Markantonakis, K.: Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones, IACR Cryptology ePrint Archive (2012)Google Scholar
  22. 22.
    Gartner: Gartner Says Asia/Pacific Led Worldwide Mobile Phone Sales to Growth in First Quarter of 2013. (2013)
  23. 23.
    Hancke, G.: A practical relay attack on ISO 14443 proximity cards. (2005)
  24. 24.
    Hancke, G.: Eavesdropping attacks on high-frequency RFID tokens. In: RFIDSec (2008)Google Scholar
  25. 25.
    Haselsteiner, E., Breitfuss, K.: Security in Near Field Communication (NFC) - Strengths and Weaknesses. In: RFIDSec, Graz, Austria (2006)Google Scholar
  26. 26.
  27. 27.
    International Civil Aviation Organization. JTC1 SC17 WG3/TF5 (Supplemental Access Control for Machine Readable Travel Documents) (2010)Google Scholar
  28. 28.
    International Organization for Standardization (ISO). ISO/IEC 14443 Parts 1–4 (2001).
  29. 29.
    International Organization for Standardization/International Electrotechnical Commission. ISO/IEC 18092 (Near Field, Communication (NFCIP-1)) (2004)Google Scholar
  30. 30.
    Jens Bender, D.K., Fischlin, M.: Security Analysis of the PACE Key-Agreement Protocol (2009)Google Scholar
  31. 31.
    Kasper, T., Carluccio, D., Paar, C.: An Embedded System for Practical Security Analysis of Contactless Smartcards. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J.-J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 150–160. Springer, Heidelberg (2007)Google Scholar
  32. 32.
    Kasper, T., von Maurich, I., Oswald, D., Paar, C.: Chameleon: A Versatile Emulator for Contactless Smartcards. In: Rhee, K.-H., Nyang, D. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 189–206. Springer, Heidelberg (2011).
  33. 33.
    Lochter, M., Merkle, J.: RFC 5639 - Elliptic Curve Cryptography (ECC) Brainpool Standard - Curves and Curve Generation. Federal Office for Information Security of the German Federal Republic, secunet Security Networks, IETF, March 2010Google Scholar
  34. 34.
    Miller, C.: Exploring the NFC Attack Surface. Black Hat (2012)Google Scholar
  35. 35.
    NXP. Mifare DESFire Short Form Specification MF3 IC D40. (2004)
  36. 36.
    NXP. AN200701: ISO/IEC 14443 Eavesdropping and Activation Distance. Technical report (2007)Google Scholar
  37. 37.
    Research In Motion (RIM). BlackBerry JDE 7.0.0 API Reference.
  38. 38.
    Research In Motion (RIM) - BlackBerry Support Community. Java Development - NFC - Virtual Target Emulation.
  39. 39.
    Rivain, M.: Fast and regular algorithms for scalar multiplication over elliptic curves. IACR Cryptology ePrint Archive, 338 (2011)Google Scholar
  40. 40.
    Trusted Computing Group. TPM MOBILE with Trusted Execution Environment for Comprehensive Mobile Device, Security (2012)Google Scholar
  41. 41.
    Winter, J., Wiegele, P., Pirker, M., Toegl, R.: A flexible software development and emulation framework for ARM TrustZoneGoogle Scholar
  42. 42.
    Özgür Dagdelen, M.F.: Security Analysis of the Extended Access Control Protocol for Machine Readable Travel Documents (2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Timo Kasper
    • 1
    Email author
  • Alexander Kühn
    • 1
  • David Oswald
    • 1
  • Christian Zenger
    • 1
  • Christof Paar
    • 1
  1. 1.Horst Görtz Institute for IT SecurityRuhr-University BochumBochumGermany

Personalised recommendations