Skip to main content
SpringerLink
Log in

Mobile Smart Card Reader Using NFC-Enabled Smartphones

  • Conference paper
Security and Privacy in Mobile Information and Communication Systems (MobiSec 2012)

Abstract

Due to the increasing use of electronic systems in all fields of everyday life, users are now having to deal with electronic identification and authentication practically every day. Password based authentication systems are neither secure nor particularly convenient for users. Here, we are presenting the idea of using an NFC-enabled mobile phone as a chip card reader for contactless smart cards. A mobile phone can be used to visualise, inspect and control electronic transactions. This mobile smart card reader implementation enables ubiquitous, secure and convenient two-factor authentication, the mobile phone being a very personal device which users guard carefully and with which they are particularly familiar. In this paper, we discuss the concept and implementation details of the mobile reader and present a use case for the German electronic identity card.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Schneier, B.: Two-factor authentication: too little, too late. Commun. ACM 48(4), 136 (2005)

    Article  Google Scholar 

  2. Adida, B., Bond, M., Clulow, J., Lin, A., Murdoch, S., Anderson, R., Rivest, R.: Phish and Chips. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2009. LNCS, vol. 5087, pp. 40–48. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  3. Bundesamt für Sicherheit in der Informationstechnik. Technical Guideline TR-03127: Architecture electronic Identity Card and electronic Resident Permit, 1.13 edition (March 2011)

    Google Scholar 

  4. Bundesamt für Sicherheit in der Informationstechnik. Technical Guideline TR-03110: Advanced Security Mechanisms for Machine Readable Travel Documents, 2.05 edition (October 2010)

    Google Scholar 

  5. Bundesamt für Sicherheit in der Informationstechnik. Technische Richtlinie TR-03119: Anforderungen an Chipkartenleser mit nPA Unterstüzung, 1.2 edition (May 2011)

    Google Scholar 

  6. Morgner, F.: Mobiler Chipkartenleser für den neuen Personalausweis: Sicherheitsanalyse und Erweiterung des Systems nPA. Master’s thesis, Humboldt-Universität zu Berlin (2012)

    Google Scholar 

  7. USB Implementers Forum. Universal Serial Bus. Device Class: Smart Card CCID (April 2005)

    Google Scholar 

  8. PC/SC Workgroup. Interoperability Specification for ICCs and Personal Computer Systems: Part 10 IFDs with Secure PIN Entry Capabilities, 2.02.08 edition (April 2010)

    Google Scholar 

  9. PC/SC Workgroup. Interoperability Specification for ICCs and Personal Computer Systems: Part 10 IFDs with Secure PIN Entry Capabilities – Amendment 1: PIN-Verification with Contactless Smart Cards based on PACE, 2.02.08 edition (2011)

    Google Scholar 

  10. Anderson, R., Bond, M.: The Man-in-the-Middle Defence. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2009. LNCS, vol. 5087, pp. 153–156. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  11. Oepen, D.: Authentisierung im mobilen Web: Zur Usability eID basierter Authentisierung auf einem NFC Handy. Master’s thesis, Humboldt Universität Berlin (September 2010)

    Google Scholar 

  12. Morgner, F., Oepen, D., Müller, W., Redlich, J.-P.: Mobiler Leser für den neuen Personalausweis. In: Tagungsband zum 12. IT-Sicherheitskongress, pp. 227–240, Gau-Algesheim. SecuMedia Verlag (May 2011)

    Google Scholar 

  13. Gallery, E., Mitchell, C.J.: Trusted Mobile Platforms. In: Aldini, A., Gorrieri, R. (eds.) FOSAD 2007. LNCS, vol. 4677, pp. 282–323. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  14. Bläsing, T., Schmidt, A.-D., Batyuk, L., Camtepe, S.A., Albayrak, S.: An Android Application Sandbox System for Suspicious Software Detection. In: 5th International Conference on Malicious and Unwanted Software (Malware 2010), Nancy, France (2010)

    Google Scholar 

  15. Nauman, M., Khan, S., Zhang, X., Seifert, J.-P.: Beyond Kernel-level Integrity Measurement: Enabling Remote Attestation for the Android Platform (2010)

    Google Scholar 

  16. Zhang, X., Acıiçmez, O., Seifert, J.-P.: Building Efficient Integrity Measurement and Attestation for Mobile Phone Platforms. In: Schmidt, A.U., Lian, S. (eds.) MobiSec 2009. LNICST, vol. 17, pp. 71–82. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  17. Aciicmez, O., et al.: A Trusted Mobile Phone Prototype. In: Proceedings of IEEE Consumer Communications and Networking Conference (CCNC 2008), Las Vegas, Samsung Electron. R&D Center, San Jose (2008)

    Google Scholar 

  18. Selhorst, M., Stüble, C., Feldmann, F., Gnaida, U.: Towards a Trusted Mobile Desktop. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 78–94. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  19. Hwang, J.-Y., Suh, S.-B., Heo, S.-K., Park, C.-J., Ryu, J.-M., Park, S.-Y., Kim, C.-R.: Xen on ARM: System Virtualization Using Xen Hypervisor for ARM-Based Secure Mobile Phones. In: Proceedings of IEEE Consumer Communications and Networking Conference (CCNC 2008), Las Vegas. Samsung Electron. R&D Center, San Jose (2008)

    Google Scholar 

  20. Kostiainen, K., Reshetova, E., Ekberg, J.-E., Asokan, N.: Old, New, Borrowed, Blue – A Perspective on the Evolution of Mobile Platform Security Architectures. In: Sandhu, R.S., Bertino, E. (eds.) CODASPY, pp. 13–23. ACM (2011)

    Google Scholar 

  21. Perkovi, T., Cagalj, M., Saxena, N.: Shoulder-Surfing Safe Login in a Partially Observable Attacker Model. Technical report (2011)

    Google Scholar 

  22. Hopper, N.J., Blum, M.: A Secure Human-Computer Authentication Scheme. Technical report, Carnegie Mellon University, Pittsburgh (May 2000)

    Google Scholar 

  23. Roth, V., Richter, K., Freidinger, R.: A PIN-Entry Method Resilient Against Shoulder Surfing. Technical report (2004)

    Google Scholar 

  24. Wang, Z., Stavrou, A.: Exploiting Smart-Phone USB Connectivity for Fun and Profit. In: Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC 2010, pp. 357–366. ACM, New York (2010)

    Google Scholar 

  25. Anderson, R.: Position Statement in RFID S&P Panel: RFID and the Middleman. In: Dietrich, S., Dhamija, R. (eds.) FC 2007 and USEC 2007. LNCS, vol. 4886, pp. 46–49. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  26. Francis, L., Hancke, G., Mayes, K., Markantonakis, K.: Practical NFC Peer-to-Peer Relay Attack Using Mobile Phones. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 35–49. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  27. Francis, L., Hancke, G., Mayes, K., Markantonakis, K.: Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones. Cryptology ePrint Archive, Report 2011/618 (2011), http://eprint.iacr.org/

  28. Hühnlein, D., Petrautzki, D., Schmölz, J., Wich, T., Horsch, M., Wieland, T., Eichholz, J., Wiesmaier, A., Braun, J., Feldmann, F., Potzernheim, S., Schwenk, J., Kahlo, C., Kühne, A., Veit, H.: On the design and implementation of the Open eCard App. In: GI SICHERHEIT 2012 Sicherheit – Schutz und Zuverlässigkeit (March 2012)

    Google Scholar 

  29. Bundesamt für Sicherheit in der Informationstechnik. Technical Guideline TR-03112: eCard-API-Framework, 1.1.1 edition

    Google Scholar 

  30. Mannan, M., van Oorschot, P.C.: Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer. In: Dietrich, S., Dhamija, R. (eds.) FC 2007 and USEC 2007. LNCS, vol. 4886, pp. 88–103. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  31. Hart, J., Markantonakis, K., Mayes, K.: Website Credential Storage and Two-Factor Web Authentication with a Java SIM. In: Samarati, P., Tunstall, M., Posegga, J., Markantonakis, K., Sauveron, D. (eds.) WISTP 2010. LNCS, vol. 6033, pp. 229–236. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  32. Balfanz, D., Felten, E.W.: Hand-Held Computers Can Be Better Smart Cards. In: Proceedings of the 8th USENIX Security Symposium, Washington, D.C, pp. 15–24 (August 1999)

    Google Scholar 

  33. Hallsteinsen, S., Jorstad, I., Van Thanh, D.: Using the mobile phone as a security token for unified authentication. In: Proceedings of the Second International Conference on Systems and Networks Communications, ICSNC 2007, pp. 68–74. IEEE Computer Society, Washington, DC (2007)

    Chapter  Google Scholar 

  34. Tamrakar, S., Ekberg, J.-E., Laitinen, P., Asokan, N., Aura, T.: Can Hand-Held Computers Still Be Better Smart Cards? In: Chen, L., Yung, M. (eds.) INTRUST 2010. LNCS, vol. 6802, pp. 200–218. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  35. Drimer, S., Murdoch, S.J., Anderson, R.: Optimised to Fail: Card Readers for Online Banking. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 184–200. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  36. Bender, J., Fischlin, M., Kügler, D.: Security Analysis of the PACE Key-Agreement Protocol. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 33–48. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institut für Informatik, Lehrstuhl für Systemarchitektur, Humboldt-Universität zu Berlin, Unter den Linden 6, 10099, Berlin, Germany

    Frank Morgner, Dominik Oepen, Wolf Müller & Jens-Peter Redlich

  2. Bundesdruckerei GmbH, Oranienstraße 91, 10969, Berlin, Germany

    Frank Morgner

Authors
  1. Frank Morgner
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dominik Oepen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wolf Müller
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jens-Peter Redlich
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Novalyst IT AG, Robert-Bosch Str. 38, 61184, Karben, Germany

    Andreas U. Schmidt

  2. Department of Computer Science, University of Auckland, Private Bag 92019, 1142, Auckland, New Zealand

    Giovanni Russello

  3. Goethe University Frankfurt, Grüneburgplatz 1, 60629, Frankfurt/M., Germany

    Ioannis Krontiris

  4. Central Research Institute Huawei Technologies, Building Q22, Room 2-A15R Beiqinglu Huanbaoyuan No.156, Haidian District, 100095, Beijing, China

    Shiguo Lian

Rights and permissions

Reprints and permissions

Copyright information

© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Morgner, F., Oepen, D., Müller, W., Redlich, JP. (2012). Mobile Smart Card Reader Using NFC-Enabled Smartphones. In: Schmidt, A.U., Russello, G., Krontiris, I., Lian, S. (eds) Security and Privacy in Mobile Information and Communication Systems. MobiSec 2012. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 107. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33392-7_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33392-7_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33391-0

  • Online ISBN: 978-3-642-33392-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation