Abstract
Due to the increasing use of electronic systems in all fields of everyday life, users are now having to deal with electronic identification and authentication practically every day. Password based authentication systems are neither secure nor particularly convenient for users. Here, we are presenting the idea of using an NFC-enabled mobile phone as a chip card reader for contactless smart cards. A mobile phone can be used to visualise, inspect and control electronic transactions. This mobile smart card reader implementation enables ubiquitous, secure and convenient two-factor authentication, the mobile phone being a very personal device which users guard carefully and with which they are particularly familiar. In this paper, we discuss the concept and implementation details of the mobile reader and present a use case for the German electronic identity card.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Schneier, B.: Two-factor authentication: too little, too late. Commun. ACM 48(4), 136 (2005)
Adida, B., Bond, M., Clulow, J., Lin, A., Murdoch, S., Anderson, R., Rivest, R.: Phish and Chips. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2009. LNCS, vol. 5087, pp. 40–48. Springer, Heidelberg (2009)
Bundesamt für Sicherheit in der Informationstechnik. Technical Guideline TR-03127: Architecture electronic Identity Card and electronic Resident Permit, 1.13 edition (March 2011)
Bundesamt für Sicherheit in der Informationstechnik. Technical Guideline TR-03110: Advanced Security Mechanisms for Machine Readable Travel Documents, 2.05 edition (October 2010)
Bundesamt für Sicherheit in der Informationstechnik. Technische Richtlinie TR-03119: Anforderungen an Chipkartenleser mit nPA Unterstüzung, 1.2 edition (May 2011)
Morgner, F.: Mobiler Chipkartenleser für den neuen Personalausweis: Sicherheitsanalyse und Erweiterung des Systems nPA. Master’s thesis, Humboldt-Universität zu Berlin (2012)
USB Implementers Forum. Universal Serial Bus. Device Class: Smart Card CCID (April 2005)
PC/SC Workgroup. Interoperability Specification for ICCs and Personal Computer Systems: Part 10 IFDs with Secure PIN Entry Capabilities, 2.02.08 edition (April 2010)
PC/SC Workgroup. Interoperability Specification for ICCs and Personal Computer Systems: Part 10 IFDs with Secure PIN Entry Capabilities – Amendment 1: PIN-Verification with Contactless Smart Cards based on PACE, 2.02.08 edition (2011)
Anderson, R., Bond, M.: The Man-in-the-Middle Defence. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2009. LNCS, vol. 5087, pp. 153–156. Springer, Heidelberg (2009)
Oepen, D.: Authentisierung im mobilen Web: Zur Usability eID basierter Authentisierung auf einem NFC Handy. Master’s thesis, Humboldt Universität Berlin (September 2010)
Morgner, F., Oepen, D., Müller, W., Redlich, J.-P.: Mobiler Leser für den neuen Personalausweis. In: Tagungsband zum 12. IT-Sicherheitskongress, pp. 227–240, Gau-Algesheim. SecuMedia Verlag (May 2011)
Gallery, E., Mitchell, C.J.: Trusted Mobile Platforms. In: Aldini, A., Gorrieri, R. (eds.) FOSAD 2007. LNCS, vol. 4677, pp. 282–323. Springer, Heidelberg (2007)
Bläsing, T., Schmidt, A.-D., Batyuk, L., Camtepe, S.A., Albayrak, S.: An Android Application Sandbox System for Suspicious Software Detection. In: 5th International Conference on Malicious and Unwanted Software (Malware 2010), Nancy, France (2010)
Nauman, M., Khan, S., Zhang, X., Seifert, J.-P.: Beyond Kernel-level Integrity Measurement: Enabling Remote Attestation for the Android Platform (2010)
Zhang, X., Acıiçmez, O., Seifert, J.-P.: Building Efficient Integrity Measurement and Attestation for Mobile Phone Platforms. In: Schmidt, A.U., Lian, S. (eds.) MobiSec 2009. LNICST, vol. 17, pp. 71–82. Springer, Heidelberg (2009)
Aciicmez, O., et al.: A Trusted Mobile Phone Prototype. In: Proceedings of IEEE Consumer Communications and Networking Conference (CCNC 2008), Las Vegas, Samsung Electron. R&D Center, San Jose (2008)
Selhorst, M., Stüble, C., Feldmann, F., Gnaida, U.: Towards a Trusted Mobile Desktop. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 78–94. Springer, Heidelberg (2010)
Hwang, J.-Y., Suh, S.-B., Heo, S.-K., Park, C.-J., Ryu, J.-M., Park, S.-Y., Kim, C.-R.: Xen on ARM: System Virtualization Using Xen Hypervisor for ARM-Based Secure Mobile Phones. In: Proceedings of IEEE Consumer Communications and Networking Conference (CCNC 2008), Las Vegas. Samsung Electron. R&D Center, San Jose (2008)
Kostiainen, K., Reshetova, E., Ekberg, J.-E., Asokan, N.: Old, New, Borrowed, Blue – A Perspective on the Evolution of Mobile Platform Security Architectures. In: Sandhu, R.S., Bertino, E. (eds.) CODASPY, pp. 13–23. ACM (2011)
Perkovi, T., Cagalj, M., Saxena, N.: Shoulder-Surfing Safe Login in a Partially Observable Attacker Model. Technical report (2011)
Hopper, N.J., Blum, M.: A Secure Human-Computer Authentication Scheme. Technical report, Carnegie Mellon University, Pittsburgh (May 2000)
Roth, V., Richter, K., Freidinger, R.: A PIN-Entry Method Resilient Against Shoulder Surfing. Technical report (2004)
Wang, Z., Stavrou, A.: Exploiting Smart-Phone USB Connectivity for Fun and Profit. In: Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC 2010, pp. 357–366. ACM, New York (2010)
Anderson, R.: Position Statement in RFID S&P Panel: RFID and the Middleman. In: Dietrich, S., Dhamija, R. (eds.) FC 2007 and USEC 2007. LNCS, vol. 4886, pp. 46–49. Springer, Heidelberg (2007)
Francis, L., Hancke, G., Mayes, K., Markantonakis, K.: Practical NFC Peer-to-Peer Relay Attack Using Mobile Phones. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 35–49. Springer, Heidelberg (2010)
Francis, L., Hancke, G., Mayes, K., Markantonakis, K.: Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones. Cryptology ePrint Archive, Report 2011/618 (2011), http://eprint.iacr.org/
Hühnlein, D., Petrautzki, D., Schmölz, J., Wich, T., Horsch, M., Wieland, T., Eichholz, J., Wiesmaier, A., Braun, J., Feldmann, F., Potzernheim, S., Schwenk, J., Kahlo, C., Kühne, A., Veit, H.: On the design and implementation of the Open eCard App. In: GI SICHERHEIT 2012 Sicherheit – Schutz und Zuverlässigkeit (March 2012)
Bundesamt für Sicherheit in der Informationstechnik. Technical Guideline TR-03112: eCard-API-Framework, 1.1.1 edition
Mannan, M., van Oorschot, P.C.: Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer. In: Dietrich, S., Dhamija, R. (eds.) FC 2007 and USEC 2007. LNCS, vol. 4886, pp. 88–103. Springer, Heidelberg (2007)
Hart, J., Markantonakis, K., Mayes, K.: Website Credential Storage and Two-Factor Web Authentication with a Java SIM. In: Samarati, P., Tunstall, M., Posegga, J., Markantonakis, K., Sauveron, D. (eds.) WISTP 2010. LNCS, vol. 6033, pp. 229–236. Springer, Heidelberg (2010)
Balfanz, D., Felten, E.W.: Hand-Held Computers Can Be Better Smart Cards. In: Proceedings of the 8th USENIX Security Symposium, Washington, D.C, pp. 15–24 (August 1999)
Hallsteinsen, S., Jorstad, I., Van Thanh, D.: Using the mobile phone as a security token for unified authentication. In: Proceedings of the Second International Conference on Systems and Networks Communications, ICSNC 2007, pp. 68–74. IEEE Computer Society, Washington, DC (2007)
Tamrakar, S., Ekberg, J.-E., Laitinen, P., Asokan, N., Aura, T.: Can Hand-Held Computers Still Be Better Smart Cards? In: Chen, L., Yung, M. (eds.) INTRUST 2010. LNCS, vol. 6802, pp. 200–218. Springer, Heidelberg (2011)
Drimer, S., Murdoch, S.J., Anderson, R.: Optimised to Fail: Card Readers for Online Banking. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 184–200. Springer, Heidelberg (2009)
Bender, J., Fischlin, M., Kügler, D.: Security Analysis of the PACE Key-Agreement Protocol. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 33–48. Springer, Heidelberg (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Morgner, F., Oepen, D., Müller, W., Redlich, JP. (2012). Mobile Smart Card Reader Using NFC-Enabled Smartphones. In: Schmidt, A.U., Russello, G., Krontiris, I., Lian, S. (eds) Security and Privacy in Mobile Information and Communication Systems. MobiSec 2012. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 107. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33392-7_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-33392-7_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33391-0
Online ISBN: 978-3-642-33392-7
eBook Packages: Computer ScienceComputer Science (R0)