Securing NFC Mobile Services with Cloud of Secure Elements (CoSE)

The availability of NFC smartphones has facilitated the development of a large number of related applications. Some of these NFC applications necessitate communication with other systems, which may not necessarily be secure, through communication channels and mechanisms that may be open to vulnerabilities. Security is therefore paramount to the success of these NFC mobile services. While Peer-to-Peer (P2P) communication mode is common in mobile NFC applications, it is vulnerable to security-related issues that arise from the use of untrusted devices for storage and to process applications. We propose the concept of a Cloud of Secure Elements (CoSE) where the secure services are hosted by servers rather than by smartphone Secure Elements. We discuss the use of CoSE for mobile payments. We also illustrate how an NFC smartphone may be efficiently used as a bridge between an NFC reader and an Internet server of secure microcontroller that hosts EMV applications.

[1]  Scott B. Guthery,et al.  The Smart Cards: A Developer's Toolkit , 2002 .

[2]  R. Holland,et al.  Don't Stand So Close to Me , 2004, Psychological science.

[3]  Gerhard P. Hancke,et al.  A Practical Relay Attack on ISO 14443 Proximity Cards , 2005 .

[4]  Juan Manuel González Nieto,et al.  Detecting relay attacks with timing-based protocols , 2007, ASIACCS '07.

[5]  Carlos Delgado Kloos,et al.  Early Infrastructure of an Internet of Things in Spaces for Learning , 2008, 2008 Eighth IEEE International Conference on Advanced Learning Technologies.

[6]  Collin Mulliner,et al.  Vulnerability Analysis and Attacks on NFC-Enabled Mobile Phones , 2009, 2009 International Conference on Availability, Reliability and Security.

[7]  Sergey Balandin,et al.  Smart Spaces and Next Generation Wired/Wireless Networking , 2009, Lecture Notes in Computer Science.

[8]  Ors Yalcin,et al.  Radio Frequency Identification: Security and Privacy Issues - 6th International Workshop, RFIDSec 2010, Istanbul, Turkey, June 8-9, 2010, Revised Selected Papers , 2010, RFIDSec.

[9]  Gerhard P. Hancke,et al.  Practical NFC Peer-to-Peer Relay Attack Using Mobile Phones , 2010, RFIDSec.

[10]  Gerhard P. Hancke,et al.  A Generic NFC-enabled Measurement System for Remote Monitoring and Control of Client-side Equipment , 2011, 2011 Third International Workshop on Near Field Communication.

[11]  Hans-Erik Nilsson,et al.  Home care with NFC sensors and a smart phone , 2011, ISABEL '11.

[12]  Serge Chaumette,et al.  Architecture and Comparison of Two Different User-Centric NFC-Enabled Event Ticketing Approaches , 2011, NEW2AN.

[13]  Luca Mainetti,et al.  IDA-Pay: An innovative micro-payment system based on NFC technology for Android mobile devices , 2012, SoftCOM 2012, 20th International Conference on Software, Telecommunications and Computer Networks.

[14]  Dieter Hayn,et al.  Design and Evaluation of a Telemonitoring Concept Based on NFC-Enabled Mobile Phones and Sensor Devices , 2012, IEEE Transactions on Information Technology in Biomedicine.

[15]  R. Widmann,et al.  System Integration of NFC Ticketing into an Existing Public Transport Infrastructure , 2012, 2012 4th International Workshop on Near Field Communication.

[16]  Bimal Parmar,et al.  Protecting against spear-phishing , 2012 .

[17]  Michael Roland,et al.  Applying recent secure element relay attack scenarios to the real world: Google Wallet Relay Attack , 2012, ArXiv.

[18]  Pascal Urien,et al.  Towards a secure Cloud of Secure Elements concepts and experiments with NFC mobiles , 2013, 2013 International Conference on Collaboration Technologies and Systems (CTS).

[19]  Pascal Urien,et al.  Identity-Based Authentication to Address Relay Attacks in Temperature Sensor-enabled Smartcards , 2013 .

[20]  Pascal Urien LLCPS: A new security framework based on TLS for NFC P2P applications in the Internet of Things , 2013, 2013 IEEE 10th Consumer Communications and Networking Conference (CCNC).

[21]  Pascal Urien,et al.  Framework and authentication protocols for smartphone, NFC, and RFID in retail transactions , 2013, 2013 IEEE Eighth International Conference on Intelligent Sensors, Sensor Networks and Information Processing.

[22]  P. Urien,et al.  LLCPS and SISO: A TLS-based framework with RFID for NFC P2P retail transaction processing , 2013, 2013 IEEE International Conference on RFID (RFID).

[23]  Joel J. P. C. Rodrigues,et al.  A hybrid NFC-Bluetooth secure protocol for Credit Transfer among mobile phones , 2014, Secur. Commun. Networks.

[24]  Pascal Urien Remote APDU Call Secure (RACS) creating secure and trusted applications for NFC mobile devices , 2015, 2015 12th Annual IEEE Consumer Communications and Networking Conference (CCNC).