Anonymous Ticketing for NFC-Enabled Mobile Phones

Modern smart-phones are equipped with various interfaces such as NFC, allowing a versatile use of the device for many different applications. However, every transaction of the phone especially via its NFC interface can be recorded and stored for further analysis, bearing a threat to the privacy of the device and its user. In this paper, we propose and analyze the efficiency of a mobile ticketing system that is designed for privacy protection. In our investigation, we lay focus on the specific algorithms which are based on selective disclosure protocols and Brands' one-time show credential system. Our proof-of-concept prototype includes client- and terminal side implementations for detailed analysis. Moreover, we propose algorithm improvements to increase the performance and efficiency of the NFC transactions on the client side in our system.

[1]  Patel,et al.  Information Security: Theory and Practice , 2008 .

[2]  Laszlo Hars Modular Inverse Algorithms Without Multiplications for Cryptographic Applications , 2006, EURASIP J. Embed. Syst..

[3]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[4]  Jan Camenisch,et al.  Anonymous credentials on a standard java card , 2009, CCS.

[5]  Christof Paar,et al.  Understanding Cryptography: A Textbook for Students and Practitioners , 2009 .

[6]  Peter Wilson,et al.  Implementing Embedded Security on Dual-Virtual-CPU Systems , 2007, IEEE Design & Test of Computers.

[7]  Bart Jacobs,et al.  Performance Issues of Selective Disclosure and Blinded Issuing Protocols on Java Card , 2009, WISTP.

[8]  Stefan A. Brands,et al.  Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy , 2000 .

[9]  Jan Camenisch,et al.  How to win the clonewars: efficient periodic n-times anonymous authentication , 2006, CCS '06.

[10]  Ian Goldberg,et al.  A Description of Protocols for Private Credentials , 2001, IACR Cryptol. ePrint Arch..

[11]  Ingrid Verbauwhede,et al.  Efficient implementation of anonymous credentials on Java Card smart cards , 2009, 2009 First IEEE International Workshop on Information Forensics and Security (WIFS).

[12]  A Min Tjoa,et al.  E-Commerce and Web Technologies , 2002, Lecture Notes in Computer Science.

[13]  Kurt Dietrich Anonymous RFID Authentication Using Trusted Computing Technologies , 2010, RFIDSec.

[14]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[15]  Josef Langer,et al.  Secure Communication between Web Browsers and NFC Targets by the Example of an e-Ticketing System , 2008, EC-Web.

[16]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[17]  Ors Yalcin,et al.  Radio Frequency Identification: Security and Privacy Issues - 6th International Workshop, RFIDSec 2010, Istanbul, Turkey, June 8-9, 2010, Revised Selected Papers , 2010, RFIDSec.