Journal ArticleDOI
On the security issues of NFC enabled mobile phones
TLDR
This paper shows how an attacker could use an NFC mobile phone as an attack platform by exploiting the existing security controls of the embedded SE and the available contactless APIs and proposes several security countermeasures for NFC phones that could prevent such misuse.Abstract:
In this paper, we investigate the possibility that a Near Field Communication (NFC) enabled mobile phone, with an embedded secure element (SE), could be used as a mobile token cloning and skimming platform. We show how an attacker could use an NFC mobile phone as such an attack platform by exploiting the existing security controls of the embedded SE and the available contactless APIs. To illustrate the feasibility of these actions, we also show how to practically skim and emulate certain tokens typically used in payment and access control applications with a NFC mobile phone. We also discuss how to capture and analyse legitimate transaction information from contactless systems. Although such attacks can also be implemented on other contactless platforms, such as custom-built card emulators and modified readers, the NFC enabled mobile phone has a legitimate form factor, which would be accepted by merchants and arouse less suspicion in public. Finally, we propose several security countermeasures for NFC phones that could prevent such misuse.read more
Citations
More filters
Journal ArticleDOI
A Survey on Near Field Communication (NFC) Technology
TL;DR: This paper presents the concept of NFC technology in a holistic approach with different perspectives, including communication essentials with standards, ecosystem and business issues, applications, and security issues.
Cloning credit cards: a combined pre-play and downgrade attack on EMV contactless
Michael Roland,Josef Langer +1 more
TL;DR: This paper introduces an attack scenario on EMV contactless payment cards that permits an attacker to create functional clones of a card that contain the necessary credit card data as well as pre-played authorization codes.
Proceedings ArticleDOI
Physical-layer attacks on chirp-based ranging systems
TL;DR: This work focuses on distance decreasing relay attacks that have proven detrimental for the security of proximity-based access control systems (e.g., passive vehicle keyless entry and start systems) and describes a set of distance decreasing attacks realizations, which demonstrate that an attacker is able to effectively reduce the distance measured by chirp-based ranging systems.
Book ChapterDOI
Design and Implementation of a Terrorist Fraud Resilient Distance Bounding System
TL;DR: In this article, a hybrid digital-analog design that enables the implementation of Terrorist Fraud resilient distance bounding protocols is proposed, which is also secure against double read-out attack.
Journal ArticleDOI
Nano-electromechanical Switch Based on a Physical Unclonable Function for Highly Robust and Stable Performance in Harsh Environments.
Kyu-Man Hwang,Kyu-Man Hwang,Jun-Young Park,Hagyoul Bae,Seung-Wook Lee,Seung-Wook Lee,Choong-Ki Kim,Myungsoo Seo,Myungsoo Seo,Hwon Im,Do Hyun Kim,Do Hyun Kim,Seong-Yeon Kim,Seong-Yeon Kim,Geon-Beom Lee,Yang-Kyu Choi +15 more
TL;DR: In this article, a physical unclonable function (PUF) device using a nano-electromechanical (NEM) switch was demonstrated, and the most important feature of the NEM-switch-based PUF is its use of stiction.
References
More filters
Proceedings ArticleDOI
Vulnerability Analysis and Attacks on NFC-Enabled Mobile Phones
TL;DR: Through the testing approach, this paper was able to identify a number of previously unknown vulnerabilities, some of which can be exploited for spoofing of tag content, an NFC-based worm, and for Denial-of-Service attacks.
Proceedings ArticleDOI
Practical attacks on proximity identification systems
TL;DR: Focusing mainly on the RF communication interface, the results and implementation of eavesdropping, unauthorized scanning and relay attacks against 'proximity' (ISO 14443 A) type RFID tokens are discussed.
BookDOI
Smart Cards, Tokens, Security and Applications
TL;DR: This state-of-the art work combines a cross-discipline overview of smart cards, tokens and related security and applications plus a technical reference to support further research and study.
Book ChapterDOI
Vulnerabilities in first-generation RFID-enabled credit cards
TL;DR: In this article, the authors analyzed the mechanisms that provide both security and privacy using samples from a variety of RFID-enabled credit cards, and observed that the cardholder's name and often credit card number and expiration are leaked in plaintext to unauthenticated readers, their homemade device costing around $150 effectively clones one type of skimmed cards thus providing a proof-of-concept implementation for the RF replay attack.