More Web Proxy on the site http://driver.im/

research-article

Secure Physical Access with NFC-enabled Smartphones

Authors:

Chrstof Arnosti,

Dominik Gruntz,

Marco HauriAuthors Info & Claims

MoMM 2015: Proceedings of the 13th International Conference on Advances in Mobile Computing and Multimedia

Pages 140 - 148

https://doi.org/10.1145/2837126.2837138

Published: 11 December 2015 Publication History

Abstract

This paper presents a smartphone-based physical access control system in which the access points are not directly connected to a central authorization server, but rather use the connectivity of the mobile phone to authorize a user access request online by a central access server.

The authentication of the smartphone is based on public-key cryptography. This requires that the private key is stored in a secure element or in a trusted execution environment to prevent identity theft. One of the basic requirement of our solution is the independence from third parties like mobile network operators, trusted service managers and handset manufacturers. Therefore, a SIM-based secure element as well as an embedded secure element (i.e. a separate hardware chip on the handset) were not an option and we had to concentrate on the remaining secure element architectures: Host Card Emulation (HCE) and a microSD-based secure element.

We show that the HCE approach cannot solve the relay attack under conservative security assumptions and we present and discuss an implementation based on a microSD secure element that still allows the access points to connect to the authorization server upon every access albeit the access points are not connected with it.

References

[1]

Android open source project. Android keystore system. https://developer.android.com/training/articles/keystore.html. Accessed: 2015-08-21.

[2]

C. Arnosti and D. Gruntz. Man-in-the-Middle: Analyse des Datenverkehrs bei NFC-Zahlungen. IMVS Fokus Report, 8(1):24--31, 2014.

[3]

DeviceFidelity Inc. CredenSE 2.10j classic is NFC card-emulation and certified JavaCard SE in a MicroSD. http://devifi.netfirms.com/devifi.com/assets/DeviceFidelity_CredenSE.pdf, 2013.

[4]

A. Dmitrienko, A.-R. Sadeghi, S. Tamrakar, and C. Wachsmann. SmartTokens: Delegable access control with NFC-enabled smartphones. In International Conference on Trust & Trustworthy Computing (TRUST), volume 7344 of Lecture Notes in Computer Science (LNCS), pages 219--238. Springer, June 2012.

Digital Library

[5]

S. Drimer and S. J. Murdoch. Keep your enemies close: Distance bounding against smartcard relay attacks. In Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, SS'07, pages 7:1--7:16, Berkeley, CA, USA, 2007.

Digital Library

[6]

N. Elenkov. Android Security Internals: An In-Depth Guide to Android's Security Architecture. No Starch Press, San Francisco, CA, USA, 1st edition, 2014.

Digital Library

[7]

L. Francis, G. Hancke, K. Mayes, and K. Markantonakis. Practical relay attack on contactless transactions by using NFC mobile phones. IACR Cryptology ePrint Archive, Report 2011/618, 2011. http://eprint.iacr.org/2011/618.

[8]

T. Janssen and M. Zandstra. HCE security implications. Technical report, UL Transaction Security, 2014.

[9]

Kaba. Mobile access solutions. http://www.kaba.com/en/kaba/innovation/654636/mobile-access-solutions.html.

[10]

E. Lee. NFC Hacking: The Easy Way, 2011.

[11]

M. Maass, U. Müller, T. Schons, D. Wegemer, and M. Schulz. NFCGate: An NFC Relay Application for Android. In Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, WiSec '15, New York, NY, USA, 2015.

Digital Library

[12]

NFC World. NFC phones: The definitive list. http://www.nfcworld.com/nfc-phones-list. Last updated on 21 August 2015.

[13]

M. Roland and J. Langer. Comparison of the usability and security of NFC's different operating modes in mobile devices. e&i Elektrotechnik und Informationstechnik, 130(7):201--206, 2013.

[14]

M. Roland, J. Langer, and J. Scharinger. Applying relay attacks to google wallet. In 5th International Workshop on Near Field Communication (NFC), pages 1--6, Feb 2013.

[15]

C. Saminger, S. Grünberger, and J. Langer. An NFC ticketing system with a new approach of an inverse reader mode. In 5th International Workshop on Near Field Communication (NFC), Feb 2013.

[16]

Swisscom. The swiss wallet of tomorrow. http://www.tapit.ch/en.

[17]

Telcred AB. A new approach to access control. http://telcred.com. Accessed: 2015-08-20.

Cited By

Bispo BCavalcante ERodrigues M(2024)Access Control System Integrated with RFID and NFC-Enabled Smartphone TechnologiesIX Latin American Congress on Biomedical Engineering and XXVIII Brazilian Congress on Biomedical Engineering10.1007/978-3-031-49407-9_65(657-667)Online publication date: 4-Jan-2024
https://doi.org/10.1007/978-3-031-49407-9_65
Kwan KGreaves B(2019)FileLinker: Simple Peer-to-Peer File Sharing Using Wi-Fi Direct and NFC2019 IST-Africa Week Conference (IST-Africa)10.23919/ISTAFRICA.2019.8764840(1-9)Online publication date: May-2019
https://doi.org/10.23919/ISTAFRICA.2019.8764840
Dmitrienko APlappert CAhn GPretschner AGhinita G(2017)Secure Free-Floating Car Sharing for Offline CarsProceedings of the Seventh ACM on Conference on Data and Application Security and Privacy10.1145/3029806.3029807(349-360)Online publication date: 22-Mar-2017
https://dl.acm.org/doi/10.1145/3029806.3029807
Show More Cited By

Index Terms

Secure Physical Access with NFC-enabled Smartphones
1. Security and privacy
  1. Security services
    1. Authentication
  2. Systems security
    1. Operating systems security

Recommendations

Universal Physical Access Control System
BIBE '14: Proceedings of the 2014 IEEE International Conference on Bioinformatics and Bioengineering

With the recent rapid increase in the number of physical facilities and structures that need to be protected by restricting physical access to them, there has been an explosion in the number and type of physical access control systems being deployed to ...
A User-Friendly Authentication Solution Using NFC Card Emulation on Android
SOCA '14: Proceedings of the 2014 IEEE 7th International Conference on Service-Oriented Computing and Applications

The security of the authentication scheme plays a more and more important role in today's web service systems as people's daily are increasingly depending on these services and user credentials are collected and stored online. An insecure authentication ...
Secure Location Validation with Wi-Fi Geo-fencing and NFC
TRUSTCOM '15: Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA - Volume 01

With rapid growth in technology and increase use of mobile devices, many enterprises have started to move away from fixed workstations to wireless mobile workstations. Moreover, some of the mobile applications may require access to sensitive data with ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

MoMM 2015: Proceedings of the 13th International Conference on Advances in Mobile Computing and Multimedia

December 2015

422 pages

ISBN:9781450334938

DOI:10.1145/2837126

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

In-Cooperation

Johannes Kepler University, Linz, Austria
@WAS: International Organization of Information Integration and Web-based Applications and Services

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 December 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

MoMM 2015

MoMM 2015: The 13th International Conference on Advances in Mobile Computing and Multimedia

December 11 - 13, 2015

Brussels, Belgium

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
194
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Bispo BCavalcante ERodrigues M(2024)Access Control System Integrated with RFID and NFC-Enabled Smartphone TechnologiesIX Latin American Congress on Biomedical Engineering and XXVIII Brazilian Congress on Biomedical Engineering10.1007/978-3-031-49407-9_65(657-667)Online publication date: 4-Jan-2024
https://doi.org/10.1007/978-3-031-49407-9_65
Kwan KGreaves B(2019)FileLinker: Simple Peer-to-Peer File Sharing Using Wi-Fi Direct and NFC2019 IST-Africa Week Conference (IST-Africa)10.23919/ISTAFRICA.2019.8764840(1-9)Online publication date: May-2019
https://doi.org/10.23919/ISTAFRICA.2019.8764840
Dmitrienko APlappert CAhn GPretschner AGhinita G(2017)Secure Free-Floating Car Sharing for Offline CarsProceedings of the Seventh ACM on Conference on Data and Application Security and Privacy10.1145/3029806.3029807(349-360)Online publication date: 22-Mar-2017
https://dl.acm.org/doi/10.1145/3029806.3029807
Gruntz DArnosti CHauri M(2016)MOONACS: a mobile on-/offline NFC-based physical access control systemInternational Journal of Pervasive Computing and Communications10.1108/IJPCC-01-2016-001212:1(2-22)Online publication date: 4-Apr-2016
https://doi.org/10.1108/IJPCC-01-2016-0012

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten