Near Field Communication Security

Umar, A., Mayes, K., Markantonakis, K.: Performance variation in host-based card emulation compared to a hardware security element. Mobile and Secure Services (MOBISECSERV), 2015 First Conference on. p. 1-6 (2015).Abstract
Traditionally, card emulation mode in Near Field Communication devices makes use of a hardware Secure Element (SE) as a secure storage and execution environment for applications. However, a different way of card emulation that bypasses the SE has emerged, referred to as Host-based Card Emulation (HCE). HCE relies on the phone CPU for processing power, sharing it with other running processes. This produces variable readings in terms of response times from the phone. This paper investigates this variability in HCE implementation as compared to an SE implementation. We also discuss how our findings may call into question the use of HCE in time critical scenarios.
Abughazalah, S., Markantonakis, K., Mayes, K.: Secure Mobile Payment on NFC-Enabled Mobile Phones Formally Analysed Using CasperFDR. Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 13th IEEE International Conference on. IEEE Computer Society (2014).Abstract
Near Field Communication (NFC) mobile phones can be used as payment devices and can emulate credit cards. Although NFC mobile services promise a fruitful future, several issues have been raised by academics and researchers. Among the main concerns for the use and deployment of NFC-enabled mobile phones is the potential loss of security and privacy. More specifically, mobile phone users involved in a payment transaction conducted over a mobile handset require that such a system does not reveal their identity or any sensitive data. Furthermore, that all entities participating in the transaction are legitimate. To this end, we proposed a protocol that meets the mobile user' requirements. The proposed protocol attempts to address the main security concerns and protects the customer privacy from any third party involved in the transaction. We formally analysed the protocol using CasperFDR and did not find any feasible attacks.
Akram, R.N., Markantonakis, K., Sauveron, D.: Collaborative and Ubiquitous Consumer Oriented Trusted Service Manager. In: Liu, Y. The 13th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-14). IEEE CS (2014).Abstract
Near Field Communication (NFC) enables a mobile phone to emulate a contactless smart card. This has reinvigorated the multiapplication smart card initiative. Trusted Service Manager (TSM) is an entity that is trusted by all stakeholders in the proposed and trialled NFC-based smart card ecosystem. However, TSM-based models have the potential to create market segregation that might lead to limited or slow adoption. In addition, all major stakeholders (e.g. Telecom and banks) are pushing for their own TSM models and this might hinder deployment. In this paper we present a Collaborative and Ubiquitous Consumer Oriented Trusted Service Manager (CO-TSM)-based model that combines different TSM models while providing scalability to the overall architecture. In addition, our proposal also provides flexibility to both consumers and application providers. To support our proposal, we present a core architecture based on two contrasting approaches: the Issuer Centric Smart Card Ownership Model (ICOM) and the User Centric Smart Card Ownership Model (UCOM). Based on the core architecture, we then describe our proposal for an application download framework and a secure channel protocol. Finally, the implementation experience and performance measurements for the secure channel protocol are discussed.
Francis, L., Hancke, G., Mayes, K., Markantonakis, K.: Potential misuse of NFC enabled mobile phones with embedded security elements as contactless attack platforms. Internet Technology and Secured Transactions, ICITST 2009. International Conference. p. 1-8. , London, UK (2009).Abstract
In this paper we investigate the possibility that a Near Field Communication (NFC) enabled mobile phone, with an embedded Secure Element (SE), could be used as a mobile token cloning and skimming platform. We show how an attacker could use a NFC mobile phone as such an attack platform by exploiting the existing security controls of the embedded SE and the available contactless APIs. To illustrate the feasibility of these actions we also show how to practically skim and emulate certain tokens typically used in payment and access control applications with a NFC mobile phone. Although such attacks can also be implemented on other contactless platforms, such as custom-built card emulators and modified readers, the NFC-enabled mobile phone has a legitimate form factor, which would be accepted by merchants and arouse less suspicion in public. Finally, we propose several security countermeasures for NFC phones that could prevent such misuse.
Hancke, G., Mayes, K., Markantonakis, K.: Confidence in smart token proximity: Relay attacks revisited. Elsevier Computers and Security. 28, 615-627 (2009). WebsiteAbstract
Contactless and contact smart card systems use the physical constraints of the communication channel to implicitly prove the proximity of a token. These systems, however, are potentially vulnerable to an attack where the attacker relays communication between the reader and a token. Relay attacks are not new but are often not considered a major threat, like eavesdropping or skimming attacks, even though they arguably pose an equivalent security risk. In this paper we discuss the feasibility of implementing passive and active relay attacks against smart tokens and the possible security implications if an attacker succeeds. Finally, we evaluate the effectiveness of time-out constraints, distance bounding and the use of a additional verification techniques for making systems relay-resistant and explain the challenges still facing these mechanisms.
Akram, R.N., Markantonakis, K., Mayes, K.: Coopetitive Architecture to Support a Dynamic and Scalable NFC based Mobile Services Architecture. In: Chow, K.P. and Hui, L.C.K. The 2012 International Conference on Information and Communications Security (ICICS 2012). p. 214-227. Springer Berlin Heidelberg, Hong Kong, China (2012).Abstract
Near Field Communication (NFC) has reinvigorated the multi-application smart card initiative. The NFC trials are relying on an extension of Issuer Centric Smart Card Model (ICOM) referred as Trusted Service Manager (TSM) architecture, which may create market segregation. Where the User Centric Smart Card Ownership Model (UCOM) takes an opposite approach of delegating the smart card ownership to its users. Therefore, to reconcile these two approaches we proposed the Coopetitive Architecture for Smart Cards (CASC) that avoids market segregation, increase revenue generation, and provide flexibility, robustness, and scalability. To support the CASC framework in this paper, we propose an application installation protocol that provides entity authentication, trust assurance and validation, mutual key and contractual-agreement generation. The protocol is compared with existing protocols on its performance, stated security, and operational goals. Furthermore, CasperFDR is used to provide a mechanical formal analysis of the protocol.
Akram, R.N., Markantonakis, K., Mayes, K.: Building the Bridges - A Proposal for Merging different Paradigms in Mobile NFC Ecosystem. In: Xie, S. The 8th International Conference on Computational Intelligence and Security (CIS 2012). p. 646-652. IEEE Computer Society, Guangzhou, China (2012).Abstract
In late 1990s. the multi-application initiative was put forward to have multiple applications on a single smart card. This would have enabled a cardholder to accumulate all of her smart card based applications (e.g. banking, telecom, and transport etc.) on a single device. However, despite the initial fervour for the multi-application smart card initiative; there were no wide spread adoption of this model. Nevertheless, the Near Field Communication (NFC) has reinvigorated the multi-application initiative again. In this paper, we will analyse why the multi-application smart card initiative failed to materialise a decade ago and whether this time around it will succeed as a viable model or not. The NFC trials being conducted basically rely on the existing ownership architectures, which can create market segregation and thus reducing the potential revenue generation capability. We propose a possible approach that avoids market segregation, increase revenue generation, and provide flexibility, robustness and scalability to existing ownership architecture.
Francis, L., Hancke, G., Mayes, K., Markantonakis, K.: A Security Framework Model with Communication Protocol Translator Interface for Enhancing NFC Transactions. Sixth Advanced International Conference on Telecommunications (AICT) 2010. p. 452-461. IEEE Computer Society, Barcelona, Spain (2010).Abstract
With the recent technological advances of Near Field Communication (NFC) enabled mobile phones it is now possible to introduce additional transactions of value including those originating from contact-based security tokens within the existing infrastructure. We propose a low cost security framework including a PKI based security protocol which can be used to integrate transactions involving external contact-based smart cards for the purposes of e-identification e-payment e-ticketing and communication services. We then designed and implemented a secure Communications Protocol Translator Interface (CPTI) which allows an NFC enabled mobile phone to access and use over a contact less interface any additional smart cards (or secure elements (SE)) which are externally available on a contact based interface and vice-versa. By using CPTI it is now possible to have communication and interaction between passive security tokens as well as to use external contact based security tokens in the NFC environment such as a contact based payment smart card.