Towards NFC payments using a lightweight architecture for the Web of Things

The Web (and Internet) of Things has seen the rapid emergence of new protocols and standards, which provide for innovative models of interaction for applications. One such model fostered by the Web of Things (WoT) ecosystem is that of contactless interaction between devices. Near Field Communication (NFC) technology is one such enabler of contactless interactions. Contactless technology for the WoT requires all parties to agree one common definition and implementation and, in this paper, we propose a new lightweight architecture for the WoT, based on RESTful approaches. We show how the proposed architecture supports the concept of a mobile wallet, enabling users to make secure payments employing NFC technology with their mobile devices. In so doing, we argue that the vision of the WoT is brought a step closer to fruition

Attacks On Near Field Communication Devices

For some years, Near Field Communication (NFC) has been a popularly known technology characterized by its short-distance wireless communication, mainly used in providing different agreeable services such as payment with mobile phones in stores, Electronic Identification, Transportation Electronic Ticketing, Patient Monitoring, and Healthcare. The ability to quickly connect devices offers a level of secure communication. That notwithstanding, looking deeply at NFC and its security level, identifying threats leading to attacks that can alter the user’s confidentiality and data privacy becomes obvious. This paper summarizes some of these attacks, emphasizing four main attack vectors, bringing out a taxonomy of these attack vectors on NFC, and presenting security issues alongside privacy threats within the application environment

The E-health Strategic Research Orientation at the Centre for Telematics and Information Technology

This report gives an overview of research themes, research groups and research partners of the E-Health Strategic Research Orientation (SRO) at the University of Twente

Security in remote monitoring devices in critical areas

Dissertação de mestrado integrado em Engineering and Management of Information SystemsThe use of Information Technologies has grown exponentially over the past years affecting many critical sectors from the industrial to the financial, energy, and health sectors. The ability to track and remotely monitor people and objects in real-time is one of the changes made possible by Information Technologies. Although those Information Technologies innovations sprang several significant advantages for people and organizations, there are also some security and privacy concerns regarding the monitoring of people, objects, and processes in critical areas. Every day new and more effective cyberattacks are discovered which steal sensitive information from their holders and affect people and organizations. Computational power is increasing and organizations are emerging whose main objective is to profit from the sale of the stolen information assets. These attacks can impact critical areas, such as health and energy; they may even jeopardize the physical integrity of individuals. In Healthcare, a Critical Area, the number of Remote Patient Monitoring Devices Systems is increasing, and the number of patients using them increases as well. At the same time, there have been identified new security vulnerabilities on high technological medical devices. People privacy is also being called into question. Several privacy gaps have forced governments to take action with the main objective of safeguarding the privacy of their citizens, as was the case with the much-discussed General Data Protection Regulation of the European Union. Standards and Frameworks play an important role in the improvement o security. In this scientific work, it was developed and validated a proposal of a sector-specific Security Framework that can be applied to Remote Patient Monitoring Devices Systems to improve their overall security. That framework is based on the best widely spread Security Standards and Frameworks. The Framework define 30 requirements divided into 5 assets. Each requirement has one or more functions, in a total of 4 available. It was also defined 8 implementation groups. To validate the Framework it was developed a Remote Patient Monitoring Device System Simulator composed by a Micro-controller NodeMCU with an ESP8266 Wi-Fi chip connected to a Heart Rate Analog Sensor, and an Interface. When applied to the Framework, the developed simulator obtained a score of 9 in 29 available requirements for that implementation group device. The selected research method used to guide this scientific research was the Design Science Research.A utilização das Tecnologias de Informação tem crescido exponencialmente ao longo dos últimos anos afetando vários setores críticos que vão desde a indústria, passando pelo setor financeiro, energético e até mesmo pela saúde. A capacidade de acompanhamento e monitorização remota de pessoas e objetos em tempo real é uma das mudanças potenciadas pelas Tecnologias de Informação. Embora destas inovações ao nível das Tecnologias de Informação advenham um conjunto de vantagens significativas para pessoas e organizações, surgem também algumas preocupações ao nível da segurança e privacidade no que concerne à monitorização de pessoas, objetos e processos em áreas críticas. Diariamente são identificados e descritos novos e mais eficazes ataques cibernéticos, a pessoas e organizações com o intuito de roubar informação sensível para os seus detentores. O poder computacional é crescente e insurgem-se organizações cujo principal objetivo é lucrar com a venda de ativos informacionais roubados. Estes ataques podem atingir áreas tão críticas, como o setor da saúde e energético, podendo mesmo colocar em causa a integridade física de pessoas. Nos cuidados de saúde, uma área crítica, o número de Sistemas de Dispositivos de Monitorização Remota esta a crescer, bem como o número de pacientes que os usam. Ao mesmo tempo, têm sido identificadas novas vulnerabilidades de segurança em dispositivos médicos altamente tecnológicos. A privacidade das pessoas está também a ser comprometida. É possível assistir-se a várias falhas ao nível da privacidade que obrigou os governos a tomar medidas com o principal objetivo de salvaguardar a privacidade dos seus cidadãos como foi o caso do tão falado Regulamento Geral de Proteção de Dados da União Europeia. Standards e Frameworks desempenham um papel importante na melhoria da segurança. Neste trabalho de investigação foi desenvolvida e validada uma proposta de Framework de Segurança específica para o setor da Saúde e que pode ser aplicada em Sistemas de Dispositivos de Monitorização Remota com o objetivo de aumentar a sua segurança. Esta Framework é baseada nas melhores e mais usadas Frameworks e Standards. A Framework define 30 requisitos divididos em 5 ativos. Cada requisito tem uma ou mais funções, de um total de 4. Foi também definido 8 grupos de implementação. Para validar a Framework foi desenvolvido um Simulador composto por um micro controlador NodeMCU com um chip Wi-FI ESP8266 conectado a um Sensor Analógico de Frequência Cardíaca. Quando aplicado à Framework, o simulador obteve um score de 9 em 29 requisitos disponíveis para aquele grupo de implementação. A metodologia de investigação selecionada para guiar este projeto foi a Design Science Research

Contactless Technology: what we know and what we don’t know

With the rise in the use of touchless systems and new technologies, which are rapidly replacing traditional means of payment such as cash, contactless technology is getting popular. As a result, the purpose of this research is to look at the principal factors of contactless technologies, what we know and what we do not know about the technology