Keep Your Nice Friends Close, but Your Rich Friends Closer -- Computation Offloading Using NFC

The increasing complexity of smartphone applications and services necessitate high battery consumption but the growth of smartphones' battery capacity is not keeping pace with these increasing power demands. To overcome this problem, researchers gave birth to the Mobile Cloud Computing (MCC) research area. In this paper we advance on previous ideas, by proposing and implementing the first known Near Field Communication (NFC)-based computation offloading framework. This research is motivated by the advantages of NFC's short distance communication, with its better security, and its low battery consumption. We design a new NFC communication protocol that overcomes the limitations of the default protocol; removing the need for constant user interaction, the one-way communication restraint, and the limit on low data size transfer. We present experimental results of the energy consumption and the time duration of two computationally intensive representative applications: (i) RSA key generation and encryption, and (ii) gaming/puzzles. We show that when the helper device is more powerful than the device offloading the computations, the execution time of the tasks is reduced. Finally, we show that devices that offload application parts considerably reduce their energy consumption due to the low-power NFC interface and the benefits of offloading.Comment: 9 pages, 4 tables, 13 figure

A tokenization-based communication architecture for HCE-Enabled NFC services

Following the announcement of Host Card Emulation (HCE) technology, card emulation mode based Near Field Communication (NFC) services have gained further appreciation as an enabler of the Cloud-based Secure Element (SE) concept. A comprehensive and complete architecture with a centralized and feasible business model for diverse HCE-based NFC services will be highly appreciated, particularly by Service Providers and users. To satisfy the need in this new emerging research area, a Tokenization-based communication architecture for HCE-based NFC services is presented in this paper. Our architecture proposes Two-Phased Tokenization to enable the identity management of both user and Service Provider. NFC Smartphone users can store, manage, and make use of their sensitive data on the Cloud for NFC services; Service Providers can also provide diverse card emulation NFC services easily through the proposed architecture. In this paper, we initially present the Two-Phased Tokenization model and then validate the proposed architecture by providing a case study on access control. We further evaluate the usability aspect in terms of an authentication scheme. We then discuss the ecosystem and business model comprised of the proposed architecture and emphasize the contributions to ecosystem actors. Finally, suggestions are provided for data protection in transit and at rest.This work is funded by KocSistem Information and Communication Services Inc. and Turkish Ministry of Science, Industry and Technology under SAN-TEZ Project no. 0726.STZ.2014Publisher's Versio

Host card emulation with tokenisation: Security risk assessments

Host Card Emulation (HCE) é uma arquitetura que possibilita a representação virtual (emulação) de cartões contactless, permitindo a realização de transações através dispositivos móveis com capacidade de realizar comunicações via Near-Field Communication (NFC), sem a necessidade de utilização de um microprocessador chip, Secure Element (SE), utilizado em pagamentos NFC anteriores ao HCE. No HCE, a emulação do cartão é efetuada essencialmente através de software, geralmente em aplicações do tipo wallet. No modelo de HCE com Tokenização (HCEt), que ´e o modelo HCE específico analisado nesta dissertação, a aplicação armazena tokens de pagamento, que são chaves criptográficas derivadas das chaves do cartão original, críticas, por permitirem a execução de transações, ainda que, com limitações na sua utilização. No entanto, com a migração de um ambiente resistente a violações (SE) para um ambiente não controlado (uma aplicação num dispositivo móvel), há vários riscos que devem ser avaliados adequadamente para que seja possível materializar uma implementação baseada no risco. O presente estudo descreve o modelo de HCE com Tokenização (HCEt) e identifica e avalia os seus riscos, analisando o modelo do ponto de vista de uma aplicação wallet num dispositivo móvel, que armazena tokens de pagamento para poder realizar transações contactless

The survey on Near Field Communication

PubMed ID: 26057043Near Field Communication (NFC) is an emerging short-range wireless communication technology that offers great and varied promise in services such as payment, ticketing, gaming, crowd sourcing, voting, navigation, and many others. NFC technology enables the integration of services from a wide range of applications into one single smartphone. NFC technology has emerged recently, and consequently not much academic data are available yet, although the number of academic research studies carried out in the past two years has already surpassed the total number of the prior works combined. This paper presents the concept of NFC technology in a holistic approach from different perspectives, including hardware improvement and optimization, communication essentials and standards, applications, secure elements, privacy and security, usability analysis, and ecosystem and business issues. Further research opportunities in terms of the academic and business points of view are also explored and discussed at the end of each section. This comprehensive survey will be a valuable guide for researchers and academicians, as well as for business in the NFC technology and ecosystem.Publisher's Versio

Host Card Emulation with Tokenisation: Security Risk Assessment

Host Card Emulation (HCE) is an architecture that provides virtual representation of contactless cards, enabling transactional communication for mobile devices with Near-Field Communication (NFC) support without the need of Secure Element (SE) hardware. Performing the card emulation mainly by software, usually in wallet-like applications which store payment tokens for enabling transactions, creates several risks that need to be properly evaluated in order to be able to materialise a risk-based implementation. This paper describes the HCEt and proposes the identification and assessment of its risks through a survey conducted to specialists in the subject matter, analysing the model from the point of view of a wallet application on a mobile device that stores payment tokens to be able to perform contactless transactions. Despite the increasing complexity and specialisation of software, hardware, and the respective technical cyberattacks we conclude that the human nature remains the easiest to exploit, with greater gains

A Mobile Secure Bluetooth-Enabled Cryptographic Provider

The use of digital X509v3 public key certificates, together with different standards for secure digital signatures are commonly adopted to establish authentication proofs between principals, applications and services. One of the robustness characteristics commonly associated with such mechanisms is the need of hardware-sealed cryptographic devices, such as Hardware-Security Modules (or HSMs), smart cards or hardware-enabled tokens or dongles. These devices support internal functions for management and storage of cryptographic keys, allowing the isolated execution of cryptographic operations, with the keys or related sensitive parameters never exposed. The portable devices most widely used are USB-tokens (or security dongles) and internal ships of smart cards (as it is also the case of citizen cards, banking cards or ticketing cards). More recently, a new generation of Bluetooth-enabled smart USB dongles appeared, also suitable to protect cryptographic operations and digital signatures for secure identity and payment applications. The common characteristic of such devices is to offer the required support to be used as secure cryptographic providers. Among the advantages of those portable cryptographic devices is also their portability and ubiquitous use, but, in consequence, they are also frequently forgotten or even lost. USB-enabled devices imply the need of readers, not always and not commonly available for generic smartphones or users working with computing devices. Also, wireless-devices can be specialized or require a development effort to be used as standard cryptographic providers. An alternative to mitigate such problems is the possible adoption of conventional Bluetooth-enabled smartphones, as ubiquitous cryptographic providers to be used, remotely, by client-side applications running in users’ devices, such as desktop or laptop computers. However, the use of smartphones for safe storage and management of private keys and sensitive parameters requires a careful analysis on the adversary model assumptions. The design options to implement a practical and secure smartphone-enabled cryptographic solution as a product, also requires the approach and the better use of the more interesting facilities provided by frameworks, programming environments and mobile operating systems services. In this dissertation we addressed the design, development and experimental evaluation of a secure mobile cryptographic provider, designed as a mobile service provided in a smartphone. The proposed solution is designed for Android-Based smartphones and supports on-demand Bluetooth-enabled cryptographic operations, including standard digital signatures. The addressed mobile cryptographic provider can be used by applications running on Windows-enabled computing devices, requesting digital signatures. The solution relies on the secure storage of private keys related to X509v3 public certificates and Android-based secure elements (SEs). With the materialized solution, an application running in a Windows computing device can request standard digital signatures of documents, transparently executed remotely by the smartphone regarded as a standard cryptographic provider

Mobile applications approaches using near field communication support

Nowadays, the society is constantly evolving technologically and new products and technologies appears every day. These technologies allow the well-being of societies and their populations. Mobile gadgets evolution, mainly the smartphones, has always been at the forefront, everyday new devices appear and with them, more recent technologies. These technologies provide a better quality of life of everybody who uses them. People need to have at their disposal a whole array of new features that make their life increasingly more easily. The use of gadgets to simplify the day-to-day is growing and for this people use all disposal types of devices, such as computers, laptops, file servers, smartphones, tablets, and among of others. With the need to use all these devices a problem appears, the data synchronization and a way to simplify the usage of smartphones. What is the advantage of having so much technology available if we need to concern about the interoperability between all devices? There are some solutions to overcome these problems, but most often the advantage brought by these technologies has associated some setup configurations and time is money. Near field communication (NFC) appeared in 2004 but only now has gained the market dominance and visibility, everybody wants to have a NFC based solution, like Google, Apple, Microsoft and other IT giants. NFC is the best solution to overcome some problems like, file synchronization, content sharing, pairing devices, and launch applications without user interaction. NFC arises as a technology that was forgotten, but it has everything to win in every global solutions and markets. In this dissertation two based solutions are presented, an application to transfer money using NFC and an application launcher. Both solutions are an innovation in market because there are nothing like these. A prototype of each application was build and tested. NFC Launcher is already in Android Market. NFC Launcher and Credit Transfer were built, evaluated and are ready for use

Near Field Communication: From theory to practice

This book provides the technical essentials, state-of-the-art knowledge, business ecosystem and standards of Near Field Communication (NFC)by NFC Lab - Istanbul research centre which conducts intense research on NFC technology. In this book, the authors present the contemporary research on all aspects of NFC, addressing related security aspects as well as information on various business models. In addition, the book provides comprehensive information a designer needs to design an NFC project, an analyzer needs to analyze requirements of a new NFC based system, and a programmer needs to implement an application. Furthermore, the authors introduce the technical and administrative issues related to NFC technology, standards, and global stakeholders. It also offers comprehensive information as well as use case studies for each NFC operating mode to give the usage idea behind each operating mode thoroughly. Examples of NFC application development are provided using Java technology, and security considerations are discussed in detail. Key Features: Offers a complete understanding of the NFC technology, including standards, technical essentials, operating modes, application development with Java, security and privacy, business ecosystem analysis Provides analysis, design as well as development guidance for professionals from administrative and technical perspectives Discusses methods, techniques and modelling support including UML are demonstrated with real cases Contains case studies such as payment, ticketing, social networking and remote shopping This book will be an invaluable guide for business and ecosystem analysts, project managers, mobile commerce consultants, system and application developers, mobile developers and practitioners. It will also be of interest to researchers, software engineers, computer scientists, information technology specialists including students and graduates.Publisher's Versio

Sophisticated Batteryless Sensing

Wireless embedded sensing systems have revolutionized scientific, industrial, and consumer applications. Sensors have become a fixture in our daily lives, as well as the scientific and industrial communities by allowing continuous monitoring of people, wildlife, plants, buildings, roads and highways, pipelines, and countless other objects. Recently a new vision for sensing has emerged---known as the Internet-of-Things (IoT)---where trillions of devices invisibly sense, coordinate, and communicate to support our life and well being. However, the sheer scale of the IoT has presented serious problems for current sensing technologies---mainly, the unsustainable maintenance, ecological, and economic costs of recycling or disposing of trillions of batteries. This energy storage bottleneck has prevented massive deployments of tiny sensing devices at the edge of the IoT. This dissertation explores an alternative---leave the batteries behind, and harvest the energy required for sensing tasks from the environment the device is embedded in. These sensors can be made cheaper, smaller, and will last decades longer than their battery powered counterparts, making them a perfect fit for the requirements of the IoT. These sensors can be deployed where battery powered sensors cannot---embedded in concrete, shot into space, or even implanted in animals and people. However, these batteryless sensors may lose power at any point, with no warning, for unpredictable lengths of time. Programming, profiling, debugging, and building applications with these devices pose significant challenges. First, batteryless devices operate in unpredictable environments, where voltages vary and power failures can occur at any time---often devices are in failure for hours. Second, a device\u27s behavior effects the amount of energy they can harvest---meaning small changes in tasks can drastically change harvester efficiency. Third, the programming interfaces of batteryless devices are ill-defined and non- intuitive; most developers have trouble anticipating the problems inherent with an intermittent power supply. Finally, the lack of community, and a standard usable hardware platform have reduced the resources and prototyping ability of the developer. In this dissertation we present solutions to these challenges in the form of a tool for repeatable and realistic experimentation called Ekho, a reconfigurable hardware platform named Flicker, and a language and runtime for timely execution of intermittent programs called Mayfly