280 research outputs found

    The survey on Near Field Communication

    Get PDF
    PubMed ID: 26057043Near Field Communication (NFC) is an emerging short-range wireless communication technology that offers great and varied promise in services such as payment, ticketing, gaming, crowd sourcing, voting, navigation, and many others. NFC technology enables the integration of services from a wide range of applications into one single smartphone. NFC technology has emerged recently, and consequently not much academic data are available yet, although the number of academic research studies carried out in the past two years has already surpassed the total number of the prior works combined. This paper presents the concept of NFC technology in a holistic approach from different perspectives, including hardware improvement and optimization, communication essentials and standards, applications, secure elements, privacy and security, usability analysis, and ecosystem and business issues. Further research opportunities in terms of the academic and business points of view are also explored and discussed at the end of each section. This comprehensive survey will be a valuable guide for researchers and academicians, as well as for business in the NFC technology and ecosystem.Publisher's Versio

    Attacks On Near Field Communication Devices

    Get PDF
    For some years, Near Field Communication (NFC) has been a popularly known technology characterized by its short-distance wireless communication, mainly used in providing different agreeable services such as payment with mobile phones in stores, Electronic Identification, Transportation Electronic Ticketing, Patient Monitoring, and Healthcare. The ability to quickly connect devices offers a level of secure communication. That notwithstanding, looking deeply at NFC and its security level, identifying threats leading to attacks that can alter the user’s confidentiality and data privacy becomes obvious. This paper summarizes some of these attacks, emphasizing four main attack vectors, bringing out a taxonomy of these attack vectors on NFC, and presenting security issues alongside privacy threats within the application environment

    Analysing and Improving the Security of Contactless Payment Cards

    Get PDF
    Europay, MasterCard, and Visa (EMV) is the most used payment protocol around the world with 85.9% of the payment cards in the EU and the UK being EMV based cards in 2019. The EMV payment protocol has made contactless transactions faster and more convenient for cardholders as they only need to place the card next to the Point of Sale (POS) to make a payment. According to the latest report of the UK Finance, the total value of contactless card transactions in 2019 was higher than the cash ones for the first time ever. On the other hand, the introduction of the wireless interface in the EMV contactless transactions opens the door for several attacks to be launched on contactless cards such as skimming, eavesdropping, replay, and relay attacks. Since April 2020, the limit of contactless transactions has increased to £45 as a response to the Covid-19 crisis. This might create an extra motivation for launching more attackers on contactless cards. This thesis is primarily concerned with investigating and analysing the security of contactless card’s payments and uncovering the impact of key vulnerabilities in the EMV contactless card specifications. The two main vulnerable are the one-way authentication methods and the lack of cardholder verification in such transactions. The thesis also proposes the following four practical protocols to improve the security and the privacy of the EMV contactless cards. 1- A new tokenization protocol to replace the actual Primary Account Number (PAN) with a token to prevent the EMV contactless cards from revealing the actual PAN. 2- A mutual authentication protocol to address the vulnerabilities related to the EMV one-way card authentication methods in the EMV payment protocol. 3- A novel gyroscope sensor into EMV contactless cards to be used for activating the cards by perfuming a simple move by the cardholder. 4- A protocol to use cardholders’ NFC enabled smartphones to activate contactless cards. The two main aims of these four proposed protocols are to prevent such cards from being read by unauthorised NFC enabled readers/smartphones and to give cardholders more control of their contactless cards in order to prevent several attacks. Moreover, the thesis also describes a Java framework to mimic a genuine EMV contactless card and validate the four proposed solutions. The thesis argues that the first two proposed solutions require minimal changes to the existing EMV infrastructures and do not have any impact on the user’s experience while the last two proposed solutions require some changes the users’ experience when making contactless card transactions

    Smartphone: The Ultimate IoT and IoE Device

    Get PDF
    Internet of Things (IoT) and Internet of Everything (IoE) are emerging communication concepts that will interconnect a variety of devices (including smartphones, home appliances, sensors, and other network devices), people, data, and processes and allow them to communicate with each other seamlessly. These new concepts can be applied in many application domains such as healthcare, transportation, and supply chain management (SCM), to name a few, and allow users to get real-time information such as location-based services, disease management, and tracking. The smartphone-enabling technologies such as built-in sensors, Bluetooth, radio-frequency identification (RFID) tracking, and near-field communications (NFC) allow it to be an integral part of IoT and IoE world and the mostly used device in these environments. However, its use imposes severe security and privacy threats, because the smartphone usually contains and communicates sensitive private data. In this chapter, we provide a comprehensive survey on IoT and IoE technologies, their application domains, IoT structure and architecture, the use of smartphones in IoT and IoE, and the difference between IoT networks and mobile cellular networks. We also provide a concise overview of future opportunities and challenges in IoT and IoE environments and focus more on the security and privacy threats of using the smartphone in IoT and IoE networks with a suggestion of some countermeasures

    Multi-RFID embedded Ticketing Kernel for MaaS

    Get PDF
    Trabalho de projeto de mestrado, Engenharia Informática (Engenharia de Software) Universidade de Lisboa, Faculdade de Ciências, 2020The fast-growing human population is causing an ever-increasing trend of hyper urbanisation and globalisation, along with the popularisation of private cars to commute, which contributes to several environmental and health problems, for instance, high lev els of noise, congestion, and pollution. Hence, most cities are facilitating and enhancing commuting travel, thus, fostering the development of transportation. Today’s urban transport networks are part of the daily lives of millions of people around the world, and in this era of digitalisation, servicising, and cashless economy the public transportation must also readjust. Therefore, contactless bank cards will make it reasonable to travel by public transport. It will be the first time in Portugal that a contactless bank card enables public transport to be accessed, travelled and charged. Such a solution would encourage the contactless debit or credit card to be an alternative to the proprietary transit card, thereby helping to enhance the usability and accessibility of public transport. With the launch of the contactless solution in public transport, a metropolitan area in Portugal will very well integrate a growing list of the world’s major cities such as London, Singapore, Rio de Janeiro and New York. Moreover, new passengers gradually shift from maintaining a private car to the use of public transport means, which allows a diminution on the emission of fuel gases, and a reduction of the global pollution. In addition to that, public transport operators pains also decrease because proprietary cards are handled and managed by financial institutions, enabling the transport agencies to turn their attention to the core of their business, like the multi-modal mass transit and fare calculation. This pioneering project in Portugal involved several stakeholders, including Card4B, Visa, and Unicre. Accordingly, the project aimed to provide an open-loop model with con tactless and post-paid payments to integrate into the existing operation of transportation ticketing. Finally, the developed solution supports contactless transactions, and followed the “Contactless Specifications for Payment Systems”. Successfully, the delivered solution was certified with an EMV Level 3 Certification for both Visa PayWave and MasterCard Contactless transactions

    Automatização dos procedimentos de check-in no sector turístico

    Get PDF
    This report takes advantage of Web and IoT technology to remove the necessity of 3th people into the check-in procedures. The innovation has the objective to improve the accommodation sector in Tourism and Travel activities. For choosing of the most suitable technology, a careful analysis was performed about the target audience and the possible technologies. Then, a business plan was developed to explain how the product can be profitable, generate value to society and present itself as an innovation. Only after that, MVP was developed to test the viability of this business model. The MVP consisted on platform and locker that allow the user to manage and use their desired accesses to the mechanical engineering laboratories in university of Aveiro.Este trabalho aproveita tecnologias como IOT e Web para remover a necessidade de terceiros nos procedimentos de check-in. A inovação tem o objetivo de melhorar o setor de alojamento na indústria turística. Para a escolha da tecnologia mais adequada, foi realizada uma análise cuidadosa sobre o público-alvo e as possíveis tecnologias. Em seguida, foi desenvolvido um plano de negócios para explicar como o produto pode ser rentável, gerar valor para a sociedade e apresentar-se como uma inovação. Somente depois disso, foi desenvolvido um protótipo para testar a viabilidade desse modelo de negócio. O protótipo consiste numa plataforma e fechadura que permite a utilização a gestão automática dos acessos para os laboratórios de engenharia mecânica da Universidade de Aveiro.Mestrado em Engenharia Mecânic

    Near Field Communication Applications

    Get PDF
    Near Field Communication (NFC) is a short-range, low power contactless communication between NFC-enabled devices that are held in the closed proximity to each other. NFC technology has been moving rapidly from its initial application areas of mobile payment services and contactless ticketing to the diversity of new areas. Three specific NFC tags highlighted in the thesis have different structures in terms of memory, security and usage in different applications. NFC information tags exploit the data exchange format NDEF standardized by NFC Forum. NFC applications are rapidly stepping into novel and diverse application areas. Often they are deployed in combination with different devices and systems through their integrability and adaptability features. The diverse application areas where NFC tags and cards are used cover smart posters, contactless ticketing, keys and access control, library services, entertainment services, social network services, education, location based services, work force and retail management and healthcare. In designing different NFC applications, it is necessary to take into consideration different design issues such as to choosing the NFC tools and devices according to the technical requirements of the application, considering especially the memory, security and price factors as well as their relation to the purpose and usage of the final product. The security aspect of the NFC tags is remarkably important in selecting the proper NFC device. The race between hackers attacking and breaking the security systems of programmable high level products and manufacturers to produce reliable secure systems and products seems to never end. This has proven to be case, for example, for trying MIFARE Ultralight and DESFire MF3ICD40 tags. An important consideration of studying the different applications of NFC tags and cards during the thesis work was to understand the ubiquitous character of NFC technology.Lähitunnistus yhteys tekniikka (NFC) on lyhyen tähtäimen, pienitehoinen, kontaktiton yhteydenpito NFC yhteensopivien laitteiden välillä, jossa laitteet pidetään toistensä välittömässä läheisyydessä tiedon siirtämiseksi niiden välillä. NFC-teknologia on siirtynyt nopeasti sen alkuperäisiltä toimialueilta eli mobiili maksupalvelujen ja kontaktittomien lippujen sovellusalueilta moninaisille uusille alueille. Kolmella NFC tagillä, joita on käsitelty tässä tutkielmassa, on muistin, turvallisuuden ja käytön kannalta erilaisiä rakenteita, joita käytetään eri sovelluksissa. NFC-tagit käyttävät tiedonvälityksessä NFC Forumin standardoimaa NDEF-tiedonvaihtoformaattia. NFC sovellukset esiintyvät yhä enenevässä määrin nopeasti kehyttyvillä, uudenlaisilla ja monipuolisilla sovellusalueilla, usein yhdessä eri laitteiden ja järjestelmien kanssa. NFC on käytettävissä erinäisten laitteiden kanssa erilaisissa järjestelmäympäristöissä. Monipuoliset sovellusalueet, joissa muun muassa NFC-tagejä ja -kortteja käytetään sisältävät seuraavanlaisia sovelluksia: älykkäät julisteet, kontaktittomat liput, avaimet ja pääsynvalvonta, kirjastopalvelut, viihdepalvelut, sosiaalisen verkoston palvelut, kasvatukseen ja koulutukseen liittyvät palvelut, sijaintiperustaiset palvelut, työvoiman ja vähittäiskaupan hallinto-palvelut ja terveyspalvelut. Erilaisten NFC-sovelluksien suunnittelussa on väistämätöntä ottaa erilaisia suunnitteluasioita huomioon kuten valita NFC-työkalut ja laitteet sovelluksen teknisten vaatimusten mukaan. Erilaiset tärkeät tekijät kuten muisti, tietoturvallisuusominaisuudet ja hinta ja niiden kaikkien toimivuus lopputuotteen kannalta on otettava huomioon. Tietoturvallisuusnäkökohta on erityisen tärkeä oikean NFC laitteen valitsemisessa, sillä käynnissä on loputon kilpajuoksu hakkerien, jotka yrittävät rikkoa ohjelmoitavien korkeatasoisten laitteiden ja tuotteiden tietoturvajärjestelmiä, ja valmistajien, jotka pyrkivät tuottamaan luotettavia varmoja järjestelmiä, välillä. Tietoturvariskiin liittyviä ongelmia on löydetty esimerkiksi MIFARE Ultralight ja DESFire MF3ICD40 tageista. Tärkeä havainto, joka saatiin erilaisten NFC sovelluksien tutkimisesta, oli oivaltaa NFCteknologian potentiaalinen kaikkialle ulottuva, yleiskäyttöinen luonne
    corecore