Near Field Communication Applications

Near Field Communication (NFC) is a short-range, low power contactless communication between NFC-enabled devices that are held in the closed proximity to each other. NFC technology has been moving rapidly from its initial application areas of mobile payment services and contactless ticketing to the diversity of new areas. Three specific NFC tags highlighted in the thesis have different structures in terms of memory, security and usage in different applications. NFC information tags exploit the data exchange format NDEF standardized by NFC Forum. NFC applications are rapidly stepping into novel and diverse application areas. Often they are deployed in combination with different devices and systems through their integrability and adaptability features. The diverse application areas where NFC tags and cards are used cover smart posters, contactless ticketing, keys and access control, library services, entertainment services, social network services, education, location based services, work force and retail management and healthcare. In designing different NFC applications, it is necessary to take into consideration different design issues such as to choosing the NFC tools and devices according to the technical requirements of the application, considering especially the memory, security and price factors as well as their relation to the purpose and usage of the final product. The security aspect of the NFC tags is remarkably important in selecting the proper NFC device. The race between hackers attacking and breaking the security systems of programmable high level products and manufacturers to produce reliable secure systems and products seems to never end. This has proven to be case, for example, for trying MIFARE Ultralight and DESFire MF3ICD40 tags. An important consideration of studying the different applications of NFC tags and cards during the thesis work was to understand the ubiquitous character of NFC technology.Lähitunnistus yhteys tekniikka (NFC) on lyhyen tähtäimen, pienitehoinen, kontaktiton yhteydenpito NFC yhteensopivien laitteiden välillä, jossa laitteet pidetään toistensä välittömässä läheisyydessä tiedon siirtämiseksi niiden välillä. NFC-teknologia on siirtynyt nopeasti sen alkuperäisiltä toimialueilta eli mobiili maksupalvelujen ja kontaktittomien lippujen sovellusalueilta moninaisille uusille alueille. Kolmella NFC tagillä, joita on käsitelty tässä tutkielmassa, on muistin, turvallisuuden ja käytön kannalta erilaisiä rakenteita, joita käytetään eri sovelluksissa. NFC-tagit käyttävät tiedonvälityksessä NFC Forumin standardoimaa NDEF-tiedonvaihtoformaattia. NFC sovellukset esiintyvät yhä enenevässä määrin nopeasti kehyttyvillä, uudenlaisilla ja monipuolisilla sovellusalueilla, usein yhdessä eri laitteiden ja järjestelmien kanssa. NFC on käytettävissä erinäisten laitteiden kanssa erilaisissa järjestelmäympäristöissä. Monipuoliset sovellusalueet, joissa muun muassa NFC-tagejä ja -kortteja käytetään sisältävät seuraavanlaisia sovelluksia: älykkäät julisteet, kontaktittomat liput, avaimet ja pääsynvalvonta, kirjastopalvelut, viihdepalvelut, sosiaalisen verkoston palvelut, kasvatukseen ja koulutukseen liittyvät palvelut, sijaintiperustaiset palvelut, työvoiman ja vähittäiskaupan hallinto-palvelut ja terveyspalvelut. Erilaisten NFC-sovelluksien suunnittelussa on väistämätöntä ottaa erilaisia suunnitteluasioita huomioon kuten valita NFC-työkalut ja laitteet sovelluksen teknisten vaatimusten mukaan. Erilaiset tärkeät tekijät kuten muisti, tietoturvallisuusominaisuudet ja hinta ja niiden kaikkien toimivuus lopputuotteen kannalta on otettava huomioon. Tietoturvallisuusnäkökohta on erityisen tärkeä oikean NFC laitteen valitsemisessa, sillä käynnissä on loputon kilpajuoksu hakkerien, jotka yrittävät rikkoa ohjelmoitavien korkeatasoisten laitteiden ja tuotteiden tietoturvajärjestelmiä, ja valmistajien, jotka pyrkivät tuottamaan luotettavia varmoja järjestelmiä, välillä. Tietoturvariskiin liittyviä ongelmia on löydetty esimerkiksi MIFARE Ultralight ja DESFire MF3ICD40 tageista. Tärkeä havainto, joka saatiin erilaisten NFC sovelluksien tutkimisesta, oli oivaltaa NFCteknologian potentiaalinen kaikkialle ulottuva, yleiskäyttöinen luonne

Evaluation of TAPLINX framework for mobile NFC applications development

RESUMEN: Acercar una tarjeta a un lector para identificarnos o realizar el pago es una tienda es algo que se ha convertido en una acción habitual en nuestras vidas. Cada vez más, se está extendiendo el uso de terminales móviles como tarjeta o como elemento para acceder a información de almacenada en ellas, véase en paradas de autobuses, en anuncios publicitarios, etc. La plétora de modelos de tarjetas, con sus particularidades en términos de seguridad, de mecanismos de acceso, etc. hace inviable para un desarrollador de aplicaciones móviles profundizar en todos los estándares y plantear todas variaciones que puedan surgir. Si bien los entornos de desarrollo habilitados en sistemas operativos móviles cada vez abstraen más la operativa de lectura y escritura de tarjetas inteligentes, todavía queda mucho trabajo por hacer para hacerlo lo más sencillo y transparente posible. En este sentido, los fabricantes de tarjetas, como NXP, uno de los líderes en el sector con su familia de tarjetas sin contacto MIFARE, proporcionan un API que habilita un acceso abierto a las funcionalidades de su tarjeta, empleando interfaces sencillos y ocultando toda la dificultad subyacente. El presente trabajo busca evaluar el framework TapLinx para el desarrollo de aplicaciones móviles NFC sobre el sistema operativo Android para la operativa con tarjetas de la familia MIFARE.ABSTRACT: Bringing a card to a reader to identify ourselves or make payment is a store is something that has become a common action in our lives. Increasingly, the use of mobile terminals as a card or as an element to access information stored on them, see at bus stops, in advertisements, etc. The variety of card models, with their particularities in terms of security, access mechanisms, etc. makes it unfeasible for a mobile application developer to delve into all the standards and raise all variations that may arise. While development environments enabled on mobile operating systems are increasingly abstracting smart card reading and writing operations, there is still much work to be done to make it as simple and transparent as possible. In this sense, card manufacturers, such as NXP, one of the leaders in the sector with its family of MIFARE contactless cards, provides an API that enables open access to the functionalities of its card, using simple interfaces and hiding all the difficulties. underlying. The present work seeks to evaluate the TapLinx framework for the development of NFC mobile applications on the Android operating system for the operation with MIFARE family cards.Grado en Ingeniería de Tecnologías de Telecomunicació

Extension of the Access System With New Features

Diplomová práce se zabývá rozšířením SW pro přístupový systém na VŠB – Technické univerzitě Ostrava, FEI. Přístupový systém je rozšířen o~zabezpečenou komunikaci se smart kartami MIFARE DESfire bez~použití SAM modulu. Také je vylepšen proces~vzdálených aktualizací OTA pro~mikrokontrolér ESP32. Dále byly provedeny optimalizace odezvy přístupového systému. Jednou z~hlavních optimalizací bylo využití protokolu WebSocket s~podporou zabezpečeného spojení prostřednictvím protokolu HTTPS.This~diploma thesis~is~about extending existing software for an access~system running on on VŠB – Technická univerzita Ostrava, FEI. New features~for access~system are encrypted communication with smart cards~MIFARE DESfire which enables~more secure autentification of users. OTA updates~for microcontrollers~ESP32 are also improved. In order to apply new features~to the access~system, optimalizations~are made. One of the main optimalization is the usage of WebSockets~with the support of secure connection via HTTPS protocol.460 - Katedra informatikyvýborn

Security of Contactless Smart Card Protocols

Tato práce analyzuje hrozby pro protokoly využívající bezkontaktní čipové karty a představuje metodu pro poloautomatické hledání zranitelností v takových protokolech pomocí model checkingu. Návrh a implementace bezpečných aplikací jsou obtížné úkoly, i když je použit bezpečný hardware. Specifikace na vysoké úrovni abstrakce může vést k různým implementacím. Je důležité používat čipovou kartu správně, nevhodná implementace protokolu může přinést zranitelnosti, i když je protokol sám o sobě bezpečný. Cílem této práce je poskytnout metodu, která může být využita vývojáři protokolů k vytvoření modelu libovolné čipové karty, se zaměřením na bezkontaktní čipové karty, k vytvoření modelu protokolu a k použití model checkingu pro nalezení útoků v tomto modelu. Útok může být následně proveden a pokud není úspěšný, model je upraven pro další běh model checkingu. Pro formální verifikaci byla použita platforma AVANTSSAR, modely jsou psány v jazyce ASLan++. Jsou poskytnuty příklady pro demonstraci použitelnosti navrhované metody. Tato metoda byla použita k nalezení slabiny bezkontaktní čipové karty Mifare DESFire. Tato práce se dále zabývá hrozbami, které není možné pokrýt navrhovanou metodou, jako jsou útoky relay. This thesis analyses contactless smart card protocol threats and presents a method of semi-automated vulnerability finding in such protocols using model checking. Designing and implementing secure applications is difficult even when secure hardware is used. High level application specifications may lead to different implementations. It is important to use the smart card correctly, inappropriate protocol implementation may introduce a vulnerability, even if the protocol is secure by itself. The goal of this thesis is to provide a method that can be used by protocol developers to create a model of arbitrary smart card, with focus on contactless smart cards, to create a model of the protocol, and to use model checking to find attacks in this model. The attack can be then executed and if not successful, the model is refined for another model checker run. The AVANTSSAR platform was used for the formal verification, models are written in the ASLan++ language. Examples are provided to demonstrate usability of the proposed method. This method was used to find a weakness of Mifare DESFire contactless smart card. This thesis also deals with threats not possible to cover by the proposed method, such as relay attacks.

Identification and authentication technologies

Bakalárska práca sa zaoberá analýzou momentálne dostupných RFID technológií a čipových kariet. Zhrhnuté sú druhy identifikačných a autentizačných rádiových, či kontaktných systémov. Praktická časť porovnáva namerané výkonové výstupy technológií RFID a popisuje implementáciu vlastného viac atribútového autentizačného systému využívajúceho RFID technológie a čipové karty. Autentizačný systém môže zaisťovať napríklad vstup zamestnancov do budovy, pričom budú nutne preukázaní ako aj čipovou kartou, tak i RFID tagmi. Systém tiež zahŕňa prvky pre ochranu súkromia užívateľov, kedy na základe odchytenej komunikácie nie je možné odhaliť identitu užívateľa.The bachelor thesis deals with the analysis of currently available RFID technologies and smart cards. Summarized are types of identification and authentication radio or contact systems. The practical part compares measured RFID functional outputs and describes the implementation of multi-attribute authentication system using RFID technology and smart cards. For example, the authentication system can provide employees with access to the building, necessarily demonstrated by both the smart card and RFID tags.The system also includes user privacy elements, where identity of the user cannot be detected by captured communication.

User-friendly deniable storage for mobile devices

National Research Foundation (NRF) Singapor

User-friendly deniable storage for mobile devices

Mobile devices are prevalently used to process sensitive data, but traditional encryption may not work when an adversary is able to coerce the device owners to disclose the encryption keys. Plausibly Deniable Encryption (PDE) is thus designed to protect sensitive data against this powerful adversary. In this paper, we present MobiPluto, a user-friendly PDE scheme for denying the existence of sensitive data stored on mobile devices. A salient difference between MobiPluto and the existing PDE systems is that any block-based file systems can be deployed on top of it. To further improve usability and deniability of MobiPluto, we introduce a fast switching mechanism and incorporate the widely-used Near Field Communication (NFC) technology. Users can securely switch from the public mode to the hidden mode within 10 seconds, which is a significant improvement compared to previous solutions. Users can also store strong passwords on NFC cards and tap them to enter the system, which significantly liberates them from the burden of memorizing and typing strong passwords. Most importantly, the users can deny the existence of the hidden data without the skill to camouflage as long as the NFC cards are used properly

Security of Ubiquitous Computing Systems

The chapters in this open access book arise out of the EU Cost Action project Cryptacus, the objective of which was to improve and adapt existent cryptanalysis methodologies and tools to the ubiquitous computing framework. The cryptanalysis implemented lies along four axes: cryptographic models, cryptanalysis of building blocks, hardware and software security engineering, and security assessment of real-world systems. The authors are top-class researchers in security and cryptography, and the contributions are of value to researchers and practitioners in these domains. This book is open access under a CC BY license

Smart Card-based Access Control System using Isolated Many-to-Many Authentication Scheme for Electric Vehicle Charging Stations

In recent years, the Internet of Things (IoT) trend has been adopted very quickly. The rapid growth of IoT has increased the need for physical access control systems (ACS) for IoT devices, especially for IoT devices containing confidential data or other potential security risks. This research focused on many-to-many ACS, a type of ACS in which many resource-owners and resource-users are involved in the same system. This type of system is advantageous in that the user can conveniently access resources from different resource-owners using the same system. However, such a system may create a situation where parties involved in the system have their data leaked because of the large number of parties involved in the system. Therefore, ‘isolation’ of the parties involved is needed. This research simulated the use of smart cards to access electric vehicle (EV) charging stations that implement an isolated many-to-many authentication scheme. Two ESP8266 MCUs, one RC522 RFID reader, and an LED represented an EV charging station. Each institute used a Raspberry Pi Zero W as the web and database server. This research also used VPN and HTTPS protocols to isolate each institute’s assets. Every component of the system was successfully implemented and tested functionally

Estudo sobre o Near Field Communication e seu papel em pagamentos via dispositivos móveis

Esse trabalho apresenta um estudo sobre o que é o NFC e como ele funciona, analisando seus protocolos, sua segurança, suas aplicações no mundo real, auxiliando aqueles que desejam desenvolver novas soluções com esta tecnologia ainda pouco conhecida. A pesquisa baseou-se no levantamento dos protocolos relacionados ao NFC, buscando conceitos técnicos herdados principalmente do RFID e do smart card, bem como na análise sobre sua segurança, confrontando opiniões de alguns pesquisadores e pesquisando soluções disponíveis. Também foi analisado o NFC inserido no contexto do mobile payment, pesquisando sua arquitetura e protocolos de comunicação do sistema mobile NFC, isto é, sistema onde o celular NFC é usado no mobile payment. Uma ferramenta de emulação da infraestrutura NFC real (dispositivos celulares, tags, leitoras, etc.) foi apresentada, com o objetivo de auxiliar aqueles que desejam desenvolver novas aplicações NFC. Por fim, o NFC se apresenta como uma tecnologia promissora e de grande potencial inexplorado, mas ainda é ignorado pela grande maioria da população no Brasil