NFC and mobile payments today

Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2011NFC (Near Field Communication) e pagamentos móveis são duas áreas que se tornaram muito populares ultimamente, ambas duplicaram o seu índice de volume de pesquisas medido pelo Google Trends no último ano. NFC é uma tecnologia de comunicação sem fios já disponível em alguns telemóveis, sendo que mais estão anunciados para breve, e os pagamentos móveis são um serviço cuja utilização se espera que cresça a um ritmo bastante acelerado nos próximos anos. Este crescimento já foi previsto antes, e as expectativas saíram goradas, mas pensa-se que a NFC seja a tecnologia que vai trazer os pagamentos móveis às massas. Esta tese foca-se nestas duas áreas e em como a NFC pode ser útil num protocolo para executar pagamentos móveis nos dias de hoje. Para isto, um novo protocolo chamado mTrocos é apresentado. Este possui várias características desejáveis tais como anonimato, alta segurança, boa usabilidade, a não dependência de bancos ou instituições financeiras tradicionais, o suporte para micro-pagamentos e não requer nenhum hardware especial. O seu desenho é baseado no conceito de dinheiro digital e em protocolos de estabelecimento de chaves ad-hoc. Estes últimos são úteis visto que a NFC é um meio sem fios que não oferece nenhuma segurança de raiz para além do seu curto alcance. É detalhada uma prova de conceito da implementação usando um telefone com o sistema operativo Android e um leitor NFC de secretária, provando que ela funciona usando apenas hardware comum disponível actualmente. No entanto, a API (Application Programming Interface) de NFC do Android revelou-se limitada, o que influenciou o desenho do mTrocos, e o impediu de fazer uso apenas da NFC para a troca das suas mensagens. Como parte da avaliação do protocolo, foram feitos testes com utilizadores que mostram que o mTrocos é fácil de usar e que é indicado para o cenário pensado: máquinas de venda automática. Outra conclusão a que se pode chegar é que a NFC é uma tecnologia que melhora a experiência de utilização e que vai ser de grande utilidade para o crescimento dos pagamentos móveis.NFC (Near Field Communication) and mobile payments are two areas that have received a significant amount of attention lately. NFC is a wireless communication technology already available on some mobile phones, with more to come in the near future, and mobile payments are a service whose usage is expected to grow at a significant rate in the coming years. This growth has been predicted before, and expectations have been let down, but NFC is thought to be the technology that will bring mobile payments to the masses. This thesis is focused on these two areas and how NFC can be of use in a protocol to conduct mobile payments. For this, a new protocol called mTrocos is presented that possesses several desirable characteristics such as anonymity, high security, good usability, unbanked, support for micropayments and no special hardware requirements. Its design is based on digital money concepts and ad-hoc key establishment protocols. The latter are useful because NFC is a wireless medium and offers no built-in security other than its limited range. A proof-of-concept implementation with an Android phone and a desktop NFC reader is detailed, proving that it works using only commodity equipment currently available. However, Android’s NFC API (Application Programming Interface) was found to be limited, which influenced the design of mTrocos, preventing it from relying only on NFC for the exchange of the messages. As part of the protocol’s evaluation, user tests were conducted which show that mTrocos is easy to use and that it is suited to the envisaged scenario: vending machines. Another conclusion is that NFC is a technology that improves the user experience and will be of great help for the growth of mobile payments

Mobile applications approaches using near field communication support

Nowadays, the society is constantly evolving technologically and new products and technologies appears every day. These technologies allow the well-being of societies and their populations. Mobile gadgets evolution, mainly the smartphones, has always been at the forefront, everyday new devices appear and with them, more recent technologies. These technologies provide a better quality of life of everybody who uses them. People need to have at their disposal a whole array of new features that make their life increasingly more easily. The use of gadgets to simplify the day-to-day is growing and for this people use all disposal types of devices, such as computers, laptops, file servers, smartphones, tablets, and among of others. With the need to use all these devices a problem appears, the data synchronization and a way to simplify the usage of smartphones. What is the advantage of having so much technology available if we need to concern about the interoperability between all devices? There are some solutions to overcome these problems, but most often the advantage brought by these technologies has associated some setup configurations and time is money. Near field communication (NFC) appeared in 2004 but only now has gained the market dominance and visibility, everybody wants to have a NFC based solution, like Google, Apple, Microsoft and other IT giants. NFC is the best solution to overcome some problems like, file synchronization, content sharing, pairing devices, and launch applications without user interaction. NFC arises as a technology that was forgotten, but it has everything to win in every global solutions and markets. In this dissertation two based solutions are presented, an application to transfer money using NFC and an application launcher. Both solutions are an innovation in market because there are nothing like these. A prototype of each application was build and tested. NFC Launcher is already in Android Market. NFC Launcher and Credit Transfer were built, evaluated and are ready for use

SysMART Indoor Services: A System of Smart and Connected Supermarkets

Smart gadgets are being embedded almost in every aspect of our lives. From smart cities to smart watches, modern industries are increasingly supporting the Internet of Things (IoT). SysMART aims at making supermarkets smart, productive, and with a touch of modern lifestyle. While similar implementations to improve the shopping experience exists, they tend mainly to replace the shopping activity at the store with online shopping. Although online shopping reduces time and effort, it deprives customers from enjoying the experience. SysMART relies on cutting-edge devices and technology to simplify and reduce the time required during grocery shopping inside the supermarket. In addition, the system monitors and maintains perishable products in good condition suitable for human consumption. SysMART is built using state-of-the-art technologies that support rapid prototyping and precision data acquisition. The selected development environment is LabVIEW with its world-class interfacing libraries. The paper comprises a detailed system description, development strategy, interface design, software engineering, and a thorough analysis and evaluation.Comment: 7 pages, 11 figur

The Dangers of Verify PIN on Contactless Cards

Contactless / Near Field Communication (NFC) card payments are being introduced around the world, allowing customers to use a card to pay for small purchases by simply placing the card onto the Point of Sale terminal. Although the terminal needs to be able to verify a PIN, it is not clear if such PIN verification features should be available on the NFC card itself. We show that contactless Visa payment cards have (largely redundant) functionality, Verify PIN, which makes them vulnerable to new forms of wireless attack. Based on careful examination of the Europay, MasterCard and Visa (EMV) protocol and experiments with the Visa fast Dynamic Data Authentication transaction protocol, we provide a set of building blocks for possible attacks. These building blocks are data skimming, Verify PIN and transaction relay, which we implement and experiment with. Based on these building blocks, we propose a number of realistic attacks, including a denial-of-service attack and a newly developed realistic PIN guessing attack. The conclusion of our work is that implementing Verify PIN functionality on NFC cards has no demonstrated benefits and opens up new avenues of attack

Design of Prototype Payment Application System With Near Field Communication (NFC) Technology based on Android

Since the late 1990s, people have enjoyed a comfortable lifestyle. Mobile devices supported by the development of wireless networks have spread throughout the world. People can get information, order tickets, download songs and perform commercial transactions, called mobile commerce. Mobile commerce applications become the most popular application for mobile device users who want to do business and financial transactions easily and securely, anytime and anywhere they are. Today the use of physical cash is experiencing a decline in popularity in the business world, because it is being replaced by non-physical payments are often called electronic money (e-money). An important technology behind mobile payments is called Near Field Communication (NFC). As an indication that the NFC has tremendous business potential, leading companies like Nokia, Microsoft, Visa Inc., and MasterCard Worldwide and NXP Semiconductors, is actively engaged on them. Payment processing integrated with NFC technology based mobile operating system that is a trend today is Android that support NFC technology is version 2.3.3 Gingerbread. The prototype application is designed to pay for 2 on the user side of the user as consumer and the merchant side as a trader or seller by using the handset that already have NFC technology is Google Samsung Nexus S. Pay an application prototype also implements the concept of security in e-commerce transactions by using the protocol-to-Tag Tag so that the user needs for security and comfort during the financial transaction are met. &nbsp

FINE-GRAINED ACCESS CONTROL ON ANDROID COMPONENT

The pervasiveness of Android devices in today’s interconnected world emphasizes the importance of mobile security in protecting user privacy and digital assets. Android’s current security model primarily enforces application-level mechanisms, which fail to address component-level (e.g., Activity, Service, and Content Provider) security concerns. Consequently, third-party code may exploit an application’s permissions, and security features like MDM or BYOD face limitations in their implementation. To address these concerns, we propose a novel Android component context-aware access control mechanism that enforces layered security at multiple Exception Levels (ELs), including EL0, EL1, and EL3. This approach effectively restricts component privileges and controls resource access as needed. Our solution comprises Flasa at EL0, extending SELinux policies for inter-component interactions and SQLite content control; Compac, spanning EL0 and EL1, which enforces component-level permission controls through Android runtime and kernel modifications; and TzNfc, leveraging TrustZone technologies to secure third-party services and limit system privileges via Trusted Execution Environment (TEE). Our evaluations demonstrate the effectiveness of our proposed solution in containing component privileges, controlling inter-component interactions and protecting component level resource access. This enhanced solution, complementing Android’s existing security architecture, provides a more comprehensive approach to Android security, benefiting users, developers, and the broader mobile ecosystem

MOBILE BANKING SYSTEM DEVELOPMENT USING NEAR FIELD COMMUNICATION TECHNOLOGY WITH ANDROID-BASED OPERATING SYSTEM

Development of information technology (IT) is used to support business sector, including banking. One of them, banking uses IT to improve the quality of service in the form of internet banking and mobile banking. Therefor, the research focused on development of mobile banking system using Near Field Communication (NFC) technology as client authentication and security system. Features on mobile banking system are checking balance information, mutation, electricity bill, a fellow bank transfer and transfers between Bank that has been working with ATM Bersama, as well as payment of electricity bills. System development using JAVA programming language with Android Studio tools, to access server using PHP with MySQL as database management, IdWebHost as hosting services, as well as data output using JSON format. Data collection method is done with interview stage and literature study. Researcher uses system development methods of Rapid Application Development (RAD), while testing using unit testing and user acceptance testing. Result of the study is secure mobile banking system utilizing Near Field Communication technology, PIN, and AES encryption.                                                           

Generic and Parameterizable Service for Remote Configuration of Mobile Phones Using Near Field Communication

Os serviços nos nossos dispositivos móveis têm aumentado em número e complexidade nos últimos anos. Utilizadores menos experientes sentem dificuldade em tirar total partido destes serviços. De forma a atenuar este problema, é necessário encontrar novas e inovadoras formas que permitam assistir o utilizador no processo de configuração. Para além disso, vivemos numa sociedade do imediato. As pessoas querem que o acesso aos recursos seja rápido, simples e seguro. É também sabido que grande parte dos utilizadores são leigos no que diz respeito à utilização de funcionalidades avançadas dos dispositivos móveis, o que resulta em alguma inércia no uso de certas aplicações e funcionalidades.O Near Field Communication oferece uma oportunidade única para introduzir novos paradigmas de negócio no que diz respeito à interação e facilidade de utilização. Esta dissertação especifica um serviço genérico e parametrizável para a configuração remota de dispositivos.Mobile services have increased both in number and complexity in the past few years. This means that in order to get the most out of these services, less experienced users will have a hard time configuring them by hand. To address this issue, we must find new and innovative solutions to assist the user in this process. Furthermore, we live in a society of the immediate. Everyone wants access to resources to be fast, simple and secure. It is also known that most of the users are laymen when referring to advanced configuration of mobile phone, resulting in some inertia in the use of applications and functionalities.Near Field Communication (NFC) provides an unique opportunity to introduce new business paradigms in terms of interaction and ease of use. This dissertation specifies a generic and parameterizable service for remote configuration of mobile devices using Near Field Communication, which requires minimal user intervention

The future of exchanging value: uncovering new ways of spending

The explosion of new technology and virtual currencies is changing where, when and how people and business exchange value. The report also demonstrates that while the future of payments is uncertain, the availability of internet connectivity and the mass adoption of mobile devices will impact the payments industry and incumbent payments providers. The phenomenal uptake and usage of mobile devices – and the easy accessibility of mobile payments technology – means today’s consumers are more mobile in their transactions and have a wealth of options available regarding where, when and how they make purchasing decisions. The future of exchanging value – Uncovering new ways of spending explores how the emergence of a new generation of payment solutions and business models is changing the payments landscape. Organisations that look beyond traditional payments platforms and simplify the purchasing process by having the right payments solutions available at the right place and at the right time can gain a competitive advantage. The report also demonstrates that while the future of payments is uncertain, the availability of internet connectivity and the mass adoption of mobile devices will impact the payments industry and incumbent payments providers