Organisational aspects and anatomy of an attack on NFC/HCE mobile payment systems

Maurizio Cavallari, Luca Adami, Francesco Tornieri

Risultato della ricerca: Contributo in libroContributo a conferenza

6 Citazioni (Scopus)

Abstract

Near Field Communication (NFC) and contactless applications are increasing at unprecedented rate and their value is being recognised by the financial industry (Ok et al., 2011). Attacks are also increasing and they can compromise the business value on NFC applications (Murdoch and Anderson, 2010, Trend Micro, 2015). The present paper analyse the anatomy of possible attacks, uncovering vulnerabilities and suggesting possible countermeasures. The value of the paper is found in the contribution to practical mitigation of risk in the mobile payment financial business, with respect to the technology side. Host Card Emulation (HCE) is a technology solution that permits the creation of a virtual representation of a smart card using only software components, effectively eliminating the need for Secure Element hardware in the device. NFC/HCE technologies has proved itself very vulnerable in a variety of aspects. The paper would go through specific vulnerabilities and vulnerable situation, like: a non-secure-device/cloud communication channel; access to data saved locally in wallet; reusability of token; use of fake POS; malware and fake application; specific vulnerabilities of “Tap & Pay”; device/cloud decoupling. Countermeasures that have been proved effective are offered to readers along with Organisational aspects to be taken into account.
Lingua originaleInglese
Titolo della pubblicazione ospiteICEIS 2015 - 17th International Conference on Enterprise Information Systems, Proceedings
Pagine685-700
Numero di pagine16
DOI
Stato di pubblicazionePubblicato - 2015
Pubblicato esternamente
EventoICEIS 2015 - 17th International Conference on Enterprise Information Systems - Barcellona
Durata: 27 apr 201530 apr 2015

Convegno

ConvegnoICEIS 2015 - 17th International Conference on Enterprise Information Systems
CittàBarcellona
Periodo27/4/1530/4/15

Keywords

  • HCE
  • Host Card Emulation
  • Mobile Payments
  • NFC
  • Near Field Communication
  • Organisation
  • RFID
  • Security

Fingerprint

Entra nei temi di ricerca di 'Organisational aspects and anatomy of an attack on NFC/HCE mobile payment systems'. Insieme formano una fingerprint unica.

Cita questo