2017
Opening WordsAndroid Security Symposium 2017, Vienna, Austria, 08 March 2017. M. Roland, R. Mayrhofer, and E. R. Weippl Event: Android Security Symposium 2017Vienna, Austria08 – 10 March 2017 |
2016
Host Card Emulation: Wie sicher ist das Bezahlen ohne Secure Element?IIR Jahresforum Cashless Payments, Vienna, Austria, 28 September 2016. M. Roland Event: IIR Jahresforum Cashless PaymentsVienna, Austria28 September 2016 |
2015
Opening WordsAndroid Security Symposium 2015, Vienna, Austria, 09 September 2015. M. Roland and R. Mayrhofer Event: Android Security Symposium 2015Vienna, Austria09 – 11 September 2015 |
2014
Near Field Communication (NFC)Workshop, Hinwil, Switzerland, 27 November 2014. M. Roland |
Near Field Communication SecurityMobile Marketing Innovation Day, Vienna, Austria, 28 May 2014. M. Roland Event: Mobile Marketing Innovation DayVienna, Austria28 May 2014 |
2013
Cloning Credit CardsHacking Night WS 2013, Hagenberg, Austria, 17 December 2013. M. Roland Event: Hacking Night WS 2013Hagenberg, Austria17 December 2013 Abstract: Endlich ist kontaktloses Bezahlen auch in Österreich angekommen. Bei immer mehr Händlern kann mit NFC-Kredit- und Bankomatkarten gezahlt werden. Viele neu ausgegebene Kredit- und Bankomatkarten sind standardmäßig mit NFC ausgestattet. Doch was steckt eigentlich hinter so einer Kontaktlostransaktion? Was passiert da genau? Welche Daten werden übertragen? Welche Daten sind überhaupt auf der Karte gespeichert? Und kann ein Angreifer meine Karte kopieren? |
(Ab)using foreign VMs: Running Java Card Applets in non-Java Card Virtual Machines11th International Conference on Advances in Mobile Computing & Multimedia (MoMM2013), Vienna, Austria, 02 December 2013. M. Roland Event: 11th International Conference on Advances in Mobile Computing & Multimedia (MoMM2013)Vienna, Austria02 – 04 December 2013 Abstract: Creating Java Card applications for Near Field Communication's card emulation mode requires access to a secure smartcard chip (the secure element). Today, even for development purposes, it is difficult to get access to the secure element in most current smart phones. Therefore, it would be useful to have an environment that emulates a secure element for rapid prototyping and debugging. Our approach to such an environment is emulation of Java Card applets on top of non-Java Card virtual machines (e.g. Android's Dalvik VM). However, providing a Java Card run-time environment on top of another Java virtual machine faces one big problem: The Java Card virtual machine's operation principle is based on persistent memory technology. As a result, the VM and the applications that run on top of it have a significantly different life-cycle compared to other Java VMs. Based on specific scenarios for secure element emulators for the Android platform, we evaluate these differences and their impact on Java VM-based Java Card emulation. Further, we propose possible solutions to the problems that arise from these differences in the life-cycles. |
Debugging and Rapid Prototyping of NFC Secure Element ApplicationsWorkshop on the Near Field Communication for Mobile Applications at the 5th International Conference on Mobile Computing, Applications and Services (MobiCASE 2013), Paris, France, 07 November 2013. M. Roland Event: Workshop on the Near Field Communication for Mobile Applications at the 5th International Conference on Mobile Computing, Applications and Services (MobiCASE 2013)Paris, France07 – 08 November 2013 Abstract: The ecosystem behind secure elements is complex and prevents average developers from creating secure element applications. In this paper we introduce concepts to overcome these issues. We develop two scenarios for open platforms emulating a secure element for the Android platform. Such an open emulator can be used for debugging and rapid prototyping of secure element applications. Moreover, by trading the secure element's security and trust for openness, such a platform can be used as a replacement for the secure element for long-term testing and for showcasing of applications. |
Verunsicherte Kunden durch NFC: Wie sicher ist NFC wirklich?IIR Payment Forum Cashless, Vienna, Austria, 23 October 2013. M. Roland Event: IIR Payment Forum CashlessVienna, Austria22 – 23 October 2013 |
Cloning Credit Cards: A combined pre-play and downgrade attack on EMV Contactless7th USENIX Workshop on Offensive Technologies (WOOT '13), Washington, DC, USA, 13 August 2013. M. Roland Event: 7th USENIX Workshop on Offensive Technologies (WOOT '13)Washington, DC, USA13 August 2013 Abstract: Recent roll-outs of contactless payment infrastructures -- particularly in Austria and Germany -- have raised concerns about the security of contactless payment cards and Near Field Communication (NFC). There are well-known attack scenarios like relay attacks and skimming of credit card numbers. However, banks and credit card schemes often mitigate these attacks. They explain that attacks are impractical (e.g. in a relay attack an attacker needs to have RF access to a victim's card while performing a payment transaction) or even impossible (e.g. skimmed data does not contain the dynamic authorization codes that are normally required to perform a payment transaction). This paper introduces an attack scenario on EMV contactless payment cards that permits an attacker to create functional clones of a card that contain the necessary credit card data as well as pre-played authorization codes. The card clones can then be used to perform a limited number of EMV Mag-Stripe transactions at any EMV contactless payment terminal. |
NFC SecurityGuest lecture at the University of Applied Scienes Upper Austria, Hagenberg, Austria, 13 May 2013. M. Roland Event: Guest lecture at the University of Applied Scienes Upper AustriaHagenberg, Austria13 May 2013 |
Applying Relay Attacks to Google Wallet7th WIMA NFC MONACO - Enabling Business & Innovation for the NFC Ecosystem, Monaco, 10 April 2013. M. Roland Event: 7th WIMA NFC MONACO - Enabling Business & Innovation for the NFC EcosystemMonaco10 – 12 April 2013 Abstract: The recent emergence of Near Field Communication (NFC) enabled smart phones resulted in an increasing interest in NFC security. Several new attack scenarios, using NFC devices either as attack platform or as device under attack, have been discovered. One of them is the software-based relay attack. We evaluate the feasibility of the software-based relay attack in Google's existing mobile contactless payment system Google Wallet. We give an in-depth analysis of Google Wallet's credit card payment functionality. We describe our prototypical relay system that we used to successfully mount the software-based relay attack on Google Wallet. We discuss the practicability and threat potential of the attack and provide several possible workarounds. Finally, we analyze Google's approach to solving the issue of software-based relay attacks in their recent releases of Google Wallet. |
Security Issues in Mobile NFC DevicesPresentation and defense of my Ph.D. thesis, Johannes Kepler University Linz, Linz, Austria, 21 March 2013. M. Roland Event: Presentation and defense of my Ph.D. thesisLinz, Austria21 March 2013 |
Applying Relay Attacks to Google Wallet5th International Workshop on Near Field Communication (NFC 2013), Zurich, Switzerland, 05 February 2013. M. Roland Event: 5th International Workshop on Near Field Communication (NFC 2013)Zurich, Switzerland05 February 2013 Abstract: The recent emergence of Near Field Communication (NFC) enabled smart phones resulted in an increasing interest in NFC security. Several new attack scenarios, using NFC devices either as attack platform or as device under attack, have been discovered. One of them is the software-based relay attack. In this paper we evaluate the feasibility of the software-based relay attack in an existing mobile contactless payment system. We give an in-depth analysis of Google Wallet's credit card payment functionality. We describe our prototypical relay system that we used to successfully mount the software-based relay attack on Google Wallet. We discuss the practicability and threat potential of the attack and provide several possible workarounds. Finally, we analyze Google's approach to solving the issue of software-based relay attacks in their recent releases of Google Wallet. |
2012
Android and NFCWorkshop, NFC Congress 2012, Hagenberg, Austria, 11 September 2012. M. Roland Event: NFC Congress 2012Hagenberg, Austria11 – 12 September 2012 Abstract:
|
Software Card Emulation in NFC-enabled Mobile Phones: Great Advantage or Security Nightmare?4th International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use (IWSSI SPMU 2012), Newcastle, UK, 18 June 2012. M. Roland Event: 4th International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use (IWSSI SPMU 2012)Newcastle, UK18 June 2012 Abstract: Software card emulation is a new approch to advance the interoperability of NFC with legacy contactless smartcard systems. It has been first introduced to NFC-enabled mobile phones by Research In Motion (RIM) on their BlackBerry platform. Software card emulation aims at opening and simplifying the complex and tightly controlled card emulation functionality. While this form of card emulation, that gets rid of the secure element (a device tightly controlled by the "big players"), is a great chance for development of innovative NFC applications, it potentially makes card emulation less secure and paves the way for interesting attack scenarios. This paper evaluates the advantages and disadvantages of software card emulation based on existing application scenarios and recent research results. |
Relay Attacks on Secure Element-enabled Mobile Devices: Virtual Pickpocketing Revisited27th IFIP TC 11 International Information Security and Privacy Conference (SEC 2012), Heraklion, Crete, Greece, 04 June 2012. M. Roland Event: 27th IFIP TC 11 International Information Security and Privacy Conference (SEC 2012)Heraklion, Crete, Greece04 – 06 June 2012 Abstract: Near Field Communication's card emulation mode is a way to combine smartcards with a mobile phone. Relay attack scenarios are well-known for contactless smartcards. In the past, relay attacks have only been considered for the case, where an attacker has physical proximity to an NFC-enabled mobile phone. However, a mobile phone introduces a significantly different threat vector. A mobile phone's permanent connectivity to a global network and the possibility to install arbitrary applications permit a significantly improved relay scenario. This paper presents a relay attack scenario where the attacker no longer needs physical proximity to the phone. Instead, simple relay software needs to be distributed to victims' mobile devices. This publication describes this relay attack scenario in detail and assesses its feasibility based on measurement results. |
NFC SecurityGuest lecture at the University of Applied Scienes Upper Austria, Hagenberg, Austria, 29 May 2012. M. Roland Event: Guest lecture at the University of Applied Scienes Upper AustriaHagenberg, Austria29 May 2012 |
IT-Architekturen und Sicherheitskonzepte für mobile NFC-GeräteSeminar for Ph.D. students, Johannes Kepler University Linz, Department of Computational Perception, Linz, Austria, 17 April 2012. M. Roland Event: Seminar for Ph.D. studentsLinz, Austria17 April 2012 |
Secure Element APIs and Practical Attacks on Secure Element-enabled Mobile DevicesWIMA 2012 - 6th Global NFC Applications Products & Services Congress, Monaco, 11 April 2012. M. Roland Event: WIMA 2012 - 6th Global NFC Applications Products & Services CongressMonaco11 – 13 April 2012 Abstract: NFC's card emulation mode is a way to put virtual smartcards into mobile phones. A recently launched application is Google Wallet, which turns a phone into a credit card and a tool to collect gift certificates and discounts. Card emulation mode uses dedicated smartcard chips, which are considered to fulfill high security standards. Therefore, card emulation mode is considered to be safe and secure. However, an NFC-enabled mobile phone introduces a significantly different threat vector. Especially a phone's permanent connectivity to a global network and the possibility to install arbitrary applications open up for several new attack scenarios. This talk gives an overview of the new risks imposed by mobile connectivity and untrusted mobile phone applications. |
Practical Attack Scenarios on Secure Element-enabled Mobile Devices4th International Workshop on Near Field Communication (NFC 2012), Helsinki, Finland, 13 March 2012. M. Roland Event: 4th International Workshop on Near Field Communication (NFC 2012)Helsinki, Finland13 March 2012 Abstract: Near Field Communication's card emulation mode is a way to put virtual smartcards into mobile phones. A recently launched application is Google Wallet. Google Wallet turns a phone into a credit card, a prepaid card and a tool to collect gift certificates and discounts. Card emulation mode uses dedicated smartcard chips, which are considered to fulfill high security standards. Therefore, card emulation mode is also considered to be safe and secure. However, an NFC-enabled mobile phone introduces a significantly different threat vector. Especially a mobile phone's permanent connectivity to a global network and the possibility to install arbitrary applications onto smart phones open up for several new attack scenarios. This paper gives an overview of the new risks imposed by mobile connectivity and untrusted mobile phone applications. The various APIs for secure element access on different mobile phone platforms and their access control mechanisms are analyzed. The security aspects of mobile phones are explained. Finally, two practical attack scenarios, a method to perform a denial of service (DoS) attack against a secure element and a method to remotely use the applications on a victims secure element without the victim's knowledge, are highlighted. |
Security & Privacy Issues of the Signature RTDFace-to-Face Meeting of the Security Working Group, NFC Forum Member Meeting, Frankfurt, Germany, 08 February 2012. M. Roland Event: NFC Forum Member MeetingFrankfurt, Germany08 February 2012 |
IT-Architekturen und Sicherheitskonzepte für mobile NFC-GeräteSeminar for Ph.D. students, Johannes Kepler University Linz, Department of Computational Perception, Linz, Austria, 10 January 2012. M. Roland Event: Seminar for Ph.D. studentsLinz, Austria10 January 2012 |
2011
IT-Architekturen und Sicherheitskonzepte für eine generische Interpreter-Plattform für mobile NFC-GeräteSeminar for Ph.D. students, Johannes Kepler University Linz, Department of Computational Perception, Linz, Austria, 31 May 2011. M. Roland Event: Seminar for Ph.D. studentsLinz, Austria31 May 2011 |
NFC SecurityGuest lecture at the University of Applied Scienes Upper Austria, Hagenberg, Austria, 30 May 2011. M. Roland Event: Guest lecture at the University of Applied Scienes Upper AustriaHagenberg, Austria30 May 2011 |
Security Vulnerabilities of the NDEF Signature Record TypeWIMA 2011 - 5th Global NFC Applications Products & Services Congress, Monaco, 19 April 2011. M. Roland Event: WIMA 2011 - 5th Global NFC Applications Products & Services CongressMonaco19 – 21 April 2011 Abstract: The NFC Forum has released a first candidate for their Signature Record Type Definition. This specification adds digital signatures to the NFC Data Exchange Format (NDEF), which is a standardized format for storing formatted data on NFC (Near Field Communication) tags and for transporting data across a peer-to-peer links between NFC devices. With an increasing number of applications of the NFC and NDEF technology, more and more security threats became apparent. The signature record type is supposed to increase security for NDEF application by providing authenticity and integrity to the NDEF data. This paper takes a close look on the recently published Signature Record Type Definition and discusses its various security aspects. First, we introduce the signature record type and its usage. After that, we analyze the security aspects of the current signature method. Finally, we disclose multiple security vulnerabilities of the current Signature Record Type Definition and propose measures to avoid them. |
IT-Architekturen und Sicherheitskonzepte für eine generische Interpreter-Plattform für mobile NFC-GeräteMeeting of Ph.D. students of project 4EMOBILITY, University of Applied Sciences Upper Austria, Hagenberg, Austria, 22 March 2011. M. Roland Event: Meeting of Ph.D. students of project 4EMOBILITYHagenberg, Austria22 March 2011 |
Security Vulnerabilities of the NDEF Signature Record Type3rd International Workshop on Near Field Communication (NFC 2011), Hagenberg, Austria, 22 February 2011. M. Roland Event: 3rd International Workshop on Near Field Communication (NFC 2011)Hagenberg, Austria22 February 2011 Abstract: The NFC Forum has released a first candidate for their Signature Record Type Definition. This specification adds digital signatures to the NFC Data Exchange Format (NDEF), which is a standardized format for storing formatted data on NFC (Near Field Communication) tags and for transporting data across a peer-to-peer links between NFC devices. With an increasing number of applications of the NFC and NDEF technology, more and more security threats became apparent. The signature record type is supposed to increase security for NDEF application by providing authenticity and integrity to the NDEF data. This paper takes a close look on the recently published Signature Record Type Definition and discusses its various security aspects. First, we introduce the signature record type and its usage. After that, we analyze the security aspects of the current signature method. Finally, we disclose multiple security vulnerabilities of the current Signature Record Type Definition and propose measures to avoid them. |
2010
Near Field CommunicationGuest lecture at Artesis Hogeschool, Antwerp, Belgium, 02 December 2010. M. Roland Event: Guest lecture at Artesis HogeschoolAntwerp, Belgium02 December 2010 Abstract:
|
IT-Architekturen und Sicherheitskonzepte für eine generische Interpreter-Plattform für mobile NFC-GeräteSeminar for Ph.D. students, Johannes Kepler University Linz, Department of Computational Perception, Linz, Austria, 23 November 2010. M. Roland Event: Seminar for Ph.D. studentsLinz, Austria23 November 2010 |
Near Field Communication TechnologyWorkshop, 5th Central and Eastern European Card Markets, Budapest, Hungary, 17 March 2010. J. Langer and M. Roland Event: 5th Central and Eastern European Card MarketsBudapest, Hungary15 – 17 March 2010 Abstract: Near Field Communication is becoming increasingly important for contactless and mobile payment technologies. Attending this workshop will enable you to understand the applications and processes involved with NFC technologies and how to use them to best effect for new payment strategies. You will learn the details of NFC technology from an expert with many years' experience in a field of research that has yet to be fully implemented by major pan-European infrastructures. By attending, you will gain an insight into the future of NFC and how it will benefit your company in the coming years; by understanding the technology, you will have a greater grasp on the implications it may have for progressing your business opportunities in the payment markets. Why you should attend:
|
Near Field Communication Technology and its Utilisation in Mobile Telephones5th Central and Eastern European Card Markets, Budapest, Hungary, 16 March 2010. M. Roland Event: 5th Central and Eastern European Card MarketsBudapest, Hungary15 – 17 March 2010 |