Talks

2020

“Exposed Building”, by M. Roland and M. Mayr. JKU LIT @ Ars Electronica Talks, In Kepler’s Gardens – Ars Electronica Festival 2020, Linz, Austria, 11 September 2020.
Event
JKU LIT @ Ars Electronica Talks, In Kepler’s Gardens – Ars Electronica Festival 2020
Linz, Austria
11 September 2020
“Opening & Closing Words”, by R. Mayrhofer and M. Roland. 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec 2020), Linz (Virtual Event), Austria, 08 July 2020.
Event
13th ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec 2020)
Linz (Virtual Event), Austria
08–10 July 2020
“Opening & Closing Words”, by M. Roland and R. Mayrhofer. Android Security Symposium 2020, Linz (Virtual Event), Austria, 06 July 2020.
Event
Android Security Symposium 2020
Linz (Virtual Event), Austria
06–07 July 2020
“Aktuelle Fokusthemen: Gefahren und Angriffsrisiken”, by M. Roland. Virtuelle Eröffnungsfeier des CD-Labors DIGIDOW, virtual (broadcast by dorf tv.), 26 May 2020.
Event
Virtuelle Eröffnungsfeier des CD-Labors DIGIDOW
virtual (broadcast by dorf tv.)
26 May 2020

2019

“Spuren im Netz: Was verrät dein Smartphone über dich?”, by M. Roland and T. Höller. Workshop, KinderUni Linz 2019, Johannes Kepler University Linz, Austria, 09 July 2019.
Event
KinderUni Linz 2019
Johannes Kepler University Linz, Austria
08–11 July 2019
Abstract

Smartphone, Internet, Apps wie WhatsApp oder Snapchat … sie sind aus dem täglichen Leben kaum noch wegzudenken. Doch was verrät dein Smartphone eigentlich über dich? Gibt es vielleicht auch dann Informationen über dich, deine Apps und deine Gewohnheiten preis, wenn du gar nicht damit rechnest? Wer könnte diese Daten nutzen und wofür? Welche Gefahren verstecken sich eigentlich in öffentlichen WLANs? Gemeinsam erforschen wir, wie man Daten von Smartphones sammeln und auswerten kann. Wir erkunden, wie man diese Informationen nutzen kann, um Personen zu identifizieren und zu verfolgen.

2017

“Opening Words”, by M. Roland, R. Mayrhofer, and E. R. Weippl. Android Security Symposium 2017, Vienna, Austria, 08 March 2017.
Event
Android Security Symposium 2017
Vienna, Austria
08–10 March 2017

2016

“Host Card Emulation: Wie sicher ist das Bezahlen ohne Secure Element?”, by M. Roland. Invited talk, IIR Jahresforum Cashless Payments, Vienna, Austria, 28 September 2016.
Event
IIR Jahresforum Cashless Payments
Vienna, Austria
28–29 September 2016

2015

“Opening Words”, by M. Roland and R. Mayrhofer. Android Security Symposium 2015, Vienna, Austria, 09 September 2015.
Event
Android Security Symposium 2015
Vienna, Austria
09–11 September 2015

2014

“Near Field Communication (NFC)”, by M. Roland. Workshop, Hinwil, Switzerland, 27 November 2014.
Event
Hinwil, Switzerland
27 November 2014
“Near Field Communication Security”, by M. Roland. Invited talk, Mobile Marketing Innovation Day, Vienna, Austria, 28 May 2014.
Event
Mobile Marketing Innovation Day
Vienna, Austria
28 May 2014

2013

“Cloning Credit Cards”, by M. Roland. Invited talk, Hacking Night WS 2013, Hagenberg, Austria, 17 December 2013.
Event
Hacking Night WS 2013
Hagenberg, Austria
17 December 2013
Abstract

Endlich ist kontaktloses Bezahlen auch in Österreich angekommen. Bei immer mehr Händlern kann mit NFC-Kredit- und Bankomatkarten gezahlt werden. Viele neu ausgegebene Kredit- und Bankomatkarten sind standardmäßig mit NFC ausgestattet. Doch was steckt eigentlich hinter so einer Kontaktlostransaktion? Was passiert da genau? Welche Daten werden übertragen? Welche Daten sind überhaupt auf der Karte gespeichert? Und kann ein Angreifer meine Karte kopieren?

“(Ab)using foreign VMs: Running Java Card Applets in non-Java Card Virtual Machines”, by M. Roland. 11th International Conference on Advances in Mobile Computing & Multimedia (MoMM2013), Vienna, Austria, 02 December 2013.
Event
11th International Conference on Advances in Mobile Computing & Multimedia (MoMM2013)
Vienna, Austria
02–04 December 2013
Abstract

Creating Java Card applications for Near Field Communication’s card emulation mode requires access to a secure smartcard chip (the secure element). Today, even for development purposes, it is difficult to get access to the secure element in most current smart phones. Therefore, it would be useful to have an environment that emulates a secure element for rapid prototyping and debugging. Our approach to such an environment is emulation of Java Card applets on top of non-Java Card virtual machines (e.g. Android’s Dalvik VM). However, providing a Java Card run-time environment on top of another Java virtual machine faces one big problem: The Java Card virtual machine’s operation principle is based on persistent memory technology. As a result, the VM and the applications that run on top of it have a significantly different life-cycle compared to other Java VMs. Based on specific scenarios for secure element emulators for the Android platform, we evaluate these differences and their impact on Java VM-based Java Card emulation. Further, we propose possible solutions to the problems that arise from these differences in the life-cycles.

“Debugging and Rapid Prototyping of NFC Secure Element Applications”, by M. Roland. Workshop on the Near Field Communication for Mobile Applications, Paris, France, 07 November 2013.
Event
Workshop on the Near Field Communication for Mobile Applications
Paris, France
07 November 2013
Abstract

The ecosystem behind secure elements is complex and prevents average developers from creating secure element applications. In this paper we introduce concepts to overcome these issues. We develop two scenarios for open platforms emulating a secure element for the Android platform. Such an open emulator can be used for debugging and rapid prototyping of secure element applications. Moreover, by trading the secure element’s security and trust for openness, such a platform can be used as a replacement for the secure element for long-term testing and for showcasing of applications.

“Verunsicherte Kunden durch NFC: Wie sicher ist NFC wirklich?”, by M. Roland. Invited talk, IIR Payment Forum Cashless, Vienna, Austria, 23 October 2013.
Event
IIR Payment Forum Cashless
Vienna, Austria
22–23 October 2013
“Cloning Credit Cards: A combined pre-play and downgrade attack on EMV Contactless”, by M. Roland. 7th USENIX Workshop on Offensive Technologies (WOOT ‘13), Washington, DC, USA, 13 August 2013.
Event
7th USENIX Workshop on Offensive Technologies (WOOT ‘13)
Washington, DC, USA
13 August 2013
Abstract

Recent roll-outs of contactless payment infrastructures – particularly in Austria and Germany – have raised concerns about the security of contactless payment cards and Near Field Communication (NFC). There are well-known attack scenarios like relay attacks and skimming of credit card numbers. However, banks and credit card schemes often mitigate these attacks. They explain that attacks are impractical (e.g. in a relay attack an attacker needs to have RF access to a victim’s card while performing a payment transaction) or even impossible (e.g. skimmed data does not contain the dynamic authorization codes that are normally required to perform a payment transaction). This paper introduces an attack scenario on EMV contactless payment cards that permits an attacker to create functional clones of a card that contain the necessary credit card data as well as pre-played authorization codes. The card clones can then be used to perform a limited number of EMV Mag-Stripe transactions at any EMV contactless payment terminal.

“NFC Security”, by M. Roland. Guest lecture, University of Applied Sciences Upper Austria, 13 May 2013.
“Applying Relay Attacks to Google Wallet”, by M. Roland. 7th WIMA NFC MONACO - Enabling Business & Innovation for the NFC Ecosystem, Monaco, 10 April 2013.
Event
7th WIMA NFC MONACO - Enabling Business & Innovation for the NFC Ecosystem
Monaco
10–12 April 2013
Abstract

The recent emergence of Near Field Communication (NFC) enabled smart phones resulted in an increasing interest in NFC security. Several new attack scenarios, using NFC devices either as attack platform or as device under attack, have been discovered. One of them is the software-based relay attack. We evaluate the feasibility of the software-based relay attack in Google’s existing mobile contactless payment system Google Wallet. We give an in-depth analysis of Google Wallet’s credit card payment functionality. We describe our prototypical relay system that we used to successfully mount the software-based relay attack on Google Wallet. We discuss the practicability and threat potential of the attack and provide several possible workarounds. Finally, we analyze Google’s approach to solving the issue of software-based relay attacks in their recent releases of Google Wallet.

“Security Issues in Mobile NFC Devices”, by M. Roland. Presentation and defense of my Ph.D. thesis, 21 March 2013.
Abstract

The recent emergence of Near Field Communication (NFC) enabled smart phones lead to an increasing interest in NFC technology and its applications by equipment manufacturers, service providers, developers, and end-users. Nevertheless, frequent media reports about security and privacy issues of electronic passports, contactless credit cards, asset tracking systems, NFC-enabled mobile phones, and proprietary contactless technologies suggest that NFC is a potentially unsafe technology whose main beneficiaries are thieves. While these weaknesses are often bound to specific applications and products, they boost the fear that NFC technology as a whole is dangerous, threatens our privacy and helps identity theft and fraud. In order to defend their own products and services, manufacturers and service providers often position themselves on the opposite extreme, stating that their products and services incorporate sufficient countermeasures.

This thesis' aim is to assess the actual state of NFC security, to discover new attack scenarios and to provide concepts and solutions to overcome any identified unresolved issues. Based on exemplary use-case scenarios, application-specific security aspects of NFC are extracted. The current security architectures of NFC-enabled mobile phones are evaluated with regard to the identified security aspects. As a result of the exemplary use-cases, this research focuses on the interaction with NFC tags and on card emulation. For each of these two modes of NFC, this thesis reveals attack scenarios that are possible despite existing security concepts. For the interaction with NFC tags, a new attack scenario is introduced that allows modification of tag content even though its authenticity and integrity were supposedly guaranteed by a digital signature scheme. Moreover, potential privacy issues and remaining problems have been identified in the NFC Forum’s signature scheme specification. For the card emulation scenario, the mobile phone itself is identified as a significant, yet unconsidered, threat. Specifically, the well-known concept of relay attacks on smartcards is extended to the mobile phone platform. By using the phone’s processing capabilities and communication facilities, relay attacks can be mounted in a significantly easier and less obvious way. These assumptions are verified through prototypical implementations. Possible solutions and workarounds to overcome these issues are outlined and evaluated with regard to their advantages and disadvantages.

“Applying Relay Attacks to Google Wallet”, by M. Roland. 5th International Workshop on Near Field Communication (NFC 2013), Zurich, Switzerland, 05 February 2013.
Event
5th International Workshop on Near Field Communication (NFC 2013)
Zurich, Switzerland
05 February 2013
Abstract

The recent emergence of Near Field Communication (NFC) enabled smartphones resulted in an increasing interest in NFC security. Several new attack scenarios, using NFC devices either as attack plattform or as device under attack, have been discovered. One of them is the software-based relay attack. In this paper we evaluate the feasibility of the software-based relay attack in an existing mobile contactless payment system. We give an in-depth analysis of Google Wallet’s credit card payment functionality. We describe our prototypical relay system that we used to sucessfully mount the software-based relay attack on Google Wallet. We discuss the practicability and threat potential of the attack and provide several possible workarounds. Finally, we analyze Google’s approach to solving the issue of software-based relay attacks in their recent releases of Google Wallet.

2012

“Android and NFC”, by M. Roland. Workshop, NFC Congress 2012, Hagenberg, Austria, 11 September 2012.
Event
NFC Congress 2012
Hagenberg, Austria
11 September 2012
Abstract
  • Basics
    • NFC
    • Tags
    • NDEF
  • Android + NFC
  • Hands-On
    • Part 1: NDEF Writer
    • Part 2: NDEF Reader
    • Part 3: Auto-start an app when a tag/NDEF record is detected
“Software Card Emulation in NFC-enabled Mobile Phones: Great Advantage or Security Nightmare?”, by M. Roland. 4th International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use, Newcastle, UK, 18 June 2012.
Event
4th International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use
Newcastle, UK
18 June 2012
Abstract

Software card emulation is a new approch to advance the interoperability of NFC with legacy contactless smartcard systems. It has been first introduced to NFC-enabled mobile phones by Research In Motion (RIM) on their BlackBerry platform. Software card emulation aims at opening and simplifying the complex and tightly controlled card emulation functionality. While this form of card emulation, that gets rid of the secure element (a device tightly controlled by the ``big players''), is a great chance for development of innovative NFC applications, it potentially makes card emulation less secure and paves the way for interesting attack scenarios. This paper evaluates the advantages and disadvantages of software card emulation based on existing application scenarios and recent research results.

“Relay Attacks on Secure Element-enabled Mobile Devices: Virtual Pickpocketing Revisited”, by M. Roland. 27th IFIP TC 11 International Information Security and Privacy Conference (SEC 2012), Heraklion, Crete, Greece, 04 June 2012.
Event
27th IFIP TC 11 International Information Security and Privacy Conference (SEC 2012)
Heraklion, Crete, Greece
04–06 June 2012
Abstract

Near Field Communication’s card emulation mode is a way to combine smartcards with a mobile phone. Relay attack scenarios are well-known for contactless smartcards. In the past, relay attacks have only been considered for the case, where an attacker has physical proximity to an NFC-enabled mobile phone. However, a mobile phone introduces a significantly different threat vector. A mobile phone’s permanent connectivity to a global network and the possibility to install arbitrary applications permit a significantly improved relay scenario. This paper presents a relay attack scenario where the attacker no longer needs physical proximity to the phone. Instead, simple relay software needs to be distributed to victims' mobile devices. This publication describes this relay attack scenario in detail and assesses its feasibility based on measurement results.

“NFC Security”, by M. Roland. Guest lecture, University of Applied Sciences Upper Austria, 29 May 2012.