Talks

Abstract

Smartphone, Internet, Apps wie WhatsApp oder Snapchat … sie sind aus dem täglichen Leben kaum noch wegzudenken. Doch was verrät dein Smartphone eigentlich über dich? Gibt es vielleicht auch dann Informationen über dich, deine Apps und deine Gewohnheiten preis, wenn du gar nicht damit rechnest? Wer könnte diese Daten nutzen und wofür? Welche Gefahren verstecken sich eigentlich in öffentlichen WLANs? Gemeinsam erforschen wir, wie man Daten von Smartphones sammeln und auswerten kann. Wir erkunden, wie man diese Informationen nutzen kann, um Personen zu identifizieren und zu verfolgen.

Abstract

Endlich ist kontaktloses Bezahlen auch in Österreich angekommen. Bei immer mehr Händlern kann mit NFC-Kredit- und Bankomatkarten gezahlt werden. Viele neu ausgegebene Kredit- und Bankomatkarten sind standardmäßig mit NFC ausgestattet. Doch was steckt eigentlich hinter so einer Kontaktlostransaktion? Was passiert da genau? Welche Daten werden übertragen? Welche Daten sind überhaupt auf der Karte gespeichert? Und kann ein Angreifer meine Karte kopieren?

Abstract

Creating Java Card applications for Near Field Communication’s card emulation mode requires access to a secure smartcard chip (the secure element). Today, even for development purposes, it is difficult to get access to the secure element in most current smart phones. Therefore, it would be useful to have an environment that emulates a secure element for rapid prototyping and debugging. Our approach to such an environment is emulation of Java Card applets on top of non-Java Card virtual machines (e.g. Android’s Dalvik VM). However, providing a Java Card run-time environment on top of another Java virtual machine faces one big problem: The Java Card virtual machine’s operation principle is based on persistent memory technology. As a result, the VM and the applications that run on top of it have a significantly different life-cycle compared to other Java VMs. Based on specific scenarios for secure element emulators for the Android platform, we evaluate these differences and their impact on Java VM-based Java Card emulation. Further, we propose possible solutions to the problems that arise from these differences in the life-cycles.

Abstract

The ecosystem behind secure elements is complex and prevents average developers from creating secure element applications. In this paper we introduce concepts to overcome these issues. We develop two scenarios for open platforms emulating a secure element for the Android platform. Such an open emulator can be used for debugging and rapid prototyping of secure element applications. Moreover, by trading the secure element’s security and trust for openness, such a platform can be used as a replacement for the secure element for long-term testing and for showcasing of applications.

Abstract

Recent roll-outs of contactless payment infrastructures – particularly in Austria and Germany – have raised concerns about the security of contactless payment cards and Near Field Communication (NFC). There are well-known attack scenarios like relay attacks and skimming of credit card numbers. However, banks and credit card schemes often mitigate these attacks. They explain that attacks are impractical (e.g. in a relay attack an attacker needs to have RF access to a victim’s card while performing a payment transaction) or even impossible (e.g. skimmed data does not contain the dynamic authorization codes that are normally required to perform a payment transaction). This paper introduces an attack scenario on EMV contactless payment cards that permits an attacker to create functional clones of a card that contain the necessary credit card data as well as pre-played authorization codes. The card clones can then be used to perform a limited number of EMV Mag-Stripe transactions at any EMV contactless payment terminal.

Abstract

The recent emergence of Near Field Communication (NFC) enabled smart phones resulted in an increasing interest in NFC security. Several new attack scenarios, using NFC devices either as attack platform or as device under attack, have been discovered. One of them is the software-based relay attack. We evaluate the feasibility of the software-based relay attack in Google’s existing mobile contactless payment system Google Wallet. We give an in-depth analysis of Google Wallet’s credit card payment functionality. We describe our prototypical relay system that we used to successfully mount the software-based relay attack on Google Wallet. We discuss the practicability and threat potential of the attack and provide several possible workarounds. Finally, we analyze Google’s approach to solving the issue of software-based relay attacks in their recent releases of Google Wallet.

Abstract

The recent emergence of Near Field Communication (NFC) enabled smart phones lead to an increasing interest in NFC technology and its applications by equipment manufacturers, service providers, developers, and end-users. Nevertheless, frequent media reports about security and privacy issues of electronic passports, contactless credit cards, asset tracking systems, NFC-enabled mobile phones, and proprietary contactless technologies suggest that NFC is a potentially unsafe technology whose main beneficiaries are thieves. While these weaknesses are often bound to specific applications and products, they boost the fear that NFC technology as a whole is dangerous, threatens our privacy and helps identity theft and fraud. In order to defend their own products and services, manufacturers and service providers often position themselves on the opposite extreme, stating that their products and services incorporate sufficient countermeasures.

This thesis' aim is to assess the actual state of NFC security, to discover new attack scenarios and to provide concepts and solutions to overcome any identified unresolved issues. Based on exemplary use-case scenarios, application-specific security aspects of NFC are extracted. The current security architectures of NFC-enabled mobile phones are evaluated with regard to the identified security aspects. As a result of the exemplary use-cases, this research focuses on the interaction with NFC tags and on card emulation. For each of these two modes of NFC, this thesis reveals attack scenarios that are possible despite existing security concepts. For the interaction with NFC tags, a new attack scenario is introduced that allows modification of tag content even though its authenticity and integrity were supposedly guaranteed by a digital signature scheme. Moreover, potential privacy issues and remaining problems have been identified in the NFC Forum’s signature scheme specification. For the card emulation scenario, the mobile phone itself is identified as a significant, yet unconsidered, threat. Specifically, the well-known concept of relay attacks on smartcards is extended to the mobile phone platform. By using the phone’s processing capabilities and communication facilities, relay attacks can be mounted in a significantly easier and less obvious way. These assumptions are verified through prototypical implementations. Possible solutions and workarounds to overcome these issues are outlined and evaluated with regard to their advantages and disadvantages.

Abstract

The recent emergence of Near Field Communication (NFC) enabled smartphones resulted in an increasing interest in NFC security. Several new attack scenarios, using NFC devices either as attack plattform or as device under attack, have been discovered. One of them is the software-based relay attack. In this paper we evaluate the feasibility of the software-based relay attack in an existing mobile contactless payment system. We give an in-depth analysis of Google Wallet’s credit card payment functionality. We describe our prototypical relay system that we used to sucessfully mount the software-based relay attack on Google Wallet. We discuss the practicability and threat potential of the attack and provide several possible workarounds. Finally, we analyze Google’s approach to solving the issue of software-based relay attacks in their recent releases of Google Wallet.

Abstract

• Basics
  • NFC
  • Tags
  • NDEF
• Android + NFC
• Hands-On
  • Part 1: NDEF Writer
  • Part 2: NDEF Reader
  • Part 3: Auto-start an app when a tag/NDEF record is detected

Abstract

Software card emulation is a new approch to advance the interoperability of NFC with legacy contactless smartcard systems. It has been first introduced to NFC-enabled mobile phones by Research In Motion (RIM) on their BlackBerry platform. Software card emulation aims at opening and simplifying the complex and tightly controlled card emulation functionality. While this form of card emulation, that gets rid of the secure element (a device tightly controlled by the ``big players''), is a great chance for development of innovative NFC applications, it potentially makes card emulation less secure and paves the way for interesting attack scenarios. This paper evaluates the advantages and disadvantages of software card emulation based on existing application scenarios and recent research results.

Abstract

Near Field Communication’s card emulation mode is a way to combine smartcards with a mobile phone. Relay attack scenarios are well-known for contactless smartcards. In the past, relay attacks have only been considered for the case, where an attacker has physical proximity to an NFC-enabled mobile phone. However, a mobile phone introduces a significantly different threat vector. A mobile phone’s permanent connectivity to a global network and the possibility to install arbitrary applications permit a significantly improved relay scenario. This paper presents a relay attack scenario where the attacker no longer needs physical proximity to the phone. Instead, simple relay software needs to be distributed to victims' mobile devices. This publication describes this relay attack scenario in detail and assesses its feasibility based on measurement results.