On the Security and Privacy Implications of NFC-based Transactions

Art der Arbeit:

Studien-/Bachelor-/Diplom-/Masterarbeit

Betreuer:

Bove, Davide
Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)
E-Mail: davide.bove@fau.de

Beschreibung der Arbeit:

Since version 4.4 KitKat Android phones can use the integrated NFC chip to read NFC tags from contactless cards. Using Host-based Card Emulation (HCE) [1], one can emulate any NFC card, which allows for a number of promising attacks like card cloning and skimming. With relay attacks [2,3], wormhole attacks [4] and similar approaches, research has shown that NFC payments can be attacked. In this thesis, we examine general threat models of several contactless cards and combine them with actual attack scenarios in order to summarize the current state of NFC security on mobile devices.
References:

• [1] https://developer.android.com/guide/topics/connectivity/nfc/hce

• [2] J. van den Breekel,Relaying EMV Contactless Transactions using Off-The-Shelf Android Devices, BlackHat Asia. March, 2015.

• [3] Çavdar, D., & Tomur, E. (2015, May). A practical NFC relay attack on mobile devices using card emulation mode. In 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO) (pp. 1308-1312). IEEE.

• [4] Giese, D., Liu, K., Sun, M., Syed, T., & Zhang, L. (2019). Security Analysis of Near-Field Communication (NFC) Payments. arXiv preprint arXiv:1904.10623.
  

Bearbeitungszustand:

Die Arbeit ist bereits abgeschlossen.
Bearbeiter:	Maximilian Wehner
Abgegeben am:	04.05.2020