loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Maurizio Cavallari 1 ; Luca Adami 1 and Francesco Tornieri 2

Affiliations: 1 Università Cattolica del Sacro Cuore, Italy ; 2 BKG Laboratories, Italy

Keyword(s): Organisation, Security, Mobile Payments, HCE, NFC, RFID.

Abstract: Near Field Communication (NFC) and contactless applications are increasing at unprecedented rate and their value is being recognised by the financial industry (Ok et al., 2011). Attacks are also increasing and they can compromise the business value on NFC applications (Murdoch and Anderson, 2010, Trend Micro, 2015). The present paper analyse the anatomy of possible attacks, uncovering vulnerabilities and suggesting possible countermeasures. The value of the paper is found in the contribution to practical mitigation of risk in the mobile payment financial business, with respect to the technology side. Host Card Emulation (HCE) is a technology solution that permits the creation of a virtual representation of a smart card using only software components, effectively eliminating the need for Secure Element hardware in the device. NFC/HCE technologies has proved itself very vulnerable in a variety of aspects. The paper would go through specific vulnerabilities and vulnerable situation, lik e: a non-secure-device/cloud communication channel; access to data saved locally in wallet; reusability of token; use of fake POS; malware and fake application; specific vulnerabilities of “Tap & Pay”; device/cloud decoupling. Countermeasures that have been proved effective are offered to readers along with Organisational aspects to be taken into account. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.191.165.149

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Cavallari, M.; Adami, L. and Tornieri, F. (2015). Organisational Aspects and Anatomy of an Attack on NFC/HCE Mobile Payment Systems. In Proceedings of the 17th International Conference on Enterprise Information Systems (ICEIS 2015) - Volume 1: WOSIS; ISBN 978-989-758-097-0; ISSN 2184-4992, SciTePress, pages 685-700. DOI: 10.5220/0005477506850700

@conference{wosis15,
author={Maurizio Cavallari. and Luca Adami. and Francesco Tornieri.},
title={Organisational Aspects and Anatomy of an Attack on NFC/HCE Mobile Payment Systems},
booktitle={Proceedings of the 17th International Conference on Enterprise Information Systems (ICEIS 2015) - Volume 1: WOSIS},
year={2015},
pages={685-700},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005477506850700},
isbn={978-989-758-097-0},
issn={2184-4992},
}

TY - CONF

JO - Proceedings of the 17th International Conference on Enterprise Information Systems (ICEIS 2015) - Volume 1: WOSIS
TI - Organisational Aspects and Anatomy of an Attack on NFC/HCE Mobile Payment Systems
SN - 978-989-758-097-0
IS - 2184-4992
AU - Cavallari, M.
AU - Adami, L.
AU - Tornieri, F.
PY - 2015
SP - 685
EP - 700
DO - 10.5220/0005477506850700
PB - SciTePress