Muutke küpsiste eelistusi

Security Issues in Mobile NFC Devices 2015 ed. [Kõva köide]

3.00/5 (2 hinnangut Goodreads-ist)
  • Formaat: Hardback, 185 pages, kõrgus x laius: 235x155 mm, kaal: 4321 g, 17 Illustrations, color; 27 Illustrations, black and white; XVIII, 185 p. 44 illus., 17 illus. in color., 1 Hardback
  • Sari: T-Labs Series in Telecommunication Services
  • Ilmumisaeg: 19-Mar-2015
  • Kirjastus: Springer International Publishing AG
  • ISBN-10: 3319154877
  • ISBN-13: 9783319154879
Teised raamatud teemal:
  • Kõva köide
  • Hind: 95,02 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Tavahind: 111,79 €
  • Säästad 15%
  • Raamatu kohalejõudmiseks kirjastusest kulub orienteeruvalt 2-4 nädalat
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Tellimisaeg 2-4 nädalat
  • Lisa soovinimekirja
Security Issues in Mobile NFC Devices 2015 ed.Suurem pilt
  • Formaat: Hardback, 185 pages, kõrgus x laius: 235x155 mm, kaal: 4321 g, 17 Illustrations, color; 27 Illustrations, black and white; XVIII, 185 p. 44 illus., 17 illus. in color., 1 Hardback
  • Sari: T-Labs Series in Telecommunication Services
  • Ilmumisaeg: 19-Mar-2015
  • Kirjastus: Springer International Publishing AG
  • ISBN-10: 3319154877
  • ISBN-13: 9783319154879
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9783319154879.html
Märksõnad:
This work provides an assessment of the current state of near field communication (NFC) security, it reports on new attack scenarios, and offers concepts and solutions to overcome any unresolved issues. The work describes application-specific security aspects of NFC based on exemplary use-case scenarios and uses these to focus on the interaction with NFC tags and on card emulation. The current security architectures of NFC-enabled cellular phones are evaluated with regard to the identified security aspects.

Introduction.- Basics.- Exemplary Use-Cases.- Related Work.- Tagging.- Card Emulation.- Software-based Relay Attacks on Existing Applications.- Summary and Outlook.

Arvustused

This book focuses on security issues in mobile NFC devices. This well-written book is an enhanced version of the authors PhD thesis. this book will be useful for offering an introduction to the security issues related to NFC. The style of writing is good . I recommend this book for security experts, researchers, practitioners, and anyone curious about NFC security. (S. V. Nagaraj, Computing Reviews, November, 2015)

1 Introduction
1(12)
1.1 Motivation
1(2)
1.2 Objectives
3(1)
1.3 Approach
4(1)
1.4 Contributions
5(1)
1.5 Publications
5(2)
1.6 Outline
7(6)
References
8(5)
2 Basics
13(20)
2.1 Smartcards
13(6)
2.1.1 Protocol Stack
14(1)
2.1.2 Contact versus Contactless Smartcards
15(2)
2.1.3 Smartcard Software
17(1)
2.1.4 Data Structures Used on Smartcards
18(1)
2.1.5 PC/SC
19(1)
2.2 Near Field Communication
19(9)
2.2.1 NFC Forum
20(1)
2.2.2 Operating Modes
20(1)
2.2.3 NFC Tags
21(1)
2.2.4 NFC Data Exchange Format (NDEF)
22(2)
2.2.5 NFC Record Type Definition (RTD)
24(3)
2.2.6 Card Emulation
27(1)
2.3 EMV
28(5)
References
29(4)
3 Exemplary Use-Cases
33(14)
3.1 Improving Efficiency in Automotive Environments
34(5)
3.1.1 Personalization in a Multi-user/Multi-car Environment
34(2)
3.1.2 Transmission of Data Generated by Vehicle Sensors
36(2)
3.1.3 Intelligent Cloud-Based Multimedia Applications
38(1)
3.2 Generalized Use-Cases
39(3)
3.2.1 Out-of-Band Pairing with NFC
39(1)
3.2.2 Secure Element
40(2)
3.3 Identification of Security Aspects
42(5)
3.3.1 Peer-to-Peer Mode
42(1)
3.3.2 Reader/Writer Mode
43(1)
3.3.3 Card Emulation Mode
43(1)
References
44(3)
4 Related Work
47(22)
4.1 Communication Protocol
47(1)
4.2 Flaws in Legacy Contactless Chip Card Systems
48(1)
4.3 Attacks on Contactless Smartcards
49(2)
4.4 Security and Privacy Aspects of NFC Devices
51(5)
4.4.1 Tagging and Peer-to-Peer Communication
52(1)
4.4.2 Protection for Tagging and Peer-to-Peer Communication
53(1)
4.4.3 Integration of Secure Elements into Mobile Phones
54(1)
4.4.4 Mobile Phones as Attack Platforms
55(1)
4.5 Mobile Phone and Smart Phone Security
56(3)
4.6 Combining NFC with Trusted Platform Concepts
59(1)
4.7 Flaws in Existing Mobile Wallet Implementations
59(2)
4.8 Summary
61(8)
References
62(7)
5 Tagging
69(34)
5.1 Security Issues
69(3)
5.2 Digital Signature for NDEF Messages
72(7)
5.2.1 Attaching a Signature to an NDEF Message
73(1)
5.2.2 Maintaining Backwards Compatibility
73(1)
5.2.3 Signing Individual Records
74(1)
5.2.4 Scope of a Signature
74(3)
5.2.5 Limitations of NDEF APIs
77(1)
5.2.6 Recommended Practice
78(1)
5.3 Establishing Trust in Digitally Signed Content
79(9)
5.3.1 Public-Key Infrastructure
79(2)
5.3.2 Mapping Content Issuer Certificates to Content
81(1)
5.3.3 Partial Signatures
82(2)
5.3.4 Managing Content Issuer Private Keys
84(2)
5.3.5 Lifespan of Certificates and Signatures
86(2)
5.4 The NFC Forum Signature RTD
88(2)
5.4.1 Signature Record
88(2)
5.4.2 Attaching a Signature to NDEF Messages
90(1)
5.4.3 Signature Coverage
90(1)
5.5 Weaknesses of the Signature RTD
90(8)
5.5.1 Establishing Trust
91(1)
5.5.2 Using Remote Signatures and Certificates
91(1)
5.5.3 Insufficient Signature Coverage
92(4)
5.5.4 Record Composition Attack
96(2)
5.6 Possible Solutions to the Discovered Weaknesses
98(5)
References
100(3)
6 Card Emulation
103(44)
6.1 Current Perspective on Security
103(1)
6.2 APIs for Access to the Secure Element
104(10)
6.2.1 JSR 177
105(1)
6.2.2 Nokia Extensions to JSR 257
106(1)
6.2.3 BlackBerry
107(1)
6.2.4 Android
107(2)
6.2.5 Open Mobile API
109(2)
6.2.6 Secure Element Access Control
111(1)
6.2.7 Comparison of Access Control Schemes
112(2)
6.2.8 Impact of Rooting and Jail Breaking
114(1)
6.3 New Attack Scenarios
114(8)
6.3.1 Denial-of-Service (DoS)
115(3)
6.3.2 Software-Based Relay Attack
118(4)
6.4 Viability of the Software-Based Relay Attack
122(19)
6.4.1 Constraints of the Protocol Layers
122(2)
6.4.2 Building a Card Emulator
124(2)
6.4.3 Prototype Implementation of the Relay System
126(4)
6.4.4 Test Setup for Measurement of Communication Delays
130(5)
6.4.5 Measurement Results
135(6)
6.5 Possible Solutions
141(6)
References
143(4)
7 Software-Based Relay Attacks on Existing Applications
147(16)
7.1 Google Wallet
148(6)
7.1.1 Preparing for an In-depth Analysis
148(1)
7.1.2 Static Structure
149(1)
7.1.3 Interacting with the Google Wallet On-card Component
150(1)
7.1.4 Google Prepaid Card: A MasterCard Pay Pass Card
151(3)
7.2 Performing a Software-Based Relay Attack
154(1)
7.3 Viability, Limitations and Improvements
155(2)
7.3.1 Getting the Relay App on Devices
156(1)
7.3.2 Transaction Limits
156(1)
7.3.3 Optimizing the Relayed Data
156(1)
7.4 Possible Workarounds
157(2)
7.4.1 Timeouts of POS Terminals
157(1)
7.4.2 Google Wallet PIN Verification
157(1)
7.4.3 Disabling Internal Mode for Payment Applets
158(1)
7.5 Reporting and Industry Response
159(1)
7.6 Analysis of the Relay-Immune Google Wallet
159(4)
References
160(3)
8 Summary and Outlook
163(8)
8.1 Tagging
163(1)
8.2 Card Emulation
164(2)
8.3 Conclusion
166(1)
8.4 The Bigger Picture
166(1)
8.5 Future Research
167(4)
References
168(3)
Appendix A Google's Secure Element API 171(4)
Appendix B Modifications to Google's Secure Element API Library 175(8)
Index 183