Abstract
Modern smart-phones are equipped with various interfaces such as NFC, allowing a versatile use of the device for many different applications. However, every transaction of the phone especially via its NFC interface can be recorded and stored for further analysis, bearing a threat to the privacy of the device and its user. In this paper, we propose and analyze the efficiency of a mobile ticketing system that is designed for privacy protection. In our investigation, we lay focus on the specific algorithms which are based on selective disclosure protocols and Brands’ one-time show credential system. Our proof-of-concept prototype includes client- and terminal side implementations for detailed analysis. Moreover, we propose algorithm improvements to increase the performance and efficiency of the NFC transactions on the client side in our system.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ARM, Ltd. TrustZone Security Foundation by ARM (2011), http://www.arm.com/products/processors/technologies/trustzone.php
Bichsel, P.: Theft and misuse protection for anonymous credentials. Master’s thesis, ETH Zurich (June 2007)
Bichsel, P., Camenisch, J., Groß, T., Shoup, V.: Anonymous credentials on a standard java card. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 600–610. ACM, New York (2009)
Brands, S.A.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge (2000)
Brickell, E., Camenisch, J., Chen, L.: Direct Anonymous Attestation. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, pp. 132–145. ACM, New York (2004)
Camenisch, J., Hohenberger, S., Kohlweiss, M., Lysyanskaya, A., Meyerovich, M.: How to win the clonewars: efficient periodic n-times anonymous authentication. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, pp. 201–210. ACM, New York (2006)
Camenisch, J., Lysyanskaya, A.: An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)
Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28, 1030–1044 (1985)
Dietrich, K.: Anonymous RFID Authentication Using Trusted Computing Technologies. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 91–102. Springer, Heidelberg (2010)
Federal Information Processing Standards. FIPS: 186-3 Digital Signature Standard, DSS (2009)
Glenn, A., Goldberg, I., Légaré, F., Stiglic, A.: A description of protocols for private credentials (2001), http://crypto.cs.mcgill.ca/~stiglic/Papers/brands.pdf
Hars, L.: Modular inverse algorithms without multiplications for cryptographic applications. EURASIP J. Embedded Syst., 2 (January 2006)
International Organization for Standardization. ISO/IEC 14443 Identification cards - Contactless integrated circuit(s) cards - Proximity cards (2000)
International Organization for Standardization. ISO/IEC 18092 - Information technology – Telecommunications and information exchange between systems – Near Field Communication – Interface and Protocol, NFCIP-1 (2004)
International Organization for Standardization. ISO/IEC 7816-4 Identification cards - Integrated circuit cards - Cryptographic information application (2005)
Java Community Process. Contactless Communication API (JSR 257) (October 17, 2006), http://jcp.org/aboutJava/communityprocess/final/jsr257/index.html
Java Community Process. Java Smart Card I/O API (JSR 268) (December 11, 2006), http://jcp.org/aboutJava/communityprocess/final/jsr268/index.html
Madlmayr, G., Kleebauer, P., Langer, J., Scharinger, J.: Secure Communication between Web Browsers and NFC Targets by the Example of an e-Ticketing System. In: Psaila, G., Wagner, R. (eds.) EC-Web 2008. LNCS, vol. 5183, pp. 1–10. Springer, Heidelberg (2008)
Paar, C., Pelzl, J.: Understanding Cryptography: A Textbook for Students and Practitioners. Springer (2010)
Sterckx, M., Gierlichs, B., Preneel, B., Verbauwhede, I.: Efficient implementation of anonymous credentials on java card smart cards. In: 1st IEEE International Workshop on Information Forensics and Security (WIFS 2009), pp. 106–110. IEEE, London (2009)
Sun Microsystems Inc. J2ME Building Blocks for Mobile Devices (May 19, 2000), http://java.sun.com/products/kvm/wp/KVMwp.pdf
Tews, H., Jacobs, B.: Performance Issues of Selective Disclosure and Blinded Issuing Protocols on Java Card. In: Markowitch, O., Bilas, A., Hoepman, J.-H., Mitchell, C.J., Quisquater, J.-J. (eds.) WISTP 2009. LNCS, vol. 5746, pp. 95–111. Springer, Heidelberg (2009)
Wilson, P., Frey, A., Mihm, T., Kershaw, D., Alves, T.: Implementing Embedded Security on Dual-Virtual-CPU Systems. IEEE Design and Test of Computers 24(6), 582–591 (2007)
Winter, J., Wiegele, P., Lipp, M., Niederl, A., et al.: Experimental version of QEMU with basic support for ARM TrustZone (source code repository) (July 28, 2011), Public GIT repository at: https://github.com/jowinter/qemu-trustzone
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Derler, D., Potzmader, K., Winter, J., Dietrich, K. (2012). Anonymous Ticketing for NFC-Enabled Mobile Phones. In: Chen, L., Yung, M., Zhu, L. (eds) Trusted Systems. INTRUST 2011. Lecture Notes in Computer Science, vol 7222. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32298-3_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-32298-3_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32297-6
Online ISBN: 978-3-642-32298-3
eBook Packages: Computer ScienceComputer Science (R0)