Near Field Communication (NFC) promises to boost mobile transactions and payments. Indeed, NFC-enabled devices can emulate smartcards, so allowing payments, loyalty programs, card access, transit passes and other custom services, through a mobile phone. Although many modern mobile devices mount a NFC transceiver, card emulation is still a rare feature. The main reason is that the two available card emulation frameworks, namely Card Emulation and Host-based Card Emulation, have known limitations in terms of usability and security (respectively). This paper proposes a novel approach to card emulation called Trusted Host-based Card Emulation (THCE). THCE relies on the Trusted Execution Environment, currently deployed on most of the CPUs for mobile devices, and implements a secure and usable card emulation framework. Through comparisons, we show that THCE overcomes the limitations of the existing solutions. Moreover, we formally verify that the initialization protocol, used to deploy access credentials on a THCE-enabled device, is not vulnerable to known exploits.

Trusted host-based card emulation

ARMANDO, ALESSANDRO;MERLO, ALESSIO;VERDERAME, LUCA
2015-01-01

Abstract

Near Field Communication (NFC) promises to boost mobile transactions and payments. Indeed, NFC-enabled devices can emulate smartcards, so allowing payments, loyalty programs, card access, transit passes and other custom services, through a mobile phone. Although many modern mobile devices mount a NFC transceiver, card emulation is still a rare feature. The main reason is that the two available card emulation frameworks, namely Card Emulation and Host-based Card Emulation, have known limitations in terms of usability and security (respectively). This paper proposes a novel approach to card emulation called Trusted Host-based Card Emulation (THCE). THCE relies on the Trusted Execution Environment, currently deployed on most of the CPUs for mobile devices, and implements a secure and usable card emulation framework. Through comparisons, we show that THCE overcomes the limitations of the existing solutions. Moreover, we formally verify that the initialization protocol, used to deploy access credentials on a THCE-enabled device, is not vulnerable to known exploits.
2015
9781467378123
9781467378123
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11567/840592
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 9
  • ???jsp.display-item.citation.isi??? 5
social impact