Performance variation in host-based card emulation compared to a hardware security element

Abstract

Traditionally, card emulation mode in Near Field Communication devices makes use of a hardware Secure Element (SE) as a secure storage and execution environment for applications. However, a different way of card emulation that bypasses the SE has emerged, referred to as Host-based Card Emulation (HCE). HCE relies on the phone CPU for processing power, sharing it with other running processes. This produces variable readings in terms of response times from the phone. This paper investigates this variability in HCE implementation as compared to an SE implementation. We also discuss how our findings may call into question the use of HCE in time critical scenarios.