A Privacy-Preserving NFC Mobile Pass for Transport Systems

EAI Endorsed Trans. Mob. Commun. Appl. Pub Date : 2014-12-28 DOI:10.4108/mca.2.5.e4

Ghada Arfaoui, Guillaume Dabosville, S. Gambs, Patrick Lacharme, Jean-François Lalande

{"title":"A Privacy-Preserving NFC Mobile Pass for Transport Systems","authors":"Ghada Arfaoui, Guillaume Dabosville, S. Gambs, Patrick Lacharme, Jean-François Lalande","doi":"10.4108/mca.2.5.e4","DOIUrl":null,"url":null,"abstract":"The emergence of the NFC (Near Field Communication) technology brings new capacities to the next generation of smartphones, but also new security and privacy challenges. Indeed through its contactless interactions with external entities, the smartphone of an individual will become an essential authentication tool for service providers such as transport operators. However, from the point of view of the user, carrying a part of the service through his smartphone could be a threat for his privacy. Indeed, an external attacker or the service provider himself could be tempted to track the actions of the user. In this paper, we propose a privacy-preserving contactless mobile service, in which a user’s identity cannot be linked to his actions when using the transport system. The security of our proposition relies on the combination of a secure element in the smartphone and on a privacy-enhancing cryptographic protocol based on a variant of group signatures. In addition, although a user should remain anonymous and his actions unlinkable in his daily journeys, we designed a technique for lifting his anonymity in extreme circumstances. In order to guarantee the usability of our solution, we implemented a prototype demonstrating that our solution meets the major functional requirements for real transport systems: namely that the mobile pass can be validated at a gate in less than 300 ms, and this even if the battery of the smartphone is exhausted.","PeriodicalId":299985,"journal":{"name":"EAI Endorsed Trans. Mob. Commun. Appl.","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-12-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"EAI Endorsed Trans. Mob. Commun. Appl.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4108/mca.2.5.e4","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 10

Abstract

The emergence of the NFC (Near Field Communication) technology brings new capacities to the next generation of smartphones, but also new security and privacy challenges. Indeed through its contactless interactions with external entities, the smartphone of an individual will become an essential authentication tool for service providers such as transport operators. However, from the point of view of the user, carrying a part of the service through his smartphone could be a threat for his privacy. Indeed, an external attacker or the service provider himself could be tempted to track the actions of the user. In this paper, we propose a privacy-preserving contactless mobile service, in which a user’s identity cannot be linked to his actions when using the transport system. The security of our proposition relies on the combination of a secure element in the smartphone and on a privacy-enhancing cryptographic protocol based on a variant of group signatures. In addition, although a user should remain anonymous and his actions unlinkable in his daily journeys, we designed a technique for lifting his anonymity in extreme circumstances. In order to guarantee the usability of our solution, we implemented a prototype demonstrating that our solution meets the major functional requirements for real transport systems: namely that the mobile pass can be validated at a gate in less than 300 ms, and this even if the battery of the smartphone is exhausted.

查看原文本刊更多论文

一种用于运输系统的保护隐私的NFC移动通行证

NFC(近场通信)技术的出现为下一代智能手机带来了新的功能，但也带来了新的安全和隐私挑战。事实上，通过与外部实体的非接触式交互，个人智能手机将成为运输运营商等服务提供商必不可少的身份验证工具。然而，从用户的角度来看，通过智能手机携带部分服务可能会威胁到他的隐私。实际上，外部攻击者或服务提供者本身可能会受到诱惑，跟踪用户的操作。在本文中，我们提出了一种保护隐私的非接触式移动服务，其中用户的身份不能与他在使用传输系统时的行为相关联。我们提议的安全性依赖于智能手机中的安全元素和基于组签名变体的隐私增强加密协议的组合。此外，尽管用户应该保持匿名，并且他的行为在日常旅程中不可链接，但我们设计了一种在极端情况下解除其匿名性的技术。为了保证我们的解决方案的可用性，我们实现了一个原型，证明我们的解决方案符合实际运输系统的主要功能要求:即移动通行证可以在不到300毫秒的时间内在一个门上进行验证，即使智能手机的电池耗尽。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

EAI Endorsed Trans. Mob. Commun. Appl.

自引率

0.00%

发文量