{"title":"基于安全元素的移动设备攻击场景","authors":"Michael Roland, J. Langer, J. Scharinger","doi":"10.1109/NFC.2012.10","DOIUrl":null,"url":null,"abstract":"Near Field Communication's card emulation mode is a way to put virtual smart cards into mobile phones. A recently launched application is Google Wallet. Google Wallet turns a phone into a credit card, a prepaid card and a tool to collect gift certificates and discounts. Card emulation mode uses dedicated smart card chips, which are considered to fulfill high security standards. Therefore, card emulation mode is also considered to be safe and secure. However, an NFC-enabled mobile phone introduces a significantly different threat vector. Especially a mobile phone's permanent connectivity to a global network and the possibility to install arbitrary applications onto smart phones open up for several new attack scenarios. This paper gives an overview of the new risks imposed by mobile connectivity and untrusted mobile phone applications. The various APIs for secure element access on different mobile phone platforms and their access control mechanisms are analyzed. The security aspects of mobile phones are explained. Finally, two practical attack scenarios, a method to perform a denial of service (DoS) attack against a secure element and a method to remotely use the applications on a victims secure element without the victim's knowledge, are highlighted.","PeriodicalId":439924,"journal":{"name":"2012 4th International Workshop on Near Field Communication","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"54","resultStr":"{\"title\":\"Practical Attack Scenarios on Secure Element-Enabled Mobile Devices\",\"authors\":\"Michael Roland, J. Langer, J. Scharinger\",\"doi\":\"10.1109/NFC.2012.10\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Near Field Communication's card emulation mode is a way to put virtual smart cards into mobile phones. A recently launched application is Google Wallet. Google Wallet turns a phone into a credit card, a prepaid card and a tool to collect gift certificates and discounts. Card emulation mode uses dedicated smart card chips, which are considered to fulfill high security standards. Therefore, card emulation mode is also considered to be safe and secure. However, an NFC-enabled mobile phone introduces a significantly different threat vector. Especially a mobile phone's permanent connectivity to a global network and the possibility to install arbitrary applications onto smart phones open up for several new attack scenarios. This paper gives an overview of the new risks imposed by mobile connectivity and untrusted mobile phone applications. The various APIs for secure element access on different mobile phone platforms and their access control mechanisms are analyzed. The security aspects of mobile phones are explained. Finally, two practical attack scenarios, a method to perform a denial of service (DoS) attack against a secure element and a method to remotely use the applications on a victims secure element without the victim's knowledge, are highlighted.\",\"PeriodicalId\":439924,\"journal\":{\"name\":\"2012 4th International Workshop on Near Field Communication\",\"volume\":\"16 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-03-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"54\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 4th International Workshop on Near Field Communication\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NFC.2012.10\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 4th International Workshop on Near Field Communication","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NFC.2012.10","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Practical Attack Scenarios on Secure Element-Enabled Mobile Devices
Near Field Communication's card emulation mode is a way to put virtual smart cards into mobile phones. A recently launched application is Google Wallet. Google Wallet turns a phone into a credit card, a prepaid card and a tool to collect gift certificates and discounts. Card emulation mode uses dedicated smart card chips, which are considered to fulfill high security standards. Therefore, card emulation mode is also considered to be safe and secure. However, an NFC-enabled mobile phone introduces a significantly different threat vector. Especially a mobile phone's permanent connectivity to a global network and the possibility to install arbitrary applications onto smart phones open up for several new attack scenarios. This paper gives an overview of the new risks imposed by mobile connectivity and untrusted mobile phone applications. The various APIs for secure element access on different mobile phone platforms and their access control mechanisms are analyzed. The security aspects of mobile phones are explained. Finally, two practical attack scenarios, a method to perform a denial of service (DoS) attack against a secure element and a method to remotely use the applications on a victims secure element without the victim's knowledge, are highlighted.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
