Вы находитесь на странице: 1из 3

EPS 2012: The EVENT Wallet: Survey Paper

Stein Vermeulen, Glenn Ergeerts, Frederik Schrooyen, Rud Beyers, Luc Wante, Marc Ceulemans
AbstractThe main target of this paper is examine the different aspects of the EVENT wallet (the doctorate of Frederick Schrooyen, Rud Beyers, Glenn Ergeerts) and analyze some drawbacks and some aspects that has to be investigated. The wallet will be NFC enabled because NFC will be the technology of the future and all big companies (Apple, Google, etc) are investigating in the technology. There are several problems to deal with to create a electronic wallet, this paper focusses on the security aspect and enumerates different aspects that will be investigated during the Master Thesis. It is a theoretical study so there is no implantation so far for these techniques. The other aspects that are found will be enumerated but not described in detail. Index TermsNear Field Communication, Event Wallet, NFC Security

I NTRODUCTION

3
3.1

R ESULS
What are the different NFC cards on the market?

The doctorate of Frederick Schrooyen, Rud Beyers and Glenn Ergeerts on the EVENT Wallet is a complete study and implementation of an electronic wallet [1]. This paper is a literature study about the different ways to handle the security of the wallet and describes some comments that need to be investigated. This survey paper will be an introduction for the Master Thesis: EPS 2012. In that thesis there will be a complete implementation of the given techniques described in this paper. It will be a cooperation with four students from foreign countries. The collaboration between the different cultures will be an extra challenge for the investigation. All the students have different background studies, this can be a great advantage for the investigation.

1. MIFARE Ultralight [2] Price: 0.74EUR [3] Discription: Up to 10 cm operating distance.Read only function. DESFire SAM basesd security methods supported. Key Applications: Limited-use tickets in public transport Event ticketing (stadiums, exhibitions, leisure parks, etc.) 2. MIFARE Ultralight C [4] Price: 0.30-0.32EUR [3] Discription: Newest card of Mifare technology, it has a limited use application and is equipped with a cloning protection. Key Applications: Limited-use tickets in public transport Event ticketing (stadiums, exhibitions, leisure parks, etc.) 3. MIFARE Classic [5] Price: 0.67-0.72EUR [3] Discription: NXP protection protocol Key Applications: Public transportation, management

M ATERIALS

AND

M ETHODS

There are two major parts in this paper, the rst part is the literature study about the security aspect of an electronic wallet. Therefore theres been a study about all the different cards that we can use to program an NFC enabled electronic wallet above that all the different techniques used to achieve a secure wallet are described. The second part of this paper is a eld study. This study was held to investigate the market. What does the market exspect us to do? What are the complaints and fears of the market. Therefore we held a eld study together with Eventdrive. A company specialized in organizing events. The study was held in Brussels the 25 of November 2011. Eventdrive invited 40 event organizers to follow some presentations about the new upcoming trends in the event business.
S. Vermeulen is with the University College of Antwerp, dept. IWT Electronics-ICT, Paardenmarkt 92, 2000 Antwerp, Belgium E-mail: see http://www.e-lab.be/

Access

4. MIFARE Plus [6] Price: 0.94-0.96EUR [3] Discription: Mifare classic replacement with certied security. Key Applications: Public transportation, Access management 5. MIFARE DESFire EV1 [7] Price: 0.90-0.91EUR [3] Discription: Certied security cards for multiapplication use. Key Applications: Advanced public transportation, Identity

6. I-Code SLI Price: 0.42-0.50EUR [3] Discription: The I. CODE SLI contactless smart card is based on NXP SL2 ICS 20, which is connected to a coil with a few turns and then embedded into plastic. The communication layer complies with ISO/ICE15693 standard. Key Applications: Limited-use tickets in public transport, Event ticketing (stadiums, exhibitions, leisure parks, etc.)

Basically there are two ways to do this. o Black listing / White listing This is a very commonly known technique, the terminals have a blacklist of cards that are not valid or a white list of cards that are valid. o MAC key Every card gets a unique MAC key, calculated over the data on the card and the unique ID from the card. The terminal calculates the MAC key and compares this with the stored MAC key. 3.3 Field research:

3.2

Key elements in designing a secure system:

1. Key diversication [8] Key diversication is a very commen way to secure a system, each card has its own key or keyset. So if you reverse engineer a single card you dont get the master key to generate new cards. The master key to generate the unique keys of every card is held in a secure place so the chance to compromise this key is heavily reduced. Fig. 2. Eventdrive: Partner for the eld research The eld research is important to investigate the market and how to create a viable electronic wallet. The research was held in brussels together with Eventdrive. Eventdrive invited event managers to take a look at new technolgies on the market. At this event the EVENT Wallet was tested and the use was revised together with the event managers. All the remarks of the event managers where summarized and there is given a solution and basic approach to the answers. There has to be the ability to constantly check the balance of the card. Implementation of the EVENT wallet on a nfc enabled phone or nfc enabled sim card will be a solution for this problem. The terminals have to work in every environment (parties, outside, etc.) This has to be revised together with the companies who manufacture the terminals. The speed of the payment has to be very fast. This has been taken care off but there will be complete market research. It will show all statistical values of the speed of the transactions. There has to be a conrmation of the payment. This can be done to redisplay the amount subtracted from the card. the waiters/cashiers will be obliged to show this amount for visual conrmation. What is the price to hire a complete system (cards + terminals)? The price will be researched together with companies who are interested in the commercialization of the system. The event managers wanted to have a market research to prove the system is more reliable and faster.

Fig. 1. Displays the Key difersication concept 2. Key Renewal [8] This is a second aspect to create a secure system: the fact that every card key can be renewed. So if the master key is compromised (chance is heavily reduced by the key diversication fact). Because the key renewal function implemented it is possible to update every card with a new unique ID with a new Master Key. So the compromised master key will be useless. 3. Fraud detection [8] The third aspect is the fact that we need to be able to nd a false card. To do this it is important to log all card activities and detect outliers. There where a lot of investigations about this topic in the past. Because this is such an important topic(it can be used in various sectors like Military systems, credit cards, insurance and health care, etc). In this paper it is not described in detail. But it will be a important aspect in the Master Thesis. 4. Stopping the deployment of fraudulent cards [8] The last aspect to create a secure system is: How to stop the attackers from deploying new fraudulent cards. There is a small chance that the attackers get the master key and reverse engeneer the smart card to generate a new unique ID. But there is one, so it is important to have some mechanism to stop these fraudulent cards.

Which companies are interested commercializing this system?

C ONCLUSION

To conclude there are two major categories that have to be investigated: Security and business related. The security aspect is more technical and focuses on the implementation. The business aspect is more market research related and investigates how to make the wallet viable for various sectors. The literature study points out the different technologies on the market and the comments about the EVENT wallet of the market. The NFC card that will be used in the EVENT wallet is the Mifare DESre chip. This chip the most secure chip of the Mifare family and is reasonable in price, and it has enough space to store data of the wallet. The second conclusion is that Key diversication, Key Renewal, Fraud detection and Stopping the deployment of fraudulent cards will all be implemented in the system to guarantee a fully secure system. The nal conclusion is about the eld research, this research has given some new ideas about the development of the wallet. Also the event managers pointed out they are very interested in using this technology. So this pointed out there will be various companies who will be interested in commercializing this technology.

R EFERENCES
[1] G. E. Frederick Schrooyen, Rud Beyers, The event wallet, Masters thesis, Artesis Hogeschool, 2011. [2] Mifare, Mifare ultralight product leaet, MIfare, Tech. Rep., 2006. [3] aliexpress. (2011) Retailer of different nfc cards. [Online]. Available: http://www.aliexpress.com [4] Mifare, Mifare ultralight c, Mifare, Tech. Rep., 2008. [5] , Mifare classic product leaet, Mifare, Tech. Rep., 2011. [6] , Mifare plus product leaet, Mifare, Tech. Rep., 2010. [7] , Mf3icd81: Mifare desre functional specication, product data sheet. [8] NXP, System level security measures for MIFARE installations: Public Note.

Stein Vermeulen received his B.Sc. in Applied Engineering: electronics-ict in 2011 at the Artesis University College of Antwerp.

Вам также может понравиться