MOONACS: a mobile on-/offline NFC-based physical access control system. Issue 1 (4th April 2016)
- Record Type:
- Journal Article
- Title:
- MOONACS: a mobile on-/offline NFC-based physical access control system. Issue 1 (4th April 2016)
- Main Title:
- MOONACS: a mobile on-/offline NFC-based physical access control system
- Authors:
- Gruntz, Dominik
Arnosti, Christof
Hauri, Marco - Abstract:
- Abstract : Purpose: The purpose of this paper is to present a smartphone-based physical access control system in which the access points are not directly connected to a central authorization server, but rather use the connectivity of the mobile phone to authorize a user access request online by a central access server. The access points ask the mobile phone whether a particular user has access or not. The mobile phone then relays such a request to the access server or presents an offline ticket. One of the basic requirements of our solution is the independence from third parties like mobile network operators, trusted service managers and handset manufacturers. Design/methodology/approach: The authentication of the smartphone is based on public key cryptography. This requires that the private key is stored in a secure element or in a trusted execution environment to prevent identity theft. However, due to the intended independence from third parties, subscriber identity module (SIM)-based secure elements and embedded secure elements (i.e. separate hardware chips on the handset) were not an option and only one of the remaining secure element architectures could be used: host card emulation (HCE) or a microSD-based secure element. Findings: This paper describes the implementation of such a physical access control system and discusses its security properties. In particular, it is shown that the HCE approach cannot solve the relay attack under conservative security assumptionsAbstract : Purpose: The purpose of this paper is to present a smartphone-based physical access control system in which the access points are not directly connected to a central authorization server, but rather use the connectivity of the mobile phone to authorize a user access request online by a central access server. The access points ask the mobile phone whether a particular user has access or not. The mobile phone then relays such a request to the access server or presents an offline ticket. One of the basic requirements of our solution is the independence from third parties like mobile network operators, trusted service managers and handset manufacturers. Design/methodology/approach: The authentication of the smartphone is based on public key cryptography. This requires that the private key is stored in a secure element or in a trusted execution environment to prevent identity theft. However, due to the intended independence from third parties, subscriber identity module (SIM)-based secure elements and embedded secure elements (i.e. separate hardware chips on the handset) were not an option and only one of the remaining secure element architectures could be used: host card emulation (HCE) or a microSD-based secure element. Findings: This paper describes the implementation of such a physical access control system and discusses its security properties. In particular, it is shown that the HCE approach cannot solve the relay attack under conservative security assumptions and an implementation based on a microSD secure element is presented and discussed. Moreover, the paper also describes an offline solution which can be used if the smartphone is not connected to the access server. In this case, an access token is sent to the access point in response to an access request. These tokens are renewed regularly and automatically whenever the smartphone is connected. Originality/value: In this paper, a physical access control system is presented which operates as fast as existing card-based solutions. By using a microSD-based secure element (SE), the authors were able to prevent the software relay attack. This solution is not restricted to microSD-based SEs, it could also be implemented with SIM-based or embedded secure elements (with the consequence that the solution depends on third parties). … (more)
- Is Part Of:
- International journal of pervasive computing and communications. Volume 12:Issue 1(2016)
- Journal:
- International journal of pervasive computing and communications
- Issue:
- Volume 12:Issue 1(2016)
- Issue Display:
- Volume 12, Issue 1 (2016)
- Year:
- 2016
- Volume:
- 12
- Issue:
- 1
- Issue Sort Value:
- 2016-0012-0001-0000
- Page Start:
- 2
- Page End:
- 22
- Publication Date:
- 2016-04-04
- Subjects:
- NFC -- Secure element -- Host card emulation -- Physical access control system -- Relay attack
Ubiquitous computing -- Periodicals
Mobile computing -- Periodicals
Computer network protocols -- Periodicals
Computer network architectures -- Periodicals
Application software -- Development -- Periodicals
004.6 - Journal URLs:
- http://info.emeraldinsight.com/products/journals/journals.htm?PHPSESSID=hprfp8ctb78gnbgodr3rkog6s0&id=ijpcc ↗
http://www.emeraldinsight.com/ ↗
http://www.troubador.co.uk/jpcc/ ↗ - DOI:
- 10.1108/IJPCC-01-2016-0012 ↗
- Languages:
- English
- ISSNs:
- 1742-7371
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4542.452750
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 9889.xml