Software Card Emulation in NFC-enabled Mobile Phones:
Great Advantage or Security Nightmare?
Michael Roland
NFC Research Lab Hagenberg
University of Applied Sciences Upper Austria
Softwarepark 11, 4232 Hagenberg/Austria
michael.roland@fh-hagenberg.at
ABSTRACT
Software card emulation is a new approch to advance the
interoperability of NFC with legacy contactless smartcard
systems. It has been first introduced to NFC-enabled mobile
phones by Research In Motion (RIM) on their BlackBerry
platform. Software card emulation aims at opening and sim-
plifying the complex and tightly controlled card emulation
functionality. While this form of card emulation, that gets
rid of the secure element (a device tightly controlled by the
“big players”), is a great chance for development of innova-
tive NFC applications, it potentially makes card emulation
less secure and paves the way for interesting attack scenar-
ios. This paper evaluates the advantages and disadvantages
of software card emulation based on existing application sce-
narios and recent research results.
1. INTRODUCTION
With the emergence of Near Field Communication (NFC),
more and more NFC devices and applications hit the market.
However, the full potential of NFC is not available to all de-
velopers. Specifically, the secure element (SE), a smartcard
microchip that is used to perform secure card emulation, is
kept under tight control of device manufacturers and mobile
network operators. Nevertheless, card emulation is required
for interaction with many legacy RFID systems that are
currently used for access control, ticketing and payment. On
an NFC device, the secure element is used to store security
critical applications like credit cards, access control creden-
tials and public transport tickets. Through the device’s NFC
controller, the secure element can be accessed as if it were a
regular contactless smartcard.
Especially the payment sector – the part of NFC that seems
to generate the highest revenue – focuses on using the se-
cure element for payment applications. Therefore, a lot of
companies want to have access to secure elements to claim a
share of that revenue. As a result, many developers call for
easier access to card emulation capabilities.
An approach started by Research In Motion (RIM) on their
BlackBerry platform is software card emulation (also known
as “soft-SE” [7]). This mode allows interaction with legacy
RFID reader infrastructures through applications on the mo-
bile phone’s application processor without using a secure el-
ement. At first glance this mode seems to be a great new
feature for NFC devices. It opens up the – previously –
tightly controlled world of card emulation to a wide range
of developers. This will certainly lead to a number of new
and innovative NFC applications. This increase in use-cases
may, in turn, lead to an increased need for NFC devices and,
consequently, help NFC to finally kick off as a mass-market
technology. Besides software card emulation’s benefits, there
are, however, several downsides that come along with this
new approach.
This paper starts with an introduction to NFC technology
and its operating modes. The various types of card emula-
tion and their availability in current NFC devices are ex-
plained. Based on existing application scenarios for the card
emulation mode and based on recent research results, the ad-
vantages and disadvantages of software card emulation are
evaluated.
2. NEAR FIELD COMMUNICATION
Near Field Communication (NFC) is a contactless commu-
nication technology first standardized by Ecma (ECMA-
340, ECMA-352) and later adopted by ISO/IEC (ISO/IEC
18092, ISO/IEC 21481). It is an advancement of inductively
coupled proximity Radio Frequency Identification (RFID)
technology and smartcard technology. NFC is compatible to
legacy contactless smartcard systems based on the standards
ISO/IEC 14443 and FeliCa (JIS X 6319-4). Recent stan-
dardization activities aim at also adding compatibility to
ISO/IEC 15693 vicinity coupling systems. Besides standard-
ization through normative bodies like ISO/IEC and Ecma,
further specification of data formats, protocols, interoper-
ability requirements, device certification and NFC applica-
tions is driven by the NFC Forum
1
.
A basic principle of the NFC technology is “it’s all in a
touch” [4]. This means that simply touching an object or an
NFC device with another NFC device immediately triggers
an action. Objects can be equipped with so-called NFC tags
(simple contactless memory chips based on existing RFID
transponders). These tags are used to store content like In-
ternet addresses (URLs), telephone numbers, text messages
(SMS) or electronic business cards. The user can access the
information on a tag by simply touching it with an NFC
device.
NFC has three operating modes: peer-to-peer mode, reader/
writer mode and card emulation mode:
• Peer-to-peer mode is an operating mode specific to
1
http://www.nfc-forum.org/
Fourth International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use (IWSSI/SPMU)
June 18, 2012, Newcastle, UK