mca 14(5): e4

Research Article

A Privacy-Preserving NFC Mobile Pass for Transport Systems

Download1612 downloads
  • @ARTICLE{10.4108/mca.2.5.e4,
        author={Ghada Arfaoui and Guillaume Dabosville and S\^{e}bastien Gambs and Patrick Lacharme and Jean-Fran\`{e}ois Lalande},
        title={A Privacy-Preserving NFC Mobile Pass for Transport Systems},
        journal={EAI Endorsed Transactions on Mobile Communications and Applications},
        keywords={DAA, mobile pass, NFC, privacy, smartcard},
  • Ghada Arfaoui
    Guillaume Dabosville
    Sébastien Gambs
    Patrick Lacharme
    Jean-François Lalande
    Year: 2014
    A Privacy-Preserving NFC Mobile Pass for Transport Systems
    DOI: 10.4108/mca.2.5.e4
Ghada Arfaoui1,2, Guillaume Dabosville3, Sébastien Gambs4, Patrick Lacharme5, Jean-François Lalande4,2,*
  • 1: Orange Labs, F-14066 Caen, France
  • 2: INSA Centre Val de Loire, Univ. Orléans, LIFO EA 4022, F-18020 Bourges, France
  • 3: Oberthur Technologies, F-92700 Colombes, France
  • 4: Université de Rennes 1, Inria, SUPELEC, CNRS, IRISA (UMR 6074), F-35065 Rennes, France
  • 5: Laboratoire GREYC (Unicaen, Ensicaen, CNRS), UMR 6072, F-14032 Caen, France
*Contact email:


The emergence of the NFC (Near Field Communication) technology brings new capacities to the next generation of smartphones, but also new security and privacy challenges. Indeed through its contactless interactions with external entities, the smartphone of an individual will become an essential authentication tool for service providers such as transport operators. However, from the point of view of the user, carrying a part of the service through his smartphone could be a threat for his privacy. Indeed, an external attacker or the service provider himself could be tempted to track the actions of the user. In this paper, we propose a privacy-preserving contactless mobile service, in which a user’s identity cannot be linked to his actions when using the transport system. The security of our proposition relies on the combination of a secure element in the smartphone and on a privacy-enhancing cryptographic protocol based on a variant of group signatures. In addition, although a user should remain anonymous and his actions unlinkable in his daily journeys, we designed a technique for lifting his anonymity in extreme circumstances. In order to guarantee the usability of our solution, we implemented a prototype demonstrating that our solution meets the major functional requirements for real transport systems: namely that the mobile pass can be validated at a gate in less than 300 ms, and this even if the battery of the smartphone is exhausted.