Page 16 - Read Online
P. 16

Calderoni et al. J Surveill Secur Saf 2020;1:106-18  I  http://dx.doi.org/10.20517/jsss.2019.01                                            Page 117

               This work could be extended according to several directions. From a theoretical point of view, a formal
               validation of the experimental results presented in this article would be an interesting open issue.
               Furthermore, a future research direction could involve further investigation of which countermeasures
               may be set up in this chip to handle chip cloning attacks better. Following the ICAO principles designed for
               electronic machine readable travel documents, a viable solution could consist of a novel protocol relying on
               asymmetric cryptography. Furthermore, this tag supports notable features that enhance privacy and also
               implement soft security settings, which increase tag interoperability. From a practical and application point
               of view, a good option could be to design and implement stateless systems (from the user’s perspective) able
               to preserve some form of security and confidentiality while enabling tag inspection. Such a system could
               rely on smartphones NFC sensors and should be independent of a dedicated end-user application on the
               smartphone itself. This setting should exploit the SDM feature provided by the tag.

               In a conclusion, in this paper we investigated the capabilities of the NT4H2421Gx tag. To effectively check
               the tag properties and some of its core functionalities, we designed a mobile application based on Android
               OS which uses the NFC sensor of the smartphone as a tag reader. This application allowed us to read the
               memory of the aforementioned chip at the bit level, and to discuss its core functionalities and settings in
               relation to the most common security and privacy patterns. In the final part of the paper we considered
               each of these aspects separately to stimulate the research community regarding these topics. Concluding,
               the deep Android inspection performed on the NT4H2421Gx tag showed that it represents an option to
               rely on when we need to design secure IoT applications. This tag is resistant to forging activities, and it also
               preserves confidentiality and authenticity on exchanged data. Again, SDM and mirroring enable stateless
               applications (from the user’s perspective) to be delivered and also allow the surpassing of several privacy
               limitations.

               DECLARATIONS
               Authors’ contributions
               Made substantial contributions to conception and design of the study and performed data analysis and
               interpretation: Calderoni L
               Provided technical and material support: Spadazzi L
               Supervised the work: Maio D, Margara L


               Availability of data and materials
               Not applicable.

               Financial support and sponsorship
               None.


               Conflicts of interest
               All authors declared that there are no conflicts of interest.


               Ethical approval and consent to participate
               Not applicable.


               Consent for publication
               Not applicable.


               Copyright
               © The Author(s) 2020.
   11   12   13   14   15   16   17   18   19   20   21