Vol.67, No.3, 2021, pp.2955-2969, doi:10.32604/cmc.2021.014969
Security Threats to Business Information Systems Using NFC Read/Write Mode
  • Sergio Rios-Aguilar1,2,*, Marta Beltrán2, González-Crespo Rubén3
1 Department of Organization Engineering, Business Administration and Statistics, ETSI Informáticos, Universidad Politécnica de Madrid (UPM), Boadilla del Monte (Madrid), 28660, Spain
2 Department of Computing, ETSII, Universidad Rey Juan Carlos, Móstoles (Madrid), 28933, Spain
3 ESIT, Universidad Internacional de La Rioja (UNIR), Logroño (La Rioja), 26006, Spain
* Corresponding Author: Sergio Rios-Aguilar. Email:
(This article belongs to this Special Issue: Current trends and Advancements for next-generation secure Industrial IoT)
Received 29 October 2020; Accepted 06 December 2020; Issue published 01 March 2021
Radio Frequency IDentification (RFID) and related technologies such as Near Field Communication (NFC) are becoming essential in industrial contexts thanks to their ability to perform contactless data exchange, either device-to-device or tag-to-device. One of the three main operation modes of NFC, called read/write mode, makes use of the latter type of interaction. It is extensively used in business information systems that make use of NFC tags to provide the end-user with augmented information in one of several available NFC data exchange formats, such as plain text, simple URLs or enriched URLs. Using a wide variety of physical form factors, NFC-compatible tags (wireless transponders) are currently available in many locations with applications going from smart posters, contactless tokens, tap-and-go payments or transport ticketing to automated device configuration, patient identification at hospitals or inventory management within supply chains. Most of these applications handle sensitive processes or data. This paper proposes a complete security threat model for the read/write operation mode of NFC used in Next Generation Industrial IoT (Nx-IIoT) contexts. This model, based on a well-known methodology, STRIDE, allows developers and users to identify NFC applications vulnerabilities or weaknesses, analyze potential threats, propose risk management strategies, and design mitigation mechanisms to mention only some significant examples.
Near field communications; read/write NFC; security; threat modelling; STRIDE; Nx-IIoT
Cite This Article
S. Rios-Aguilar, M. Beltrán and G. Rubén, "Security threats to business information systems using nfc read/write mode," Computers, Materials & Continua, vol. 67, no.3, pp. 2955–2969, 2021.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.