Do You Talk to Each Poster? Security and Privacy for Interactions with Web Service by Means of Contact Free Tag Readings

The pervasive service interaction (PERCI) application allows interaction with Web services through associated real world objects equipped with contact less tags. The tags are read with a mobile. The read tag content is used to invoke Web service in the back-end system. The case study presented here is identifying in a structured approach security and privacy requirements of an near field communication (NFC) based application. As the application is leaving the technology research stage and is about to enter some system development stage it was indicated to consider security and privacy for R&D risk management purposes. The application is representative for a service, deployable on a mobile using NFC technology and building on Web services taking particularly the stake-holder role-specific situations and the operation of the application as a telecommunication service into account. The contributions of the paper relate to (i) the security discussion that avoids threats where this is possible and mitigates the remaining risks where this is necessary and (ii) the way to structure and organize the different aspects of the security and privacy consideration, which can be applied elsewhere too.