near field communication (nfc)

Near FieldCommunica-

tion

NFC

Jeevan GeorgeAntony

NEAR FIELD COMMUNICATION (NFC)

Jeevan George AntonyUni.Roll No: 12018124

Guided by: Mr. Arun MadhuAssistant Professor

St. Joseph’s College of Engineering and Technology

August 7, 2015


tion

NFC

Jeevan GeorgeAntony

Overview 2

INTRODUCTION

Literature Survey - Applications Of NFC

NFC ARCHITECTURE

NFC - INITIATOR AND TARGET

NFC - COMMUNICATION MODES

NFC - OPERATING MODES

NFC - THREATS & DEFENSE

CONCLUSION

REFERENCES


tion

NFC

Jeevan GeorgeAntony

Introduction 3

Short range wireless communication technology whichvalidates two-way interaction between electronic devicesallowing contactless transactions and provides an ease toconnect devices with a single touch.

Based on the Radio Frequency Identification (RFID), ituses magnetic field induction to enable communicationbetween electronic devices.

Designed for integration with mobile phones, which cancommunicate with other phones (peer-to-peer) or readinformation on tags and cards (reader).

It operates on 13.56 MHz frequency with data rate of upto 424 kilobits per second at a distance of 10 centimeters.

Vulnerable to numerous kinds of attacks.


tion

NFC

Jeevan GeorgeAntony

Literature Survey 4

Title

Near Field Communication (NFC)Technology andMeasurements White Paper Roland Minihold -06-2011(1MA1825e)

Applications Of NFC:

Mobile payment.

Authentication, access control - store electronic keys, legit-imations on NFC phones.

Data transfer between different NFC-units (peer-to-peer dataexchange) like NFC-smart phones, digital cameras, note-books, etc.

Access to digital information, like Download maps fromsmart poster to NFC phone.


tion

NFC

Jeevan GeorgeAntony

NFC ARCHITECTURE 5

Figure 1: NFC ARCHITECTURE


tion

NFC

Jeevan GeorgeAntony

NFC - INITIATOR AND TARGET 6

Initiator

NFC model involves two devices for the communication,an initiator and a target.

Initiator starts communication and is typically an activeNFC device.it is responsible for energizing the target incase the target device is a passive device

Target

Target device can either be an RFID tag based card or anRFID based NFC device.They respond to the requestsgenerated by initiator in the form of responses.

Communication between devices takes place over a singleRF band which is shared by devices in half-duplex mode.


tion

NFC

Jeevan GeorgeAntony

NFC - COMMUNICATION MODES 7

ACTIVE AND PASSIVE

NFC interface operate in two different modes

An active device generates its own radio frequency (RF)field, whereas a device in passive mode has to useinductive coupling to transmit data.

For battery-powered devices,it is better to act in passivemode.No internal power source is required in active mode.

In passive mode, a device can be powered by the RF fieldof an active NFC device and transfers data using loadmodulation.

Communication between two active devices is calledActive communication mode.

Communication between an active and a passive device iscalled Passive communication mode.


tion

NFC

Jeevan GeorgeAntony

NFC - OPERATING MODES 8

Figure 2: Peer-To-Peer


tion

NFC

Jeevan GeorgeAntony

NFC - OPERATING MODES ....Continuing.... 9

Figure 3: Reader/Writer Mode


tion

NFC

Jeevan GeorgeAntony

NFC - OPERATING MODES ....Continuing.... 10

Figure 4: Tag Emulation Mode


tion

NFC

Jeevan GeorgeAntony

NFC - Threats & Defense 11

Eavesdropping

The attacker can use bigger and powerful antennas thanthe mobile devices to receive the communication.Thisenables the attacker to eavesdrop an NFC communicationover greater distances.

Passive mode data transmission is comparatively difficultto be attacked upon than Active mode communication.

Solution to this type of vulnerability is to use a securechannel.

Communication over NFC channel should beauthentication based using the authentication andencryption schemes.


tion

NFC

Jeevan GeorgeAntony


Data Modification

Here attacker changes the actual data with valid butincorrect data.

The receiver in this case receives data manipulated by theattacker during its transmission.

The best solution to defend against data modificationattacks is to use a secure channel for transmission andreception of data.


tion

NFC

Jeevan GeorgeAntony


Data Corruption

The data transmitted over NFC interface can be modifiedby an attacker if he/she can intercept it.

It can be considered as denial of service if the attackerchanges the data in an unrecognized format.

If the devices can detect the strength of an RF field andthe difference when there is some additional RF in thesame field then it can effectively counter this type ofthreat.

A higher amount of power than the typical power of theRF field is required to corrupt data being transmitted.

The increased power should be easily detected by the NFCdevices.


tion

NFC

Jeevan GeorgeAntony


Data Insertion

Unwanted data can be inserted in the form of messages byan attacker into the data while being exchanged betweentwo devices.

The success of attacker in this manipulation depends uponthe duration of communication and the response time ofthe receiving device.

A possible countermeasure is possible if the answeringdevice responds to the first device without a delay.

The best way to counter data insertion attack is by usinga secure channel for the communication.


tion

NFC

Jeevan GeorgeAntony

NFC - Threats 15

Man-in-Middle Attack

A third party tricks the two legitimate parties to be theother legitimate party and thus routing the communicationbetween the two parties to go through the third party.

A Man-in-Middle attack is practically impossible to becarried out at short distance,i.e ¡10cm.

The active device should monitor the RF field for anypossible disturbance or attack scenario.

Figure 5: Example


tion

NFC

Jeevan GeorgeAntony


Secure Channel for NFC

The best approach to guard against maximum attacks is touse a secure channel between the communicating devices.

Diffie-Hellmann key agreement protocol can be used inconjunction with RSA or Elliptic Curves to protect andauthenticate the channel between two communicatingdevices.

The arrangement can be augmented with use of symmetrickey scheme like 3DES or AES. The arrangement canprovide confidentiality, integrity and authentication.


tion

NFC

Jeevan GeorgeAntony


Diffie-Hellmann key agreement protocol - method ofsecurely exchanging cryptographic keys over a publicchannel- was one of the first public-key protocols

RSA- practical public-key cryptosystems - widely used forsecure data transmission

Elliptic curve cryptography - an approach to public-keycryptography based on the algebraic structure of ellipticcurves over finite fields

Triple DES (3DES) - common name for the Triple DataEncryption Algorithm symmetric-key block cipher

AES - also known as Rijndael - based on a combination ofboth substitution and permutation, and is fast in bothsoftware and hardware.


tion

NFC

Jeevan GeorgeAntony

Conclusion 18

Secure channel implementations in NFC can protect againstmaximum attacks. Communication over NFC channel isprotected against Man-in-Middle attack due to the smalldistance of communication involved.


tion

NFC

Jeevan GeorgeAntony

References I 19

1 Naveed Ashraf Chattha. ”NFC - Vulnerabilities and De-fense” - Short Paper, published in Information Assuranceand Cyber Security (CIACS), 2014 Conference on 12-13June 2014, pp. 35-38 , publisher- IEEE.

2 ”Near Field Communication (NFC)Technology and Mea-surements”-White Paper Roland Minihold-06-2011(1MA1825e).

3 ISO/IEC 18092. ”Near Field Communication - Interfaceand Protocol,”-2004.

4 Near Field Communication’ - White Paper, Ecma/TC32-TG19/2005/012, Internet: www.ecma international.org, 2005[May. 24, 2014].

5 NFC-Near Field Communication, Reader/Writer OperatingMode [May. 28, 2014].


tion

NFC

Jeevan GeorgeAntony

References II 20

6 G. Avoine. Rfid: Adversary model and attacks on existingprotocols, EPFL, Station 14- Building INF, CH-1015 Lau-sanne, Switzerland, Tech. Rep. LASEC-REPORT-2005-001, Sep. 2005.

7 G. Hancke. Practical Attacks on Proximity IdentificationSystem, in Proc. Symposium on Security and Privacy, pp.328-333, May. 2006.

8 T. S. Heydt-Benjamin, D. V. Bailey, K. Fu, A. Juels, andT. OHare, Vulnerabilities in first-generation RFID enabledcredit cards, in Proc. Conf. on Financial Cryptography anddata Security, pp. 1-22, Feb. 2007.

9 www.en.wikipedia.org/wiki/NearF ieldCommunication.


tion

NFC

Jeevan GeorgeAntony

Thank You!

near field communication (nfc)

Technology

nfc phones

active nfc device

passive nfc interface

initiator nfc model

nfcsmart phones

1ma1825e applications

dierent nfcunits peer

active communication