02.12.2014 NFC : Near Field Communications 1/18

NFC

By Vikram Kaparthy

Strengths ands Weaknesses

: Near Field Communications

02.12.2014 NFC : Near Field Communications 2/18

Introduction

• What is NFC ?

Short range high frequency

wireless communication

technology.

Mainly aimed for mobile or

handheld devices.

Enables simplified transactions, data exchange and

wireless connections between two NFC devices.

02.12.2014 NFC : Near Field Communications 3/18

How it works

02.12.2014 NFC : Near Field Communications 4/18

Working .. • There are dedicated roles

– Initiator and Target

– Any data transfer is a message and reply pair.

Initiator Target

Message

Reply

Active Passive

Initiator Possible Not Possible

Target Possible Possible

02.12.2014 NFC : Near Field Communications 5/18

Modes

• Active

• Passive Communication

• Read and write

• Peer to peer

• Card Emulation Operation

– device generates an RF field

– device uses the RF field generated

by the other device

02.12.2014 NFC : Near Field Communications 6/18

Threats

• Eavesdropping

• Data Corruption

• Data Modification

• Data Insertion

• Man-in-the-Middle-attack

02.12.2014 NFC : Near Field Communications 7/18

Threats

Eavesdropping

NFC is not secure against eavesdropping

From how far away is it possible to eavesdrop?

Depends….

RF field of sender

Equipment of attacker

….

Does Active versus Passive mode matter?

Yes

In active mode the modulation is stronger (in particular at 106 kBaud)

In passive mode eavesdropping is harder

Countermeasure

Secure Channel

Alice Bob Message

Eve

Eavesdropping

02.12.2014 NFC : Near Field Communications 8/18

Threats

Data Modification

Data Modification is instead of just listening, modify

the data which is transmitted via NFC interface.

The attacker want to disturb the communication

02.12.2014 NFC : Near Field Communications 9/18

Threats

Man-in-the-Middle-attack

Alice Bob

Message

Eve

Eavesdropping Message

02.12.2014 NFC : Near Field Communications 10/18

Eavesdropping No easy solution : use Secure Channel

Data Modification No easy solution : use Secure Channel

Man in the Middle Attack easy solution if : Alice uses Active – Passive mode

Alice checks for disturbance

Alice checks for suspicious answers from Bob

Threats

02.12.2014 NFC : Near Field Communications 11/18

Secure Channel

3DES : Triple Data Encryption Standard

OR

AES : Advance Encryption Standard

confidentiality, integrity and authenticity of the

transmitted data.

Protection against Threats

02.12.2014 NFC : Near Field Communications 12/18

Key Agreement – An Alternative

Protection against Threats

1 Bit

1. Half-Bit 2. Half-Bit

100

0

100

0

100

0

200

1 Bit

1. Half-Bit 2. Half-Bit

100

0

100

0

100

0

200

Alice

Eve

Bob

02.12.2014 NFC : Near Field Communications 13/18

Key Agreement – An Alternative Perfect in theory – Obvious to see

Needs perfect synchronization between Alice and Bob

Amplitude

Phase

Alice and Bob must actively perform this synchronization

Security in practice depends on

Synchronization

Equipment of attacker

Advantages

Cheap (requires no cryptography)

Extremely fast

Protection against Threats

02.12.2014 NFC : Near Field Communications 14/18

Conclusion

• NFC does not provide any security by itself

• Secure Channel is required

• Physical properties of NFC protect against Man-in-the-Middle

• Establishing a Secure Channel becomes easy

02.12.2014 NFC : Near Field Communications 15/18

Questions..?

02.12.2014 NFC : Near Field Communications 16/18

References

• Journal : “Strengths and Weaknesses of Near Field

Communication (NFC) Technology” Mohamed Mostafa

Abd Allah, 2011.

• Journal : “ Security in Near Field Communication

(NFC) Strengths and Weaknesses” Ernst Haselsteiner

and Klemens Breitfuß, Philips Semiconductors

02.12.2014 NFC : Near Field Communications 17/18

Thank you !