Friday, June 4, 2010

NFC

Near Field Communication or NFC, is a short-range high frequency wireless communication technology which enables the exchange of data between devices over about a 10 centimetre (around 4 inches) distance. The technology is a simple extension of the ISO/IEC 14443 proximity-card standard (proximity card, RFID) that combines the interface of a smartcard and a reader into a single device. An NFC device can communicate with both existing ISO/IEC 14443 smartcards and readers, as well as with other NFC devices, and is thereby compatible with existing contactless infrastructure already in use for public transportation and payment. NFC is primarily aimed at usage in mobile phones.

Essential specifications

  • Like ISO/IEC 14443, NFC communicates via magnetic field induction, where two loop antennas are located within each other's near field, effectively forming an air-core transformer. It operates within the globally available and unlicensed radio frequency ISM band of 13.56 MHz, with a bandwidth of 14 kHz.
  • Working distance with compact standard antennas: up to 20 cm
  • Supported data rates: 106, 212, 424 or 848 kbit/s
  • There are two modes:

    • Passive Communication Mode: The Initiator device provides a carrier field and the target device answers by modulating existing field. In this mode, the Target device may draw its operating power from the Initiator-provided electromagnetic field, thus making the Target device a transponder.
    • Active Communication Mode: Both Initiator and Target device communicate by alternately generating their own field. A device deactivates its RF field while it is waiting.
     
  • NFC devices are able to receive and transmit data at the same time. Thus, they can check the radio frequency field and detect a collision if the received signal does not match with the transmitted signal.

Uses and applications

NFC technology is currently mainly aimed at being used with mobile phones. There are three main use cases for NFC:
  • card emulation: the NFC device behaves like an existing contactless card
  • Reader mode: the NFC device is active and read a passive RFID tag, for example for interactive advertising
  • P2P mode: two NFC devices are communicating together and exchanging information.
Plenty of applications are possible, such as:
  • Mobile ticketing in public transport — an extension of the existing contactless infrastructure.
  • Mobile payment — the device acts as a debit/ credit payment card.
  • Smart poster — the mobile phone is used to read RFID tags on outdoor billboards in order to get info on the move.
  • Bluetooth pairing — in the future pairing of Bluetooth 2.1 devices with NFC support will be as easy as bringing them close together and accepting the pairing. The process of activating Bluetooth on both sides, searching, waiting, pairing and authorization will be replaced by a simple "touch" of the mobile phones.
Other applications in the future could include:
  • Electronic ticketing — airline tickets, concert/event tickets, and others
  • Electronic money
  • Travel cards
  • Identity documents
  • Mobile commerce
  • Electronic keys — car keys, house/office keys, hotel room keys, etc.
  • NFC can be used to configure and initiate other wireless network connections such as Bluetooth, Wi-Fi or Ultra-wideband.

NFC vs Bluetooth

-NFC and Bluetooth are both short-range communication technologies which have recently been integrated into mobile phones. To avoid the complicated configuration process, NFC can be used for the set-up of wireless technologies, such as Bluetooth.

-The earlier advantage of NFC over Bluetooth with the shorter set-up time is still valid with standard Bluetooth protocol stack, but no more with Bluetooth V4.0 low energy protocol stack.

-With NFC, instead of performing manual configurations to identify devices, the connection between two NFC devices is established at once (faster than a tenth of a second).

-The maximum data transfer rate of NFC (424 kbit/s) is slower than Bluetooth V2.1 (2.1 Mbit/s). With less than 20 cm, NFC has a shorter range, which provides a limitation of threat. That mostly makes NFC suitable for crowded areas when correlating a signal with its transmitting physical device (and by extension, its user) becomes difficult.

Security aspects

Although the communication range of NFC is limited to a few centimeters, NFC alone does not ensure secure communications. In 2006, Ernst Haselsteiner and Klemens Breitfuß described different possible types of attacks.
NFC offers no protection against eavesdropping and is also vulnerable to data modifications. Applications have to use higher-layer cryptographic protocols (e.g., SSL) to establish a secure channel.

-Eavesdropping

The RF signal for the wireless data transfer can be picked up with antennas. The distance from which an attacker is able to eavesdrop the RF signal depends on numerous parameters, but is typically a small number of meters. Also, eavesdropping is extremely affected by the communication mode. A passive device, which does not generate its own RF field is much harder to eavesdrop on than an active device. An Open source device which is able to eavesdrop passive and active NFC communications is the Proxmark instrument.

-Data modification

Data destruction is relatively easy to realize. One possibility to perturb the signal is the usage of an RFID jammer. There is no way to prevent such an attack, but if the NFC devices check the RF field while they are sending, it is possible to detect it.
Unauthorized modification of data, which results in valid messages, is much more complicated and demands a thorough understanding. In order to modify the transmitted data an intruder has to deal with the single bits of the RF signal. The feasibility of this attack, i.e., if it is possible to change the value of a bit from 0 to 1 or the other way around, is amongst others subject to the strength of the amplitude modulation. If data is transferred with the modified Miller coding and a modulation of 100%, only certain bits can be modified. A modulation ratio of 100% makes it possible to eliminate a pause of the RF signal, but not to generate a pause where no pause has been. Thus, only a 1 which is followed by another 1 might be changed. Transmitting Manchester encoded data with a modulation ratio of 10% permits a modification attack on all bits.

-Relay attack

Because NFC devices are usually also implementing ISO/IEC 14443 functionality, the relay attack described are also feasible on NFC. For this attack the adversary has to forward the request of the reader to the victim and relay back its answer to the reader in real time, in order to carry out a task pretending to be the owner of the victim’s smart card. One of libnfc code examples demonstrates a relay attack using only two stock commercial NFC devices.

-Lost property

The very simple problem of losing the mobile phone and therewith opening access to any finder of the property is not addressed. Either the NFC RFID card or the mobile phone will act as single factor authenticating entities beyond the fact that the mobile phone is protected with the pin code again as a single authenticating factor. Hence the elementary aspect to defeat lost property threat requires an extended security concept including more than one physically independent authentication factors.

-Walk off

Once lawfully opened access to secure function or data is usually protected with time out closing on pausing the usage. Modern attack concepts may interfere despite the intention to shut down access when the user turns inactive. The distance of a successful attacker to the locus of lawfully granted access is not addressed with any of the described concepts.

NFC-enabled handsets

  • Nokia 6216 Classic.
  • LG 600V contactless.
  • Motorola L7 (SLVR).
  • Benq T80.
  • Sagem Cosyphone.

No comments: