Post on 15-Jan-2017
NFCNFCIP & NFC - SEC STA NDA RDS
Content
About NFC
• NFC work principle
• NFC standards
Security
• Threats and Solutions
• NFC –SEC standards
Conclusions
About NFCWO R K PR INCIPL E
NFC
• NFC employs electromagnetic induction between two loop antennas when NFC devices.
About NFCNFC STA NDA RDS
NFC Standards
• NFC approved as an ISO/IEC standard and as an ECMA standard.
• ISO/IEC 18092 / ECMA-340 – NFCIP-1
• ISO/IEC 21481/ECMA-352 – NFCIP-2
• Incorporates a variety of existing standards ( ISO/IEC 14443 )
• NFC Forum defined a common data format (NDEF)
NFCIP-1 ISO/IEC 18092 / ECMA-340• Defines the communication modes for NFCIP-1 using inductive coupled
devices operating at the centre of 13,56 MHz.
• Defines Active and the Passive communication modes.
• Specifies modulation schemes, codings, transfer speeds, and frame formatof the RF interface.
• Specifies initialisation schemes and conditions required for data collisioncontrol during initialisation.
• Defines transport protocol including protocol activation and data Exchange methods.
• Transfer speeds are 106 kbit/s, 212 kbit/s and 424 kbit/s, for passive-active modes.
NFC – ISO/IEC 21481 / ECMA-352 – NFCIP-2
• Specifies the communication mode selection mechanism, designed not to disturb any outgoing communication at 13,56 MHz.
• Only for devices implementing ECMA-340, ISO/IEC 14443 or ISO/IEC 15693.
• Requires implementations to enter the selected communicationmode as specified in the respective standard.
• Communication mode specifications are outside of this Standard.
NFC SecurityT HR E AT S, SO L UT IO NS A ND STA NDA R DS
NFC Security- Threats and Solutions
Threats Solutions and recommendations
Eavesdropping Secure channel
Data Corruption Counter attack
Data modification Using 106k Baud Rate, SCH
Data insertion No delay, listening channel, SCH
Man in the middle attackActive-passive communication, listening the
channel
ECMA-385 NFC-SEC
• Specifies NFC secure channel and shared secret services for NFCIP-1 and PDUs and protocol for those services.
• Shared secret provides a keyfor propietary encryption
• Secure cannel encrypts data
ECMA-385 NFC-SEC
• Follows the following OSI model.
ECMA-385 NFC-SEC. Protocol Mechanisms
• Shall establish a shared secret usingACT_REQ and ACT_RES.
• Shall verify their agreed shared secretusing VFY_REQ and VFY_RES.
• SCH service shall protect data exchange, using ENC.
• Shall terminate SSE and SCH using TMN.
ECMA 386 NFC-SEC Cryptography Standard
• NFC – SEC- 01 provides:
Message contents with concatenation rules for keys and other fields
Key primitives
Random number requirements
Conversion and transformation rules
Cryptographic algorithms and methods
• Enables communication between NFCIP-1 devices which do not share any keys before communicating each other.
• NFC-SEC-01 vulnerable for MITM attacks
ECMA 386 NFC-SEC Cryptography Standard using ECDH and AES.
• Specifies the message contents and the cryptographic methods forPID 01.
• ECDH curve p-192 key exchange – 192 bit
• Key derivation and confirmation –AES 128 bit
• Data encryption –AES 128 bit
• Data integrity –AES 128 bit
ConclusionsPO INT S TO TA K E INTO ACCO UNT
Conclusions
• NFC by itself cannot provide protection against eavesdropping or data modifications.
• The only solution is to establish a secure channel.
• MITM is not a high risk, since NFC short operating distance and RF characteristics
• Due to the difficult of the MITM attack, a DH protocol can be applied.
• NFC-SEC standard provides the SSE and SCH services for p2p mode.
References• ECMA 385
http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-385.pdf
• ECMA 386
http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-386.pdf
• ECMA 340
https://www.ecma-international.org/publications/files/ECMA-ST/Ecma-340.pdf
• ECMA 352
https://www.ecma-international.org/publications/files/ECMA-ST/ECMA-352.pdf
• Security in Near Field Communication (NFC)
http://events.iaik.tugraz.at/RFIDSec06/Program/papers/002%20-%20Security%20in%20NFC.pdf
Thank youFor your attention