NFC : Near Field Communicationsheindl/ebte... · 02.12.2014 NFC : Near Field Communications 2/18...
Transcript of NFC : Near Field Communicationsheindl/ebte... · 02.12.2014 NFC : Near Field Communications 2/18...
02.12.2014 NFC : Near Field Communications 1/18
NFC
By Vikram Kaparthy
Strengths ands Weaknesses
: Near Field Communications
02.12.2014 NFC : Near Field Communications 2/18
Introduction
• What is NFC ?
Short range high frequency
wireless communication
technology.
Mainly aimed for mobile or
handheld devices.
Enables simplified transactions, data exchange and
wireless connections between two NFC devices.
02.12.2014 NFC : Near Field Communications 3/18
How it works
02.12.2014 NFC : Near Field Communications 4/18
Working .. • There are dedicated roles
– Initiator and Target
– Any data transfer is a message and reply pair.
Initiator Target
Message
Reply
Active Passive
Initiator Possible Not Possible
Target Possible Possible
02.12.2014 NFC : Near Field Communications 5/18
Modes
• Active
• Passive Communication
• Read and write
• Peer to peer
• Card Emulation Operation
– device generates an RF field
– device uses the RF field generated
by the other device
02.12.2014 NFC : Near Field Communications 6/18
Threats
• Eavesdropping
• Data Corruption
• Data Modification
• Data Insertion
• Man-in-the-Middle-attack
02.12.2014 NFC : Near Field Communications 7/18
Threats
Eavesdropping
NFC is not secure against eavesdropping
From how far away is it possible to eavesdrop?
Depends….
RF field of sender
Equipment of attacker
….
Does Active versus Passive mode matter?
Yes
In active mode the modulation is stronger (in particular at 106 kBaud)
In passive mode eavesdropping is harder
Countermeasure
Secure Channel
Alice Bob Message
Eve
Eavesdropping
02.12.2014 NFC : Near Field Communications 8/18
Threats
Data Modification
Data Modification is instead of just listening, modify
the data which is transmitted via NFC interface.
The attacker want to disturb the communication
02.12.2014 NFC : Near Field Communications 9/18
Threats
Man-in-the-Middle-attack
Alice Bob
Message
Eve
Eavesdropping Message
02.12.2014 NFC : Near Field Communications 10/18
Eavesdropping No easy solution : use Secure Channel
Data Modification No easy solution : use Secure Channel
Man in the Middle Attack easy solution if : Alice uses Active – Passive mode
Alice checks for disturbance
Alice checks for suspicious answers from Bob
Threats
02.12.2014 NFC : Near Field Communications 11/18
Secure Channel
3DES : Triple Data Encryption Standard
OR
AES : Advance Encryption Standard
confidentiality, integrity and authenticity of the
transmitted data.
Protection against Threats
02.12.2014 NFC : Near Field Communications 12/18
Key Agreement – An Alternative
Protection against Threats
1 Bit
1. Half-Bit 2. Half-Bit
100
0
100
0
100
0
200
1 Bit
1. Half-Bit 2. Half-Bit
100
0
100
0
100
0
200
Alice
Eve
Bob
02.12.2014 NFC : Near Field Communications 13/18
Key Agreement – An Alternative Perfect in theory – Obvious to see
Needs perfect synchronization between Alice and Bob
Amplitude
Phase
Alice and Bob must actively perform this synchronization
Security in practice depends on
Synchronization
Equipment of attacker
Advantages
Cheap (requires no cryptography)
Extremely fast
Protection against Threats
02.12.2014 NFC : Near Field Communications 14/18
Conclusion
• NFC does not provide any security by itself
• Secure Channel is required
• Physical properties of NFC protect against Man-in-the-Middle
• Establishing a Secure Channel becomes easy
02.12.2014 NFC : Near Field Communications 15/18
Questions..?
02.12.2014 NFC : Near Field Communications 16/18
References
• Journal : “Strengths and Weaknesses of Near Field
Communication (NFC) Technology” Mohamed Mostafa
Abd Allah, 2011.
• Journal : “ Security in Near Field Communication
(NFC) Strengths and Weaknesses” Ernst Haselsteiner
and Klemens Breitfuß, Philips Semiconductors
02.12.2014 NFC : Near Field Communications 17/18
Thank you !