8/2/2019 002 - Security in NFC
1/23
Ernst Haselsteiner, Klemens Breitfuss
RFIDSec 06
July 13th, 2006
Security in Near Field CommunicationStrengths and Weaknesses
8/2/2019 002 - Security in NFC
2/23
July 13th, 2006 2
Contents
What is NFC?
Threats & Countermeasures
Eavesdropping
Data Modification Man-in-the-Middle
Secure Channel
Key Agreement
NFC Intro
Eaves-dropping
Conclusion
Data
Modification
Man-in-the-Middle
Secure
Channel
Contents
8/2/2019 002 - Security in NFC
3/23
July 13th, 2006 3
What is NFC?
Designed for short distance communication (up to 10 cm)
Its a contactless card and a contactless reader in one chip
It operates at 13.56 MHz
Its designed for low bandwidth (max speed is 424 kBaud)
Applications aimed for are
Ticketing
Payment
Device Pairing
NFC Intro
Eaves-dropping
Conclusion
Data
Modification
Man-in-the-Middle
Secure
Channel
Contents
Short Range
13,56MHz
RF Link
8/2/2019 002 - Security in NFC
4/23
July 13th, 2006 4
Some details we need to know
There are dedicated roles
Initiator and Target
Any data transfer is a message and reply pair.
Initiator TargetMessageReply
There are dedicated modes of operation Active and Passive
Active means the device generates an RF field
Passive means the device uses the RF field generated by
the other device
NFC Intro
Eaves-dropping
Conclusion
Data
Modification
Man-in-the-Middle
Secure
Channel
Contents
8/2/2019 002 - Security in NFC
5/23
July 13th, 2006 5
Some details we need to know
Active Passive
106 kBaud Modified Miller, 100% ASK Manchester, 10% ASK
212 kBaud Manchester, 10% ASK Manchester, 10% ASK
424 kBaud Manchester, 10% ASK Manchester, 10% ASK
Active Passive
Initiator Possible Not Possible
Target Possible Possible
NFC Intro
Eaves-dropping
Conclusion
Data
Modification
Man-in-the-Middle
Secure
Channel
Contents
8/2/2019 002 - Security in NFC
6/23
July 13th, 2006 6
Eavesdropping
I am sorry, but NFC is not secure against
eavesdropping .
From how far away is it possible to eavesdrop?
Depends.
RF field of sender Equipment of attacker
.
Does Active versus Passive mode matter?
Yes
In active mode the modulation is stronger (in particular at 106 kBaud) In passive mode eavesdropping is harder
Countermeasure
Secure Channel
NFC Intro
Eaves-dropping
Conclusion
Data
Modification
Man-in-the-Middle
Secure
Channel
Contents
8/2/2019 002 - Security in NFC
7/23July 13th, 2006 7
Data Modification
1 Bit
1. Half-Bit 2. Half-Bit
100
0
Coded 0 Coded 1
Modified MillerCoding, 100%ASK
ManchesterCoding, 10%
ASK
1 Bit
1. Half-Bit 2. Half-Bit
100
0
1 Bit
1. Half-Bit 2. Half-Bit
100
0
1 Bit
1. Half-Bit 2. Half-Bit
100
0
Countermeasure Secure Channel
NFC Intro
Eaves-dropping
Conclusion
Data
Modification
Man-in-the-Middle
Secure
Channel
Contents
8/2/2019 002 - Security in NFC
8/23July 13th, 2006 8
Man in the Middle Attack
Alice Bob
Eve
NFC Intro
Eaves-dropping
Conclusion
Data
Modification
Man-in-the-Middle
Secure
Channel
Contents
8/2/2019 002 - Security in NFC
9/23July 13th, 2006 9
Man in the Middle Attack
Alice Bob
Message
Eve
NFC Intro
Eaves-dropping
Conclusion
Data
Modification
Man-in-the-Middle
Secure
Channel
Contents
8/2/2019 002 - Security in NFC
10/23July 13th, 2006 10
Man in the Middle Attack
Alice Bob
Message
Eve
Eavesdropping
NFC Intro
Eaves-dropping
Conclusion
Data
Modification
Man-in-the-Middle
Secure
Channel
Contents
8/2/2019 002 - Security in NFC
11/23July 13th, 2006 11
Man in the Middle Attack
Alice Bob
Message
Eve
EavesdroppingDisturb
NFC Intro
Eaves-dropping
Conclusion
Data
Modification
Man-in-the-Middle
Secure
Channel
Contents
8/2/2019 002 - Security in NFC
12/23July 13th, 2006 12
Man in the Middle Attack
Alice Bob
Message
Eve
EavesdroppingDisturb
Alice detects the disturbance and stops the protocol Check for active disturbances !
NFC Intro
Eaves-dropping
Conclusion
Data
Modification
Man-in-the-Middle
Secure
Channel
Contents
8/2/2019 002 - Security in NFC
13/23July 13th, 2006 13
Man in the Middle Attack
Alice Bob
Eve
Message
NFC Intro
Eaves-dropping
Conclusion
Data
Modification
Man-in-the-Middle
Secure
Channel
Contents
8/2/2019 002 - Security in NFC
14/23July 13th, 2006 14
Man in the Middle Attack
Alice Bob
Eve
Message
Eve cannot send to Bob, while RF field of Alice is on! Use Active Passive connection !
Use 106 kBaud !
NFC Intro
Eaves-dropping
Conclusion
Data
Modification
Man-in-the-Middle
Secure
Channel
Contents
8/2/2019 002 - Security in NFC
15/23
July 13th, 2006 15
Man in the Middle Attack
Alice Bob
Eve
Message
NFC Intro
Eaves-dropping
Conclusion
Data
Modification
Man-in-the-Middle
Secure
Channel
Contents
8/2/2019 002 - Security in NFC
16/23
July 13th, 2006 16
Man in the Middle Attack
Alice Bob
Eve
Message
Alice would receive data sent by Eve Verify answer with respect to this possible attack!
NFC Intro
Eaves-dropping
Conclusion
Data
Modification
Man-in-the-Middle
Secure
Channel
Contents
8/2/2019 002 - Security in NFC
17/23
July 13th, 2006 17
What we have so far
Eavesdropping
No protection Use a Secure Channel
Data Modification
No protection Use Secure Channel
Man in the Middle Attack
Very good protection if
Alice uses 106 kBaud Alice uses Active Passive mode
Alice checks for disturbance
Alice checks for suspicious answers from Bob
NFC Intro
Eaves-dropping
Conclusion
Data
Modification
Man-in-the-Middle
Secure
Channel
Contents
8/2/2019 002 - Security in NFC
18/23
July 13th, 2006 18
Secure Channel is easy
Standard DH Key Agreement
Suffers from Man-in-the-Middle issue
Thats fine with NFC, because right here NFC really provides
protection !
NFC Intro
Eaves-dropping
Conclusion
Data
Modification
Man-in-the-Middle
Secure
Channel
Contents
8/2/2019 002 - Security in NFC
19/23
July 13th, 2006 19
Secure Channel is easy
Standard DH Key Agreement
Suffers from Man-in-the-Middle issue
Thats fine with NFC, because there NFC really provides
protection !
Eavesdropping
Data Modification
Man-in-the Middle
NFC Intro
Eaves-dropping
Conclusion
Data
Modification
Man-in-the-Middle
Secure
Channel
Contents
8/2/2019 002 - Security in NFC
20/23
July 13th, 2006 20
Key Agreement An Alternative
1 Bit
1. Half-Bit 2. Half-Bit
100
0
100
0
100
0
200
1 Bit
1. Half-Bit 2. Half-Bit
100
0
100
0
100
0
200
Alice
Eve
Bob
NFC Intro
Eaves-dropping
Conclusion
Data
Modification
Man-in-the-Middle
Secure
Channel
Contents
8/2/2019 002 - Security in NFC
21/23
July 13th, 2006 21
Key Agreement An Alternative
Perfect in theory Obvious to see
Needs perfectsynchronization between Alice and Bob
Amplitude
Phase
Alice and Bob must actively perform this synchronization
Security in practice depends on
Synchronization
Equipment of attacker
Advantages
Cheap (requires no cryptography)
Extremely fast
NFC Intro
Eaves-dropping
Conclusion
Data
Modification
Man-in-the-Middle
Secure
Channel
Contents
8/2/2019 002 - Security in NFC
22/23
July 13th, 2006 22
Conclusion
NFC does not provide any security by itself
Secure Channel is required
Physical properties of NFC protect against Man-in-the-Middle
Establishing a Secure Channel becomes easy
NFC Intro
Eaves-dropping
Conclusion
Data
Modification
Man-in-the-Middle
Secure
Channel
Contents
8/2/2019 002 - Security in NFC
23/23
Top Related