nfc security and privacy
TRANSCRIPT
Chapter 4
NFC Security and Privacy
Security is the degree of protection against an intentional or
accidental misuse or action. So far we have discussed the
working of NFC. This chapter gives analysis of security with
respect to NFC. It lists the threats, which are applicable to NFC,
and describes solutions to protect against these threats. All of
this is given in the context of currently available NFC hardware,
NFC applications and possible future developments of NFC
This chapter presents introductory knowledge on security;
vulnerability, threat, attack, and risk; cryptography; NFC
security issues and preventive mechanisms to handle the risks.
The content is provided for both those in higher, or managerial
and lower, or technical levels.
Potential readers are academicians, researchers, students,
consultants, practitioners, projectmanagers, software analysts,
system developers, and software developers.
Readers of this chapter will learn about the security and privacy
issues concerning NFC technology in detail. Hence they will be
able to design secure and interoperable
Chapter 4
1.6.1 Vulnerability, Threat, Attack, and RiskVulnerability is a weakness in a system which allows an attacker
to perform some actions that threatens its information
assurance.
A threat is a possible danger that may cause an unfair benefit
to the unauthorized user orcause harm by making use of
vulnerability
An intentional attempt by intruders to perform an
unauthorized access to information is called an attack
Attacks are classified as active or passive. If an attack does not
modify or delete a resource it is classified as passive, otherwise
it is classified as an active attack
The potential harm that may arise after the realization of some
threat is further defined as the risk
1.6.2 Security Tools and Mechanisms
Cryptography is also used for many purposes such as hiding the
content of the data froman unauthorized third party, or
preventing illegal modification of some transmitted data The
following are the basic services that are provided by
cryptography:
Chapter 4
_ the stored or exchanged information is not revealed to the
unauthorized parties.
_ the content of the stored or exchanged data cannot be
changed by unauthorized parties, or it will be noticed if it
occurs.
_ when the data are created or sent by some party, the party
cannot deny creating or sending them.
The idea of satisfying secrecy using cryptography is being able
to send the message in ascrambled form called a cipher text, so
that communication between the sender and the receiver
Is still possible, and can be performed using public channels
such as the Internet.
1.6.3 Security Issues on NFC Tag
Remember that the NFC tag is involved in reader/writer mode.
In this mode traditionally anNFC mobile interacts with an NFC
tag. In order to satisfy the overall security requirements,
The security of the data on the NFC tag as well as the security
of the communication between NFC devices must be secured
to handle the security ofthe same tag in NFC. Traditionally, the
following are the security issues related to the NFC tag:
Chapter 4
(i) Tag cloning
The attacker may try to clone, or create an exact copy of a valid tag. In orderto insert preventive mechanisms to the system, applications that require high Processing capability are required, increasing the cost of low-cost tags. ObviouslyThis is unfeasible and unacceptable, since the major point here is enabling low-cost NFC tags.
(ii) Tag content changes
The attacker may try to modify an NFC tag to change its content. In this way, several attacks become possible:
• Spoofing attacks
Spoofing attack is providing false information to the user which
seems valid, and hence possibly will be accepted by the user.
By spoofing attack, the user may insert a fake domain name,
telephone number or false information about the identification
of some person, item, or activity on to the tag.
• Manipulating tag data
The content of the tag might be changed by the attacker for
some malicious purpose.
• Denial of Service (DOS) attack.
Chapter 4
DoS attacks aim to damage the relationship between the
customer and the service provider. The primary way to do this
is by exhausting the system’s resources by forcing
It to perform some unnecessary and illegal action. This results
in decreasing and eventually exhausting the power source of
the server.
(iii) Tag replacement and tag hiding
The NFC tag may be replaced by a malicious tag, so that the
latter tag performs illegal actions as it is designed to do.
Sticking a malicious tag on top of the original tag or replacing
the original tag with a malicious tag is called tag hiding, and is
enough to let the system work as the attacker desires.
1.6.4 Security Issues on Communication
_ Eavesdropping: An unauthorized individual may use an
antenna in order to record communicationbetween NFC
devices.
_ DataCorruption: In addition to eavesdropping, an attacker
can try to modify the transmitted data.
_ DataModification: The attacker may try to modify or delete
valuable information by intercepting the communication.
Chapter 4
_ DataInsertion: Data may be inserted into the exchanged
messages between two NFC devices. The attacker must be fast
enough to send the data before the valid responder.
Theinsertion will be successful only if the inserted data can be
transmitted before the original device responds. If both data
streams overlap, the data will be corrupted.
_ Man-in-the-Middle Attack:These attacks are performed by
unknown parties in a communication, who relay information
back and forth by giving the simultaneous appearance of being
the other party.
_ Relay Attack: The attacker uses wireless communication to
borrow the data from the victim’s tag into another tag. This
means that the attacker inserts messages into the exchanged
data between two devices.
_ Replay Attack: A valid NFC signal is intercepted and its data is
recorded first; this is later transmitted to a reader so that it is
“played back”. Since the data appear valid, the reader accepts
them unless suitable prevention mechanisms are used.
Chapter 4
Figure 1-1. General Architecture of NFC enabled Mobile Phones
6.5 Secure Element
NFC enabled services must reassure users and service providers
that the transaction takes placein a protected environment.
This protection is achieved by using an SE which provides the
Security mechanisms required to support various business
models. The SE is a combination of hardware, software,
interfaces, and protocols embedded in a mobile handset that
enables secure storage.
An SE needs to have an operating system as usual. The
operating system (e.g., MULTOS, Java Card OS) supports the
secure execution of applications and the secure storage
Chapter 4
Of application data. The operating system may also support the
secure loading of applications.
If NFC enabled applications are saved and executed in the
memory of the NFC enabled mobile phone’s host controller,
these applications are not protected against unintentional
Deletion or intentional manipulation of the saved data in the
memory. They only transmit data between NFC enabled mobile
phones or collect information from smart posters. In
contactless ticketing, payment and other similar application
cases, security is an important issue. These applications use
valuable data, and the storage of valuable, private information
(e.g., creditcard information) in an unsecured memory is
unacceptable. The data could be transmitted via a GSM
interface to a third party who may misuse the information.
To solve this issue, relevant NFC applications need to be
executed and saved in the memory of an SE of the NFC enabled
mobile phone (see Figure 3.8). A variety of modules can serve
As SEs such as Universal Integrated Circuit Cards (UICCs) (i.e.,
SIMs), memory cards or embedded hardware. An SE is
necessary for various applications such as payment, ticketing,
Government and other applications where secure
authentication and a trusted environment are among the
prerequisites.
Chapter 4
_ Embedded hardware in a mobile device as an integral, non-
removable part of the device.
_ Secure Memory Card (SMC) as a secure storage area in a
removable smart card.
_ UICC as a physical smart card and maybe the most popular
one.
Chapter 4
Figure 2. Summary of SE Alternatives
Chapter 4
Embedded SE: Embedded SE is a smart card that is
integrated to the mobile phone, which cannot be
removed. According to the study the level of security
provided by this SE is as high as the one supported by a
smart card.
This chip is embedded into the mobile phone during
manufacturing process and must be personalized after
the device is delivered to the end user
Sticker: According to Moby Forum NFC sticker’s aim is to
allow Service providers a quick way to launch pilots and start
to deploy NFC Services such as payment, loyalty,
transportation, and so on. Two types ofStickers are available;
active and passive stickers. In theory, active stickersEnable
all NFC services and give NFC functionality to non-NFC
mobiles. Also life cycle management of active stickers is
possible because of theirConnection with the mobile
phones. They are mainly developed to give NFC
Functionality to mobile phones, however when NFC
mobile phones are spread all over the world, their
usage is decreased. There is not much practical
implementation of NFC services management with
stickers
Chapter 4
SMC: Secure memory card (SMC) provides same high-level
security as aSmart card provides, and it is compliant with
most of the main standards and interfaces of smart cards
with the removable property and a large capacity memory,
an SMC can host high number of applications in it. Currently,
most of the trials are performed on SMCs.
UICC: UICC is a generic multi-application platform for smart
card applications where SIM or USIM is implemented upon.
UICC provides an ideal environment for NFC applications
that are personal, secure, and portable and easily managed
remotely it can host no telecomApplications from various
service providers such as loyalty, ticketing,Healthcare, access
control, and ID applications Global Platform provides
The most promising standard for UICC life cycle
management (or namely cardContent management) with
three different business models; simple as MNO
Centric model, delegated model and full authorized as TSM
centric model However, there are still some unsolved issues
on UICC cardManagement in NFC based services. Hence
there is not any UICC smart card commercially available in
the NFC market
Flexible SE Solutions: In early years of NFC, because of lack
of NFCMobiles in the market, several alternative
Chapter 4
architectures have been proposed to enable NFC to the
mobiles without integrated NFC capability. Especially
SMC and SIM based SEs with built-in NFC antennas has acted
as anImportant NFC bridge devices (e.g., SMC hosting only
NFC antenna and SE,Or hosting NFC chip, antenna and SE
and so on) they shorten the time to-Market contactless
payment and similar applications. The study of proposes an
alternative that integrates NFC with SIM card; SIM
ApplicationToolkit
TMB: Trusted Mobile Base (TMB) is a promising upcoming
technology that isproposed by Moby Forum. It is hosted at
the root of the mobile phones andDefined as a secure
isolated section on the Core Processor Units (CPU) of
Mobile phones. Various secure NFC enabled applications can
beprovided flexibly via OTA technology. According to TMB
has the fullpotential of becoming a SE in the future.
6.6 Interfaces between SE and NFC Controller
There are various technical options for designing the interface
between the SE and the NFCcontroller. The most promising two
options are NFC-WI and SWP. The most important
Difference between them is that SWP uses one physical line
whereas NFC-WI uses two lines.It is worth mentioning that they
Chapter 4
are not alternatives to each other but options to be used in
certain places instead
(i) NFC-WI
NFC-WI (also called S2C) is a digital wire interface standardized
by ECMA 373, ISO/IEC 28361 as well as ETSI TS 102 541. The SE
is defined as a transceiver and the NFC controller is defined as
Chapter 4
front-end in this protocol. The SE is connected to the NFC
controller via two wires NFC-WI defines the Signal-In (SIGIN)
and the Signal-Out(SIGOUT) wires between the transceiver and
front-end as illustrated in Figure 3.12. Inthe standard [3], the
transceiver is the entity that drives the SIGIN wire and receives
on the SIGOUT wire. The front-end is the entity that drives the
SIGOUT wire and receives on the SIGIN wire. This digital wire
interface carries two binary signals which are defined as HIGH
and LOW. Both of them transmit modulation signals between
the NFC controller and the SE and are digitally received or sent
by the RF interface. The transceiver drives the SIGIN wire with a
binary signal of either HIGH or LOW. The front-end receives the
binary signal that is on the SIGIN wire. The front-end drives the
SIGOUT wire with a binary signal of either HIGH or LOW. The
transceiver receives the binary signal that is on the SIGOUT
wire.
Three transmission rates supported by NFC-WI are 106, 212
and 424 kbps. At 106 kbps (see Figure 3.13), the data stream
from the NFC controller to the transceiver (SIGIN) shall carry
the AND combination of the Modified Miller bit encoded data
with 13.56 MHz In the opposite direction (SIGIN) the data
stream is Manchester encoded and then inverted by a logical
OR operation with 848 kHz. At 212 and 424 kbps, the data
stream from theNFC controller for transceiver (SIGIN) is
Chapter 4
Manchester encoded and then inverted by a logical XOR
operation with 13.56 MHzThis corresponds to a PSK (Phase
Shift Keying)modulation of the clock signal. In the opposite
direction (SIGIN), the data stream is againManchester encoded.
NFC-WI is fully compliant and directly coupled with all modes,
types and data rates of ISO/IEC 18092 and ISO/IEC 14443, and
no additional adaptation and no protocol conversion is
required. It is a reliable concept which is feasible for immediate
implementation as well.
(ii) SWP
The next physical interface option is the SWP which defines a
single-wire connection between the SE and the NFC controller
in the mobile phone in contrast to the NFC-WI.