BAHÇEŞEHİR UNIVERSITYFACULTY OF ENGINEERING

DEPARTMENT OF ELECTRICAL AND ELECTRONICS ENGINEERINGEEE 5603 WIRELESS COMMUNICATIONS PROJECT

LITERATUR REVIEW OF SECURTY OF NEAR FIELDCOMMUNICATION SYSTEMS

Eren Okur

T.C. BAHÇEŞEHİR UNIVERSITY

İSTANBUL, 2013

Introduction

Near Field Communication (NFC) is works in 13.56MHz (+/- 7) frequencyits data rate 106 kbps, 212 kbps, 424 kbps NFC uses contactless short-range communication systems. NFC is a Radio Frequency Identification(RFID) based on application, RFID device is a microchip that makesdata transmission over air it usually uses antenna in it. RIFDcommunication devices uses ISO14443 standarts. Figure 1 shows a RFIDchip.[1] [2]

It uses magnetic field induction to enable communication betweenelectronic devices. Typically RFID tags can be read from up to 100meters distances but NFC has 10 centimeters range. NFC’s generalapplications are payment & ticketing, electronic keys, identification,

Figure 1: a RFID chip. [3]

receive and share information, set-up service, barcode reading,automated attendance, advertisement and public health. While NFCincreases its usage area some security risks became important issuefor engineering. In this literature survey I am going to indicate somesecurity risks about NFC systems and possible solutions for thoserisks. General NFC systems security risks are jammer attack, obtainingor modifying key data, insertion fake data in to key data,eavesdropping, man in the middle attack, viruses. If NFC technology isgoing to using for payment, it is important to protect user’s moneyfrom other people. Due to NFC communication devices can talk to eachother send packets to each other or one of them act like receiver andlisten all the time does not send any data to other device that it islistening or other any kind of data and other device acts like it istransmitter and always send data to other devices transmitter does notknow who is listening in this situation. [1] [3] [4] [5]

NFC types

NFC systems have two types of energy consumption one of them isactive device this devices produces its own field. Passive devices aregenerally uses contactless Smart Card and these two devicestransmitter and receiver communicates each other both of them generateRF field. For passive devices one device produce RF field and otherdevice uses its RF field to communicate with it. Passive devices cancommunicate with multiple targets. Table 1 indicates that when twodevices communicate three combination passible. [1] [2] [4] [5]

Passive devices encode data with Manchester coding and ASK methods.For security this modulation rates important. For 106 kBaud baud rate,Miller coding schemes using. For greater baud rates Manchester codingschemes are using. Miller and Manchester coding schemes sends one bitin a fixed time slot. Table 2 shows different transmit speeds ofactive devices and passive devices. [1] [6]

A standard Manchester code depends on two transitions at the code, ituses low and high expressions for low to high code says 0 bit and forvice versa situation code sends 1 bit. Figure 2 shows a Manchestercode. In a Manchester code for all half bits is either pause code ormodulated code, which depends on baud rate. [1] [6]

Table 1: NFC devices type combination and descriptions. [1]

Table 2: Coding and Modulation at different transfer speeds. [6]

Due to modified miller code pauses in the carrier characterizes toline code which is depends on transmitted information. This coddingencodes zero with a pause in the half bit and after that no pause inremain bits. Figure 3 shows Modified Miller Code. [1] [6]

Security of NFC

Figure 2: Manchester Code. [6]

Figure 3: Modified Miller Code. [6]

Security problems for NFC systems

There are many security risks for NFC communication like jammerattack, obtaining or modifying key data, insertion fake data in to keydata, eavesdropping, man in the middle attack, viruses. While NFCusing for money transfer this problems are very fundamental for NFCusers, manufacturers and banks.

One of the first security threats is eavesdropping;

While two devices communicate transmitters sends its data and receiverreceives them but in this time an attacker can access thiscommunication between receiver and transmitter while using an antennaor something similar. In this communication transmitter could bepassive but reader must be active to read the message receiver hassend to receiver but attacker reader can read this message either.Both receiver and transmitter can use antennas to communicate eachother. Due to RFID technology there is not just one reading tag, thereare four different ranges can be discussing they are:

Nominal read range: this reading products are uses read tags thattheir tags reading ranges are enough. With a normal antenna andpower reader can read tag from maximum distances. ISO 14443standard indicates 10cm is nominal range.

Rogue scanning range: with using powerful antenna and readerequipment or any equipment that exceeds nominal range is roguerange. Some of powerful readers Kfir and Wool has 50cm rangethat’s five times bigger than ISO 14443 standards. Rogue scalingrange is maximum range reader can read messages.

Tag to reader eavesdropping range: for passive RFID devicesreader uses its power to read data from receiver with this rangewhile reader that user wanted to communicate with feed receivertag and another reader (attacker) uses this power to read tagwithout using its power to feed receiver tag. This eavesdroppingtechnique has larger range than rogue range.

Reader to tag eavesdropping range: if receiver and transmitterboth uses power to communicate each other eavesdropping can be

madden by greater distances than tag to reader eavesdroppingteqnique.A standard antenna circuit and a full nominal NFC system hadshown in figure 4 and 5. [1] [4] [5]

If attacker receives a signal he also needs to decode it while usingsome easily findable equipment like signal decoder. Decoder convertsinput code to another code like binary code input with n lines comesto decoder and it converts this input to 2n unique output lines.

Figure 4: antenna circuit. [7]

Figure 4: NFC/ RFID system that uses 13.56 MHZ. [7]

Decoder simply converts coded input to another coded input. Figure 5shows a signal decoder device.

Attacker’s receiver power is very importing for this attack becauseNFC devices usually use 4 cm -10 cm distances to communicate eachother and a reader can read transmitted information while using ISO14443 standards and this operates at 13.56 MHz . ISO 14443 tags can beread from distance of 50 cm by using a powerful reader. Attacker’sdistance depends on several factors like:

Sender device’s RF field characteristic depends on antennageometry, environment, etc.

Attacker’s antenna, geometry, characteristic, position, etc. Attacker’s receiver and decoder quality. Distance of attacker and environment around him. Attacker’s battery power.

This communication effected by devices types like active or passivewhich changes transmitting way. Active and passive type devices affecttransmitted data, coding and modulation and make much harder toeavesdropping. If an active mode device sending data and attacker can

Figure 5: signal decoder device. [8]

listen this device in 10m distance but if this device is passive thisreduced this distance about 1m. [1] [4] [6]

To protection for this eavesdropping attack applications should sentdata using by secure channel and using session keys for encryptingdata which send by transmitter and taken by receiver. Session keyselecting is important issue this key could not be guessed by otherpeoples and should be hard to break with a brute-force attack. Sinceusing these devices with mobile phones this session keys can be usingif it encrypting it with pre-shared key. There are some standard keyagreement protocols like Diffie Hellmann or Elliptic curves could beusing to make this session keys. There is another key type issymmetric key like 3DES or AES those keys provides a secure channel.[1] [4]

Second issue is data corruption;

Attacker can obtain (as mentioned in eavesdropping problem) and modify

data which transmitter sent by using NFC communication. This modified

data could be disturbing or empty if it is empty it makes jammer

(denial of service) effect for receiver. After attacker obtained

information from transmitter, he make a jammer effect for receiver so

it can not listen transmitter This attack needs good timing and good

data spectrum but after attacker found right information from receiver

and transmitter it can easily done. Attacker can also send

electromagnetic impulses that attack can damage NFC devices. Another

problem could be attacker tries to send fake data to receiver but it

could not work this way receiver just understand this data as

corruption data.

NFC devices can solve this problem by making counter attack while

those devices communicating those devices can check NFC’s radio

frequency field’s to detect if transmitter is attacker. An NFC device

looks big amount of field to find attacker because data corruption

requires really big power so this attacks can be detectable. This

corruption attack can be detectable but unfortunately NFC devices

cannot prevent it. [1] [4] [6]

Third issue is data modification;

Attacker want to receiver get some modified data from transmitter.This attack depends on amplitude modulation because decoding can beeffecting by percent of modulated data. For 100% modulation techniquedecoder checks that if signal is sending or not sending. Due to attackattacker should make a modulation that uses same carrier frequencythat victim NFC receiver and transmitter uses. After making thismodulation attacker also should make a signal that can receive bylegitimate receiver. This means attacker’s Radio frequency signalperfectly overlaps with original signal at the receiver. This ispossible for modified Miller coding attacker can change signal andreceiver could not understand it is fake because it does not find anypause so it uses sender message. But practically making this coding isimpossible. Figure 6 shows bit modification of the modified Millercode [1] [6].

For 10% modulation, decoder measures receiver’s and transmitter’ssignal levels and compares them. Those signal levels could be 82% orFull. If those received signals are in the correct range and valid forreceiver so it gets decoded by receiver. If attacker can sends signalsthat 82% modulated this signal appears as full modulated signal andreal full modulated signal changes as 82% modulated signal. This wayreceiver decodes signal that opposite of real signal, this attackdepends many dynamic input range of the receiver. This kind of attackcan be maddened by an attacker and this attack practically possible.

Manchester coding with 10% ASK is using for NFC communicationsystems. This means for modifying NFC data in best way because thisway can make data modification on all bits. Only exception is 106 kbpsdata transferring because this device uses 100% modulation and thisonly solving for modified Miller coding.

To solve this problem one way is using 106 kbps active communication,it means 100% modulation. This way can be broken but not practicallypossible. Other solution is NFC devices can check RF field asdescribed for data corruption. Using a secure channel could be bettersolution for this problem. [1] [6]

Fourth issue is data insertion;

Figure 6: bit modification of the Modified Miller Code. [6]

This problem indicates that attackers can insert some messages overcommunication in two NFC devices. This is possible if receiver devicehas slow to send its answers to transmitter, if attacker sent its datafaster than receiver can sent its message transmitter but if both ofattacker and receiver sent data in same time both message will becorrupted.

To avoid this problem receiver should be fast enough sent answerscorrectly. Another way is NFC devices can check RF fields to findthere is an attacker and after this NFC devices can avoid this attack.Last way is using a secure line. [1] [6]

Fifth issue is Man in the Middle Attack;

This attack can be madden while two devices communicating each other.When receiver and transmitter communicate with each other attackerlisten their communication but they do not know attacker listen theircommunication. This can be maddened by classical unauthenticated keyagreement protocols like Diffie-Hellmann. While receiver andtransmitter has a secret key for communicate each other but attackercan communicate with each other with using two different way he canlisten or manipulate their communication.

If receiver is active and transmitter is passive, receiver generates aradio frequency field and sends this field to the transmitter to getits data or give data to transmitter can work either. If an attackerwas close enough to eavesdrop he must stop their communication whilehe trying to stop their communication active device receiver stopscommunication but now passive device does not know that active devicestopped communication it is still listening and transmitting. Whilepassive device still listening attacker can start communicate withthis device as he is active device that passive device communicate butthis is still a problem because active devices RF field still activearound there so two RF fields are active in same time for this reasonattacker cannot get passive devices data. This one active otherpassive device communication practically does not work because there

is radio frequency field around there and passive device could notunderstand what attacker says.

Other possible way receiver and transmitter are both active device andattacker uses active mode like them. While receiver and transmittersending data to each other attacker try to eavesdrop attack and one ofthem stopped communication protocol. But if we assume that transmitterdoes not notified from attacker and made itself passive to getinformation from other device and attacker sent data to this devicewhich is passive now but this way does not work neither because thispassive device is expecting other devices message not the attackersdevices so when it received attackers message it will closecommunication protocol again. So practically this way does not work.[1] [4] [6]

Sixth issue is NFC tag spoofing attacks;

NFC devices can read tags on posters and from other places liketickets, bills, etc. this communication has little security and canhave open doors for attacker. A tag can be replaced with attackers tagto attack NFC device. If tag content is a title and web site URLattacker can change this tag to same title and attackers URL. Thisattack can be solving with digitally singing tag contents.

Seventh issue is privacy;

NFC uses RFID tag and those tags usually can be tracking so peoplecarrying those tags can easily tracking. For this trace there arerelabeling, minimalist cryptography, Re-encryption. Relabeling issimply taking new identify for each time this is reduce chance totrace. Minimalist cryptography says that making short information inthe tags it contains small collection of pseudonyms. Re-encryption aRFID tags has unique identifier and serial number this serial numbercan be encrypted under public key. If those tags is using for payment,it means this tags contains some personal information like bankaccount number or passwords. To solve those problems NFC system shouldhave ON/OFF system. When system is OFF attacker could not get anyinformation from this NFC device. It is also important to have a goodencryption at application level and using security levels. There are

watchdog tag and RFID guardian for proxying approach security.Watchdog watches reader information for its privacy policy. RFIDguardian acts like a personal firewall for NFC devices it uses othercommunication channels like internet, GPS, 3G, etc.) . While usinghigh level protocols rather than low level protocol Fishkin, Roy andJiang had demonstrate signal to noise ratio reader that can finddistance reader to tag distance.

Another privacy solution is blocking Juels, Riverst and Szydlo hasinvented this solution. Blocking is simply adding bits to tags 0 arepublic and 1 are private bits. For a supermarket goods have 0 bitcoded public tags and costumers will buy those goods with their 1 bitcodded privacy tags this is like kill function as mentioned tracingproblem in privacy but it also have PIN protected. Due to thissupermarket example user can use a NFC protected bag and an NFCprotected refrigerator to avoid un necessary rebuying those goods. Infigure 7 a blocker tag illustrated.

For privacy NFC also uses PIN’s those PIN’s standard is 32 bit long inthe EPC class1 gen1. Those PINs should highly effective for privacy.There is other privacy way is killing or sleeping mode if user doesnot use NFC while in a long time user could kill NFC communication or

Figure 7: Illustration of a blocker tag. [5]

if user still needs it for a while but he does not use it for thattime he can sleep NFC communication. [4] [5]

References;

[1] E. Haselsteiner, K. Breitfuß. “Security in Near FieldCommunication (NFC) “.Philips Semiconductors. Mikronweg 1, 8101Gratkorn, Austria. Internet:http://ece.wpi.edu/~dchasaki/papers/Security%20in%20NFC.pdf

[2] S. Halder, A. Gupta. “NFC -NEAR FIELD COMMUNICATION”. A.p.12.Internet:http://www.exploit-db.com/wp-content/themes/exploit/docs/23826.pdf

[3] G. Ostrovsky. “RFID Chip for Continuous Glucose Monitoring Will BeAnnounced Tomorrow”. Internet:http://www.medgadget.com/2007/12/rfid_chip_for_continuous_glucose_monitoring.html , Dec 3, 2007. [Nov. 28,2013].

[4] J. Paranjape. “Mobile Contactless PaymentsSecurity using " .A.P.8. Internet:http://www-scf.usc.edu/~paranjap/webcontent/CSCI_530_Security_Systems_Research_Paper.pdf

[5] A. Juels. “RFID Security and Privacy: A Research Survey” . RSALaboratories. 28 September 2005 Internet:http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.94.5249&rep=rep1&type=pdf

[6] A. Paus. “Near Field Communication in Cell Phones”. SeminararbeitRuhr-Universit¨at Bochum. 24.07.2007 Internet: http://www.emsec.ruhr-uni-bochum.de/media/crypto/attachments/files/2011/04/near_field_communication_in_cell_phones.pdf

[7] M. U. Yaqub. , U.A. Shaikh. “Near Field Communication ItsApplications and Implementation in K.S.A.” King Fahd University ofPetroleum & Minerals. 13 Feb. 2012. Internet:http://www1.kfupm.edu.sa/studentaffairs/ar/ssc4/4845_MohammedUmair_Yaqub.pdf

[8]” Light-Signal-Decoder for light-signals of the Swiss FederalRailway (SBB)”. Littfinski Daten Technik. Schleswig-Holstein, Germany.  2013.[Dec. 2,2013]. Internet:http://www.ldt-infocenter.com/dokuwiki/doku.php?id=en:ls-dec-sbb