NFC- Standards and Security
1 like3,449 views
The document discusses the NFC (Near Field Communication) standards and security measures, focusing on the NFC work principles, communication modes, and protocols like NFCIP-1 and NFCIP-2. It highlights various security threats such as eavesdropping and man-in-the-middle attacks, along with recommended solutions, including secure channels and shared secret services defined in NFC-SEC standards. Additionally, it discusses cryptographic methods and concludes that NFC alone does not provide protection against data security issues without implementing a secure channel.
NFC- Standards and Security
- 1. NFC NFCIP & NFC-SEC STANDARDS
- 2. Content About NFC • NFC work principle • NFC standards Security • Threats and Solutions • NFC –SEC standards Conclusions
- 4. NFC • NFC employs electromagnetic induction between two loop antennas when NFC devices.
- 6. NFC Standards • NFC approved as an ISO/IEC standard and as an ECMA standard. • ISO/IEC 18092 / ECMA-340 – NFCIP-1 • ISO/IEC 21481/ECMA-352 – NFCIP-2 • Incorporates a variety of existing standards ( ISO/IEC 14443 ) • NFC Forum defined a common data format (NDEF)
- 7. NFCIP-1 ISO/IEC 18092 / ECMA-340 • Defines the communication modes for NFCIP-1 using inductive coupled devices operating at the centre of 13,56 MHz. • Defines Active and the Passive communication modes. • Specifies modulation schemes, codings, transfer speeds, and frame format of the RF interface. • Specifies initialisation schemes and conditions required for data collision control during initialisation. • Defines transport protocol including protocol activation and data Exchange methods. • Transfer speeds are 106 kbit/s, 212 kbit/s and 424 kbit/s, for passive-active modes.
- 8. NFC – ISO/IEC 21481 / ECMA-352 – NFCIP-2 • Specifies the communication mode selection mechanism, designed not to disturb any outgoing communication at 13,56 MHz. • Only for devices implementing ECMA-340, ISO/IEC 14443 or ISO/IEC 15693. • Requires implementations to enter the selected communication mode as specified in the respective standard. • Communication mode specifications are outside of this Standard.
- 9. NFC Security THREATS, SOLUTIONS AND STANDARDS
- 10. NFC Security- Threats and Solutions Threats Solutions and recommendations Eavesdropping Secure channel Data Corruption Counter attack Data modification Using 106k Baud Rate, SCH Data insertion No delay, listening channel, SCH Man in the middle attack Active-passive communication, listening the channel
- 11. ECMA-385 NFC-SEC • Specifies NFC secure channel and shared secret services for NFCIP-1 and PDUs and protocol for those services. • Shared secret provides a key for propietary encryption • Secure cannel encrypts data
- 12. ECMA-385 NFC-SEC • Follows the following OSI model.
- 13. ECMA-385 NFC-SEC. Protocol Mechanisms • Shall establish a shared secret using ACT_REQ and ACT_RES. • Shall verify their agreed shared secret usingVFY_REQ andVFY_RES. • SCH service shall protect data exchange, using ENC. • Shall terminate SSE and SCH usingTMN.
- 14. ECMA 386 NFC-SEC Cryptography Standard • NFC – SEC- 01 provides: Message contents with concatenation rules for keys and other fields Key primitives Random number requirements Conversion and transformation rules Cryptographic algorithms and methods • Enables communication between NFCIP-1 devices which do not share any keys before communicating each other. • NFC-SEC-01 vulnerable for MITM attacks
- 15. ECMA 386 NFC-SEC Cryptography Standard using ECDH and AES. • Specifies the message contents and the cryptographic methods for PID 01. • ECDH curve p-192 key exchange – 192 bit • Key derivation and confirmation – AES 128 bit • Data encryption – AES 128 bit • Data integrity – AES 128 bit
- 16. Conclusions POINTS TO TAKE INTO ACCOUNT
- 17. Conclusions • NFC by itself cannot provide protection against eavesdropping or data modifications. • The only solution is to establish a secure channel. • MITM is not a high risk, since NFC short operating distance and RF characteristics • Due to the difficult of the MITM attack, a DH protocol can be applied. • NFC-SEC standard provides the SSE and SCH services for p2p mode.
- 18. References • ECMA 385 http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-385.pdf • ECMA 386 http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-386.pdf • ECMA 340 https://www.ecma-international.org/publications/files/ECMA-ST/Ecma-340.pdf • ECMA 352 https://www.ecma-international.org/publications/files/ECMA-ST/ECMA-352.pdf • Security in Near Field Communication (NFC) http://events.iaik.tugraz.at/RFIDSec06/Program/papers/002%20-%20Security%20in%20NFC.pdf
- 19. Thank you For your attention