Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Standards for NFCIP-1 Ecma/TC47/2009/024-Rev1 TC47.

Similar presentations

Presentation on theme: "Security Standards for NFCIP-1 Ecma/TC47/2009/024-Rev1 TC47."— Presentation transcript:

1 Security Standards for NFCIP-1 Ecma/TC47/2009/024-Rev1 TC47

2 Rue du Rhône CH-1204 Geneva - T: F: NFC-SEC provides Security Specification for NFCIP-1 NFCIP-1 is standardised in ECMA-340. It specifies the signalling interface and protocols for Near Field Communication (NFC) which is a wireless communication technology for closely coupled Consumer Electronic devices. NFC-SEC defines a protocol stack that enables application independent and state of the art encryption functions on the data link layer, on top of NFCIP-1. NFC security standards will be deployed for all those NFCIP-1 connections which require protection against eavesdropping and data manipulation and which do not necessarily require application specific encryption mechanisms. A typical example is the initial association ("pairing") of devices for longer range wireless communications. Bluetooth or WiFi pairing protocols may use NFC security standards to exchange security-sensitive connection contexts on a protected NFCIP-1 connection before switching to their respective longer range wireless technologies.

3 Rue du Rhône CH-1204 Geneva - T: F: NFCIP-1 Protocol Arrangement ISO/IEC ECMA-340 ECMA-340 (NFCIP-1)NFCIP-1 ISO/IEC ISO/IEC RF I/F Test Methods ECMA-356 ECMA-356 ISO/IEC ISO/IEC ECMA-352 (NFCIP-2)ECMA-352 Protocol Test Methods ECMA-362 ECMA-36 ISO/IEC NFC-WI ECMA-373 ISO/IEC 28361

4 Motivation for NFC-SEC Rue du Rhône CH-1204 Geneva - T: F: Protection of Short Range Wireless Interface Use cases: wired equivalent privacy for S hort range communication for e.g. WiFi easy setup, Bluetooth easy setup Function: protection against eavesdropping, skimming and data modification Application independent security layer For protecting NFC peer-to-peer communications New feature for NFCIP-1 Good balance between state-of-the-art security and performance

5 NFC-SEC status is Published & Available Rue du Rhône CH-1204 Geneva - T: F: Ecma GA published NFC-SEC standards in Dec 2008 Available for free download Submitted for ISO/IEC JTC1 Fast Track Public White Paper

6 … NFC-SEC protects peer-2-peer ad-hoc secure connection Rue du Rhône CH-1204 Geneva - T: F: Normal use phase Wireless headset Pairing phase NFC-SEC headset

7 NFC-SEC Modular Concept Rue du Rhône CH-1204 Geneva - T: F: ECMA-385ECMA-385 NFC-SEC-SP is the common framework and protocol specification ECMA-386ECMA-386 NFC-SEC-01 contains cryptographic mechanisms, specific methods, algorithm key parameters Flexibility and extensibility More cryptography standards may come If extended, the actual list will be maintained on Ecma pagesEcma pages ISO/IEC ECMA-340 ECMA-340 (NFCIP-1)NFCIP-1 NFC-SEC-SP ECMA-385 NFC-SEC-01 ECMA-386 NFC-SEC-0x ECMA-xxx ……

8 ECMA-385 Architecture Rue du Rhône CH-1204 Geneva - T: F: Follows OSI reference model specified in ISO/IEC

9 NFC-SEC Services Rue du Rhône CH-1204 Geneva - T: F: Services –Shared Secret provides a key for proprietary encryption –Secure Channel encrypts data NFC-SEC User SSE Proprietary Encryption SSE NFC-SEC User Prop.Encrypted Communication NFC-SEC User SCH NFC-SEC User Std. Encrypted Communication The shaded areas indicate the scope of NFC-SEC

10 NFC-SEC Protocol Rue du Rhône CH-1204 Geneva - T: F: Security protocol: –Key establishment phase (for SSE and SCH) –Secure data exchange phase Encryption and MAC (for SCH only) Encapsulated in DEP packets of NFCIP-1 Key confirmation PDU security Service Termination SCH SSE Key agreement -

11 ECMA-386 NFC-SEC-01 Cryptography Standard Rue du Rhône CH-1204 Geneva - T: F: NFC-SEC-01 provides Message contents with concatenation rules for keys and other fields Key primitives Random number requirements Conversion and transformation rules Cryptographic algorithms and methods to enable secure communication between NFCIP-1 devices that do not share any common secret data ("keys") before they start communicating with each other. Kind of first (and at the moment the only) profile of NFC-SEC

12 NFC-SEC-01 Basic Mechanisms Rue du Rhône CH-1204 Geneva - T: F: Elliptic Curve Diffie-Hellman (ECDH) Key exchange 192 bit Key derivation and confirmation AES 128 bit Data encryption AES 128 bit Data integrity AES 128 bit

13 State of the Art and Standardised Cryptography Rue du Rhône CH-1204 Geneva - T: F: NFC-SEC is based on established international standards, most were developed by ISO/IEC JTC1 SC27 NFC-SEC-SP references Framework: ISO/IEC Basic model: ISO/IEC Security architecture: ISO Conventions for the definition of OSI services: ISO/IEC NFC-SEC-01 references General specifications: ISO/IEC Key management using asymmetric technique: ISO/IEC Block ciphers: ISO/IEC and ISO/IEC Public key cryptography: IEEE 1363 and FIPS Random number bit generation: ISO/IEC 18031

14 Other Requirements … Rue du Rhône CH-1204 Geneva - T: F: NFC-SEC is tailored and linked to NFCIP-1 Contents of error messages unspecified The way, when and how the ECDH key pair (public and private key) are refreshed is not in the scope and depends on implementation of applications NFC-SEC notifies the NFC-SEC User about message sequence violations NFC-SEC-01 is the first registered cryptography standard More may come Publicly available register will be maintained by Ecma

15 Relevance of NFCIP-1 Rue du Rhône CH-1204 Geneva - T: F: Specified in Annex B of ECMA-385 until ECMA-340 becomes revised Method by which NFCIP-1 devices indicate their support of NFC-SEC Initiator: SECi field of ATR_REQ (byte 13 PPi) Target: SECt field of ATR_RES (byte 14 PPt) Additional Protected PDUs Coding 001 of PFB Extension of PDU numbering rules for protected PDUs

16 Nothing is Perfect Rue du Rhône CH-1204 Geneva - T: F: NFC-SEC-01 is vulnerable for MAN-IN-THE-MIDDLE (MITM) attacks No entity authentication possible because no pre-installed shared secret Practical risk of MITM To be evaluated for individual implementation Short operating distance and RF characteristics of NFC (load modulation) help keeping risk low Reference: Security in NFC (Strength and Weaknesses) %20Security%20in%20NFC.pdf %20Security%20in%20NFC.pdf Sequence integrity tailored for NFCIP-1 Allows replay of last delivered message Notifies lost packages

17 Application example: Pairing Rue du Rhône CH-1204 Geneva - T: F: Device A includes Bluetooth or WiFi and NFC: Laptop Device B includes Bluetooth or WiFi and NFC: Cell phone USER finds NFC-Forum Target Mark on both devices USER ACTION: touch phone with Laptop

18 Application example: Pairing Rue du Rhône CH-1204 Geneva - T: F: Identification and initialization via NFCIP-1 (ECMA-340) A and B both enumerate internal capabilities and applications A and B detect that they share Bluetooth or WiFi without being paired and both have NFC capabilities, including NFC-SEC Triggered by OS or user any of the devices, A or B may start an Bluetooth or WiFi pairing process which should exchange an connection context based on a secured NFC channel USER Notification: USER ACTION: touch phone with Laptop again and push confirmation button on phone and laptop If you want to pair A with B please touch devices and subsequently confirm with OK Pairing succeeded!

19 Rue du Rhône CH-1204 Geneva - T: F: Rue du Rhône 114 CH-1204 Geneva T: F:

Download ppt "Security Standards for NFCIP-1 Ecma/TC47/2009/024-Rev1 TC47."

Similar presentations

Ads by Google