Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in Near Field Communication Strengths and Weaknesses

Published byHelena Thornton Modified over 8 years ago

Similar presentations

Presentation on theme: "Security in Near Field Communication Strengths and Weaknesses"— Presentation transcript:

1 Security in Near Field Communication Strengths and Weaknesses
Ernst Haselsteiner, Klemens Breitfuss RFIDSec 06 July 13th, 2006

2 Contents What is NFC? Threats & Countermeasures Eavesdropping
NFC Intro What is NFC? Threats & Countermeasures Eavesdropping Data Modification Man-in-the-Middle Secure Channel Key Agreement Eaves- dropping Data Modification Man-in-the- Middle Secure Channel Conclusion

3 What is NFC? Designed for short distance communication (up to 10 cm)
Contents NFC Intro Designed for short distance communication (up to 10 cm) It’s a contactless card and a contactless reader in one chip It operates at MHz It’s designed for low bandwidth (max speed is 424 kBaud) Applications aimed for are Ticketing Payment Device Pairing Eaves- dropping Data Modification Man-in-the- Middle Secure Channel Short Range 13,56MHz RF Link Conclusion

4 Some details we need to know…
Contents NFC Intro There are dedicated roles Initiator and Target Any data transfer is a message and reply pair. Eaves- dropping Data Modification Message Initiator Target Reply Man-in-the- Middle Secure Channel There are dedicated modes of operation Active and Passive Active means the device generates an RF field Passive means the device uses the RF field generated by the other device Conclusion

5 Some details we need to know…
Contents NFC Intro Active Passive Initiator Possible Not Possible Target Eaves- dropping Data Modification Man-in-the- Middle Active Passive 106 kBaud Modified Miller, 100% ASK Manchester, 10% ASK 212 kBaud 424 kBaud Secure Channel Conclusion

6 Eavesdropping Contents NFC Intro I am sorry, but NFC is not secure against eavesdropping . From how far away is it possible to eavesdrop? Depends…. RF field of sender Equipment of attacker …. Does Active versus Passive mode matter? Yes In active mode the modulation is stronger (in particular at 106 kBaud) In passive mode eavesdropping is harder Countermeasure Secure Channel Eaves- dropping Data Modification Man-in-the- Middle Secure Channel Conclusion

7  Data Modification Coded “0” Coded “1” Countermeasure Secure Channel
Contents Coded “0” Coded “1” NFC Intro Eaves- dropping Modified Miller Coding, 100% ASK Data Modification Man-in-the- Middle Manchester Coding, 10% ASK Secure Channel Conclusion Countermeasure Secure Channel

8 Man in the Middle Attack
Man in the Middle Attack Contents NFC Intro Eaves- dropping Alice Bob Data Modification Man-in-the- Middle Secure Channel Eve Conclusion

9 Man in the Middle Attack
Man in the Middle Attack Contents NFC Intro Eaves- dropping Message Alice Bob Data Modification Man-in-the- Middle Secure Channel Eve Conclusion

10 Man in the Middle Attack
Man in the Middle Attack Contents NFC Intro Eaves- dropping Message Alice Bob Data Modification Eavesdropping Man-in-the- Middle Secure Channel Eve Conclusion

11 Man in the Middle Attack
Man in the Middle Attack Contents NFC Intro Eaves- dropping Message Alice Bob Data Modification Eavesdropping Man-in-the- Middle Disturb Secure Channel Eve Conclusion

12 Man in the Middle Attack
Man in the Middle Attack Contents NFC Intro Eaves- dropping Message Alice Bob Data Modification Eavesdropping Disturb Man-in-the- Middle Eve Secure Channel Conclusion Alice detects the disturbance and stops the protocol Check for active disturbances !

13 Man in the Middle Attack
Man in the Middle Attack Contents NFC Intro Eaves- dropping Alice Bob Data Modification Message Man-in-the- Middle Eve Secure Channel Conclusion

14 Man in the Middle Attack
Man in the Middle Attack Contents NFC Intro Eaves- dropping Alice Bob Data Modification Message Man-in-the- Middle Eve Secure Channel Conclusion Eve cannot send to Bob, while RF field of Alice is on! Use Active – Passive connection ! Use 106 kBaud !

15 Man in the Middle Attack
Man in the Middle Attack Contents NFC Intro Eaves- dropping Alice Bob Data Modification Message Man-in-the- Middle Eve Secure Channel Conclusion

16 Man in the Middle Attack
Man in the Middle Attack Contents NFC Intro Eaves- dropping Alice Bob Data Modification Message Man-in-the- Middle Eve Secure Channel Conclusion Alice would receive data sent by Eve Verify answer with respect to this possible attack!

17    What we have so far Eavesdropping No protection
Contents NFC Intro Eavesdropping No protection Use a Secure Channel Data Modification Use Secure Channel Man in the Middle Attack Very good protection if Alice uses 106 kBaud Alice uses Active – Passive mode Alice checks for disturbance Alice checks for suspicious answers from Bob Eaves- dropping Data Modification Man-in-the- Middle Secure Channel Conclusion

18 Secure Channel is easy…
Contents NFC Intro Standard DH Key Agreement Suffers from Man-in-the-Middle issue That’s fine with NFC, because right here NFC really provides protection ! Eaves- dropping Data Modification Man-in-the- Middle Secure Channel Conclusion

19 Secure Channel is easy…
Contents NFC Intro Standard DH Key Agreement Suffers from Man-in-the-Middle issue That’s fine with NFC, because there NFC really provides protection ! Eaves- dropping Data Modification Man-in-the- Middle Eavesdropping Data Modification Man-in-the Middle Secure Channel Conclusion

20 Key Agreement – An Alternative
Contents NFC Intro Eaves- dropping Alice Data Modification Bob Man-in-the- Middle Secure Channel Eve Conclusion

21 Key Agreement – An Alternative
Contents NFC Intro Perfect in theory – Obvious to see Needs perfect synchronization between Alice and Bob Amplitude Phase Alice and Bob must actively perform this synchronization Security in practice depends on Synchronization Equipment of attacker Advantages Cheap (requires no cryptography) Extremely fast Eaves- dropping Data Modification Man-in-the- Middle Secure Channel Conclusion

22 Conclusion NFC does not provide any security by itself
Contents NFC Intro NFC does not provide any security by itself Secure Channel is required Physical properties of NFC protect against Man-in-the-Middle Establishing a Secure Channel becomes easy Eaves- dropping Data Modification Man-in-the- Middle Secure Channel Conclusion

23

Download ppt "Security in Near Field Communication Strengths and Weaknesses"

Similar presentations

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.
Michal Bodlák. Referred to as mobile money, mobile money transfer, and mobile wallet generally refer to payment services operated under financial regulation.

Michal Bodlák. Referred to as mobile money, mobile money transfer, and mobile wallet generally refer to payment services operated under financial regulation.
COS 461 Fall 1997 Todays Lecture u intro to security in networking –confidentiality –integrity –authentication –authorization u orientation for assignment.

COS 461 Fall 1997 Todays Lecture u intro to security in networking –confidentiality –integrity –authentication –authorization u orientation for assignment.
Vishal Bhatnagar Michael Jewitt Karan Kampani Greg Maag Tim Suffel.

Vishal Bhatnagar Michael Jewitt Karan Kampani Greg Maag Tim Suffel.
Off-the-Record Communication, or, Why Not To Use PGP

Off-the-Record Communication, or, Why Not To Use PGP
Distance Bounding Protocols with Void Challenges for RFID Jorge Munilla Fajardo Dpto. Ingeniería de Comunicaciones. E.T.S.I.Telecomunicación. Universidad.

Distance Bounding Protocols with Void Challenges for RFID Jorge Munilla Fajardo Dpto. Ingeniería de Comunicaciones. E.T.S.I.Telecomunicación. Universidad.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
NFC Security What is NFC? NFC Possible Security Attacks. NFC Security Attacks Countermeasures. Conclusion. References.

NFC Security What is NFC? NFC Possible Security Attacks. NFC Security Attacks Countermeasures. Conclusion. References.
Technical Issues Regarding Near Field Communication Group 16 Tyler Swofford Matthew Kotan.

Technical Issues Regarding Near Field Communication Group 16 Tyler Swofford Matthew Kotan.
NFC Devices: Security and Privacy

NFC Devices: Security and Privacy
NEAR-FIELD COMMUNICATION MAKING LIFE EASY Presenter: Grace Chen NFC Technology.

NEAR-FIELD COMMUNICATION MAKING LIFE EASY Presenter: Grace Chen NFC Technology.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
Encryption, SSL and Certificates BY JOSHUA COX AND RACHAEL MEAD.

Encryption, SSL and Certificates BY JOSHUA COX AND RACHAEL MEAD.
Secure In-Band Wireless Pairing Shyamnath Gollakota Nabeel Ahmed Nickolai Zeldovich Dina Katabi.

Secure In-Band Wireless Pairing Shyamnath Gollakota Nabeel Ahmed Nickolai Zeldovich Dina Katabi.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.

Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.
Yossef Oren, Dvir Schirman, and Avishai Wool: Tel Aviv University ESORICS 2013.

Yossef Oren, Dvir Schirman, and Avishai Wool: Tel Aviv University ESORICS 2013.
Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.

Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.
1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06.

1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06.

Similar presentations

Ads by Google