Security in Near Field Communication Strengths and Weaknesses

Slides:



Advertisements
Similar presentations
1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.
Advertisements

Michal Bodlák. Referred to as mobile money, mobile money transfer, and mobile wallet generally refer to payment services operated under financial regulation.
COS 461 Fall 1997 Todays Lecture u intro to security in networking –confidentiality –integrity –authentication –authorization u orientation for assignment.
Vishal Bhatnagar Michael Jewitt Karan Kampani Greg Maag Tim Suffel.
Off-the-Record Communication, or, Why Not To Use PGP
Distance Bounding Protocols with Void Challenges for RFID Jorge Munilla Fajardo Dpto. Ingeniería de Comunicaciones. E.T.S.I.Telecomunicación. Universidad.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
NFC Security What is NFC? NFC Possible Security Attacks. NFC Security Attacks Countermeasures. Conclusion. References.
Technical Issues Regarding Near Field Communication Group 16 Tyler Swofford Matthew Kotan.
NFC Devices: Security and Privacy
NEAR-FIELD COMMUNICATION MAKING LIFE EASY Presenter: Grace Chen NFC Technology.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
Encryption, SSL and Certificates BY JOSHUA COX AND RACHAEL MEAD.
Secure In-Band Wireless Pairing Shyamnath Gollakota Nabeel Ahmed Nickolai Zeldovich Dina Katabi.
Digital Signatures and Hash Functions. Digital Signatures.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.
Yossef Oren, Dvir Schirman, and Avishai Wool: Tel Aviv University ESORICS 2013.
Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.
1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06.
Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.
Public Key Algorithms …….. RAIT M. Chatterjee.
Homework #4 Solutions Brian A. LaMacchia Portions © , Brian A. LaMacchia. This material is provided without.
Quantum Key Distribution (QKD) John A Clark Dept. of Computer Science University of York, UK
UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.
Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Near Field Communication By Van Logan HTM 304. What is Near Field Communication Short range wireless communication technology between electronic devices.
W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T IKE Tutorial.
Minimizing the number of keys for secure communication in a network By Niels Duif.
Indian Institute of Technology Hyderabad AM TRANSMITTER SHANTH IC SHANTHI TEJA S VIJAY SUSHRITH P SHIVA KUMAR.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Presented by: Arpit Jain Guided by: Prof. D.B. Phatak.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
Presented By: Arpit Jain Guided By: Prof. D.B. Phatak.
May 2002Patroklos Argyroudis1 A crash course in cryptography and network security Patroklos Argyroudis CITY Liberal Studies.
NFC - Near Field Communication Technology
NEAR FIELD COMMUNICATION. WHAT IS NFC??? NFC or Near Field Communication is a short range high frequency wireless communication technology. A radio communication.
Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.
A survey of Routing Attacks in Mobile Ad Hoc Networks Bounpadith Kannhavong, Hidehisa Nakayama, Yoshiaki Nemoto, Nei Kato, and Abbas Jamalipour Presented.
COEN 351 E-Commerce Security Essentials of Cryptography.
Near Field Communication Systems Patras, July 2006.
Ignite Presentation: Near Field Communication Harry Yang.
Submitted By: A.Anjaneyulu INTRODUCTION Near Field Communication (NFC) is based on a short-range wireless connectivity, designed for.
1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.
Network Security David Lazăr.
Facilities for Secure Communication The Internet is insecure The Internet is a shared collection of networks. Unfortunately, that makes it insecure An.
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
Cryptographic Hash Functions and Protocol Analysis
Computer Science 1 Using Directional Antennas to Prevent Wormhole Attacks Presented by: Juan Du Nov 16, 2005.
COEN 351 E-Commerce Security
Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication McCune, J.M., Perrig, A., Reiter, M.K IEEE Symposium on Security and.
1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.
Payment systems. Debit or Credit cards  Let the customers pay by taking money directly form their account  Allow the money to borrow the money and the.
11.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Message Integrity and Message Authentication.
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
ABSTRACT Near Field Communication (NFC) is based on a short- range wireless connectivity, designed for intuitive, simple and safe interaction between.
Near field communication (NFC)
Apple Pay Research on NFC and the security threat
N-Guard: a Solution to Secure Access to NFC tags
Near field communication (NFC)
Near field communication (NFC)
Presentation transcript:

Security in Near Field Communication Strengths and Weaknesses Ernst Haselsteiner, Klemens Breitfuss RFIDSec 06 July 13th, 2006

Contents What is NFC? Threats & Countermeasures Eavesdropping NFC Intro What is NFC? Threats & Countermeasures Eavesdropping Data Modification Man-in-the-Middle Secure Channel Key Agreement Eaves- dropping Data Modification Man-in-the- Middle Secure Channel Conclusion

What is NFC? Designed for short distance communication (up to 10 cm) Contents NFC Intro Designed for short distance communication (up to 10 cm) It’s a contactless card and a contactless reader in one chip It operates at 13.56 MHz It’s designed for low bandwidth (max speed is 424 kBaud) Applications aimed for are Ticketing Payment Device Pairing Eaves- dropping Data Modification Man-in-the- Middle Secure Channel Short Range 13,56MHz RF Link Conclusion

Some details we need to know… Contents NFC Intro There are dedicated roles Initiator and Target Any data transfer is a message and reply pair. Eaves- dropping Data Modification Message Initiator Target Reply Man-in-the- Middle Secure Channel There are dedicated modes of operation Active and Passive Active means the device generates an RF field Passive means the device uses the RF field generated by the other device Conclusion

Some details we need to know… Contents NFC Intro Active Passive Initiator Possible Not Possible Target Eaves- dropping Data Modification Man-in-the- Middle Active Passive 106 kBaud Modified Miller, 100% ASK Manchester, 10% ASK 212 kBaud 424 kBaud Secure Channel Conclusion

 Eavesdropping Contents NFC Intro I am sorry, but NFC is not secure against eavesdropping . From how far away is it possible to eavesdrop? Depends…. RF field of sender Equipment of attacker …. Does Active versus Passive mode matter? Yes In active mode the modulation is stronger (in particular at 106 kBaud) In passive mode eavesdropping is harder Countermeasure Secure Channel Eaves- dropping Data Modification Man-in-the- Middle Secure Channel Conclusion

 Data Modification Coded “0” Coded “1” Countermeasure Secure Channel Contents Coded “0” Coded “1” NFC Intro Eaves- dropping Modified Miller Coding, 100% ASK Data Modification Man-in-the- Middle Manchester Coding, 10% ASK Secure Channel Conclusion Countermeasure Secure Channel

Man in the Middle Attack  Man in the Middle Attack Contents NFC Intro Eaves- dropping Alice Bob Data Modification Man-in-the- Middle Secure Channel Eve Conclusion

Man in the Middle Attack  Man in the Middle Attack Contents NFC Intro Eaves- dropping Message Alice Bob Data Modification Man-in-the- Middle Secure Channel Eve Conclusion

Man in the Middle Attack  Man in the Middle Attack Contents NFC Intro Eaves- dropping Message Alice Bob Data Modification Eavesdropping Man-in-the- Middle Secure Channel Eve Conclusion

Man in the Middle Attack  Man in the Middle Attack Contents NFC Intro Eaves- dropping Message Alice Bob Data Modification Eavesdropping Man-in-the- Middle Disturb Secure Channel Eve Conclusion

Man in the Middle Attack  Man in the Middle Attack Contents NFC Intro Eaves- dropping Message Alice Bob Data Modification Eavesdropping Disturb Man-in-the- Middle Eve Secure Channel Conclusion Alice detects the disturbance and stops the protocol Check for active disturbances !

Man in the Middle Attack  Man in the Middle Attack Contents NFC Intro Eaves- dropping Alice Bob Data Modification Message Man-in-the- Middle Eve Secure Channel Conclusion

Man in the Middle Attack  Man in the Middle Attack Contents NFC Intro Eaves- dropping Alice Bob Data Modification Message Man-in-the- Middle Eve Secure Channel Conclusion Eve cannot send to Bob, while RF field of Alice is on! Use Active – Passive connection ! Use 106 kBaud !

Man in the Middle Attack  Man in the Middle Attack Contents NFC Intro Eaves- dropping Alice Bob Data Modification Message Man-in-the- Middle Eve Secure Channel Conclusion

Man in the Middle Attack  Man in the Middle Attack Contents NFC Intro Eaves- dropping Alice Bob Data Modification Message Man-in-the- Middle Eve Secure Channel Conclusion Alice would receive data sent by Eve Verify answer with respect to this possible attack!

   What we have so far Eavesdropping No protection Contents  NFC Intro Eavesdropping No protection Use a Secure Channel Data Modification Use Secure Channel Man in the Middle Attack Very good protection if Alice uses 106 kBaud Alice uses Active – Passive mode Alice checks for disturbance Alice checks for suspicious answers from Bob Eaves- dropping  Data Modification  Man-in-the- Middle Secure Channel Conclusion

Secure Channel is easy… Contents NFC Intro Standard DH Key Agreement Suffers from Man-in-the-Middle issue That’s fine with NFC, because right here NFC really provides protection ! Eaves- dropping Data Modification Man-in-the- Middle Secure Channel Conclusion

Secure Channel is easy… Contents NFC Intro Standard DH Key Agreement Suffers from Man-in-the-Middle issue That’s fine with NFC, because there NFC really provides protection ! Eaves- dropping Data Modification Man-in-the- Middle  Eavesdropping Data Modification Man-in-the Middle  Secure Channel  Conclusion

Key Agreement – An Alternative Contents NFC Intro Eaves- dropping Alice Data Modification Bob Man-in-the- Middle Secure Channel Eve Conclusion

Key Agreement – An Alternative Contents NFC Intro Perfect in theory – Obvious to see Needs perfect synchronization between Alice and Bob Amplitude Phase Alice and Bob must actively perform this synchronization Security in practice depends on Synchronization Equipment of attacker Advantages Cheap (requires no cryptography) Extremely fast Eaves- dropping Data Modification Man-in-the- Middle Secure Channel Conclusion

Conclusion NFC does not provide any security by itself Contents NFC Intro NFC does not provide any security by itself Secure Channel is required Physical properties of NFC protect against Man-in-the-Middle Establishing a Secure Channel becomes easy Eaves- dropping Data Modification Man-in-the- Middle Secure Channel Conclusion

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.