Download presentation
Presentation is loading. Please wait.
Published byMary McFarland Modified over 10 years ago
1
Security Standards for NFCIP-1 Ecma/TC47/2009/024-Rev1 TC47
2
Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 2 NFC-SEC provides Security Specification for NFCIP-1 NFCIP-1 is standardised in ECMA-340. It specifies the signalling interface and protocols for Near Field Communication (NFC) which is a wireless communication technology for closely coupled Consumer Electronic devices. NFC-SEC defines a protocol stack that enables application independent and state of the art encryption functions on the data link layer, on top of NFCIP-1. NFC security standards will be deployed for all those NFCIP-1 connections which require protection against eavesdropping and data manipulation and which do not necessarily require application specific encryption mechanisms. A typical example is the initial association ("pairing") of devices for longer range wireless communications. Bluetooth or WiFi pairing protocols may use NFC security standards to exchange security-sensitive connection contexts on a protected NFCIP-1 connection before switching to their respective longer range wireless technologies.
3
Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 3 NFCIP-1 Protocol Arrangement ISO/IEC 18092 ECMA-340 ECMA-340 (NFCIP-1)NFCIP-1 ISO/IEC 14443 ISO/IEC 15693 RF I/F Test Methods ECMA-356 ECMA-356 ISO/IEC 22536 ISO/IEC 21481 ECMA-352 (NFCIP-2)ECMA-352 Protocol Test Methods ECMA-362 ECMA-36 ISO/IEC 23917 NFC-WI ECMA-373 ISO/IEC 28361
4
Motivation for NFC-SEC Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 4 Protection of Short Range Wireless Interface Use cases: wired equivalent privacy for S hort range communication for e.g. WiFi easy setup, Bluetooth easy setup Function: protection against eavesdropping, skimming and data modification Application independent security layer For protecting NFC peer-to-peer communications New feature for NFCIP-1 Good balance between state-of-the-art security and performance
5
NFC-SEC status is Published & Available Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 5 Ecma GA published NFC-SEC standards in Dec 2008 Available for free download http://www.ecma-international.org/publications/standards/Ecma-385.htm http://www.ecma-international.org/publications/standards/Ecma-386.htm Submitted for ISO/IEC JTC1 Fast Track Public White Paper http://www.ecma-international.org/activities/Communications/tc47-2008-089.pdf
6
… NFC-SEC protects peer-2-peer ad-hoc secure connection Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 6 Normal use phase Wireless headset Pairing phase NFC-SEC headset
7
NFC-SEC Modular Concept Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 7 ECMA-385ECMA-385 NFC-SEC-SP is the common framework and protocol specification ECMA-386ECMA-386 NFC-SEC-01 contains cryptographic mechanisms, specific methods, algorithm key parameters Flexibility and extensibility More cryptography standards may come If extended, the actual list will be maintained on Ecma pagesEcma pages ISO/IEC 18092 ECMA-340 ECMA-340 (NFCIP-1)NFCIP-1 NFC-SEC-SP ECMA-385 NFC-SEC-01 ECMA-386 NFC-SEC-0x ECMA-xxx ……
8
ECMA-385 Architecture Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 8 Follows OSI reference model specified in ISO/IEC 7498-1
9
NFC-SEC Services Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 9 2 Services –Shared Secret provides a key for proprietary encryption –Secure Channel encrypts data NFC-SEC User SSE Proprietary Encryption SSE NFC-SEC User Prop.Encrypted Communication NFC-SEC User SCH NFC-SEC User Std. Encrypted Communication The shaded areas indicate the scope of NFC-SEC
10
NFC-SEC Protocol Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 10 Security protocol: –Key establishment phase (for SSE and SCH) –Secure data exchange phase Encryption and MAC (for SCH only) Encapsulated in DEP packets of NFCIP-1 Key confirmation PDU security Service Termination SCH SSE Key agreement -
11
ECMA-386 NFC-SEC-01 Cryptography Standard Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 11 NFC-SEC-01 provides Message contents with concatenation rules for keys and other fields Key primitives Random number requirements Conversion and transformation rules Cryptographic algorithms and methods to enable secure communication between NFCIP-1 devices that do not share any common secret data ("keys") before they start communicating with each other. Kind of first (and at the moment the only) profile of NFC-SEC
12
NFC-SEC-01 Basic Mechanisms Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 12 Elliptic Curve Diffie-Hellman (ECDH) Key exchange 192 bit Key derivation and confirmation AES 128 bit Data encryption AES 128 bit Data integrity AES 128 bit
13
State of the Art and Standardised Cryptography Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 13 NFC-SEC is based on established international standards, most were developed by ISO/IEC JTC1 SC27 NFC-SEC-SP references Framework: ISO/IEC 11770-1 Basic model: ISO/IEC 7498-1 Security architecture: ISO 7498-2 Conventions for the definition of OSI services: ISO/IEC 10731 NFC-SEC-01 references General specifications: ISO/IEC 15946-1 Key management using asymmetric technique: ISO/IEC 11770-3 Block ciphers: ISO/IEC 18033-3 and ISO/IEC 10116 Public key cryptography: IEEE 1363 and FIPS 186-2 Random number bit generation: ISO/IEC 18031
14
Other Requirements … Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 14 NFC-SEC is tailored and linked to NFCIP-1 Contents of error messages unspecified The way, when and how the ECDH key pair (public and private key) are refreshed is not in the scope and depends on implementation of applications NFC-SEC notifies the NFC-SEC User about message sequence violations NFC-SEC-01 is the first registered cryptography standard More may come Publicly available register will be maintained by Ecma
15
Relevance of NFCIP-1 Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 15 Specified in Annex B of ECMA-385 until ECMA-340 becomes revised Method by which NFCIP-1 devices indicate their support of NFC-SEC Initiator: SECi field of ATR_REQ (byte 13 PPi) Target: SECt field of ATR_RES (byte 14 PPt) Additional Protected PDUs Coding 001 of PFB Extension of PDU numbering rules for protected PDUs
16
Nothing is Perfect Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 16 NFC-SEC-01 is vulnerable for MAN-IN-THE-MIDDLE (MITM) attacks No entity authentication possible because no pre-installed shared secret Practical risk of MITM To be evaluated for individual implementation Short operating distance and RF characteristics of NFC (load modulation) help keeping risk low Reference: Security in NFC (Strength and Weaknesses) http://events.iaik.tugraz.at/RFIDSec06/Program/papers/002%20- %20Security%20in%20NFC.pdf http://events.iaik.tugraz.at/RFIDSec06/Program/papers/002%20- %20Security%20in%20NFC.pdf Sequence integrity tailored for NFCIP-1 Allows replay of last delivered message Notifies lost packages
17
Application example: Pairing Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 17 Device A includes Bluetooth or WiFi and NFC: Laptop Device B includes Bluetooth or WiFi and NFC: Cell phone USER finds NFC-Forum Target Mark on both devices USER ACTION: touch phone with Laptop
18
Application example: Pairing Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 18 Identification and initialization via NFCIP-1 (ECMA-340) A and B both enumerate internal capabilities and applications A and B detect that they share Bluetooth or WiFi without being paired and both have NFC capabilities, including NFC-SEC Triggered by OS or user any of the devices, A or B may start an Bluetooth or WiFi pairing process which should exchange an connection context based on a secured NFC channel USER Notification: USER ACTION: touch phone with Laptop again and push confirmation button on phone and laptop If you want to pair A with B please touch devices and subsequently confirm with OK Pairing succeeded!
19
Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 19 Rue du Rhône 114 CH-1204 Geneva T: +41 22 849 6000 F: +41 22 849 6001 www.ecma-international.org
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.