Security in Near Field Communication Strengths and Weaknesses

1
Security in Near Field CommunicationStrengths
and Weaknesses
Ernst Haselsteiner, Klemens Breitfuss
RFIDSec 06
July 13th, 2006
2
Contents
Contents
NFC Intro

• What is NFC?
• Threats Countermeasures
• Eavesdropping
• Data Modification
• Man-in-the-Middle
• Secure Channel
• Key Agreement

Eaves- dropping
DataModification
Man-in-the-Middle
SecureChannel
Conclusion
3
What is NFC?
Contents
NFC Intro

• Designed for short distance communication (up to
  10 cm)
• Its a contactless card and a contactless reader
  in one chip
• It operates at 13.56 MHz
• Its designed for low bandwidth (max speed is 424
  kBaud)
• Applications aimed for are
• Ticketing
• Payment
• Device Pairing

Eaves- dropping
DataModification
Man-in-the-Middle
SecureChannel
Short Range 13,56MHz RF Link
Conclusion
4
Some details we need to know
Contents
NFC Intro

• There are dedicated roles
• Initiator and Target
• Any data transfer is a message and reply pair.

Eaves- dropping
DataModification
Message
Initiator
Target
Reply
Man-in-the-Middle
SecureChannel

• There are dedicated modes of operation
• Active and Passive
• Active means the device generates an RF field
• Passive means the device uses the RF field
  generated by the other device

Conclusion
5
Some details we need to know
Contents
NFC Intro
Active Passive
Initiator Possible Not Possible
Target Possible Possible
Eaves- dropping
DataModification
Man-in-the-Middle
Active Passive
106 kBaud Modified Miller, 100 ASK Manchester, 10 ASK
212 kBaud Manchester, 10 ASK Manchester, 10 ASK
424 kBaud Manchester, 10 ASK Manchester, 10 ASK
SecureChannel
Conclusion
6
Eavesdropping
?
Contents
NFC Intro

• I am sorry, but NFC is not secure
  againsteavesdropping ?.
• From how far away is it possible to eavesdrop?
• Depends.
• RF field of sender
• Equipment of attacker
• .
• Does Active versus Passive mode matter?
• Yes
• In active mode the modulation is stronger (in
  particular at 106 kBaud)
• In passive mode eavesdropping is harder
• Countermeasure
• Secure Channel

Eaves- dropping
DataModification
Man-in-the-Middle
SecureChannel
Conclusion
7
Data Modification
?
Contents
Coded 0
Coded 1
NFC Intro
Eaves- dropping
Modified Miller Coding, 100 ASK
DataModification
Man-in-the-Middle
Manchester Coding, 10 ASK
SecureChannel
Conclusion

• Countermeasure
• Secure Channel

8
Man in the Middle Attack
?
Contents
NFC Intro
Eaves- dropping
Alice
Bob
DataModification
Man-in-the-Middle
SecureChannel
Eve
Conclusion
9
Man in the Middle Attack
?
Contents
NFC Intro
Eaves- dropping
Alice
Bob
DataModification
Man-in-the-Middle
SecureChannel
Eve
Conclusion
10
Man in the Middle Attack
?
Contents
NFC Intro
Eaves- dropping
Alice
Bob
DataModification
Man-in-the-Middle
SecureChannel
Eve
Conclusion
11
Man in the Middle Attack
?
Contents
NFC Intro
Eaves- dropping
Alice
Bob
DataModification
Disturb
Man-in-the-Middle
SecureChannel
Eve
Conclusion
12
Man in the Middle Attack
?
Contents
NFC Intro
Eaves- dropping
Alice
Bob
DataModification
Disturb
Man-in-the-Middle
Eve
SecureChannel
Conclusion

• Alice detects the disturbance and stops the
  protocol
• Check for active disturbances !

13
Man in the Middle Attack
?
Contents
NFC Intro
Eaves- dropping
Alice
Bob
DataModification
Message
Man-in-the-Middle
Eve
SecureChannel
Conclusion
14
Man in the Middle Attack
?
Contents
NFC Intro
Eaves- dropping
Alice
Bob
DataModification
Message
Man-in-the-Middle
Eve
SecureChannel
Conclusion

• Eve cannot send to Bob, while RF field of Alice
  is on!
• Use Active Passive connection !
• Use 106 kBaud !

15
Man in the Middle Attack
?
Contents
NFC Intro
Eaves- dropping
Alice
Bob
DataModification
Message
Man-in-the-Middle
Eve
SecureChannel
Conclusion
16
Man in the Middle Attack
?
Contents
NFC Intro
Eaves- dropping
Alice
Bob
DataModification
Message
Man-in-the-Middle
Eve
SecureChannel
Conclusion

• Alice would receive data sent by Eve
• Verify answer with respect to this possible
  attack!

17
What we have so far
Contents
?
NFC Intro

• Eavesdropping
• No protection
• Use a Secure Channel
• Data Modification
• No protection
• Use Secure Channel
• Man in the Middle Attack
• Very good protection if
• Alice uses 106 kBaud
• Alice uses Active Passive mode
• Alice checks for disturbance
• Alice checks for suspicious answers from Bob

Eaves- dropping
?
DataModification
?
Man-in-the-Middle
SecureChannel
Conclusion
18
Secure Channel is easy
Contents
NFC Intro

• Standard DH Key Agreement
• Suffers from Man-in-the-Middle issue
• Thats fine with NFC, because right here NFC
  really provides protection !

Eaves- dropping
DataModification
Man-in-the-Middle
SecureChannel
Conclusion
19
Secure Channel is easy
Contents
NFC Intro

• Standard DH Key Agreement
• Suffers from Man-in-the-Middle issue
• Thats fine with NFC, because there NFC really
  provides protection !

Eaves- dropping
DataModification
Man-in-the-Middle
?

• Eavesdropping
• Data Modification
• Man-in-the Middle

?
SecureChannel
?
Conclusion
20
Key Agreement An Alternative
Contents
NFC Intro
Eaves- dropping
Alice
DataModification
Bob
Man-in-the-Middle
SecureChannel
Eve
Conclusion
21
Key Agreement An Alternative
Contents
NFC Intro

• Perfect in theory Obvious to see
• Needs perfect synchronization between Alice and
  Bob
• Amplitude
• Phase
• Alice and Bob must actively perform this
  synchronization
• Security in practice depends on
• Synchronization
• Equipment of attacker
• Advantages
• Cheap (requires no cryptography)
• Extremely fast

Eaves- dropping
DataModification
Man-in-the-Middle
SecureChannel
Conclusion
22
Conclusion
Contents
NFC Intro

• NFC does not provide any security by itself
• Secure Channel is required
• Physical properties of NFC protect against
  Man-in-the-Middle
• Establishing a Secure Channel becomes easy

Eaves- dropping
DataModification
Man-in-the-Middle
SecureChannel
Conclusion
23
(No Transcript)