Near Field
Communication (NFC) is a specification for contactless communication between
two devices. NFC is based on the
technology used for RFID and is standardised in ISO/IEC 18092. NFC is limited
to a distance between the two devices of up to 10 cm. NFC is intended to make it easier and more
convenient to make transactions, exchange digital content, and connect
electronic devices with a touch. NFC has the ability to read and write to
devices, and so it is believed that they will have a wider use in the future
than standard smart cards.Barclaycard introduced the UK’s first contactless
payment system in 2007, with a transaction limit of £10. Due to the increase in
demand, Barclaycard increased the maximum limit by 50% to £15 in 2010. Google
has supported the incorporation of NFC into the Android 2.3 operating system
and it is predicted that over the next three years the market for NFC chips
will grow by a factor of four, and in 2011, 50 million NFC-enabled devices will
enter the market. As users’ needs for technology increase, it makes sense that
another function to add would be the ability to use the device to make
payments, and that is where NFC comes in. Having a mobile phone fitted with an
NFC chip will enable users to send and exchange data just by touching, or
bringing together the two devices. NFC applications can be stored on the phone:
on the SIM card, within the smart card or even within an area of the phone’s
memory.
Problem Statement
It is estimated
that the market in NFC devices will grow exponentially over the next few years,
and with this comes the always-present issue of security. According to the ISO
standard, NFC is not encrypted. This is to make it backward compatible with
RFID technologies. Encryption may be implemented with future NFC applications
but only as a best practice, not as a requirement. The wireless signal
generated by data transfers can be picked up by antennas, modified, and
dispatched. This makes NFC inherently vulnerable to this kind of attack. With a
disguised device placed close to the two NFC devices, it would be able to
record all NFC activity in a given time and be collected at a later date. Fraudsters
can take advantage of NFC tags in public places by removing the legitimate tag
and replacing it with a tag directing the user to a bogus website of a premium
number set up to the fraudsters’ account. there is no
Objectives of the research:
— The objective of this research is to Analyze the possible uses of NFC and the risks associated with carrying out transactions over a wireless network.
Literature Review
NFC is an international accredited standard, which means that in the future it will become a worldwide-recognized technology with a multitude of uses. In December 2003, NFC was accredited with the standard ISO/IEC 18092 (NFC IP-1). This standard specifies the interface and protocol for simple wireless communications between close-coupled devices that communication with transfer rates of 106, 212 and 424 kbps [7]. In 2005, NFC also earned a further internationally accredited standard ISO/IEC 21481. Secure NFC combines smart-card technology with NFC technology to enable storage of personal data in a secure manner. This means that data can be encrypted, with the key being stored securely in the memory of the device and the NFC device supports the authentication. This secure storage will be required to store personal data, encryption keys, electronic money etc., and so it is an important aspect of the NFC. As more phone manufacturers start to include NFC chips in their mobiles, the need for applications will increase. Already marketers are looking at the possibilities of using the NFC interface alongside their traditional marketing methods such as posters. NFC can also be used to transfer tokens at airports, which would eliminate the need for boarding cards. The passenger would check-in using their mobile and then re-confirm by swiping their phone again at the departure gate. There is also the possibility of NFC chips being able to store biometric information, which is becoming more widely developed for security at airports. Devices with applications that use NFC technology for payments will help consumers pay for products and services more easily, and mobile developers are teaming up with financial companies and service providers to provide this service in the near future. NFC is safer than longer range technologies but there are still security flaws that, if not addressed, can be exploited. Using a wireless communication protocol it is inevitable that the data will be prone to attack such as: Eavesdropping: The two NFC devices communicate using radio-frequency waves. This means that an attacker could use an antenna to intercept the transmitted signals. No special equipment is required to receive or decode the RF signals, and so it should be assumed that this equipment is available to attackers. Data Corruption: Rather than eavesdropping on the communication, an attacker might instead try to modify the data being transmitted. The attacker may do this to disrupt the communication by preventing the receiving device from being able to understand the data that is being transmitted from the active device. Data Modification: The purpose of data modification is to change the data that is received rather than preventing the transmission as with the data corruption attack, because the attacker wants to make changes to the data that is being transmitted. Data Insertion: The attacker inserts messages into the data exchanged between the two devices, but if the messages overlap, then the data becomes corrupt and the communication fails. Man-in-the-Middle Attack : In this type of attack is the two devices are tricked into believing they are communicating directly with each other, when in fact they are communicating through a third party. Another aspect to protect against is ‘Walk off’. Walk offs are when the device user lifts the device and walks away from the transaction while leaving the transaction connection open. Usually, when the connections are idle for an amount of time the connection terminates automatically, but the time window where the connection is still open, it can be exploited.
Future Implications of NFC
Google Wallet:
— Google
Wallet is an Android app that makes your phone your wallet.
— It
stores virtual versions of your cards in your phone.
— Google
hopes that eventually our loyalty cards, gift cards, receipts, boarding passes,
tickets, even our keys will be seamlessly synced to our Google Wallet.
Windows 8:
— It
will include built-in NFC Technology. Windows 8 will include an option known as
tap to share.
— During
its Build conference, Microsoft demonstrated the tap-to-share application by
means of an NFC-enabled tablet computer loaded with an early version of Windows
8.
— chip
manufacturer NXP provided the NFC technology used on Windows 8- based tablets
distributed at the conference, enabling the computers to not only read and
encode NFC RFID tags, but also support peer-to-peer and card-emulation
functions specified by NFC standards developed by the NFC Forum..
Conclusion:
NFC is a very
short range protocol which is backward compatible with the RFID infrastructure,
because of its very short range it is inherently secured from most types of
remote attacks. The procedure of establishing communication is very familiar to
human’s natural way of doing things, you want something to communicate, touch
it together. Active NFC devices could have a viable future in commerce, with
the beginnings of contactless NFC payments starting to show today with an NFC
district in Madrid created and with a proposed number of 60,000 merchants in
London to accept NFC for their premises in time for the London 2012 Olympic
Games. The fact that NFC is also interoperable with existing smartcard systems
should also ensure that this technology would be more easily integrated into
existing infrastructures, such as the Transport for London Oyster Card system. With
any digital transaction, there will always be people who try to manipulate,
disrupt or misuse the data that is transmitted and so users will no doubt
initially be wary about the security of their personal data that is stored on
the NFC devices. Privacy and security
will always be a concern for users where personal and sensitive data are
involved. We will have to rely on the application developers and handset
manufacturers, to ensure that any transaction carried out via a NFC-enabled
device is as secure as possible. NFC-enabled devices have great potential. NFC
is much quicker and more user friendly and hence could reach a wider user base.
Using them for paying for a car parking
ticket on exit or for door entry systems in the near future seems almost
inevitable. The original paper can be found in the following link.
References
— [1]
NFC Forum. (2011). About NFC. Retrieved 04 10, 2011, from NFC Forum:
http://www.nfc-forum.org
— [2]
NFC World. (2011). About NFC. Retrieved 04 10, 2011, from NFC World:
http://www.nfc-world.com
— [3]
Conneally, T. (2010, 12 23). As-NFC-enters-the-mass-market-so-too-should-NFC-security.
Retrieved 04 09, 2011, from Beta News : http://www.betanews.com/
— [4] http://public.cenriqueortiz.com/nfc/elements-nfc-jan2009-CEnriqueOrtiz.jpg
— [5] Mobile
Phones History. (2011). Retrieved 04 05, 2011, from Phone History:
http://www.phonehistory.co.uk/
— [6]
Alcatel Lucent. (2011). Historical Timeline. Retrieved 04 06, 2011, from
Alcatel Lucent: http://www.alcatellucent.
— com/
— [7]
ISO. (2004, 04 1). International Standard. Retrieved 03 24, 2011, from
Webstore: http://webstore.iec.ch/preview/
— info
_ isoiec18092%7Bed1.0%7Den.pdf
— [8] NFC
In Action. (2011). Retrieved 04 09, 2011, from NFC Forum:
http://www.nfc-forum.org
— [9]
Clark, S. (2011, 02 27). Transport for London confirms plans to accept
contactless cards in time for olympics.
— Retrieved
04 07, 2011, from NearField Communiations World:
http://www.nearfieldcommunicationsworld.com/
— 2011/02/27/36204/transport-for-london-confirms-plans-to-accept-contactless-cards-in-time-for-olympics/
— [10]
Hill, J. (2011, 04 04). The question of security with nfc based payments.
Retrieved 04 08, 2011, from Gadgetell:
— http://www.gadgetell.com/tech/comment/the-question-of-security-with-nfc-based-payments/
— [11]
http://www.google.com/wallet/
No comments:
Post a Comment