security in near field communication strengths and weaknesses
DESCRIPTION
Security in Near Field Communication Strengths and Weaknesses. Ernst Haselsteiner, Klemens Breitfuss. RFIDSec 06. July 13th, 2006. Contents. Contents. NFC Intro. What is NFC? Threats & Countermeasures Eavesdropping Data Modification Man-in-the-Middle Secure Channel Key Agreement. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Security in Near Field Communication Strengths and Weaknesses](https://reader035.vdocuments.net/reader035/viewer/2022062723/56813b47550346895da429f3/html5/thumbnails/1.jpg)
Ernst Haselsteiner, Klemens Breitfuss
RFIDSec 06July 13th, 2006
Security in Near Field CommunicationStrengths and Weaknesses
![Page 2: Security in Near Field Communication Strengths and Weaknesses](https://reader035.vdocuments.net/reader035/viewer/2022062723/56813b47550346895da429f3/html5/thumbnails/2.jpg)
2July 13th, 2006
Contents
• What is NFC?
• Threats & Countermeasures– Eavesdropping– Data Modification– Man-in-the-Middle
• Secure Channel– Key Agreement
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
![Page 3: Security in Near Field Communication Strengths and Weaknesses](https://reader035.vdocuments.net/reader035/viewer/2022062723/56813b47550346895da429f3/html5/thumbnails/3.jpg)
3July 13th, 2006
What is NFC?
• Designed for short distance communication (up to 10 cm)
• It’s a contactless card and a contactless reader in one chip
• It operates at 13.56 MHz
• It’s designed for low bandwidth (max speed is 424 kBaud)
• Applications aimed for are
– Ticketing
– Payment
– Device Pairing
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
Short Range 13,56MHz
RF Link
![Page 4: Security in Near Field Communication Strengths and Weaknesses](https://reader035.vdocuments.net/reader035/viewer/2022062723/56813b47550346895da429f3/html5/thumbnails/4.jpg)
4July 13th, 2006
Some details we need to know…
• There are dedicated roles– Initiator and Target– Any data transfer is a message and reply pair.
Initiator Target
Message
Reply
• There are dedicated modes of operation– Active and Passive– Active means the device generates an RF field– Passive means the device uses the RF field generated by the other device
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
![Page 5: Security in Near Field Communication Strengths and Weaknesses](https://reader035.vdocuments.net/reader035/viewer/2022062723/56813b47550346895da429f3/html5/thumbnails/5.jpg)
5July 13th, 2006
Some details we need to know…
Active Passive
106 kBaud Modified Miller, 100% ASK Manchester, 10% ASK
212 kBaud Manchester, 10% ASK Manchester, 10% ASK
424 kBaud Manchester, 10% ASK Manchester, 10% ASK
Active Passive
Initiator Possible Not Possible
Target Possible Possible
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
![Page 6: Security in Near Field Communication Strengths and Weaknesses](https://reader035.vdocuments.net/reader035/viewer/2022062723/56813b47550346895da429f3/html5/thumbnails/6.jpg)
6July 13th, 2006
Eavesdropping
• I am sorry, but NFC is not secure againsteavesdropping .
• From how far away is it possible to eavesdrop?– Depends….
• RF field of sender• Equipment of attacker• ….
• Does Active versus Passive mode matter?– Yes
• In active mode the modulation is stronger (in particular at 106 kBaud)• In passive mode eavesdropping is harder
• Countermeasure– Secure Channel
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
![Page 7: Security in Near Field Communication Strengths and Weaknesses](https://reader035.vdocuments.net/reader035/viewer/2022062723/56813b47550346895da429f3/html5/thumbnails/7.jpg)
7July 13th, 2006
Data Modification
1 Bit
1. Half-Bit 2. Half-Bit
100
0
Coded “0” Coded “1”
Modified Miller Coding, 100% ASK
Manchester Coding, 10% ASK
1 Bit
1. Half-Bit 2. Half-Bit
100
0
1 Bit
1. Half-Bit 2. Half-Bit
100
0
1 Bit
1. Half-Bit 2. Half-Bit
100
0
Countermeasure– Secure Channel
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
![Page 8: Security in Near Field Communication Strengths and Weaknesses](https://reader035.vdocuments.net/reader035/viewer/2022062723/56813b47550346895da429f3/html5/thumbnails/8.jpg)
8July 13th, 2006
Man in the Middle Attack
Alice Bob
Eve
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
![Page 9: Security in Near Field Communication Strengths and Weaknesses](https://reader035.vdocuments.net/reader035/viewer/2022062723/56813b47550346895da429f3/html5/thumbnails/9.jpg)
9July 13th, 2006
Man in the Middle Attack
Alice Bob
Message
Eve
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
![Page 10: Security in Near Field Communication Strengths and Weaknesses](https://reader035.vdocuments.net/reader035/viewer/2022062723/56813b47550346895da429f3/html5/thumbnails/10.jpg)
10July 13th, 2006
Man in the Middle Attack
Alice Bob
Message
Eve
Eavesdropping
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
![Page 11: Security in Near Field Communication Strengths and Weaknesses](https://reader035.vdocuments.net/reader035/viewer/2022062723/56813b47550346895da429f3/html5/thumbnails/11.jpg)
11July 13th, 2006
Man in the Middle Attack
Alice Bob
Message
Eve
EavesdroppingDisturb
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
![Page 12: Security in Near Field Communication Strengths and Weaknesses](https://reader035.vdocuments.net/reader035/viewer/2022062723/56813b47550346895da429f3/html5/thumbnails/12.jpg)
12July 13th, 2006
Man in the Middle Attack
Alice Bob
Message
Eve
EavesdroppingDisturb
Alice detects the disturbance and stops the protocol• Check for active disturbances !
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
![Page 13: Security in Near Field Communication Strengths and Weaknesses](https://reader035.vdocuments.net/reader035/viewer/2022062723/56813b47550346895da429f3/html5/thumbnails/13.jpg)
13July 13th, 2006
Man in the Middle Attack
Alice Bob
Eve
Message
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
![Page 14: Security in Near Field Communication Strengths and Weaknesses](https://reader035.vdocuments.net/reader035/viewer/2022062723/56813b47550346895da429f3/html5/thumbnails/14.jpg)
14July 13th, 2006
Man in the Middle Attack
Alice Bob
Eve
Message
Eve cannot send to Bob, while RF field of Alice is on!• Use Active – Passive connection !• Use 106 kBaud !
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
![Page 15: Security in Near Field Communication Strengths and Weaknesses](https://reader035.vdocuments.net/reader035/viewer/2022062723/56813b47550346895da429f3/html5/thumbnails/15.jpg)
15July 13th, 2006
Man in the Middle Attack
Alice Bob
Eve
Message
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
![Page 16: Security in Near Field Communication Strengths and Weaknesses](https://reader035.vdocuments.net/reader035/viewer/2022062723/56813b47550346895da429f3/html5/thumbnails/16.jpg)
16July 13th, 2006
Man in the Middle Attack
Alice Bob
Eve
Message
Alice would receive data sent by Eve• Verify answer with respect to this possible attack!
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
![Page 17: Security in Near Field Communication Strengths and Weaknesses](https://reader035.vdocuments.net/reader035/viewer/2022062723/56813b47550346895da429f3/html5/thumbnails/17.jpg)
17July 13th, 2006
What we have so far
• Eavesdropping– No protection
• Use a Secure Channel
• Data Modification– No protection
• Use Secure Channel
• Man in the Middle Attack– Very good protection if
• Alice uses 106 kBaud• Alice uses Active – Passive mode• Alice checks for disturbance• Alice checks for suspicious answers from Bob
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
![Page 18: Security in Near Field Communication Strengths and Weaknesses](https://reader035.vdocuments.net/reader035/viewer/2022062723/56813b47550346895da429f3/html5/thumbnails/18.jpg)
18July 13th, 2006
Secure Channel is easy…
• Standard DH Key Agreement– Suffers from Man-in-the-Middle issue
• That’s fine with NFC, because right here NFC really provides protection !
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
![Page 19: Security in Near Field Communication Strengths and Weaknesses](https://reader035.vdocuments.net/reader035/viewer/2022062723/56813b47550346895da429f3/html5/thumbnails/19.jpg)
19July 13th, 2006
Secure Channel is easy…
• Standard DH Key Agreement– Suffers from Man-in-the-Middle issue
• That’s fine with NFC, because there NFC really provides protection !
• Eavesdropping
• Data Modification
• Man-in-the Middle
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
![Page 20: Security in Near Field Communication Strengths and Weaknesses](https://reader035.vdocuments.net/reader035/viewer/2022062723/56813b47550346895da429f3/html5/thumbnails/20.jpg)
20July 13th, 2006
Key Agreement – An Alternative
1 Bit
1. Half-Bit 2. Half-Bit
100
0
100
0
100
0
200
1 Bit
1. Half-Bit 2. Half-Bit
100
0
100
0
100
0
200
Alice
Eve
Bob
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
![Page 21: Security in Near Field Communication Strengths and Weaknesses](https://reader035.vdocuments.net/reader035/viewer/2022062723/56813b47550346895da429f3/html5/thumbnails/21.jpg)
21July 13th, 2006
Key Agreement – An Alternative
• Perfect in theory – Obvious to see
• Needs perfect synchronization between Alice and Bob
– Amplitude
– Phase
• Alice and Bob must actively perform this synchronization
• Security in practice depends on
– Synchronization
– Equipment of attacker
• Advantages
– Cheap (requires no cryptography)
– Extremely fast
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
![Page 22: Security in Near Field Communication Strengths and Weaknesses](https://reader035.vdocuments.net/reader035/viewer/2022062723/56813b47550346895da429f3/html5/thumbnails/22.jpg)
22July 13th, 2006
Conclusion
• NFC does not provide any security by itself
• Secure Channel is required
• Physical properties of NFC protect against Man-in-the-Middle
• Establishing a Secure Channel becomes easy
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
![Page 23: Security in Near Field Communication Strengths and Weaknesses](https://reader035.vdocuments.net/reader035/viewer/2022062723/56813b47550346895da429f3/html5/thumbnails/23.jpg)