1 / 19

Security Stan dards for NFCIP-1

Ecma/TC47/2009/0 24-Rev1. Security Stan dards for NFCIP-1. TC47. NFC-SEC provides Security Specification for NFCIP-1.

kenyon
Download Presentation

Security Stan dards for NFCIP-1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ecma/TC47/2009/024-Rev1 Security Standards for NFCIP-1 TC47

  2. NFC-SEC provides Security Specification for NFCIP-1 • NFCIP-1 is standardised in ECMA-340. It specifies the signalling interface and protocols for Near Field Communication (NFC) which is a wireless communication technology for closely coupled Consumer Electronic devices. • NFC-SEC defines a protocol stack that enables application independent and state of the art encryption functions on the data link layer, on top of NFCIP-1. • NFC security standards will be deployed for all those NFCIP-1 connections which require protection against eavesdropping and data manipulation and which do not necessarily require application specific encryption mechanisms. • A typical example is the initial association ("pairing") of devices for longer range wireless communications. Bluetooth or WiFi pairing protocols may use NFC security standards to exchange security-sensitive connection contexts on a protected NFCIP-1 connection before switching to their respective longer range wireless technologies. Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 2

  3. NFCIP-1 Protocol Arrangement ISO/IEC 21481ECMA-352(NFCIP-2) ISO/IEC 14443 ISO/IEC 15693 ISO/IEC 18092 ECMA-340(NFCIP-1) NFC-WI ECMA-373 ISO/IEC 28361 RF I/F Test Methods ECMA-356 ISO/IEC 22536 Protocol Test Methods ECMA-362 ISO/IEC 23917 Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 3

  4. Motivation for NFC-SEC Protection of Short Range Wireless Interface • Use cases: wired equivalent privacy for Short range communication for e.g. WiFi easy setup, Bluetooth easy setup • Function: protection against eavesdropping, skimming and data modification • Application independent security layer • For protecting NFC peer-to-peer communications • New feature for NFCIP-1 • Good balance between state-of-the-art security and performance Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 4

  5. NFC-SEC status is Published & Available • Ecma GA published NFC-SEC standards in Dec 2008 Available for free download • http://www.ecma-international.org/publications/standards/Ecma-385.htm • http://www.ecma-international.org/publications/standards/Ecma-386.htm • Submitted for ISO/IEC JTC1 Fast Track • Public White Paper http://www.ecma-international.org/activities/Communications/tc47-2008-089.pdf Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 5

  6. Normal use phase Wireless headset … NFC-SEC protects peer-2-peer ad-hoc secure connection Pairing phase NFC-SEC headset Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 6

  7. NFC-SEC Modular Concept • ECMA-385 NFC-SEC-SP is the common framework and protocol specification • ECMA-386 NFC-SEC-01 contains cryptographic mechanisms, specific methods, algorithm key parameters • Flexibility and extensibility • More cryptography standards may come • If extended, the actual list will be maintained on Ecma pages NFC-SEC-01 ECMA-386 NFC-SEC-0x ECMA-xxx …… NFC-SEC-SP ECMA-385 ISO/IEC 18092 ECMA-340(NFCIP-1) Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 7

  8. ECMA-385 Architecture Follows OSI reference model specified in ISO/IEC 7498-1 Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 8

  9. NFC-SEC User Proprietary Encryption Proprietary Encryption NFC-SEC User Prop.Encrypted Communication The shaded areas indicate the scope of NFC-SEC SSE SSE NFC-SEC User SCH SCH NFC-SEC User Std. Encrypted Communication NFC-SEC Services 2 Services • Shared Secret provides a key for proprietary encryption • Secure Channelencrypts data Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 9

  10. Key agreement Key c onfirmation Service SCH SSE PDU security Termination - NFC-SEC Protocol Security protocol: • Key establishment phase(for SSE and SCH) • Secure data exchange phase Encryption and MAC(for SCH only) • Encapsulated in DEP packets of NFCIP-1 Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 10

  11. ECMA-386 NFC-SEC-01 Cryptography Standard • NFC-SEC-01 provides • Message contents with concatenation rules for keys and other fields • Key primitives • Random number requirements • Conversion and transformation rules • Cryptographic algorithms and methods • to enable secure communication between NFCIP-1 devices that do not share any common secret data ("keys") before they start communicating with each other. • Kind of first (and at the moment the only) profile of NFC-SEC Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 11

  12. NFC-SEC-01 Basic Mechanisms • Elliptic Curve Diffie-Hellman (ECDH) Key exchange • 192 bit • Key derivation and confirmation • AES 128 bit • Data encryption • AES 128 bit • Data integrity • AES 128 bit Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 12

  13. State of the Art and Standardised Cryptography • NFC-SEC is based on established international standards, most were developed by ISO/IEC JTC1 SC27 • NFC-SEC-SP references • Framework: ISO/IEC 11770-1 • Basic model: ISO/IEC 7498-1 • Security architecture: ISO 7498-2 • Conventions for the definition of OSI services: ISO/IEC 10731 • NFC-SEC-01 references • General specifications: ISO/IEC 15946-1 • Key management using asymmetric technique: ISO/IEC 11770-3 • Block ciphers: ISO/IEC 18033-3 and ISO/IEC 10116 • Public key cryptography: IEEE 1363 and FIPS 186-2 • Random number bit generation: ISO/IEC 18031 Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 13

  14. Other Requirements … • NFC-SEC is tailored and linked to NFCIP-1 • Contents of error messages unspecified • The way, when and how the ECDH key pair (public and private key) are refreshed is not in the scope and depends on implementation of applications • NFC-SEC notifies the NFC-SEC User about message sequence violations • NFC-SEC-01 is the first registered cryptography standard • More may come • Publicly available register will be maintained by Ecma Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 14

  15. Relevance of NFCIP-1 • Specified in Annex B of ECMA-385 until ECMA-340 becomes revised • Method by which NFCIP-1 devices indicate their support of NFC-SEC • Initiator: SECi field of ATR_REQ (byte 13 PPi) • Target: SECt field of ATR_RES (byte 14 PPt) • Additional Protected PDUs • Coding “001” of PFB • Extension of PDU numbering rules for protected PDUs Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 15

  16. Nothing is Perfect • NFC-SEC-01 is vulnerable for MAN-IN-THE-MIDDLE (MITM) attacks • No entity authentication possible because no pre-installed shared secret • Practical risk of MITM • To be evaluated for individual implementation • Short operating distance and RF characteristics of NFC (“load modulation”) help keeping risk low • Reference:Security in NFC (Strength and Weaknesses)http://events.iaik.tugraz.at/RFIDSec06/Program/papers/002%20-%20Security%20in%20NFC.pdf • Sequence integrity tailored for NFCIP-1 • Allows replay of last delivered message • Notifies lost packages Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 16

  17. Application example: Pairing • Device A includes Bluetooth or WiFi and NFC: Laptop • Device B includes Bluetooth or WiFi and NFC: Cell phone • USER finds NFC-Forum Target Mark on both devices • USER ACTION: touch phone with Laptop Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 17

  18. Application example: Pairing • Identification and initialization via NFCIP-1 (ECMA-340) • A and B both enumerate internal capabilities and applications • A and B detect that they share Bluetooth or WiFi without being paired and both have NFC capabilities, including NFC-SEC • Triggered by OS or user any of the devices, A or B may start an Bluetooth or WiFi pairing process which should exchange an connection context based on a secured NFC channel • USER Notification: • USER ACTION: touch phone with Laptop again and push confirmation button on phone and laptop If you want to pair A with B please touch devices and subsequently confirm with OK Pairing succeeded! Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 18

  19. Rue du Rhône 114 CH-1204 Geneva T: +41 22 849 6000 F: +41 22 849 6001 www.ecma-international.org Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 19

More Related