230 likes | 338 Views
Security in Near Field Communication Strengths and Weaknesses. Ernst Haselsteiner, Klemens Breitfuss. RFIDSec 06. July 13th, 2006. Contents. Contents. NFC Intro. What is NFC? Threats & Countermeasures Eavesdropping Data Modification Man-in-the-Middle Secure Channel Key Agreement.
E N D
Security in Near Field CommunicationStrengths and Weaknesses Ernst Haselsteiner, Klemens Breitfuss RFIDSec 06 July 13th, 2006
Contents Contents NFC Intro • What is NFC? • Threats & Countermeasures • Eavesdropping • Data Modification • Man-in-the-Middle • Secure Channel • Key Agreement Eaves- dropping DataModification Man-in-the-Middle SecureChannel Conclusion
What is NFC? Contents NFC Intro • Designed for short distance communication (up to 10 cm) • It’s a contactless card and a contactless reader in one chip • It operates at 13.56 MHz • It’s designed for low bandwidth (max speed is 424 kBaud) • Applications aimed for are • Ticketing • Payment • Device Pairing Eaves- dropping DataModification Man-in-the-Middle SecureChannel Short Range 13,56MHz RF Link Conclusion
Some details we need to know… Contents NFC Intro • There are dedicated roles • Initiator and Target • Any data transfer is a message and reply pair. Eaves- dropping DataModification Message Initiator Target Reply Man-in-the-Middle SecureChannel • There are dedicated modes of operation • Active and Passive • Active means the device generates an RF field • Passive means the device uses the RF field generated by the other device Conclusion
Some details we need to know… Contents NFC Intro Eaves- dropping DataModification Man-in-the-Middle SecureChannel Conclusion
Eavesdropping Contents NFC Intro • I am sorry, but NFC is not secure againsteavesdropping . • From how far away is it possible to eavesdrop? • Depends…. • RF field of sender • Equipment of attacker • …. • Does Active versus Passive mode matter? • Yes • In active mode the modulation is stronger (in particular at 106 kBaud) • In passive mode eavesdropping is harder • Countermeasure • Secure Channel Eaves- dropping DataModification Man-in-the-Middle SecureChannel Conclusion
Data Modification Contents Coded “0” Coded “1” NFC Intro Eaves- dropping Modified Miller Coding, 100% ASK DataModification Man-in-the-Middle Manchester Coding, 10% ASK SecureChannel Conclusion Countermeasure • Secure Channel
Man in the Middle Attack Contents NFC Intro Eaves- dropping Alice Bob DataModification Man-in-the-Middle SecureChannel Eve Conclusion
Message Man in the Middle Attack Contents NFC Intro Eaves- dropping Alice Bob DataModification Man-in-the-Middle SecureChannel Eve Conclusion
Message Eavesdropping Man in the Middle Attack Contents NFC Intro Eaves- dropping Alice Bob DataModification Man-in-the-Middle SecureChannel Eve Conclusion
Message Eavesdropping Man in the Middle Attack Contents NFC Intro Eaves- dropping Alice Bob DataModification Man-in-the-Middle Disturb SecureChannel Eve Conclusion
Message Eavesdropping Man in the Middle Attack Contents NFC Intro Eaves- dropping Alice Bob DataModification Disturb Man-in-the-Middle Eve SecureChannel Conclusion Alice detects the disturbance and stops the protocol • Check for active disturbances !
Man in the Middle Attack Contents NFC Intro Eaves- dropping Alice Bob DataModification Message Man-in-the-Middle Eve SecureChannel Conclusion
Man in the Middle Attack Contents NFC Intro Eaves- dropping Alice Bob DataModification Message Man-in-the-Middle Eve SecureChannel Conclusion Eve cannot send to Bob, while RF field of Alice is on! • Use Active – Passive connection ! • Use 106 kBaud !
Man in the Middle Attack Contents NFC Intro Eaves- dropping Alice Bob DataModification Message Man-in-the-Middle Eve SecureChannel Conclusion
Man in the Middle Attack Contents NFC Intro Eaves- dropping Alice Bob DataModification Message Man-in-the-Middle Eve SecureChannel Conclusion Alice would receive data sent by Eve • Verify answer with respect to this possible attack!
What we have so far Contents NFC Intro • Eavesdropping • No protection • Use a Secure Channel • Data Modification • No protection • Use Secure Channel • Man in the Middle Attack • Very good protection if • Alice uses 106 kBaud • Alice uses Active – Passive mode • Alice checks for disturbance • Alice checks for suspicious answers from Bob Eaves- dropping DataModification Man-in-the-Middle SecureChannel Conclusion
Secure Channel is easy… Contents NFC Intro • Standard DH Key Agreement • Suffers from Man-in-the-Middle issue • That’s fine with NFC, because right here NFC really provides protection ! Eaves- dropping DataModification Man-in-the-Middle SecureChannel Conclusion
Secure Channel is easy… Contents NFC Intro • Standard DH Key Agreement • Suffers from Man-in-the-Middle issue • That’s fine with NFC, because there NFC really provides protection ! Eaves- dropping DataModification Man-in-the-Middle • Eavesdropping • Data Modification • Man-in-the Middle SecureChannel Conclusion
Key Agreement – An Alternative Contents NFC Intro Eaves- dropping Alice DataModification Bob Man-in-the-Middle SecureChannel Eve Conclusion
Key Agreement – An Alternative Contents NFC Intro • Perfect in theory – Obvious to see • Needs perfect synchronization between Alice and Bob • Amplitude • Phase • Alice and Bob must actively perform this synchronization • Security in practice depends on • Synchronization • Equipment of attacker • Advantages • Cheap (requires no cryptography) • Extremely fast Eaves- dropping DataModification Man-in-the-Middle SecureChannel Conclusion
Conclusion Contents NFC Intro • NFC does not provide any security by itself • Secure Channel is required • Physical properties of NFC protect against Man-in-the-Middle • Establishing a Secure Channel becomes easy Eaves- dropping DataModification Man-in-the-Middle SecureChannel Conclusion