Chapter 4

NFC Security and Privacy

Security is the degree of protection against an

intentional or accidental misuse or action. So far
we have discussed the working of NFC. This
chapter gives analysis of security with respect to
NFC. It lists the threats, which are applicable to
NFC, and describes solutions to protect against
these threats. All of this is given in the context of
currently available NFC hardware, NFC applications
and possible future developments of NFC
This chapter presents introductory knowledge on
security; vulnerability, threat, attack, and risk;
cryptography; NFC security issues and preventive
mechanisms to handle the risks. The content is
provided for both those in higher, or managerial
and lower, or technical levels.
Potential readers are academicians, researchers,
students, consultants, practitioners,
projectmanagers, software analysts, system
developers, and software developers.
Readers of this chapter will learn about the security
and privacy issues concerning NFC technology in

Chapter 4
detail. Hence they will be able to design secure and
interoperable

1.6.1 Vulnerability, Threat, Attack, and

Risk
Vulnerability is a weakness in a system which
allows an attacker to perform some actions that
threatens its information assurance.
A threat is a possible danger that may cause an
unfair benefit to the unauthorized user orcause
harm by making use of vulnerability
An intentional attempt by intruders to perform an
unauthorized access to information is called an
attack
Attacks are classified as active or passive. If an
attack does not modify or delete a resource it is
classified as passive, otherwise it is classified as an
active attack
The potential harm that may arise after the
realization of some threat is further defined as the
risk

Chapter 4

1.6.2 Security Tools and Mechanisms

Cryptography is also used for many purposes such
as hiding the content of the data froman
unauthorized third party, or preventing illegal
modification of some transmitted data The
following are the basic services that are provided
by cryptography:
_ the stored or exchanged information is not
revealed to the unauthorized parties.
_ the content of the stored or exchanged data
cannot be changed by unauthorized parties, or it
will be noticed if it occurs.
_ when the data are created or sent by some party,
the party cannot deny creating or sending them.
The idea of satisfying secrecy using cryptography
is being able to send the message in ascrambled
form called a cipher text, so that communication
between the sender and the receiver
Is still possible, and can be performed using public
channels such as the Internet.

1.6.3 Security Issues on NFC Tag

Chapter 4

Remember that the NFC tag is involved in

reader/writer mode. In this mode traditionally
anNFC mobile interacts with an NFC tag. In order to
satisfy the overall security requirements,
The security of the data on the NFC tag as well as
the security of the communication between NFC
devices must be secured
to handle the security ofthe same tag in NFC.
Traditionally, the following are the security issues
related to the NFC tag:

(i)

Tag cloning

The attacker may try to clone, or create an exact

copy of a valid tag. In orderto insert preventive
mechanisms to the system, applications that
require high Processing capability are required,
increasing the cost of low-cost tags. Obviously
This is unfeasible and unacceptable, since the
major point here is enabling low-cost NFC tags.
(ii) Tag content changes

Chapter 4
The attacker may try to modify an NFC tag to
change its content. In this way, several attacks
become possible:
Spoofing attacks
Spoofing attack is providing false information to
the user which seems valid, and hence possibly will
be accepted by the user. By spoofing attack, the
user may insert a fake domain name, telephone
number or false information about the
identification of some person, item, or activity on
to the tag.
Manipulating tag data
The content of the tag might be changed by the
attacker for some malicious purpose.
Denial of Service (DOS) attack.
DoS attacks aim to damage the relationship
between the customer and the service provider.
The primary way to do this is by exhausting the
systems resources by forcing
It to perform some unnecessary and illegal action.
This results in decreasing and eventually
exhausting the power source of the server.
(iii) Tag replacement and tag hiding
The NFC tag may be replaced by a malicious tag,
so that the latter tag performs illegal actions as it

Chapter 4
is designed to do. Sticking a malicious tag on top of
the original tag or replacing the original tag with a
malicious tag is called tag hiding, and is enough to
let the system work as the attacker desires.

1.6.4 Security Issues on

Communication
_ Eavesdropping: An unauthorized individual may
use an antenna in order to record
communicationbetween NFC devices.
_ DataCorruption: In addition to eavesdropping,
an attacker can try to modify the transmitted data.
_ DataModification: The attacker may try to
modify or delete valuable information by
intercepting the communication.
_ DataInsertion: Data may be inserted into the
exchanged messages between two NFC devices.
The attacker must be fast enough to send the data
before the valid responder. Theinsertion will be
successful only if the inserted data can be
transmitted before the original device responds. If
both data streams overlap, the data will be
corrupted.

Chapter 4
_ Man-in-the-Middle Attack:These attacks are
performed by unknown parties in a
communication, who relay information back and
forth by giving the simultaneous appearance of
being the other party.
_ Relay Attack: The attacker uses wireless
communication to borrow the data from the
victims tag into another tag. This means that the
attacker inserts messages into the exchanged data
between two devices.
_ Replay Attack: A valid NFC signal is intercepted
and its data is recorded first; this is later
transmitted to a reader so that it is played back.
Since the data appear valid, the reader accepts
them unless suitable prevention mechanisms are
used.

Chapter 4

Figure 1-1. General Architecture of NFC enabled Mobile Phones

6.5 Secure Element

NFC enabled services must reassure users and
service providers that the transaction takes placein
a protected environment. This protection is
achieved by using an SE which provides the
Security mechanisms required to support various
business models. The SE is a combination of
hardware, software, interfaces, and protocols
embedded in a mobile handset that enables secure
storage.
An SE needs to have an operating system as usual.
The operating system (e.g., MULTOS, Java Card OS)
supports the secure execution of applications and
the secure storage

Chapter 4
Of application data. The operating system may also
support the secure loading of applications.
If NFC enabled applications are saved and
executed in the memory of the NFC enabled mobile
phones host controller, these applications are not
protected against unintentional
Deletion or intentional manipulation of the saved
data in the memory. They only transmit data
between NFC enabled mobile phones or collect
information from smart posters. In contactless
ticketing, payment and other similar application
cases, security is an important issue. These
applications use valuable data, and the storage of
valuable, private information (e.g., creditcard
information) in an unsecured memory is
unacceptable. The data could be transmitted via a
GSM interface to a third party who may misuse the
information.
To solve this issue, relevant NFC applications need
to be executed and saved in the memory of an SE
of the NFC enabled mobile phone (see Figure 3.8).
A variety of modules can serve
As SEs such as Universal Integrated Circuit Cards
(UICCs) (i.e., SIMs), memory cards or embedded

Chapter 4
hardware. An SE is necessary for various
applications such as payment, ticketing,
Government and other applications where secure
authentication and a trusted environment are
among the prerequisites.

_ Embedded hardware in a mobile device as an

integral, non-removable part of the device.
_ Secure Memory Card (SMC) as a secure storage
area in a removable smart card.
_ UICC as a physical smart card and maybe the
most popular one.

Chapter 4

Figure 2. Summary of SE Alternatives

Chapter 4

Embedded SE: Embedded SE is a smart card

that is integrated to the mobile phone, which
cannot be removed. According to the study the
level of security provided by this SE is as high
as the one supported by a smart card.
This chip is embedded into the mobile phone
during manufacturing process and must be
personalized after the device is delivered to
the end user
Sticker: According to Moby Forum NFC
stickers aim is to

allow Service providers a

quick way to launch pilots and start to deploy

NFC Services such as payment, loyalty,
transportation, and so on. Two types ofStickers
are available; active and passive stickers. In
theory, active stickersEnable all NFC services
and give NFC functionality to non-NFC mobiles.
Also life cycle management of active stickers is
possible because of theirConnection with the
mobile phones. They are mainly developed to
give NFC
Functionality to mobile phones, however
when NFC mobile phones are spread all over
the world, their usage is decreased. There is

Chapter 4
not much practical implementation of NFC
services management with stickers
SMC: Secure memory card (SMC) provides
same high-level security as aSmart card
provides, and it is compliant with most of the
main standards and interfaces of smart cards
with the removable property and a large
capacity memory, an SMC can host high number
of applications in it. Currently, most of the trials
are performed on SMCs.
UICC: UICC is a generic multi-application
platform for smart card applications where SIM
or USIM is implemented upon. UICC provides an
ideal environment for NFC applications that are
personal, secure, and portable and easily
managed remotely it can host no
telecomApplications from various service
providers such as loyalty, ticketing,Healthcare,
access control, and ID applications Global
Platform provides
The most promising standard for UICC life cycle
management (or namely cardContent
management) with three different business
models; simple as MNO

Chapter 4
Centric model, delegated model and full
authorized as TSM centric model However, there
are still some unsolved issues on UICC
cardManagement in NFC based services. Hence
there is not any UICC smart card commercially
available in the NFC market
Flexible SE Solutions: In early years of NFC,
because of lack of NFCMobiles in the market,
several alternative architectures have been
proposed to enable NFC to the mobiles without
integrated NFC capability. Especially
SMC and SIM based SEs with built-in NFC
antennas has acted as anImportant NFC bridge
devices (e.g., SMC hosting only NFC antenna and
SE,Or hosting NFC chip, antenna and SE and so
on) they shorten the time to-Market contactless
payment and similar applications. The study of
proposes an alternative that integrates NFC with
SIM card; SIM ApplicationToolkit
TMB: Trusted Mobile Base (TMB) is a promising
upcoming technology that isproposed by Moby
Forum. It is hosted at the root of the mobile
phones andDefined as a secure isolated section
on the Core Processor Units (CPU) of

Chapter 4
Mobile phones. Various secure NFC enabled
applications can beprovided flexibly via OTA
technology. According to TMB has the
fullpotential of becoming a SE in the future.

6.6 Interfaces between SE and NFC

Controller
There are various technical options for designing
the interface between the SE and the
NFCcontroller. The most promising two options are
NFC-WI and SWP. The most important
Difference between them is that SWP uses one
physical line whereas NFC-WI uses two lines.It is
worth mentioning that they are not alternatives to
each other but options to be used in certain places
instead

Chapter 4

(i) NFC-WI
NFC-WI (also called S2C) is a digital wire interface
standardized by ECMA 373, ISO/IEC 28361 as well
as ETSI TS 102 541. The SE is defined as a
transceiver and the NFC controller is defined as
front-end in this protocol. The SE is connected to
the NFC controller via two wires NFC-WI defines the
Signal-In (SIGIN) and the Signal-Out(SIGOUT) wires
between the transceiver and front-end as
illustrated in Figure 3.12. Inthe standard [3], the
transceiver is the entity that drives the SIGIN wire
and receives on the SIGOUT wire. The front-end is
the entity that drives the SIGOUT wire and receives
on the SIGIN wire. This digital wire interface carries
two binary signals which are defined as HIGH and
LOW. Both of them transmit modulation signals
between the NFC controller and the SE and are

Chapter 4
digitally received or sent by the RF interface. The
transceiver drives the SIGIN wire with a binary
signal of either HIGH or LOW. The front-end
receives the binary signal that is on the SIGIN wire.
The front-end drives the SIGOUT wire with a binary
signal of either HIGH or LOW. The transceiver
receives the binary signal that is on the SIGOUT
wire.
Three transmission rates supported by NFC-WI are
106, 212 and 424 kbps. At 106 kbps (see Figure
3.13), the data stream from the NFC controller to
the transceiver (SIGIN) shall carry the AND
combination of the Modified Miller bit encoded data
with 13.56 MHz In the opposite direction (SIGIN)
the data stream is Manchester encoded and then
inverted by a logical OR operation with 848 kHz. At
212 and 424 kbps, the data stream from theNFC
controller for transceiver (SIGIN) is Manchester
encoded and then inverted by a logical XOR
operation with 13.56 MHzThis corresponds to a PSK
(Phase Shift Keying)modulation of the clock signal.
In the opposite direction (SIGIN), the data stream is
againManchester encoded.
NFC-WI is fully compliant and directly coupled with
all modes, types and data rates of ISO/IEC 18092

Chapter 4
and ISO/IEC 14443, and no additional adaptation
and no protocol conversion is required. It is a
reliable concept which is feasible for immediate
implementation as well.
(ii) SWP
The next physical interface option is the SWP which
defines a single-wire connection between the SE
and the NFC controller in the mobile phone in
contrast to the NFC-WI.