Upload
spike
View
28
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Security in Near Field Communication Strengths and Weaknesses. Ernst Haselsteiner, Klemens Breitfuss. RFIDSec 06. July 13th, 2006. Contents. Contents. NFC Intro. What is NFC? Threats & Countermeasures Eavesdropping Data Modification Man-in-the-Middle Secure Channel Key Agreement. - PowerPoint PPT Presentation
Citation preview
Ernst Haselsteiner, Klemens Breitfuss
RFIDSec 06July 13th, 2006
Security in Near Field CommunicationStrengths and Weaknesses
2July 13th, 2006
Contents
• What is NFC?
• Threats & Countermeasures– Eavesdropping– Data Modification– Man-in-the-Middle
• Secure Channel– Key Agreement
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
3July 13th, 2006
What is NFC?
• Designed for short distance communication (up to 10 cm)
• It’s a contactless card and a contactless reader in one chip
• It operates at 13.56 MHz
• It’s designed for low bandwidth (max speed is 424 kBaud)
• Applications aimed for are
– Ticketing
– Payment
– Device Pairing
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
Short Range 13,56MHz
RF Link
4July 13th, 2006
Some details we need to know…
• There are dedicated roles– Initiator and Target– Any data transfer is a message and reply pair.
Initiator Target
Message
Reply
• There are dedicated modes of operation– Active and Passive– Active means the device generates an RF field– Passive means the device uses the RF field generated by the other device
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
5July 13th, 2006
Some details we need to know…
Active Passive
106 kBaud Modified Miller, 100% ASK Manchester, 10% ASK
212 kBaud Manchester, 10% ASK Manchester, 10% ASK
424 kBaud Manchester, 10% ASK Manchester, 10% ASK
Active Passive
Initiator Possible Not Possible
Target Possible Possible
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
6July 13th, 2006
Eavesdropping
• I am sorry, but NFC is not secure againsteavesdropping .
• From how far away is it possible to eavesdrop?– Depends….
• RF field of sender• Equipment of attacker• ….
• Does Active versus Passive mode matter?– Yes
• In active mode the modulation is stronger (in particular at 106 kBaud)• In passive mode eavesdropping is harder
• Countermeasure– Secure Channel
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
7July 13th, 2006
Data Modification
1 Bit
1. Half-Bit 2. Half-Bit
100
0
Coded “0” Coded “1”
Modified Miller Coding, 100% ASK
Manchester Coding, 10% ASK
1 Bit
1. Half-Bit 2. Half-Bit
100
0
1 Bit
1. Half-Bit 2. Half-Bit
100
0
1 Bit
1. Half-Bit 2. Half-Bit
100
0
Countermeasure– Secure Channel
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
8July 13th, 2006
Man in the Middle Attack
Alice Bob
Eve
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
9July 13th, 2006
Man in the Middle Attack
Alice Bob
Message
Eve
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
10July 13th, 2006
Man in the Middle Attack
Alice Bob
Message
Eve
Eavesdropping
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
11July 13th, 2006
Man in the Middle Attack
Alice Bob
Message
Eve
EavesdroppingDisturb
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
12July 13th, 2006
Man in the Middle Attack
Alice Bob
Message
Eve
EavesdroppingDisturb
Alice detects the disturbance and stops the protocol• Check for active disturbances !
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
13July 13th, 2006
Man in the Middle Attack
Alice Bob
Eve
Message
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
14July 13th, 2006
Man in the Middle Attack
Alice Bob
Eve
Message
Eve cannot send to Bob, while RF field of Alice is on!• Use Active – Passive connection !• Use 106 kBaud !
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
15July 13th, 2006
Man in the Middle Attack
Alice Bob
Eve
Message
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
16July 13th, 2006
Man in the Middle Attack
Alice Bob
Eve
Message
Alice would receive data sent by Eve• Verify answer with respect to this possible attack!
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
17July 13th, 2006
What we have so far
• Eavesdropping– No protection
• Use a Secure Channel
• Data Modification– No protection
• Use Secure Channel
• Man in the Middle Attack– Very good protection if
• Alice uses 106 kBaud• Alice uses Active – Passive mode• Alice checks for disturbance• Alice checks for suspicious answers from Bob
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
18July 13th, 2006
Secure Channel is easy…
• Standard DH Key Agreement– Suffers from Man-in-the-Middle issue
• That’s fine with NFC, because right here NFC really provides protection !
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
19July 13th, 2006
Secure Channel is easy…
• Standard DH Key Agreement– Suffers from Man-in-the-Middle issue
• That’s fine with NFC, because there NFC really provides protection !
• Eavesdropping
• Data Modification
• Man-in-the Middle
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
20July 13th, 2006
Key Agreement – An Alternative
1 Bit
1. Half-Bit 2. Half-Bit
100
0
100
0
100
0
200
1 Bit
1. Half-Bit 2. Half-Bit
100
0
100
0
100
0
200
Alice
Eve
Bob
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
21July 13th, 2006
Key Agreement – An Alternative
• Perfect in theory – Obvious to see
• Needs perfect synchronization between Alice and Bob
– Amplitude
– Phase
• Alice and Bob must actively perform this synchronization
• Security in practice depends on
– Synchronization
– Equipment of attacker
• Advantages
– Cheap (requires no cryptography)
– Extremely fast
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents
22July 13th, 2006
Conclusion
• NFC does not provide any security by itself
• Secure Channel is required
• Physical properties of NFC protect against Man-in-the-Middle
• Establishing a Secure Channel becomes easy
NFC Intro
Eaves-dropping
Conclusion
DataModification
Man-in-the-Middle
SecureChannel
Contents