© 2014. Smart Card Alliance. All Rights Reserved. NFC Tags and Security Roger Hornstra Identiv
© 2014. Smart Card Alliance. All Rights Reserved.
NFC Tags and Security
Roger Hornstra Identiv
What is NFC?
• Near Field Communications • Short Range Wireless using ISO 14443
• (1-4cm typical,10cm max)
• Low Speed Communications (106-414 kbps) • Passive Targets(look now batteries!)
• Random devices that are not powered-Stickers
• Low Friction Setup( No Discovery No Pairing) • Two devices when close to each other automatically start communicating
NFC Tag Types
• Tag 1Type • Based on the ISO14443A standard. Tags are read and re-write capable
and users can configure the tag to become read-only. Memory available today up to 512 bytes. Expandable up to 2 Kbytes. The communication speed of this NFC tag is 106 Kbit/s. As a result of its simplicity this tag type is cost effective and ideal for many NFC applications
• Tag 2 Type • Also based on ISO14443A. Tags are read and re-write capable and users
can configure the tag to become read-only. The basic memory size of this tag type is only 48 bytes to 888 Bytes. Expanded to 2 Kbyte. Com. speed is 106 Kbit/s.
• Tag 3 Type • Based on the Sony FeliCa system. Currently has a 2 Kbyte memory
capacity and the data communications speed is 212 Kbit/s. Accordingly this NFC tag type is more applicable for more complex applications. Please note: higher cost per tag.
• Tag 4 Type • Defined to be compatible with ISO14443A and B standards. Tag must be
formatted/pre configured prior to personalization. Read / re-writable, or read-only. The memory capacity can be up to 32 Kbytes and the communication speed is between 106 Kbit/s and 424 Kbit/s. Highest cost per tag.
IC Manufacturers & NFC Types
NFC Forum Platform
Type 1 Tag Type 2 Tag Type 3 Tag Type 4 Tag
Compatible Products Broadcom Topaz
NXP Mifare Ultralight, NXP Mifare Ultralight C, NXP NTAG203, 210,213,216
Sony FeliCa NXP DESFire / NXP SmartMX-JCOP
Memory Size Original 96 now 512 Bytes
48 Bytes / 888 Bytes 1, 4, 9 KB 4 KB /32 KB
Unit Price Low Low High Medium I High
Data Access Read/Write or Read-Only
Read/Write or Read-Only
Read/Write or Read-Only
Read/Write or Read-Only
New chips
• NXP Ultralight C(192 bytes) • Key additional features:
• Enhanced Security including anti cloning protection first IC to increase UID to 7 bytes
• 3DES Encryption Authentication Support
• OTP area
• NXP NTAG 210(80bytes),212(164 bytes), 213(144 bytes) 215(504 bytes) and 216(888 bytes)
• Key Additional Features:
• 32 bit password used to lock memory.
• Field programmable read only locking feature.
• No DES Encryption
NFC Tag 1-4 Antenna Sizes and Shapes
Antenna Size Tape pitch (mm) Tape width (mm) Antenna Material Details
45 x 76 mm 80 48 AI
45 x 42 mm 48 48 AI
60 x 25 mm 32 64 AI
60 x 10 mm 25.4 65 Cu
38 x 22.5 mm 35 48 AI
15 x 32 mm 48 35 AI
32 x 15 mm 25 48 AI
20 x 10 mm 25.3 48 Cu
14,4 x 14.5 mm 22 25 Cu
14 x 31 mm 48 48 Cu
3,5 x 45 mm 50.8 35 Cu
Ø8.7 mm 14.25 35 Cu
Ø12 mm 25.4 35 Cu
Ø15 mm 25.4 35 Cu
Ø20 mm 30 35 Cu
Ø25 mm 32 35 Cu
Ø34 mm 48 48 AI
Ø107 mm 127 119 AI
NFC & Global Applications: DISCOVERY, TRANSACTIONS, EXCHANGE
NFC is “Near Field Communication”
Close proximity wireless technology
Fully standardized
Compatible with existing smart card
infrastructure
2013 phone penetration
300 million +
Intuitive, super easy to use
“CHECK IN
& PICK UP ”
DISCOVERY
TRANSACTIONS
Social media location updates
On the spot reviews
Offers/ coupons/ directions
On the spot services, e.g.,
movie trailers
PEER TO PEER EXCHANGES
Person to Person
Sharing (contact, vcard, photos,
songs…)
Social networking, gaming …
Machine to Machine
Pairing wireless protocols
(e.g. easy log-on to WiFi)
Sharing between phone and PC,
TV & other devices
Speed, Convenience & Ease of
use
Existing infrastructure
Multitasking
Mobile computing power
Rich user interface
The Market has Evolved Where Today we Find:
NFC -- a short-range, wireless
communication standard -- can be
summed up in three primary
purposes: Sharing, Pairing and
Transactions.
Transportation
Food ordering
Information on demand
Loyalty point
collection
/ redemption
Smart poster
Device Setting at cinema
Phone2Phone Payment
Coupon download - “down road”
KOREA
Original Applications Ideas
At homePut an NFC tag near your door and set it to do things
like: enable Wi-Fi, decrease brightness, disable Bluetooth, and
auto-sync. Using NFC Task Launcher, you can program the tag to
"switch," so that when you exit your house and tap the tag for the
second time, it changes those settings (like disabling Wi-Fi.)
Driving in the carStick an NFC tag somewhere near your
dashboard or middle console and have it disable Wi-Fi, increase
volume, and enable Bluetooth (for a headset). If you have your
phone hooked up to the car's speakers, program the tag to fire up
an app like Pandora.
Recent Applications Ideas
• Getting to workPlace the NFC tag on a phone dock or your desk's surface and program it to decrease brightness, disable sounds, enable Wi-Fi, and enable auto-sync. Depending on your habits, you might also have it launch a music app, open your daily to-do list, and even check you into Foursquare.
• If you use the Switch option, you can tap the tag again on your way out and have it disable the previously enabled features. And, if you're an extra attentive husband or wife, the tag can also be programmed to send your loved one a text message alerting them that you've left the office and are on the way home.
• On the bedside tableIf you have a phone dock by your bed or place a tag near the dock and program it to disable sounds, enable any alarms, disable auto-sync, disable the notification LED, and decrease the brightness.
• Working outThe fitness types might benefit from an NFC tag on their workout armband or gym bag. For zero distractions, program the tag to enable airplane mode. Or, use the tag to fire up your favorite fitness app and playlist or streaming music app.
More
• Give access to your Wi-Fi network
• If you'd like to give guests at home (or at an office) access to your Wi-Fi network without giving up your password, check out InstaWifi. The free Android app lets you program an NFC tag that, when tapped with an NFC-enabled device, gives the phone or tablet instant access to the associated Wi-Fi network.
• Download the app from the Google Play store to get started (link).
• Auto-start timersHow many times have you loaded the washing machine, walked away, and completely forgot you were doing your laundry? Put an NFC tag next to your washing machine and dryer that, when tapped, fires up a timer.
• Get shortcuts to specific Evernote notesWith Touchanote, a free app that won the Evernote Developers Competition, tags can be programmed to link directly to specific notes. Their examples include a tag on your desk that opens a to-do list, or placing a tag near a product that links to a note with instructions on how to use it. For more examples and the full walkthrough, check out the video on YouTube. You can download Touchanote from the Google Play Store now (link).
Little Known Uses and Unique ideas
MANY MORE NFC APPLICATIONS
Touch2Call
NFC Photo Frame
Touch n Check
Price/Product info
NFCTicket
Buy 1 or Many then transfer!
iLifeStory
Read someone’s life story
Touch2Go
NFC door reader
Touch2View
Movie purchase
Touch 2 Set Mode
Device Setting
NFC is EVERYWHERE!
Security
Security
NFC NDEF Basics
• Concept of the NFC NDEF is sending data of any format over the interface while still being able to retain the air interface data format.
• An NDEF message is composed of one or more NDEF records. There can be multiple records in a NDEF message.
• The limit for the number of records that can be encapsulated into an NFC NDEF message depends upon the application in use and the tag type used.
• In order that the system knows where the messages begin and end, the first record in a message is marked with the MB or Message Begin flag set and the last record in the message is marked with the ME or Message End flag set. The minimum message length is one record. This is achieved by setting both the MB and the ME flag in the same record.
NFC NDEF Basics
• To ensure that the data capability is used efficiently, NFC NDEF records do not incorporate an index number - the index number within the message is implicitly assigned by the order in which the records occur.
What is the Device Technology?
• Standard calls for 2 types • These are known as the Initiator and Target of the communication. As the names
imply, the initiator is the device that initiates the communication and it controls the data exchanges. The Target device is the one that responds to the requests from the Initiator.
• Standard defines two different modes of operation. • Active mode of communication: In the active NFC mode of communication, both
devices generate an RF signal on which the data is carried.
• Passive mode of communication: In this mode of communication, only one NFC device generates an RF field. The second passive device which is the target uses a technique called load modulation to transfer the data back to the primary device or initiator.
NFC Security Basic Threats
• There are several important areas for near field communications security. Each possibly vulnerability just be addressed and resolved. Some of the major NFC security areas are listed below: • Eavesdropping
• Data corruption • Data modification
• Man-in-middle attack
• Above are the most common ways to breach NFC security. Communication standard defines very close read range, therefore significantly reducing the probability of a threat. However this does not mean you are totally safe when deploying NFC tags. Any tag can be breached with time and knowhow!
NFC Security Basics Eavesdropping
• Radio Wave Attack Threat: • NFC radio waves propagate in the vicinity of the transmitter and are available to
be received. It is possible for unwanted users to pick up the signals. The technology to receive this signals is not difficult to create.
• Reception Range: • Typical NFC passive read range is just a few centimeters. Known attackers have
read usable signals up to 1 meter.
• Active mode distances of up to 10 meters may be at risk
NFC Security – Data Corruption
• Essentially a form of denial of service attack • Attacker may try to disturb the communications by sending data that may
or may not be valid • Possible threat to block the channel therefore corrupting legitimate data • Attacker does not need to be able to decipher the valid data being sent. • Power required to successfully attack a system is significantly higher than
that which can be detected by the NFC device transmitting the data. Therefore proper monitoring of data channel can detect the spike in power profile.
NFC Security – Data Modification • Involves the attacker aiming to arrange for the receiving device to receive
data that has been manipulated • Complication is data must be in the correct format for it to be accepted • Possible for some bits but not all to be modified due to the high baud rate
of data transfer • Example is 106 Baud data rate in active mode. Very difficult to intercept
in both directions simultaneously
NFC Security- Man-in-the-Middle
• This form of threat involves a two party communication being intercepted by a third party
• The third party acts as a relay, by listening and manipulating the data if required will enable the attacker to collect data
• Police probe 'skimming' card reader at Citizens ATM • January 15, 2013
• Gloucester police are advising residents to check bank statements after learning today that an illegal device used to read debit card information was attached to the Citizen’s Bank ATM at the bank’s Main Street location.
Consider Before Launching
• Design your Tag to meet environmental challenges • Always Lock the Tag • Consider offering visual authenticity techniques to prove your brand • If sensitive information exists consider using encryption • Networks monitoring active tags to create a trusted connection help to
protect against fraud • At the application level always allow the user he opportunity to confirm a
request • Take into account all aspects of new product launch to ensure your product offers
widespread trust
© 2014. Smart Card Alliance. All Rights Reserved.
For more information: go to: www.nfc-forum.org www.identiv.com
© 2014. Smart Card Alliance. All Rights Reserved.
1900 B Carnegie Ave. Santa Ana CA, 92705 (404) 531 9604
www.identiv.com
Roger Hornstra
VP Strategic Accounts
Identiv