NFC Devices: Security and Privacy

The aim of this paper is to show security measures for NFC (Near Field Communication) use cases and devices. We give a brief overview over NFC technology and evaluate the implementation of NFC in devices. Out of this technology review we derive different use cases and applications based on NFC technology. Based on the use cases we show assets and interfaces of an NFC device that could be a possible target of an attacker. In the following we apply different attacks against the operation modes to show how applications and devices could be protected against such attacks. The information collected is consolidated in a set of threats giving guidelines on how to improve security and overcome privacy issues. This allows integrating NFC technology in a secure way for the end consumer.

[1]  Markus G. Kuhn,et al.  An RFID Distance Bounding Protocol , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[2]  Peter Torr,et al.  Demystifying the threat modeling process , 2005, IEEE Security & Privacy Magazine.

[3]  Claude Castelluccia,et al.  Noisy Tags: A Pretty Good Key Exchange Protocol for RFID Tags , 2006, CARDIS.

[4]  Avishai Wool,et al.  Picking Virtual Pockets using Relay Attacks on Contactless Smartcard , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[5]  Christoph Schaffer,et al.  The benefit of using SIM application toolkit in the context of near field communication applications , 2007, International Conference on the Management of Mobile Business (ICMB 2007).

[6]  Gerhard P. Hancke,et al.  A Practical Relay Attack on ISO 14443 Proximity Cards , 2005 .

[7]  Jean-Louis Lanet,et al.  Smart Card Research and Advanced Application, 9th IFIP WG 8.8/11.2 International Conference, CARDIS 2010, Passau, Germany, April 14-16, 2010. Proceedings , 2010, CARDIS.

[8]  Stephen A. Weis Security and Privacy in Radio-Frequency Identification Devices , 2003 .

[9]  Kevin Fu,et al.  Vulnerabilities in First-Generation RFID-Enabled Credit Cards , 2007, Financial Cryptography.