Wednesday, April 6, 2011

Near Field Communication (NFC)

There is a new communication standard on the horizon. It is called Near Field Communication, NFC, ISO-18000-3, and you might want to spend a few minutes with the Wikipedia article on it. It has all sorts of wonderful applications. It has a number of security applications and, of course, security limitations and implications.

NFC is intended for use on mobile computers, such as "smart-phones" or PDAs, that the user will be likely to carry, like keys or a wallet, most of the time. More than a dozen implementations, mostly smart-phones, have been shipped or announced by manufacturers including Benq, Google, LG, Motorola, Nokia, Samsung, and others. Applications await sufficient numbers but payment application trials are planned for San Francisco and New York.

Proposed applications include mobile payment, smart card emulation, including EMV, transportation and theatre ticketing, electronic keys, identity documents, cryptographic key management, and dozens of others. Of course, while not requiring NFC, these same devices can be used to implement both token-based and out-of-band strong authentication.

One application of NFC is as a reader of passive RFID tags and passive emulation of RFID tags. For example, eCLOWN is a program for a Nokia NFC phone to read the RFID information on an e-passport.* As you are probably aware there is significant opposition to any use of RFID from those who fear that the value likely from such applications will not justify the leakage or other unintended consequences. This opposition is likely to include NFC. (That the ability to read this information might marginally reduce the cost of forging an e-passport is sufficient reason for some to resist the use of the technology altogether. This, in spite of the fact that an e-passport is much more difficult to forge than an ordinary one.)

The name derives from the inductive effect of the "near field," i.e., within two wave-lengths distance, of the antenna. The reliance of the technology on this effect limits its effective range to about 4cm but the "far field" effect of the antenna might leak information beyond the effective range, perhaps at a distance of a few meters. Because, unlike Bluetooth, NFC does not provide encryption, for some applications encryption such as SSL or Mime, might have to be implemented at a higher layer

NFC is low-power, 15ma, as well as near-fieled inductive, and consequently relatively low speed, 421 kbps. This is fast enough for security and financial applications but much too slow for streaming video or even surfing the web. However, it has one great advantage over competing technologies, i.e., connection setup time. While Bluetooth may take seconds to establish a peer-to-peer connection (after "pairing"), NFC takes less than a tenth of a second. (One proposed application of NFC is for pairing of Bluetooth.)

As with any technology that is vulnerable to eavesdropping and replay, NFC is weak, that is, "one-factor," authentication. Most of the security applications will require strong authentication, at least two factors and resistance to replay. To the extent that NFC is implemented on hand-held computers, a wide variety of authentication schemes will be open to application designers.

NFC signals via amplitude modulation; its ability to resist a the modification of a bit is a function of the strength of the modulation and the coding used. However, some NFC applications may have to provide encryption to resist data modification attacks.

Because NFC is low power, electronic jamming will be relatively easy. Of course, the same is true of Bluetooth. The experience with Bluetooth suggests that this is a vulnerability without a problem. However, NFC may not be suitable for applications where ultra-high availability is a requirement.

NFC devices are vulnerable to loss, along with any credentials, privileges, and capabilities associated with them. Applications should resist the use of lost devices by implementing lock-words for use of the device, remote disabling and erasure, and other security mechanisms. Abandoned NFC connections might be vulnerable to exploitation until and unless they time out. Therefore, devices and applications should be designed to time out in the minimum time adequate for the application.

Those of you that are followers of IGTV or of my blog know that I am a long time critic of the use of mag-stripe and PIN for our point-of-sale payment system. Outiside the US, EMV cards are being used to improve the system. However, progress is limited by implementations that are backward compatible with mag-stripe and PIN. Perhaps this is to be able to process the cards carried by American travelers.

Although there are trial EMV cards and merchants prepared to accept them in the US, there are no plans to deploy them widely, much less pervasively, or exclusively. This is in part because of the cost of cards and readers, and in part because they do not solve the "card-not-present" problem. It is in part because transiting the intervening payment card service providers is difficult.

Not only can NFC devices both emulate and read EMV cards, these smart devices can address the card-not-present problem for mail-order, phone order, and Internet commerce. Moreover, hand-held devices can emulate multiple cards and accounts, functioning as e-wallets and reducing the number of credentials and tokens that a consumer must carry.

Like many such technologies, Near Field Communication is inherently neither secure nor insecure. It is proposed in good faith and with high hopes for legitimate applications. However, I have now lived long enough to expect poor implementations, inappropriate uses, and unintended consequences for any novel technology. I am not without sympathy for those who fear technology in general and RFID in particular. I will be surprised if NFC is not chosen for some applications for which it will not be secure and for others where, as with mag-stripe and PIN, it will survive long after use has stressed it to the breaking point.

The "securability" and reliability of NFC applications will depend in large part on the devices on which they are implemented, that is, in the ability of those devices and their operating system software to resist application-to-application data leakage and interference. These mobile devices are already being used for financial transactions over the Internet and using graphical readers for bar codes or QR codes. However, it is clear that these systems will vary greatly in their ability to protect their applications and will rely to some degree upon their users and vendors to keep them sanitary and current. We must be prepared for the NFC technology to be blamed for any compromise with which it is even remotely associated.

Still, I am hopeful that NFC will find many security applications and "securible" implementations. I particularly hope that it will find application in the payment system, and, for example, by emulating EMV, encourage its adoption. We must design and chose carefully and apply and use conservatively. We should err on the safe side. We have to prepare diligently and advance cautiously. It will be difficult and risky and it will challenge our knowledge, skills, and abilities. That is why we are called professionals and are paid the big bucks.


* Step 2 of the instructions for using eCLOWN is "Insert the passport (crypto) key." It is silent on where to obtain this key. However, because there are many copies of the key, that will be, at best, difficult.

1 comment: