Professional Documents
Culture Documents
NFC Technology: Assessment Effective of Security Towards Protecting NFC Devices & Services
NFC Technology: Assessment Effective of Security Towards Protecting NFC Devices & Services
NFC Technology: Assessment Effective of Security Towards Protecting NFC Devices & Services
Volume: 01, Issue: ICCIT- 1441, Page No.: 253 - 257, 9th & 10th Sep. 2020.
Abstract— Today with rapid development and adoption challenges this technology is facing. This paper will discuss
of information technology’s applications and services, the full security analysis of NFC. Firstly, we will discuss
the way we do business changed significantly and this is NFC from a general perspective. Then, we will discuss
making our daily lives more prosperous and hassle-free. some attacks that threaten NFC technology in compliance
Near Field Communication (NFC) has become one of with the security requirements. Finally, we will discuss
the promising technological developments. This Countermeasures in detail.
technology is vulnerable to security attacks. These
attacks lead to leakage of user’s important data which II. GENERAL DOMAIN OF NFC
could affect any organization adopting NFC In this section, we are going to discuss NFC from a general
technologies and applications. The basic objective of perspective. In this section, we will discuss NFC uses, the
this paper is to discuss NFC in general and compare this relationship between NFC and RFID, NFC operation modes
technology with RFID. Further, we reviewed various and NFC application behavior.
attack types and finally we proposed scientific
mechanisms that can help to increase the security
efficiency of NFC and to provide information protection
to NFC technologies.
I. In t r o d u c t io n
In the last decade, we have seen that the world is rapidly
moving towards automation. With the inception of
Internet-of-Things (IoT), Edge and Fog computing, and
Blockchain paradigms, automation is boosted greatly.
Further artificial intelligence developed using machine
learning algorithms, helps us not just to automate tasks but
to automate a task with the same or better accuracy and Fig. l.General domain
efficiency than humans. In addition modern-day advance
communication and networking technologies help to
facilitate communication and data transfer. The ultimate a. NFC in real-life uses
goal of automation is to make our societies more Technologies around us are getting more complex and
prosperous. In this work our particular focus is on Near advanced. The consumers can exchange digital content,
Field Communication (NFC) technology. With help of connect devices, use wireless ID cards, pay by contactless
NFC consumers can exchange digital content, connect payment or credit cards, and make transactions in a simple
other devices, use wireless ID cards, pay by contactless way with one touch by using NFC. Some big companies like
payment or credit cards, and make transactions in a simple Apple, Google, and Samsung has embedded NFC in their
way with one touch. NFC is a short-range advanced smartphones. NFC is vastly adopted in many apps such as
wireless technology. It is a technology that makes Google Wallet, Apple Pay, PayPal, Samsung Pay, and
consumers' life more convenient and easier [1]. Industry Apple shortcuts [2].
titans like Apple, Google and Samsung have embedded
NFC in their smartphones to eliminate the need for b. NFC VS RFID
payment cards [2]. These technologies are advertised as NFC technology is an extension of Radio Frequency
being too secure, as they are short-range and do not needs Identification (RFID) technology which is part of IoT
Wi-Fi or mobile phone networks. However, as the use of infrastructure. These technologies are closely related to each
NFC is increasing today, more security concerns are raised other. Both RFID and NFC operate at the same frequency
by experts because technologies like these are very much (13.56 MHz) [4]. NFC is a much similar RFID, but there are
vulnerable to security attacks as they require little to no some differences between these technologies such as
additional authentication from the consumers [3]. scanning distance and communication ways. NFC tag can
be scanned at a distance of 10 cm, Unlike RFID tag can be
The purpose of this paper is to conduct an overview of scanned at a distance of up100 cm [5]. NFC has peer to peer
security analysis with respect to NFC and the security communication or two-way communication, meantime
Volume: 01, Issue: ICCIT- 1441, Page No.: 253 - 257, 9th & 10th Sep. 2020.
978-1-7281-2680-7/20/$31.00 ©2020 IEEE
Authorized licensed use limited to: Auckland University of Technology. Downloaded on December 18,2020 at 22:48:46 UTC from IEEE Xplore. Restrictions apply.
A. Albattah, et al.: N FC Technology: Assessment...
RFID only communicates in one way communication which depends on the behavior of communication. It can be
operates only active (from 0 to 10 cm distance) and passive divided into four classes which are as following [5] :
(10 to 100 cm distance) [6].
Touch and go application - Requires the consumer to bring
c. ISO standards near or touch the NFC device to the NFC reader to
ISO is International Standards that ensure products and implement the tasks in the application.
services are safe. NFC devices required to stander which is
ISO/IEC 18092 and ISO/IEC 14443. The first one is defined Touch and confirm application- Requires the consumer to
communication modes for Near Field Communication confirm the interaction by accepting the payment
Interface and Protocol. And another is for identification transaction or entering the password for system
cards or objects for international interchange [7]. confirmation.
d. NFC operation modes Touch and connect application - Connect to enable the
There are three categories of NFC operation modes [5], peer-to-peer transfer of data between two NFC-enabled
which are (i) Card Emulation Mode, (ii) Reader/Writer devices. For example exchanging images, downloading
Mode and (iii) Peer-to-peer Mode. music or synchronizing address books.
Card Emulation Mode - Card emulation mode enables Touch and explore application - The consumer will be
devices to make contactless smart cards [8]. This mode is able to find and explore capabilities functionalities and
used by credit card, debit card, loyalty card, transport cards, applications.
identity or access cards [6],
NFC reader (Initiator) generates III. INFORMATION SECURITY REQUIREMENTS
13.56 MHZ magnetic field Confidentiality, integrity, and availability are main
---------------- ---------------- requirements of any effective system. The secure system
< ® =
NFC reader reads the
should guarantee the transfer of the data in a safe manner
[18] [19]. Thus, it prevents unauthorized manipulation or
information stored on the card access to data. Confidentiality prevents unauthorized access
to data. While the Integrity prevents data from unauthorized
Fig. 2. Card Emulation Mode [5]
modifications, then the Availability is time for which the
data is accessible [9][17][20][21]. Any breach in these three
Reader/Writer Mode - In reader/ writer mode, NFC-
requirements will cause a break in the system’s security.
enabled device can read data from NFC-tag embedded or
There are many methods to break the security of a system
writes information to the NFC tag. In this mode, the user
that we will discuss in section IV.
can retrieve data stored in NFC-tag, remote shopping and
Mobile-based services (social networking or location-
IV. RISKS AND ATTACKS ON NFC
based services) [6].
a. Risks in NFC Environment
Risks in the NFC environment target four basic sites that
constitute NFC technology components, these sites are:
1. Hardware: hardware refers to all physical components,
equipment, and tools that composed NFC systems, such as
devices, NFC chip, etc.
2. Software: Applications or instructions arranged in a
specific format for carrying out an NFC task; they are either
Fig. 3. Reader/Writer Mode [5] stored the information or autonomous the information
within the NFC systems [9].
Peer-to-peer Mode - Peer-to-peer mode enables us to 3. Data: Data is the most important component in the NFC
connect devices and they can interact with each other to system. Also, it is considered the main target for systems
exchange data, money transfer and social networking [8]. crimes. Data could be in an input or output, stored or
transmitted throughout networked systems, or it could be
stored inside the system [9].
4. Communication: It includes wireless communication
that connected the technical devices to each other. The most
threats that occur by exploiting the communication to gain
attack the system and constitute a bypass passage for the
intrusion.
Fig. 4. Peer-to-peer Mode [5] In this section, we have outlined the main components of the
NFC environment. These components are highly
e. NFC applications interconnected so that if one component is damaged it can
NFC requires close range for interaction, where its behavior damage the entire system. Consumers should, therefore,
is controlled through the device owners to activate NFC so consider all of these components and that all of them may
it can be used [8]. The classification of NFC applications be vulnerable to attack by attackers.
Vol. 01, No. ICCIT - 1441, pp. 253 - 257, 9th & 10th Sep. 2020.
Authorized licensed use limited to: Auckland University of Technology. Downloaded on December 18,2020 at 22:48:46 UTC from IEEE Xplore. Restrictions apply.
A. Albattah, et al.: N FC Technology: Assessment...
Vol. 01, No. ICCIT - 1441, pp. 253 - 257, 9th & 10th Sep. 2020.
Authorized licensed use limited to: Auckland University of Technology. Downloaded on December 18,2020 at 22:48:46 UTC from IEEE Xplore. Restrictions apply.
A. Albattah, et al.: N FC Technology: Assessment...
Vol. 01, No. ICCIT - 1441, pp. 253 - 257, 9th & 10th Sep. 2020.
Authorized licensed use limited to: Auckland University of Technology. Downloaded on December 18,2020 at 22:48:46 UTC from IEEE Xplore. Restrictions apply.
A. Albattah, et al.: N FC Technology: Assessment...
Vol. 01, No. ICCIT - 1441, pp. 253 - 257, 9th & 10th Sep. 2020.
Authorized licensed use limited to: Auckland University of Technology. Downloaded on December 18,2020 at 22:48:46 UTC from IEEE Xplore. Restrictions apply.