2020 International Conference on Computing and Information Technology, University o f Tabuk, Kingdom o f Saudi Arabia.
Volume: 01, Issue: ICCIT- 1441, Page No.: 253 - 257, 9th & 10th Sep. 2020.
NFC Technology: Assessment Effective of Security
towards Protecting NFC Devices & Services
Albatul ALBATTAH
Information Technology Department Information Technology Department
Qassim University
Saudi Arabia
411207333@qu.edu.sa
Abstract— Today with rapid development and adoption
of information technology’s applications and services,
the way we do business changed significantly and this is
making our daily lives more prosperous and hassle-free.
Near Field Communication (NFC) has become one of
the promising technological developments. This
technology is vulnerable to security attacks. These
attacks lead to leakage of user’s important data which
could affect any organization adopting NFC
technologies and applications. The basic objective of
this paper is to discuss NFC in general and compare this
technology with RFID. Further, we reviewed various
attack types and finally we proposed scientific
mechanisms that can help to increase the security
efficiency of NFC and to provide information protection
to NFC technologies.
Keywords— Near field communication, Automation, Radio
frequency identification, security vulnerabilities
I. In t r o d u c t io n
In the last decade, we have seen that the world is rapidly
moving towards automation. With the inception of
Internet-of-Things (IoT), Edge and Fog computing, and
Blockchain paradigms, automation is boosted greatly.
Further artificial intelligence developed using machine
learning algorithms, helps us not just to automate tasks but
to automate a task with the same or better accuracy and
efficiency than humans. In addition modern-day advance
communication and networking technologies help to
facilitate communication and data transfer. The ultimate
goal of automation is to make our societies more
prosperous. In this work our particular focus is on Near
Field Communication (NFC) technology. With help of
NFC consumers can exchange digital content, connect
other devices, use wireless ID cards, pay by contactless
payment or credit cards, and make transactions in a simple
way with one touch. NFC is a short-range advanced
wireless technology. It is a technology that makes
consumers' life more convenient and easier [1]. Industry
titans like Apple, Google and Samsung have embedded
NFC in their smartphones to eliminate the need for
payment cards [2]. These technologies are advertised as
being too secure, as they are short-range and do not needs
Wi-Fi or mobile phone networks. However, as the use of
NFC is increasing today, more security concerns are raised
by experts because technologies like these are very much
vulnerable to security attacks as they require little to no
additional authentication from the consumers [3].
The purpose of this paper is to conduct an overview of
security analysis with respect to NFC and the security
978-1-7281-2680-7/20/$31.00 ©2020 IEEE
Authorized licensed use limited to: Auckland University of Technology. Downloaded on December 18,2020 at 22:48:46 UTC from IEEE Xplore. Restrictions apply.
Yara ALGHOFAILI Salim ELKHEDIRI
Information Technology Department
Qassim University Qassim University
Saudi Arabia Saudi Arabia
411207305@qu.edu.sa s.elkhediri@qu.edu.sa
challenges this technology is facing. This paper will discuss
the full security analysis of NFC. Firstly, we will discuss
NFC from a general perspective. Then, we will discuss
some attacks that threaten NFC technology in compliance
with the security requirements. Finally, we will discuss
Countermeasures in detail.
II. GENERAL DOMAIN OF NFC
In this section, we are going to discuss NFC from a general
perspective. In this section, we will discuss NFC uses, the
relationship between NFC and RFID, NFC operation modes
and NFC application behavior.
Fig. l.General domain
a. NFC in real-life uses
Technologies around us are getting more complex and
advanced. The consumers can exchange digital content,
connect devices, use wireless ID cards, pay by contactless
payment or credit cards, and make transactions in a simple
way with one touch by using NFC. Some big companies like
Apple, Google, and Samsung has embedded NFC in their
smartphones. NFC is vastly adopted in many apps such as
Google Wallet, Apple Pay, PayPal, Samsung Pay, and
Apple shortcuts [2].
b. NFC VS RFID
NFC technology is an extension of Radio Frequency
Identification (RFID) technology which is part of IoT
infrastructure. These technologies are closely related to each
other. Both RFID and NFC operate at the same frequency
(13.56 MHz) [4]. NFC is a much similar RFID, but there are
some differences between these technologies such as
scanning distance and communication ways. NFC tag can
be scanned at a distance of 10 cm, Unlike RFID tag can be
scanned at a distance of up100 cm [5]. NFC has peer to peer
communication or two-way communication, meantime
Volume: 01, Issue: ICCIT- 1441, Page No.: 253 - 257, 9th & 10th Sep. 2020.
A. Albattah, et al.: N FC Technology: Assessment...
RFID only communicates in one way communication which
operates only active (from 0 to 10 cm distance) and passive
(10 to 100 cm distance) [6].
c. ISO standards
ISO is International Standards that ensure products and
services are safe. NFC devices required to stander which is
ISO/IEC 18092 and ISO/IEC 14443. The first one is defined
communication modes for Near Field Communication
Interface and Protocol. And another is for identification
cards or objects for international interchange [7].
d. NFC operation modes
There are three categories of NFC operation modes [5],
which are (i) Card Emulation Mode, (ii) Reader/Writer
Mode and (iii) Peer-to-peer Mode.
Card Emulation Mode - Card emulation mode enables
devices to make contactless smart cards [8]. This mode is
used by credit card, debit card, loyalty card, transport cards,
identity or access cards [6],
NFC reader (Initiator) generates
13.56 MHZ magnetic field
---------------- ----------------
< ® =
NFC reader reads the
information stored on the card
Fig. 2. Card Emulation Mode [5]
Reader/Writer Mode - In reader/ writer mode, NFC-
enabled device can read data from NFC-tag embedded or
writes information to the NFC tag. In this mode, the user
can retrieve data stored in NFC-tag, remote shopping and
Mobile-based services (social networking or location-
based services) [6].
Fig. 3. Reader/Writer Mode [5]
Peer-to-peer Mode - Peer-to-peer mode enables us to
connect devices and they can interact with each other to
exchange data, money transfer and social networking [8].
Fig. 4. Peer-to-peer Mode [5]
e. NFC applications
NFC requires close range for interaction, where its behavior
is controlled through the device owners to activate NFC so
it can be used [8]. The classification of NFC applications
Authorized licensed use limited to: Auckland University of Technology. Downloaded on December 18,2020 at 22:48:46 UTC from IEEE Xplore. Restrictions apply.
depends on the behavior of communication. It can be
divided into four classes which are as following [5] :
Touch and go application - Requires the consumer to bring
near or touch the NFC device to the NFC reader to
implement the tasks in the application.
Touch and confirm application- Requires the consumer to
confirm the interaction by accepting the payment
transaction or entering the password for system
confirmation.
Touch and connect application - Connect to enable the
peer-to-peer transfer of data between two NFC-enabled
devices. For example exchanging images, downloading
music or synchronizing address books.
Touch and explore application - The consumer will be
able to find and explore capabilities functionalities and
applications.
III. INFORMATION SECURITY REQUIREMENTS
Confidentiality, integrity, and availability are main
requirements of any effective system. The secure system
should guarantee the transfer of the data in a safe manner
[18] [19]. Thus, it prevents unauthorized manipulation or
access to data. Confidentiality prevents unauthorized access
to data. While the Integrity prevents data from unauthorized
modifications, then the Availability is time for which the
data is accessible [9][17][20][21]. Any breach in these three
requirements will cause a break in the system’s security.
There are many methods to break the security of a system
that we will discuss in section IV.
IV. RISKS AND ATTACKS ON NFC
a. Risks in NFC Environment
Risks in the NFC environment target four basic sites that
constitute NFC technology components, these sites are:
1. Hardware: hardware refers to all physical components,
equipment, and tools that composed NFC systems, such as
devices, NFC chip, etc.
2. Software: Applications or instructions arranged in a
specific format for carrying out an NFC task; they are either
stored the information or autonomous the information
within the NFC systems [9].
3. Data: Data is the most important component in the NFC
system. Also, it is considered the main target for systems
crimes. Data could be in an input or output, stored or
transmitted throughout networked systems, or it could be
stored inside the system [9].
4. Communication: It includes wireless communication
that connected the technical devices to each other. The most
threats that occur by exploiting the communication to gain
attack the system and constitute a bypass passage for the
intrusion.
In this section, we have outlined the main components of the
NFC environment. These components are highly
interconnected so that if one component is damaged it can
damage the entire system. Consumers should, therefore,
consider all of these components and that all of them may
be vulnerable to attack by attackers.
Vol. 01, No. ICCIT - 1441, pp. 253 - 257, 9th & 10th Sep. 2020.
A. Albattah, et al.: N FC Technology: Assessment...

distance [11]. This kind of attack will affect the

b. Attacks on NFC
The usage of Near Field Communication (NFC) enabled
technologies to increase in modern times. Due to the
widespread of these technologies and the nature of wireless
communication where there is no physical contact between
the hardware devices, the attacks could be executed without
physical access. That means that this technology has
become more targeted, and there are a lot of possibilities for
the attacker to hide the attacks. Based on their breach of
security requirements (that mentioned in section III). There
are many attacks encountered by NFC systems that can be
summarized as follows: (i) Attacks that affect Integrity, (ii)
Attacks that effect confidentiality, (iii) Attacks that affect
availability.
• Attacks that effects on Integrity
Data Modification - In this attack, the attacker can
manipulate and change the data. The most prominent
patterns of this attack are by interrupting and
modifying the service provider of the NFC device [10].
This attack happens over the Wireless Medium and it
causes an effect on the integrity of an NFC data.
Data Insertion - Any unwelcome information can be
inserted by attacker in the messages during data
exchanged between NFC devices. The attacker needs
to react to the device before the authorized device
wants to create its communication. The received data
would be corrupted and spoofed transmit data at the
same time [5][7].
confidentiality of the system.
• Attacks that effects on the availability
Denial of Service - Denial of Service is an attack that
targeting the resources of network server or memory
[14]. In this case the authorized consumer is prevented
from accessing information or services [11]. The most
prominent patterns of this attack are by breaking into
the system and make it unavailable then try to steal
valuable information such as credit card information
[14].
Destroy Attack - Destroy attack is the simplest attack
that could happen to the NFC tag. After this attack, the
tag is not able to communicate any longer with an NFC
device. It destroyed by cutting the connection to its
antenna or destroying the electrical circuits of the tag
[11]. This type of attack will affect the availability of
the system.
Removed attack - A removed attack is happening to
NFC tag where the tag is removed from the carrier
object [11]. This kind of attack will affect the
availability of an NFC system.
Jamming attack - Jamming the NFC system by
sending a disorder signal and must be near to the
system or it can use antennas and power rates [11].
This attack happens over the Wireless Medium and it
causes system unavailable.

Deception - NFC devices can be manipulated by V. COUNTERMEASURE SECURITY ON NFC

deceiving through the wrong information [11]. This The NFC technology recently it uses in many cases such as
type of attack affects integrity. payment, ticketing, and data transfer but unfortunately, it
possible faces some vulnerabilities, when no security
Man in the Middle - An attacker could intercept the measures. So, we will discuss the possible ways to prevent
data, manipulate it, and relay it to the receiving device, security threats. This table below will summarize the latest
this type of attack effect the integrity of the data [7]. information on attacks on vulnerabilities, risk, and
countermeasures.
• Attacks that affect confidentiality
Eavesdrop - NFC uses wireless communication in TABLE I: INTEGRITY COUNTERMEASURE
At t a c k s Vu l n e r a b i l i Ri s k Co u n t e r m e a s u r e
operation mode, therefore the communication can be ty
easily get attacked. Eavesdropping could happen in
NFC operation modes like peer-to-peer mode and card
emulation mode. In peer-to-peer mode, the Data Transfer radio Intercepts To protect from data
information is transmitted without protection; the Modificati waves over the and modification the NFC
on top of the manipulate devices should check the
communication is attacked by eavesdropping. While in
“legitimate” s the data. RF field while sending
card emulation mode, the information content could be waveform and data. Also the preferable
read by attackers if the function of NFC device is not Timing of way to protect could be
in use [5] [12]. radio transfer secure channel [7][15].
[10].
To protect from data
Rely attack - This attack exploits the protocol Data Transfer radio The insertion we have more
compliance of NFC. The attacker tries to steal victim’s Insertion waves over the inserted than one way. The first
card information pretending to be the owner this card. top of the data way is answering device
The access system of victim will not able to discloser “legitimate” causes answers without any delay.
waveform and corrupted The second way is
the attack because it will think a card is in front of it Timing of radio to the listening via the answering
[12][13]. transfer [5]. data. device to channel
High distance read - This attack modifies the NFC throughout the time and the
device. It increases the range of the High Frequency last way is by applying
algorithm such as RSA,
(HF) field, so an attacker can read tags from a safe

Vol. 01, No. ICCIT - 1441, pp. 253 - 257, 9th & 10th Sep. 2020.

Authorized licensed use limited to: Auckland University of Technology. Downloaded on December 18,2020 at 22:48:46 UTC from IEEE Xplore. Restrictions apply.
A. Albattah, et al.: N FC Technology: Assessment...

SHA, 3DES insecure all information the device to be

channel [7]. that send. over of the power
of the attacker’s
Man-in-the The Passing To protect from the man­ I5J_
Middle transaction is the data in middle is the
performed after encryption of data using Destroy Possibility for Disrupting or To protect from
without modified a shared secret [16]. and jamming or corrupting the these attack by
encryption it or read Remove disruption [5]. data to block encrypted or
[5][16]. and the incorporate a
recorded communication form of data
it. channel. validation
controls [5].
TABLE II: CONFIDENTIALITY COUNTERMEASURE
At t a c k s Vu l n e r a b il it y Ris k Co u n t e r m e a su r e
The results:
• We noted the secure channel is the perfect approach
that helps to protect against data modification, Relay
Relay NFC is a Unauthoriz To protect from
attack, eavesdropping, and Data Insertion.
attack contactless ed access to Relay attack it can
protocol, so the data. by different way • There is more than one-way to protect from attacks
attacker need a countermeasures. such as check RF field, encrypted the data.
short distance One of these ways
[12] by using a container
[13]. that made of mineral VI. CONCLUSION
it impossible to Near Field Communication (NFC) has become a major part
impenetrable via of our daily lives. This technology provided a simple means
radio signals this
way called Faraday of making data available and transfer information by using
Cage. NFC tags embeddable in most technology that used,
Another way is by readable with the NFC-enabled mobile device. Waving your
using the distance credit card or phone at checkout makes paying more
bounding protocol to
adds an extra comfortable experience. However, certain risks are
security limit to the associated with mostly data transfers that unencrypted,
system and the unsecure hardware, software or communication.
perfect way is a Communication in the centimeters range could appear more
secure channel [7].
secure but technologies like these are very much vulnerable
to security attacks as they require little to no additional
Eavesdroppi The NFC does Eavesdroppin To protect from authentication. From this principle, we looked at potential
ng not contain g can eavesdrop to attacks on this technology. In addition, we mentioned
build-in intercept the establishing a secure
protection transfer and channel [7].
scientific mechanisms as solutions in detail.
against get access to
eavesdropping the data ACKNOWLEDGMENT
because there is being We would like to thank everyone who has played a role in
a lack of default transferred
encryption [11]. such as
our success and accomplishment. We want to extend our
sensitive appreciation to our supervisor Dr. Salim ELKHEDIRI for
data (credit his constant effort and guidance throughout this work.
card data or
personal
information
REFERENCESS
) [1] S. Madakam, R. Ramaswamy, and S. Tripathi, “Internet of Things
(IoT): A literature review”, J. Compu. Comm., Vol.3, No.5, pp.164­
173, 2015.
TABLE III: AVAILABILITY COUNTERMEASURE [2] A. Majumder, et al. “Pay-Cloak: A Biometric Back Cover for
At t a c k Vu l n e r a b il it y Ris k Co u n t e r m e a su Smartphone with Tokenization Principle for Cashless Payment”,
s r e IEEE Consumer Electronics Magazine (CEM), Vol.6, No.2, pp.78­
88, 2017.
Denial- Theft the data Block data. To protect from [3] D. Giese, et al. “Security Analysis of Near-Field Communication
of- such as credit card this attack, it (NFC) Payments”, arXiv preprint arXiv:1904.10623, 2019.
Service information [14]. should be several
kinds of [4] T. Page, “Technological diffusion of near field communication
techniques that (NFC)”, Int. J Tech. Diff. (IJTD), Vol.7, No.3, pp.59-75, 2016.
controlled by a [5] M. M. Singh, K. A. A. K. Adzman, and R. Hassan, “Near Field
consumer to Communication (NFC) Technology Security Vulnerabilities and
switch on and Countermeasures”, International Journal of Engineering &
reader/writer Technology Vol.7, No. 4.31, pp.298-305, 2018.
function of the [6] E. Desai, and M. G. Shajan, “A review on the operating modes of
NFC [7][14]. near field communication”, Int. J. Eng. Adv. Tech. (IJEAT), Vol.2,
No.2, pp.322-325, 2012.
Jamming Low of signal power This attack will To protect from
intercept and jamming is by [7] D. Nelson, M. Qiao, and A. Carpenter, “Security of the near field
[5].
delete any of increasing the communication protocol: an overview”, J. Comp. Sci. Colle.,
signal power of Vol.29, No.2, pp.94-104, 2013.

Vol. 01, No. ICCIT - 1441, pp. 253 - 257, 9th & 10th Sep. 2020.

Authorized licensed use limited to: Auckland University of Technology. Downloaded on December 18,2020 at 22:48:46 UTC from IEEE Xplore. Restrictions apply.
A. Albattah, et al.: N FC Technology: Assessment...

[8] A. Cavoukian, “Mobile Near Field Communications (NFC):" tap'n

Go": Keep it Secure and Private”, Information and Privacy
Commissioner of Ontario, Canada, 2012.
[9] M. M. Saeed, “Risks and Threats Facing Information Security in the
Age of Knowledge Society”, Int. J. Comp. Sci. Tech., Vol.7, No.7,
pp.1-5, 2016.
[10] U. Trottmann, "NFC-possibilities and risks”, Network , Vol.35,
2013.
[11] H. Eun, H. Lee, and H. Oh, “Conditional privacy preserving security
protocol for NFC applications”, IEEE T. Cons. Electr., Vol.59, No.1,
pp.153-160, 2013.
[12] P. S. Halgaonkar, S. Jain, and V. M. Wadhai, “NFC: A review of
technology, tags, applications and security”, Int. J Res. Comp.
Comm. Tech., Vol. 2, No.10, pp.979-987, 2013.
[13] O. E. Mouaatamid, M. Lahmer, and M. Belkasmi, “Internet of
Things Security: Layered classification of attacks and possible
Countermeasures”, Electro. J Info. Tech., Vol. 9, pp.24-37, 2016.
[14] F. Fahrianto, M. F. Lubis, and A. Fiade, “Denial-of-service attack
possibilities on NFC technology”, 2016 4th International
Conference on Cyber and IT Service Management, IEEE, pp.1-5,
2016.
[15] M. Riyazuddin, “NFC: A review of the technology, applications and
security”, ABI research, 2011.
[16] S. A. Panda, “Preventing Man-in-the-Middle Attacks in Near Field
Communication by Out-of-Band Key Exchange”, Diss. 2016.
[17] A. Abdullah, et al, “CyberSecurity: A Review of Internet of Things
(IoT) Security Issues, Challenges and Techniques”, 2019 2nd
International Conference on Computer Applications & Information
Security (ICCAIS). IEEE, pp.1-6, 2019.
[18] F. Alkhudhayr, et al, “Information Security: A Review of
Information Security Issues and Techniques”, 2019 2nd
International Conference on Computer Applications & Information
Security (ICCAIS). IEEE, pp.1-6, 2019
[19] T. Moulahi, S. Nasri, and H. Guyennet, “Fault-tolerant flooding
through formal concept analysis for wireless sensor networks”, 2014
21st International Conference on Telecommunications (ICT),
IEEE,pp.221-225, 2014.
[20] T. Moulahi, S. Touil, S. Nasri, and H. Guyennet, “Reliable relay-
based broadcasting through formal concept analysis for
WSNs”, Sec. Comm. Net., Vol. 9, No.13, pp.2042-2050, 2016.
[21] M. Ghadi, L. Laouamer, and T. Moulahi, “Securing data exchange
in wireless multimedia sensor networks: perspectives and
challenges”, Multimed. Tools Appli., Vol. 75, No. 6, pp.3425-3451,
2016.

Vol. 01, No. ICCIT - 1441, pp. 253 - 257, 9th & 10th Sep. 2020.

Authorized licensed use limited to: Auckland University of Technology. Downloaded on December 18,2020 at 22:48:46 UTC from IEEE Xplore. Restrictions apply.