NFC(Near Field Communication) is an abbreviation, by Philips and Sony, NFC is jointly developed a contactless identification and interconnection technology, mobile devices, consumer electronics, PC and smart wireless short-range between the control tools Communication. NFC offers a simple, touch-based solution that is simple and intuitive for consumers to exchange information, access content and services.
NFCIP-1 Security Standard Protects Near Field Communication Reinhard Meindl 4th ETSI Security Workshop Jan 14, 2009, Sophia Antipolis NFC-SEC provides Security Standard for NFC Most men love money and security more, and creation And construction less, as they get older. John Maynard Keynes NFC becomes older and … – More mature NFC becomes more independent from legacy card emulation use cases – Requires complementary protection for ad-hoc connections without pre- installed key 2 Technology Standardization, Reinhard Meindl NFC Protocol Arrangement ISO/IEC 21481 ECMA-352 (NFCIP-2) MSIP-1 ISO/IEC ISO/IEC ISO/IEC ECMA-xxx 14443 18092 15693 ECMA-340 (NFCIP-1) Protocol Test RF I/F Test NFC-WI Methods Methods ECMA-362 ECMA-356 ECMA-373 ISO/IEC 23917 ISO/IEC 22536 ISO/IEC 28361 3 Technology Standardization, Reinhard Meindl Motivation for NFC-SEC Protection of contact-less interface for non-card use cases • Use cases: wired equivalent privacy of contact-less interface for e.g. network easy setup • Function: protection against eavesdropping, skimming and data modification • Application independent security layer • Mainly for protecting NFC peer-to-peer communications • New feature for NFCIP-1 • Good balance between state-of-the-art security and performance 4 Technology Standardization, Reinhard Meindl NFC-SEC status is Published & Available ECMA GA published NFC-SEC standards in Dec 2008 Available for free download http://www.ecma-international.org/publications/standards/Ecma-385.htm http://www.ecma-international.org/publications/standards/Ecma-386.htm Submitted for ISO/IEC JTC1 Fast Track Public White Paper http://www.ecma-international.org/activities/Communications/tc47-2008-089.pdf 5 Technology Standardization, Reinhard Meindl … NFC-SEC protects peer-2-peer ad-hoc connections and is complementary to card security Pairing phase NFC-SEC headset Normal use phase Wireless headset Secure Pairing of wireless devices with NFC 6 Technology Standardization, Reinhard Meindl NFC-SEC Modular Concept ECMA-385 NFC-SEC-SP is the common framework and protocol specification ECMA-386 NFC-SEC-01 contains NFC-SEC-01 NFC-SEC-0x ECMA-386 ECMA-xxx cryptographic mechanisms, specific methods, algorithm key parameters …… NFC NFC Flexibility and extensibility More cryptographic standards may come NFC-SEC-SP If extended, the actual list will be maintained ECMA-385 on ECMA WEB ISO/IEC 18092 ECMA-340 (NFCIP-1) 7 Technology Standardization, Reinhard Meindl ECMA-385 Architecture Follows OSI reference model specified in ISO/IEC 7498-1 NFC- SEC User NFC- SEC User NFC- SEC User NFC- SEC- SAP NFC- SEC connection NFC- SEC entity NFC- SEC- SDU NFC- SEC Peer NFC- SEC entity NFC- SEC NFC- SEC- PCI protocol NFC- SEC- PDU NFCIP- 1 connection NFCIP- 1- SAP NFCIP- 1 8 Technology Standardization, Reinhard Meindl NFC-SEC Services 2 Services Proprietary Proprietary Encryption Encryption Prop.Encrypted NFC-SEC User NFC-SEC User – Shared Secret The shaded areas indicate the scope of Communication provides a key for proprietary SSE SSE encryption NFC-SEC SCH SCH SCH SCH Std. Encrypted NFC-SEC User NFC-SEC User Communication – Secure Channel encrypts data 9 Technology Standardization, Reinhard Meindl NFC-SEC Protocol Security protocol: – Key establishment phase Key (for SSE and SCH) agreement Key confirmation Service SCH – Secure data exchange phase SSE PDU security Encryption and MAC (for SCH only) Termination - Encapsulated in DEP packets of NFCIP-1 10 Technology Standardization, Reinhard Meindl ECMA-386 NFC-SEC-01 Cryptographic Standard NFC-SEC-01 provides – Message contents with concatenation rules for keys and other fields – Key primitives – Random number requirements – Conversion and transformation rules – Cryptographic algorithms and methods to enable secure communication between NFC devices that do not share any common secret data ("keys") before they start communicating with each other. Kind of first (and at the moment the only) profile of NFC-SEC 11 Technology Standardization, Reinhard Meindl NFC-SEC-01 Basic Mechanisms Elliptic Curve Diffie-Hellman (ECDH) Key exchange – 192 bit Key derivation and confirmation – AES 128 bit Data encryption – AES 128 bit Data integrity – AES 128 bit 12 Technology Standardization, Reinhard Meindl State of the Art and Standardised Cryptography NFC-SEC is based on established international standards, most were developed by ISO/IEC JTC1 SC27 NFC-SEC-SP references – Framework: ISO/IEC 11770-1 – Basic model: ISO/IEC 7498-1 – Security architecture: ISO 7498-2 – Conventions for the definition of OSI services: ISO/IEC 10731 NFC-SEC-01 references – General specifications: ISO/IEC 15946-1 – Key management using asymmetric technique: ISO/IEC 11770-3 – Block ciphers: ISO/IEC 18033-3 and ISO/IEC 10116 – Public key cryptography: IEEE 1363 and FIPS 186-2 – Random number bit generation: ISO/IEC 18031 13 Technology Standardization, Reinhard Meindl Other Requirements … NFC-SEC is tailored and linked to NFCIP-1 Contents of error messages unspecified The way, when and how the ECDH key pair (public and private key) are refreshed is not in the scope and depends on implementation of applications NFC-SEC notifies the NFC-SEC User about message sequence violations NFC-SEC-01 is the first registered cryptographic standard – More may come – Publicly available register will be maintained by ECMA 14 Technology Standardization, Reinhard Meindl Integration into NFCIP-1 Specified in Annex B of ECMA-385 until ECMA-340 becomes revised Method by which NFCIP-1 devices indicate their support of NFC-SEC – Initiator: SECi field of ATR_REQ (byte 13 PPi) – Target: SECt field of ATR_RES (byte 14 PPt) Additional Protected PDUs – Coding “001” of PFB Extension of PDU numbering rules for protected PDUs 15 Technology Standardization, Reinhard Meindl Nothing is Perfect NFC-SEC-01 is vulnerable for MAN-IN-THE-MIDDLE (MITM) attacks – No entity authentication possible because no pre-installed shared secret Practical risk of MITM – To be evaluated for individual implementation – Short operating distance and RF characteristics of NFC (“load modulation”) help keeping risk low – Reference: Security in NFC (Strength and Weaknesses) http://events.iaik.tugraz.at/RFIDSec06/Program/papers/002%20-%20Security%20in%20NFC.pdf Sequence integrity tailored for NFCIP-1 – Allows replay of last delivered message – Notifies lost packages 16 Technology Standardization, Reinhard Meindl Application example: Pairing Device A includes 60 GHz wireless and NFC: Laptop Device B includes 60 GHz wireless and NFC: Cell phone USER finds NFC-Forum Target Mark on both devices – USER ACTION: touch phone with Laptop 17 Technology Standardization, Reinhard Meindl Application example: Pairing Identification and initialization via NFC-IP-1 (ECMA-340) A and B both enumerate internal capabilities and applications A and B detect that they share 60 GHz radio without being paired and both have NFC capabilities, including NFC-SEC Triggered by OS or user any of the devices, A or B may start an 60 GHz pairing process which should exchange an connection context based on a secured NFC channel – USER Notification: If you want to pair A with B please touch devices and subsequently confirm with OK – USER ACTION: touch phone with Laptop again and push confirmation button on phone and laptop Pairing succeeded! 18 Technology Standardization, Reinhard Meindl Thank you for your attention firstname.lastname@example.org
Pages to are hidden for
"NFCIP-1 Security Standard Protects Near Field Communication"Please download to view full document