NFCIP-1 Security Standard Protects Near Field Communication by bestt571

VIEWS: 251 PAGES: 19

More Info
									NFCIP-1 Security Standard Protects
Near Field Communication

Reinhard Meindl

4th ETSI Security Workshop
Jan 14, 2009, Sophia Antipolis
NFC-SEC provides Security Standard for NFC

            Most men love money and security more, and creation
            And construction less, as they get older.
            John Maynard Keynes


 NFC becomes older and …
  – More mature
 NFC becomes more independent from legacy card emulation use cases
  – Requires complementary protection for ad-hoc connections without pre-
    installed key




                                                                                                 2
                                                        Technology Standardization, Reinhard Meindl
NFC Protocol Arrangement

     ISO/IEC 21481 ECMA-352 (NFCIP-2)
                                                              MSIP-1

 ISO/IEC         ISO/IEC            ISO/IEC                ECMA-xxx
  14443           18092              15693
                ECMA-340
                (NFCIP-1)


Protocol Test                   RF I/F Test             NFC-WI
  Methods                        Methods
ECMA-362                       ECMA-356              ECMA-373
ISO/IEC 23917                  ISO/IEC 22536        ISO/IEC 28361




                                                                                        3
                                               Technology Standardization, Reinhard Meindl
Motivation for NFC-SEC
Protection of contact-less interface for non-card use cases

•   Use cases: wired equivalent privacy of contact-less interface for
    e.g. network easy setup
•   Function: protection against eavesdropping, skimming and data
    modification
•   Application independent security layer
•   Mainly for protecting NFC peer-to-peer communications
•   New feature for NFCIP-1
•   Good balance between state-of-the-art security and performance




                                                                                                  4
                                                         Technology Standardization, Reinhard Meindl
NFC-SEC status is Published & Available

  ECMA GA published NFC-SEC standards in Dec 2008
  Available for free download
http://www.ecma-international.org/publications/standards/Ecma-385.htm
http://www.ecma-international.org/publications/standards/Ecma-386.htm


  Submitted for ISO/IEC JTC1 Fast Track


  Public White Paper
http://www.ecma-international.org/activities/Communications/tc47-2008-089.pdf




                                                                                                    5
                                                           Technology Standardization, Reinhard Meindl
… NFC-SEC protects peer-2-peer ad-hoc connections
and is complementary to card security
                                    Pairing phase

                               NFC-SEC



                                         headset


                                  Normal use phase

                                         Wireless



                                                                         headset

                    Secure Pairing of wireless devices with NFC


                                                                                             6
                                                    Technology Standardization, Reinhard Meindl
NFC-SEC Modular Concept

 ECMA-385 NFC-SEC-SP is the common
 framework and protocol specification
 ECMA-386 NFC-SEC-01 contains




                                                   NFC-SEC-01




                                                                                              NFC-SEC-0x
                                                                ECMA-386




                                                                                               ECMA-xxx
 cryptographic mechanisms, specific methods,
 algorithm key parameters
                                                                              ……




                                                   NFC




                                                                                              NFC
 Flexibility and extensibility
 More cryptographic standards may come                          NFC-SEC-SP
 If extended, the actual list will be maintained                     ECMA-385
 on ECMA WEB                                           ISO/IEC
                                                        18092
                                                   ECMA-340 (NFCIP-1)




                                                                                                              7
                                                                     Technology Standardization, Reinhard Meindl
ECMA-385 Architecture

 Follows OSI reference model specified in ISO/IEC 7498-1

            NFC- SEC User                            NFC- SEC User                  NFC- SEC
                                                                                      User
     NFC- SEC- SAP


                             NFC- SEC connection
    NFC- SEC entity
             NFC- SEC- SDU

                                  NFC- SEC         Peer NFC- SEC entity             NFC- SEC
    NFC- SEC- PCI                  protocol

             NFC- SEC- PDU


                             NFCIP- 1 connection
     NFCIP- 1- SAP
                                                                                     NFCIP- 1




                                                                                                              8
                                                                     Technology Standardization, Reinhard Meindl
NFC-SEC Services

2 Services




                                                                                    Proprietary




                                                                                                                                  Proprietary
                                                                                    Encryption




                                                                                                                                  Encryption
                                                                                                  Prop.Encrypted




                                                                   NFC-SEC User




                                                                                                                                                   NFC-SEC User
   – Shared Secret




                          The shaded areas indicate the scope of
                                                                                                  Communication
     provides a key for
     proprietary




                                                                                  SSE




                                                                                                                                        SSE
     encryption


                                       NFC-SEC




                                                                                          SCH
                                                                                          SCH




                                                                                                                                        SCH
                                                                                                                                        SCH
                                                                                                  Std. Encrypted




                                                                   NFC-SEC User




                                                                                                                                                   NFC-SEC User
                                                                                                  Communication
   – Secure Channel
     encrypts data




                                                                                                                                                        9
                                                                                                           Technology Standardization, Reinhard Meindl
NFC-SEC Protocol

Security protocol:

    – Key establishment phase
                                                Key

      (for SSE and SCH)                      agreement




                                             Key
                                         confirmation




                                              Service


                                               SCH

    – Secure data exchange phase   SSE   PDU security


      Encryption and MAC
      (for SCH only)                     Termination




                                         -
  Encapsulated in DEP packets of
  NFCIP-1



                                                                            10
                                    Technology Standardization, Reinhard Meindl
ECMA-386 NFC-SEC-01 Cryptographic
Standard
 NFC-SEC-01 provides

  –   Message contents with concatenation rules for keys and other fields
  –   Key primitives
  –   Random number requirements
  –   Conversion and transformation rules
  –   Cryptographic algorithms and methods


 to enable secure communication between NFC devices that do not
 share any common secret data ("keys") before they start communicating
 with each other.
 Kind of first (and at the moment the only) profile of NFC-SEC



                                                                                                    11
                                                            Technology Standardization, Reinhard Meindl
NFC-SEC-01 Basic Mechanisms

 Elliptic Curve Diffie-Hellman (ECDH) Key exchange
  – 192 bit


 Key derivation and confirmation
  – AES 128 bit


 Data encryption
  – AES 128 bit


 Data integrity
  – AES 128 bit



                                                                                             12
                                                     Technology Standardization, Reinhard Meindl
State of the Art and Standardised
Cryptography
 NFC-SEC is based on established international standards, most were
 developed by ISO/IEC JTC1 SC27
 NFC-SEC-SP references
  –   Framework: ISO/IEC 11770-1
  –   Basic model: ISO/IEC 7498-1
  –   Security architecture: ISO 7498-2
  –   Conventions for the definition of OSI services: ISO/IEC 10731


 NFC-SEC-01 references
  –   General specifications: ISO/IEC 15946-1
  –   Key management using asymmetric technique: ISO/IEC 11770-3
  –   Block ciphers: ISO/IEC 18033-3 and ISO/IEC 10116
  –   Public key cryptography: IEEE 1363 and FIPS 186-2
  –   Random number bit generation: ISO/IEC 18031


                                                                                                    13
                                                            Technology Standardization, Reinhard Meindl
Other Requirements …

 NFC-SEC is tailored and linked to NFCIP-1
 Contents of error messages unspecified
 The way, when and how the ECDH key pair (public and private key) are
 refreshed is not in the scope and depends on implementation of
 applications
 NFC-SEC notifies the NFC-SEC User about message sequence
 violations
 NFC-SEC-01 is the first registered cryptographic standard
  – More may come
  – Publicly available register will be maintained by ECMA




                                                                                                     14
                                                             Technology Standardization, Reinhard Meindl
Integration into NFCIP-1

 Specified in Annex B of ECMA-385 until ECMA-340 becomes revised


 Method by which NFCIP-1 devices indicate their support of NFC-SEC
  – Initiator: SECi field of ATR_REQ (byte 13 PPi)
  – Target: SECt field of ATR_RES (byte 14 PPt)


 Additional Protected PDUs
  – Coding “001” of PFB




 Extension of PDU numbering rules for protected PDUs




                                                                                             15
                                                     Technology Standardization, Reinhard Meindl
Nothing is Perfect

 NFC-SEC-01 is vulnerable for MAN-IN-THE-MIDDLE (MITM) attacks
  – No entity authentication possible because no pre-installed shared secret
 Practical risk of MITM
  – To be evaluated for individual implementation
  – Short operating distance and RF characteristics of NFC (“load modulation”)
    help keeping risk low
  – Reference:
    Security in NFC (Strength and Weaknesses)
     http://events.iaik.tugraz.at/RFIDSec06/Program/papers/002%20-%20Security%20in%20NFC.pdf

 Sequence integrity tailored for NFCIP-1
  – Allows replay of last delivered message
  – Notifies lost packages




                                                                                                            16
                                                                    Technology Standardization, Reinhard Meindl
Application example: Pairing

 Device A includes 60 GHz wireless and NFC:
 Laptop
 Device B includes 60 GHz wireless and NFC:
 Cell phone

 USER finds NFC-Forum Target Mark
 on both devices
  – USER ACTION: touch phone with Laptop




                                                                                      17
                                              Technology Standardization, Reinhard Meindl
Application example: Pairing

 Identification and initialization via NFC-IP-1 (ECMA-340)
 A and B both enumerate internal capabilities and applications
 A and B detect that they share 60 GHz radio without being paired and both have
 NFC capabilities, including NFC-SEC
 Triggered by OS or user any of the devices, A or B may start an 60 GHz pairing
 process which should exchange an connection context based on a secured
 NFC channel
   – USER Notification:

                             If you want to pair A with B please touch
                             devices and subsequently confirm with OK
   – USER ACTION: touch phone with Laptop again and push confirmation button on
     phone and laptop
                            Pairing succeeded!


                                                                                                     18
                                                             Technology Standardization, Reinhard Meindl
Thank you for your attention
reinhard.meindl@nxp.com

								
To top