Towards defending eavesdropping on NFC
Introduction
Near Field Communication (NFC) has emerged as one of the fastest-growing wireless communication technologies in recent times. A number of leading vendors are now incorporating NFC support in their mobile sets1 aiming to widespread availability of this technology. For instance, Apple has adopted use of NFC in iPhone6 for Apple Pay (Warren, 2016) and Nokia has already started to offer a low-cost NFC kit (Clark, 2016). In addition, industries have already started making stand-alone devices based on the emerging technology.2
NFC devices can be used in various applications that require data transmission over a short range (∼10 cm Ortiz, 2006, Madlmayr et al., 2014). Such applications include contactless cards (Imhontu and Kumah, 2010), E-passport (Kirschenbaum and Wool, 2006), physical access control (Kirschenbaum and Wool, 2006) etc. Nowadays, contactless transaction is a burgeoning concept in all over the world as business giants, such as, VISA, Google, Mastercard etc., have already developed platforms for it (Diakos et al., 2013). These sophisticated applications deal with secured data emphasizing the importance of defense against any type of security breaches. Eavesdropping is known to be one of the prominent security breaches in this regard. On the contrary to a popular assumption that eavesdropping is difficult on NFC due to its short transmission range, a study (Kortvedt and Mjolsnes, 2009) experimentally shows that eavesdropping imposes a significant threat to the security of NFC despite having the short range. Pourghomi et al., unveils several vulnerable scenarios in monetary transaction and e-ticketing with NFC devices (Pourghomi et al., 2014). Diakos et al., shows information extraction from an ISO 14443 Type A device by an eavesdropper, which could be further used to obtain sensitive information from the victim (Diakos et al., 2013). Consequently, it becomes utmost important to defend against eavesdropping on NFC to support its sophisticated applications.
An effective and realistic defense mechanism against eavesdropping requires a comprehensive analysis of NFC properties and their thorough evaluation. The main metric of such analysis and evaluation is eavesdropping (ED) distance (Hancke et al., 2008) that determines the maximum distance at which eavesdropping is possible on NFC. Accordingly, we formulate a comprehensive analytical model incorporating all the parameters that influence the ED distance, and also propose a couple of realistic defense mechanisms based on the outcomes of the model. To the best of our knowledge, we are the first to present such an analysis and analysis-based defense mechanisms for eavesdropping.
In our study, first, we present an analytical model to determine the ED distance on NFC. Then, we perform exhaustive simulation based on the model. Our simulation analyzes individual impacts of all parameters that influence the ED distance. The simulation results reveal a key finding that the ED distance is vastly controlled by both conductivity and permeability of the medium carrying NFC wave. Consequently, we propose a defense mechanism through exploiting a coating of a conductor material having significantly high permeability, which eventually reduces the ED distance to a great extent. Additionally, we propose another defense mechanism using active jamming, in addition to exploiting the coating, to further improve the level of defense against eavesdropping.
Based on our work, we make the following set of contributions in this paper: 1) We formulate an analytical model to determine the ED distance on NFC considering all the parameters that influence eavesdropping, 2) We perform exhaustive simulation based on the formulated model, 3) Analyzing the simulation results and available alternatives, we propose a passive defense mechanism using a conductor coating to reduce the ED distance and we investigate effectiveness of our proposed mechanism through a set of real experiments, 4) We further analyze that direct attachment of the coating with NFC antenna hinders the intended communication. To overcome this situation, we propose to exploit an additional insulator in between the coating and NFC antenna, and 5) Finally, we propose an active defense mechanism using active jamming and confirm its effectiveness through real experiments.
Section snippets
Analytical model for eavesdropping on NFC
In this section, we present formulation of an analytical model that determines the maximum distance of eavesdropping, i.e., the ED distance. Our formulation specifically focuses on near-field wireless communication.
In conventional wireless communication, an antenna3
Numerical simulation
We present results obtained from our numerical simulation in this section. We perform our simulation based on the analytical model presented in Section 2 using GNU C. In our simulation, we individually vary all the parameters involved with eavesdropping distance. Before illustrating the results of such variations, we briefly present our simulation settings.
Passive defense mechanism
The results presented in Section 3 demonstrate that the ED distance significantly reduces over a highly conductive medium having a significant permeability. Fig. 6a, Fig. 6b, and Fig. 4b vividly confirm this finding. These results suggest that we can utilize a conductor medium having a significant permeability to reduce the ED distance, which is also advocated by the results corresponding to conductors presented in Table 1.
Note that it is of utmost importance to consider the permeability of a
Validation of our passive defense mechanism
To validate effectiveness of our proposed passive defense mechanism (presented in Section 4) over real devices, we conduct two different sets of experiment using real devices. Here, we separately focus on passive and active NFC devices as these two forms are prominent now-a-days.
Underlying dynamics of using coating
According to our proposed passive defense mechanism (presented in Section 4), we exploit a thin Aluminium cover on one side of the NFC device to defend against eavesdropping. The other side of the NFC device, i.e., the uncovered region of the NFC device is intended for using in desired NFC communication. Now, the intuitive idea is to attach the Aluminium coating with the NFC device directly. However, a fascinating fact of electromagnetism restricts this idea.
The underlying operational mechanism9
Active defense mechanism
Our proposed defense mechanism of utilizing a coating with materials having high conductivity and high permeability can significantly lower the possibility of being eavesdropped. This happens owing to severe attenuation in the received power over such a coating. However, this mechanism does not guarantee a complete escape from eavesdropping as eavesdropper antenna with high antenna gain can go further to capture the severely-attenuated signal. Fig. 7a points to this scenario through depicting
Validation of our active defense mechanism
We conduct a set of experiments to demonstrate effectiveness of our proposed active defense mechanism. In our experiment, we use two Arduino NFC shields11 at the sender end and two tags at the receiver end as per Fig. 13. Here, one of the Arduino NFC shields transmits originally intended data and the other one transmits a jamming signal. Besides, one of the tags acts as the original receiver and the other one acts as the eavesdropper. Fig. 14 shows our complete
Discussion
In this section, we discuss the lessons which we have learned during our study, development, and evaluation phases, and hopefully, these lessons will help the other researchers in designing a solution focusing the similar context. Additionally, we present the cost analysis pertinent to our proposed mechanism.
Data-level encryption vs. signal-level defense: Encrypted data can easily be captured through passive eavesdropping (Savry et al., 2007, Kirschenbaum and Wool, 2006. Now, the question
Related work
The notion of eavesdropping has been investigated for a number of years. Studies in this area include different forms of wireless networks such as wireless ad-hoc networks, wireless sensor networks etc. These networks generally operate over far-field. However, the operation over near-field significantly differs from that over far-field (Schantz, 2005) (see Section 2).
In recent times, a few studies focus on eavesdropping on RFID, which operates over near-field Hancke, 2011, Chen, 2014). For
Conclusion
The increasing trend in utilization of NFC devices in sophisticated applications exposes the utmost importance of secured communication over these devices. Eavesdropping is known to be one of the prominent security breaches pertinent to the devices. However, analyzing eavesdropping on NFC and defending it in a realistic way based on the analysis are yet to be focused in the literature. Therefore, in this paper, we attempt to perform a comprehensive analysis on eavesdropping on NFC such that we
Acknowledgment
This work has been performed under a research collaboration project funded by Samsung R&D, Bangladesh.
A.B.M. Alim Al Islam He is serving as an Associate Professor in the Department of Computer Science and Engineering (CSE) in Bangladesh University of Engineering and Technology (BUET), Dhaka, Bangladesh. He has been teaching and doing research in CSE, BUET since February 2007. His research work covers wireless networking, embedded systems, simulation and modeling, and reliability analysis.
References (43)
A multi-issued tag key agreement with time constraint for homeland defense sub-department in nfc environment
J. Netw. Comput. Appl.
(2014)Design of a secure distance-bounding channel for rfid
J. Netw. Comput. Appl.
(2011)Antennas and Propagation for Wireless Communication Systems
(2008)Advanced Engineering Electromagnetics
(2012)- Brown, T.W., Diakos, T., Briffa, J A., 2013. Evaluating the eavesdropping range of varying magnetic field strengths in...
- Cellular mobile phone solution, 2016. 〈https://goo.gl/4MDfDu〉, (Accessed 25...
- Clark, S., 2016. Nokia offers developers low-cost nfc device kit, 〈https://goo.gl/6G6My3〉, (Accessed 28...
- et al.
Eavesdropping near-field contactless payments: a quantitative analysis
J. Eng.
(2013) - et al.
Anti-collision algorithm for rfid systems
J.-Huazhong Univ. Sci. Technol. Nat. Sci. Ed.
(2006) - Friis, H.T., A note on a simple transmission formula. In: Proc. IRE 34 (5), 1946, pp....
Permanent Magnet and Electromechanical Devices: Materials, Analysis, and Applications
They can hear your heartbeats: non-invasive security for implantable medical devices
ACM SIGCOMM Comput. Commun. Rev.
Fundamentals of Physics, Chapters 1-12, Fundamentals of Physics
Cited by (5)
A survey on NFC Payment: Applications, Rewsearch Challenges, and Future Directions
2023, Journal of Information Systems and TelecommunicationSoK: Assessing the threat potential of vibration-based attacks against live speech using mobile sensors
2021, WiSec 2021 - Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile NetworksMan-in-the-Middle Attack on Contactless Payment over NFC Communications: Design, Implementation, Experiments and Detection
2021, IEEE Transactions on Dependable and Secure ComputingNFC Based Mobile Device Verification and Reporting System for Prohibited Region
2020, Lecture Notes in Electrical EngineeringA study on the RFID and 2D barcode, and NFC and performance improvement
2019, Lecture Notes in Electrical Engineering
A.B.M. Alim Al Islam He is serving as an Associate Professor in the Department of Computer Science and Engineering (CSE) in Bangladesh University of Engineering and Technology (BUET), Dhaka, Bangladesh. He has been teaching and doing research in CSE, BUET since February 2007. His research work covers wireless networking, embedded systems, simulation and modeling, and reliability analysis.
Tusher Chakraborty He is currently working at Microsoft Research India under the supervision of Manohar Swaminathan and Ranveer Chandra. Previously, he worked as a Research Assistant in the Department of Computer Science and Engineering at Bangladesh University of Engineering and Technology (BUET) under the supervision of Professor A.B.M. Alim Al Islam. He completed his Bachelor of Science in Computer Science and Engineering from BUET. His research focuses on embedded systems based ubiquitous computing. Within this broad spectrum, his interests include HCI, HCI4D, sensor-enabled embedded systems, in-air gesture interaction, assistive technology, IoT, and WSNs.
Taslim Arefin Khan He is currently enrolled as a M.Sc., student in the Department of Computer Science and Engineering at Bangladesh University of Engineering and Technology (BUET). He is also working as a Graduate Research Assistant in the same department under the supervision of Prof. A.B.M. Alim Al Isalm. He completed his Bachelor of Science in Computer Science and Engineering from BUET. His research interest falls in the intersection of mobile computing, human-computer interaction, Internet of Things, and ubiquitous computing.
Mahabub Zoraf He completed his Bachelor of Science in Computer Science and Engineering from the Department of Computer Science and Engineering at Bangladesh University of Engineering and Technology (BUET). He completed his undergraduate thesis under the supervision of Prof. A.B.M. Alim Al Isalm.
Chowdhury Sayeed Hyder He is currently working as a Software Engineer at MicroSoft, Redmond, USA. He completed his Ph.D. from the CSE department of Michigan State University. He finished his bachelor and masters from Bangladesh University of Engineering and Technology (BUET), Dhaka, Bangladesh. His research work aims to improve the current spectrum allocation techniques by designing and developing novel spectrum sharing techniques. He also worked on the network security addressing different attack models in the context of cognitive radio networks and wireless networks in general.