Wednesday, January 12, 2011

Survey of NFC security

Introduction
NFC is a wireless proximity communication technology allowing us to transfer data over a distance of up to 10 cm.
NCF is a contactless technology , A contactless technology as one that lets users pay for transactions by simply holding cards close to, rather than swiping them through a reader.
Combining NFC technology with applications such as payment in a mobile device or contactless access raises potential security risks and attacks. Attacks against an NFC device can be performance anywhere and may not be noticed by the victim as the communication itself is contactless.
The technology is relatively new to be accepted widely world it should demonstrate the ability to fend off attacks.


NFC Operation Modes
NFC devices are unique in that they can change their mode of operation to be in reader/writer mode, peer-to-peer mode, or card emulation mode. The different operating modes are based on the ISO/IEC 18092 NFC IP-1 and ISO/IEC 14443 contactless smart card standards. Madmayr and Langer give the NFC modes in as;
  1. Reader/writer mode
In reader/writer mode, the NFC device is capable of reading NFC Forum mandated tag types, such as in the scenario of reading an NFC Smart poster tag. The reader/writer mode is on the RF interface compliant to the ISO 14443 and FeliCa schemes.
  1. Card Emulation
In Card Emulation mode, the NFC device itself acts as an NFC tag, appearing to an external reader much the same as a traditional contactless smart card. This enables contactless payments and e-ticketing, for example.
  1. Peer to peer
In Peer-to-Peer mode, two NFC devices can exchange data. For example, you can share Bluetooth or WiFi link set up parameters, and exchange data such as virtual business cards or digital photos. Peer-to-Peer mode is standardized on the ISO/IEC 18092 standard.


NFC threats
From the operational modes discussed in the previous section, the following attacks can be performed on the different modes;
  1. Eaves dropping
When two devices communicate via NFC they use RF waves to talk to each other. An attacker can use an antenna to also receive the transmitted signals.
The main question is how close an attacker needs to be to be able to retrieve a usable RF (Radio Frequency) signal? There is no correct answer to this question, the reason for that is the huge number of parameters which determine the answer. For example characteristics of the attacker’s antenna, quality of the attacker’s receiver, power sent out by the NFC device and so on. Additionally the mode in which the sender of the data is operating i.e. whether the sender is generating its own RF field (active mode) or whether the sender is using the RF field generated by another device (passive mode), can be used to determine eave’s dropping because of the different ways of transmitting the data for example it is harder to eaves drop on devices sending data in passive mode.
  1. Data corruption
An attacker can try to modify the data which is transmitted via the NFC interface. This can be achieved by transmitting valid frequencies of the data spectrum at a correct time. It is basically a denial of service attack.
  1. Data modification
In data modification the attacker wants the receiving device to actually receive some valid but manipulated data
  1. Data insertion
This means that the attacker inserts messages into the data exchange between two devices. The attacker could then send his data earlier than the valid receiver. The insertion will be successful only if the inserted data can be transmitted before the original device start with the answer.




Conclusion
In this survey, I have given the possible attacks that can be performed on the Near-Field Technology. These attacks are not limited to NFC wireless technology only; other wireless technologies are susceptible to these very attacks e.g. Bluetooth, Zigbee etc. I hope this survey will make students and general public appreciate the technology and affirm security of the technology in order for the usage and adapt it widely.
Posted by at No comments:

Tuesday, January 11, 2011

Feature Phones vs Smart phones

Majority of mobile phone users can not differentiate between a feature phone and a smart phone, this is a very interesting aspect in the mobile phone industry given the fact that the boundary between these phones has become blurred with technology advancements.
From a lay man's perspective, one can easily give the reason that feature phones are less complex and cheaper in price while smart phones are complex and more expensive in terms of cost. These reasons no longer hold water with the technology advancements in making feature phones not so simple anymore, base on them and you are Fukked!! 
So back to basics, Let me start with the definition of both the feature phone and smart phone the truth is that there is no standard definition of both these phones in the industry, the definitions i use are general. A feature phone is low end mobile phone having low memory and storage. CNET defines a smart phone as a phone running third-party operating system forexample Android, windows mobile, symbian and so on. Smart phones allow third party software to be installed on them.
Breaking down smart phone features which are:
1. larger screen
2. powerful processor
3. large memory capacity (gigabytes)
4. Cost – a smartphone will generally be more expensive than a standard phone.
5.Applications – Smartphones allow you to install applications, or ‘apps,’ onto your mobile phone.
6. Email – This feature allows you to receive emails (in real time) as they are detected by your phone.
7.Mobile Operating System – The most popular operating systems include Symbian OS (Nokia, LG, Motorola, Samsung, Sony Ericsson), iPhone OS, BlackBerry or Android (HTC). The mobile operating system will allow you to perform specific tasks such as editing a document or viewing a PDF file.
I hope this is useful to some people out there or even help them be a part of a conversation..hehehe
Posted by at No comments:

The Right Tablet

Research in Motion (RIM) plans to release it's tablet which may be called 'Blackpad' in march 2011, blackberry lovers must have been wondering why RIM had taken too long to jump in the growing and apple dominated market of tablets with the ipad.

The ipad set a land mark by setting the fastest selling electronic gadget in 2010. Blackberry has been planning to get everything right and indeed they have, they purchased an operating system instead of using the android OS , QNX OS, for the playbook for longer battery time and faster processing, smaller screen at 7" compared to the ipad at 9.7", lighter than the ipad and a more advanced processor ARM’s Cortex-A9 CPU core. Clearly blackberry wants the the apple users and to lead the tablet market!
Can't wait to get my hands on this tablet and put it to use!
Posted by at No comments:
Subscribe to: Comments (Atom)