Survey of NFC security

Introduction
NFC is a wireless proximity communication technology allowing us to transfer data over a distance of up to 10 cm.
NCF is a contactless technology , A contactless technology as one that lets users pay for transactions by simply holding cards close to, rather than swiping them through a reader.
Combining NFC technology with applications such as payment in a mobile device or contactless access raises potential security risks and attacks. Attacks against an NFC device can be performance anywhere and may not be noticed by the victim as the communication itself is contactless.
The technology is relatively new to be accepted widely world it should demonstrate the ability to fend off attacks.


NFC Operation Modes
NFC devices are unique in that they can change their mode of operation to be in reader/writer mode, peer-to-peer mode, or card emulation mode. The different operating modes are based on the ISO/IEC 18092 NFC IP-1 and ISO/IEC 14443 contactless smart card standards. Madmayr and Langer give the NFC modes in as;

1. Reader/writer mode

In reader/writer mode, the NFC device is capable of reading NFC Forum mandated tag types, such as in the scenario of reading an NFC Smart poster tag. The reader/writer mode is on the RF interface compliant to the ISO 14443 and FeliCa schemes.

2. Card Emulation

In Card Emulation mode, the NFC device itself acts as an NFC tag, appearing to an external reader much the same as a traditional contactless smart card. This enables contactless payments and e-ticketing, for example.

3. Peer to peer

In Peer-to-Peer mode, two NFC devices can exchange data. For example, you can share Bluetooth or WiFi link set up parameters, and exchange data such as virtual business cards or digital photos. Peer-to-Peer mode is standardized on the ISO/IEC 18092 standard.


NFC threats
From the operational modes discussed in the previous section, the following attacks can be performed on the different modes;

1. Eaves dropping

When two devices communicate via NFC they use RF waves to talk to each other. An attacker can use an antenna to also receive the transmitted signals.
The main question is how close an attacker needs to be to be able to retrieve a usable RF (Radio Frequency) signal? There is no correct answer to this question, the reason for that is the huge number of parameters which determine the answer. For example characteristics of the attacker’s antenna, quality of the attacker’s receiver, power sent out by the NFC device and so on. Additionally the mode in which the sender of the data is operating i.e. whether the sender is generating its own RF field (active mode) or whether the sender is using the RF field generated by another device (passive mode), can be used to determine eave’s dropping because of the different ways of transmitting the data for example it is harder to eaves drop on devices sending data in passive mode.

2. Data corruption

An attacker can try to modify the data which is transmitted via the NFC interface. This can be achieved by transmitting valid frequencies of the data spectrum at a correct time. It is basically a denial of service attack.

3. Data modification

In data modification the attacker wants the receiving device to actually receive some valid but manipulated data

4. Data insertion

This means that the attacker inserts messages into the data exchange between two devices. The attacker could then send his data earlier than the valid receiver. The insertion will be successful only if the inserted data can be transmitted before the original device start with the answer.




Conclusion
In this survey, I have given the possible attacks that can be performed on the Near-Field Technology. These attacks are not limited to NFC wireless technology only; other wireless technologies are susceptible to these very attacks e.g. Bluetooth, Zigbee etc. I hope this survey will make students and general public appreciate the technology and affirm security of the technology in order for the usage and adapt it widely.