You are on page 1of 21

NFC- NEAR FILED COMMUNICATION

A PATH BREAKING TECHNOLOGY
ABSTRACT ONE OF BASIC GOAL OF TECHNOLOGY HAS BEEN TO MAKE LIFE EASY BY CONVERGING VARIOUS TECHNOLOGIES. NEAR FIELD COMMUNICATION HAS GIVEN THE RAY OF HOPE OF REALISING A ULTIMATE CONVERGENCE DEVICE. 1 .Introduction Near Field Communication (NFC) is a technology for contact less shortrange communication. Based on the Radio Frequency Identification (RFID), it uses magnetic field induction to enable communication between electronic devices. The number of short-range applications for NFC technology is growing continuously, appearing in all areas of life. Especially the use in conjunction with mobile phones offers great opportunities. The main applications are: ¢ payment & ticketing NFC enables users to make fast and secure purchases, go shopping with electronic money, and also to buy, store and use electronic tickets, such as concert/event tickets, plane tickets, travel cards, etc. ¢ electronic keys For example, these can be car keys, house/office keys, etc. ¢ identification In addition, NFC makes it possible to use mobile phones instead of identity documents. In Japan, for example, student IDs can be stored on cell phones, which allows the students to electronically register for classes, to open locked campus doors, buy food at the school cafeteria, borrow books, and even get discounts at local movie theaters, restaurants, and shops. ¢ receive and share information The data stored on any tagged object (e.g.

a DVD box or a poster) can be accessed by mobile phones in order to download movie trailers, streetmaps, travel timetables etc. ¢ set-up service To avoid the complicated configuration process, NFC can be used for the set-up of other longer-range wireless technologies, such as Bluetooth or Wireless LAN. Up to now the convenience of NFC is mostly used in Asia, for instance in Japan or South Korea, where paying with a mobile phone or a NFC-smartcard already belongs to everyday lif 2 .Standards and Compatibility Near field Communication is an open platform technology, developed by Philips and Sony. NFC, described by NFCIP-1 (Near Field Communication Interface and Protocol 1), is standardized in ISO 18092 [1], ECMA 340[2] as well as in ETSI TS 102 190[3]. These standards specify the basic capabilities, such as thetransfer speeds, the bit encoding schemes, modulation, the frame architecture, and the transport protocol. Furthermore, the active and passive NFC modes are described and the conditions that are required to prevent collisions during initialization. . NFC devices have to provide these three functions in order to be compatible with the main international standards for smartcard interoperability, ISO 14443(proximity cards, e.g. PhilipâÄ¢s Mifare), ISO 15693 (vicinity cards) and to Sonys FeliCa contactless smart card system. Hence, as a combination of smartcard andcontactless interconnection technologies, NFC is compatible with todayâÄ¢s field proven RFID-technology. That means, it is providing compatibility with the millions of contactless smartcards and scanners that already exist worldwide. 3. Technology Overview NFC operates in the standard, globally available 13.56MHz frequency band. Possiblesupported data transfer rates are 106, 212 and 424 kbps and there is potentialfor higher data rates. The technology has been designed for communications up to a distance of 20

2. which is used to perform a Single Device Detection (SDD). The maximal number of time slots is limited to 16. used for ticketing applications. 3. which are described in Table 3. This is realized by a time slot method. but typically it is used within less than 10 cm.1. 3. This yields to two possible cases.. Ãà §11.1: Communication Configurations In general. the protocol allows for card emulation.3) is able to communicate with multiple targets. in passive mode the initiator (see Section 6 Technology Overview 3. at most two devices communicate with each other at the same time.cm. whereas the communication between an active and a passive device is called passive communication mode. like mobile phones. In passive mode. In contrast to the active mode.3. However. no internal power source is required.2 Coding and Modulation The distinction between active and .2. Table 3. it is better to act in passive mode. In order to reduce the collisions. A target responds in a random chosen time slot that may lead to collision with the response of another target. If the initiator receives no response.g. as defined in [2]. The communication between two active devices case is called active communication mode. even when the mobile phone is turned off.1 Communication Modes: Active and Passive The NFC interface can operate in two different modes: active and passive. it has to send the polling request again. a target may ignore a polling request set out by the initiator. This shortrange is not a disadvantage. a device can be powered by the RF field of an active NFC device and transfers data using load modulation. For batterypowered devices. An active device generates its own radio frequency (RF) field. since it aggravates eavesdropping. Hence. e. whereas a device in passive mode has to use inductive coupling to transmit data.

passive devices specifies the way data is transmitted. Consequently.3 Initiator and Target Furthermore. Figure 3.2 Modified Miller Code This line code is characterized by pauses occurring in the carrier at different positions of a period. defined in [1] is of high importance for the security of the NFC data tranfer 3. in the middle of each bit period there is always a transition. it is important to observe the role allocation of initiator and target. bits are coded as shown in Figure 3. Depending on the information to be transmitted. and the Manchester coding using a modulation ratio of 10% if the data rate is greater than 106 kbps. coding a 0 is determined on the basis of the preceded bit. While a 1 is always encoded in the same way. Figure 3. for active devices one distinguishes between the modified Miller coding with 100% modulation if the data rate is 106 kbps. whereas a high-tolow transition stands for a 1 bit. The target receives the initiatorâÄ¢s communication request and sends back a reply.2. Transitions at the start of a period are not considered.3 Initiator and Target 7 3. Passive devices encode data always with Manchester coding and a 10%ASK1. Instead.1: Manchester Code 1Amplitude-shift keying is a form of modulation that represents digital data as variations in the amplitude of a carrier wave [10] 3.2: Modified Miller Code 3. This .2. The initiator is the one who wishes to communicate and starts the communication.2.1 Manchester Code The Manchester coding depends on two possible transitions at the midpoint of a period. A low-to-high transition expresses a 0 bit. As we will discuss later the modulation ratio.

Ãà §12. in order not to disturb any other NFC communication. a collision will be detected by the initiator.3: Possible Combinations Active/Passive with Initiator/Target ([9]) 3. where the initiator determines the communication mode (active or passive) and chooses the transfer speed. In the case of an active configuration in which the RF field is alternately generated. the roles of initiator and target are strictly assigned by the one who starts the communication. the transport protocol is divided in three parts: .concept prevents the target from sending any data without first receiving a message. the passive device acts always as NFC target.3). The protocol proceeds from the principle: listen before talk.3 the general protocol flow can be divided into the initialization and transport protocol. It has to wait silently as long as another RF field is detected. responsible for generating the radio field. Ãà §11. In the case of two passive devices communication is not possible (see Table 3. Table 3.1). The initialization comprises the collision avoidance and selection of targets. General Protocol flow As shown in Figure 3.4 Collision Avoidance Usually misunderstandings are rather rare. first. before it can start the communication. it has to make sure that there is no external RF field. and only act as NFC initiator device if it is required by the application. If the case occurs that two or more targets answer at exactly the same time. As defined in [2]. since the devices have to be placed in direct proximity. By default all devices are NFC targets. after an accurately defined guard-time ([2]. Here the active device is the initiator. 8 Technology Overview If the initiator wants to communicate. Regarding the passive communication mode.

During one transaction. First of all it should be mentioned that the short communication range of a few centimeters. This may be the removal of a tag from the tagged item or wrapping them in metalfoil in order to shield the RF signal. For furtherdetails the reader may refer to the standards [1] or [2]. the data transfer speed may be changed by a parameter change procedure. In the case of rewritable tags we haveto assume that attackers may have mobile readers and the appropriate software which enable unauthorized read and write access if the reader distance is normal. In [9] Ernst Haselsteiner and Klemens Breitfuà Ÿ discuss some threats and solution for the security of NFC. If proprietary information is stored on a tag it is important to prevent from unauthorized read and write access. and ¢ The deactivation of the protocol including the De selection and the Release. Another aspect is the violation of privacy. which includes the Request for Attributes and the Parameter Selection. the mode (active and passive) and the role (initiator and target) does not change until the communication is finished.¢ Activation of the protocol. though it requires conscious user interaction. Security Aspects In this chapter. Comparison with other Technologies 5. In this work we want to focus on attacks with . There are different possibilities to attack the Near Field Communication technology. 4. As outlined in [13] read-only tags are secureagainst an unauthorized write access. does not really ensure secure communication. we want to analyze the security of NFC. In this context two very interesting papers have been published.On the one hand the different used devices can be manipulated physically. Though. ¢ The data exchange protocol.

1 Eavesdropping NFC offers no protection against eavesdropping. Now the attacker is confronted with another Man-in-the-Middle-Attack 17 problem. To send a message to device B the attacker would have to generate his own RF field. he is not able to transfer amessage to device B that would not . in active mode device A switches off the RF field after sending a message. Hence. Even though he may generate an RF field. the active and the passive communication mode. the second one ispractically impossible.2 Man-in-the-Middle-Attack In order to show that NFC is secure against a Man-in-the-Middle-Attack we haveto survey both. In contrast to the passive mode. This method allows devices to check whether the received data has been corrupted 5. In passive mode the active device (A) generates the RF field in order to send data to a passive device (B). NFC uses the cyclic redundancy check (CRC). but can be detected if deviceA checks the RF field while sending the message. The next step would be to replace itwith a different message. However. the RF field of device A has to be perfectly aligned which is not practically feasible. The aim of an intruder is to intercept this messageand prevent device B from receiving it. In practice a malicious person would have to keep a longer distance in ordernot to get noticed.regard to the communicationbetween two devices. The short range between initiator and target for a successfulcommunication is no significant problem. 5. For detecting errors. In the following we distinguish between device A and device B that are exchanging data. Consequently the maximum distance for a normal read sequence can be exceeded. RF waves for the wireless datatransfer with an antenna enables attackers to pick up the transmitted Monitoringdata. The question how close an attacker has to be locatedto retrieve an usable RF signal is difficult to answer. since attackers are not bound by thesame transmission limits. The first step is possible.

As already mentioned in Section 3. device A is assigned with the taskto check if the received messages really come from device B. Thus. that means if it is possible to change a bit of value 0 to 1 or the other way around. This applies particularly if the passive communication mode is used and the RF field is monitored by device A.be recognized by device A. data modification is possible only under certain conditions. As we will point out in thefollowing.2 data is send in different ways. Figure 5.1). By filling the pause in two half bit of the RF signal the decoder receives the signal of the third case. The feasibility of this attack. is subject to the strength of the amplitude modulation. NFC provides good protection against a Man-inthe-Middle attack. because device Ais waiting for a response from device B. The other three cases are not susceptible to such an attack. In contrast to the 100% modulation. is much morecomplicated and demands a thorough understanding. but not to generate a pause where no pause has been. Near Field Communication technology uses modulation of 100% in conjunction with the modified Miller coding which leads to 4 possible cases (see Figure 5. If 100% modulation is used. Due to the agreement of the preceding bit the decoder would verify a valid one.3: Bit modification of the Modified Miller Code For NFC. However. where a 1 is followed by another 1. 5. Disregarding relay attacks.3 Data Modification Unauthorized changing of data. In order to modify the transmitted data an intruder has to concern single bits of the RF signal. This would demand an impracticable exact overlapping of the attackers signal with the original signal at the receiverâÄ¢s antenna. a modulation ratio of 10% is always used together with Manchester coding. which results in valid messages. where really no signal is . it is possible to eliminate a pause of the RF signal. The only case. where a bit might be changed by an attacker is.

LetâÄ¢s assume. In order to provide protection against these . such as Bluetooth. Then. without being noticed by the decoder. One possibility is the usage of theactive communication mode with 106 kbps. we discussed different attacks and possible countermeasures to mitigate their impact. In [9] three countermeasures are described. here within a pause the RF signal is e. disregarding relay attacks. This represents the best possible conditions for the malicious intention of modifying NFC data (compare Table 3. Regarding the threat in summary: Except for one case. Conclusion In summary. A significant advantages of this technique is thecompatibility with existing RFID infrastructures.2). but at least reduce the risk of this attack 6.send in a pause.g. eavesdropping or data modification attacks can be carried out. It offers an intuitive and simple way to transfer data between electronic devices. 82% of the level of the full signal. In thiscase the usage of the modified Miller coding with a modulation ratio of 100%accomplishes that only certain bits can be modified. NFC provides security against Man-in-the-Middle-Attacks. the attacker is able to change a zero to one by increasing the RF signal during the first half of the signal period by another 18%. With regard to the security of NFC. always Manchester coding with 10% ASK is used for NFC data transfer. Additionally. As mentioned above this would notprevent. an attacker may increase the existing RF signal about 18% during the whole session. Near Field Communication is an efficient technology for communications with short ranges. and also may change a bit of value one to zero by simply stopping to send anything. But. This way of transmitting the data offers a modification attack on all bits. The only exception are active devices transfering data at 106 kbps. it would bringbenefits to the setup of longerrange wireless technologies. Despite the restriction of the range.

URL: http://www.Interface and Protocol (NFCIP-1). Near Field Communication Interface and Protocol (NFCIP-1). because Man-in-the.ecmainternational. integrity and authenticity. With a secure channel NFC provides confidentiality. org/publications/standard s/Ecma-340.threats. December 2004. Interface and Protocol (NFCIP-1) 2003-03.1. the establishment of a secure channel is necessary. 2004-04-01. Refernence [1] ISO/IEC 18092(ECMA-340): Information technology Telecommunications and information exchange between systems .org.Middle-Attacks represent no threat.etsi. For this purpose simply the well known DH key agreement can be used. First Edition. URL: http://www.Near Field Communication .htm. [4] ISO/IEC 21481: Information technology Telecommunications and .1: Near Field Communication (NFC) IP-1. [2] Ecma International: Standard ECMA-340. [3] ETSI TS 102 190 V1.

[8] ISO/IEC 15693: Identification cards . January 2005.ch.Contactless integrated circuit cards . [6] ETSI TS 102 312.org.org/publications/files/ECMAST/ Ecma-352. V1. .1: Electromagnetic compatibility and Radio spectrum Matters (ERM).etsi.URL:http://www.Normalized Site Attenuation (NSA) and validation of a fully lined anechoic chamber up to 40 GHz 200405. [5] Ecma International: Standard ECMA-352.Vicinity cards.ecmainternation al. URL: http://www. December 2003.information exchange between systems Near Field Communication Interface and Protocol -2 (NFCIP-2).Contactless integrated circuit cards . URL: http://www. [7] ISO/IEC 14443: Identification cards . 2001. [9] Ernst Haselsteiner and Klemens Breitfuss:Security in near field communication (NFC).1.Proximity cards.iso.pdf. Near Field Communication Interface and Protocol -2(NFCIP-2).

appearing in all areas of life. The number of short-range applications for NFC technology is growing continuously.tugraz. Based on the Radio Frequency Identification (RFID). Especially the use in conjunction with mobile phones offers great opportunities.compatible device is brought within a few centimeters of another NFC device or an NFC tag. One of the main goals of NFC technology has been to make the benefits of short-range contactless communications available to consumers globally.at/RFIDSec06/ Program/papers/002%20%20Security%20in%20NFC. communication occurs when an NFC. Users of NFC-enabled devices can simply point or touch their devices to other NFC-enabled elements in the environment to communicate with them.wikipedia. July 2006. BY: REJOY MENDEZ LBS COLLEGE OF ENGG INTRODUCTION Near Field Communication (NFC) is a technology for contactless short-range communication.Philips Semiconductors. . such as logistics and item tracking. With NFC technology.pdf.org/wiki/Amplit ude shift keying. The existing radio frequency (RF) technology base has so far been driven by various business needs. NEAR FIELD COMMUNICATION ABSTRACT NFC is one of the latest wireless communication technologies. making application and data usage easy and convenient. NFC offers safe â¼ yet simple and intuitive â¼ communication between electronic devices. it uses magnetic field induction to enable communication between electronic devices. [ 10] Wikipedia: Amplitude-shift-keying. While the technology behind NFC is found in existing applications. there has been a shift in focus â¼ most notably. Printed handout of Workshop on RFID Security RFIDSec 06. NFC technology opens up exciting new usage scenarios for mobile devices. URL:http://en. in how the technology is used and what it offers to consumers. URL:22 http://events.iaik. As a short-range wireless connectivity technology. The big advantage of the short transmission range is that it inhibits eavesdropping on NFC-enabled transactions.

l is the wire length in meters. Instead. Once an application. or 4*p*10-7 H/m. as many as three regions and two boundaries exist. as a result. l. The fields from an electric dipole are: 2. the boundaries move closer to or farther from an antenna. An NFC-enabled phone functions much like standard contactless smart cards that are used worldwide in credit cards and in tickets for public transit systems. or 2*p*f. such as a credit card application. Exchange business cards with another phone. or 3*108m/sec. Pair two Bluetooth devices. the same way as with a standard contactless credit card. These boundaries are not fixed in space. SK Schelkunoff derived these equations using MaxwellâÄ¢s equations.7V. e0 is the permittivity of free space. and h0 is the free-space impedance.To define the boundary between the fields. the customer can pay by simply waving the phone at a pointof -sale reader. Setting the magnitude of the terms in Equation 2 equal to one another. NFC enables effortless use of the devices and gadgets we use daily. 1/r2. Print an image on a printer. we use a strictly algebraic approach . f is the frequency in hertz. the 1/r3 terms dominate the equations. any electromagnetic-radiation source . smallâ¼ electric dipole antenna and from an elemental magnetic loop antenna. We can represent an ideal electric dipole antenna by a short uniform current element of a certain length. has been securely provisioned to the NFC-enabled phone. u is the angle between the zenithâÄ¢s wire axis and the observation point. This is the point where the effect of the second term wanes and the last term begins to dominate the equations.m0 is the permeability of free space. more generally.The names imply that two regions with a boundary between them exist around an antenna. USING AN ELEMENTAL DIPOLEâÄ¢S FIELD Defining a near-field/far-field boundary. The NFC phone also offers enhanced security. depending on both the radiation frequency and the amount of error an application can tolerate. we need a way to describe these regions and boundaries. v is the angular frequency in radians per second. and 1/r3. In the near field. Equations 1 through 6 contain terms in 1/r. 5. Download music or video from a smart poster. To talk about these quantities. 3. b is the electrical length per meter of wavelength. Pay bus or train fare. 2*p/l.and three-region models. Use a point-of-sale terminal to pay for a purchase.With just a point or a touch. NEAR FIELD AND FAR FIELD The terms far field and near field describe the fields around an antenna or.We need equations that describe two important concepts: the fields from an elementalâ¼ that is. along with employing some algebra . As the distance increases. or 1/36* p*1029 F/m. the1/r3 and 1/r2 terms attenuate rapidly and. implying that the boundary moves in space with . c is the speed of light.The fields for a magnetic dipole loop are: where I is the wire current in amps. or v/c. the boundary for which we are searching: and Note that the equations define the boundary in wavelengths. A brief scan of reference literature yields the terminology in Figure 1. 2. the 1/r term dominates in the far field . 6. 4. The terms apply to the two. examine the point at which the last two terms are equal.we get r. enabling the user to protect the secure applications through the phone's user interface features. or 376. Actually. r is the distance from the source to the observation point in meters . Here are some examples of what a user can do with an NFC mobile phone in an NFC-enabled environment: 1.

NFC employs two different codings to transfer data. In all other cases Manchester coding is used with a modulation ratio of 10%. There are two modes: o Passive Communication Mode: The Initiator device provides a carrier field and the target device answers by modulating existing field. both devices typically need to have a power supply. and vicinity coupling device (VCD). This . ISO 14443 (proximity cards. That means. 10% ASK Manchester. but typically it is used within less than 10 cm. and the transport protocol. which is defined in ISO 21481 .56 MHz.the frequency of the antennaâÄ¢s emissions. a modified Miller coding with 100% modulation is used. ISO 15693 (vicinity cards) and to Sonys FeliCa contactless smart card system. 10% ASK 212 kBd Manchester. ECMA 352 and ETSI TS 102 312. developed by Philips and Sony. NFC devices have to provide these three functions in order to be compatible with the main international standards for smartcard interoperability. e.56MHz frequency band. Hence. NFC. In this mode. Like ISO 14443. Supported data rates: 106. NFCIP -2 allows for selecting one of three operating modes: NFC data transfer (NFCIP-1). the active and passive NFC modes are described and the conditions that are required to prevent collisions during initialization. is standardized in ISO 18092. NFC DEVICES ESSENTIAL SPECIFICATIONS 1. STANDARDS AND COMPATIBILITY Near Field Communication is an open platform technology. NFC communicates via magnetic field induction. 5. Baud Active device Passive device 424 kBd Manchester. It operates within the globally available and unlicensed radio frequency ISM band of 13. defined in ISO 15693 . In this mode. 10% ASK . PhilipâÄ¢s Mifare ). proximity coupling device (PCD). effectively forming an air-core transformer. A device deactivates its RF field while it is waiting for data. as a combination of smartcard and contactless interconnection technologies. the frame architecture. 10% ASK Manchester. the distance where the 1/r and 1/r2 terms are equal is the most commonly quoted near-field/far-field boundary. thus making the Target device a transponder. such as the transfer speeds. Thus. 4. modulation. where two loop antennas are located within each other's near field. the Target device may draw its operating power from the Initiatorprovided electromagnetic field. If an active device transfers data at 106 kbit/s. o Active Communication Mode: Both Initiator and Target device communicate by alternately generating their own field. 212 and 424 kbps and there is potential for higher data rates. NFC devices are able to receive and transmit data at the same time. with a bandwidth of almost 2 MHz. 3. Possible supported data transfer rates are 106. TECHNOLOGICAL OVERVIEW NFC operates in the standard. the bit encoding schemes. 10% ASK 106 kBd Modified Miller. The technology has been designed for communications up to a distance of 20 cm. Working distance with compact standard antennas: up to 20 cm . or 424 kbit/s . NFC devices not only implement NFCIP-1. but also NFCIP-2. ECMA 340 as well as in ETSI TS 102 190. defined in ISO 14443 .g. 212. Judging from available literature. These standards specify the basic capabilities. NFC is compatible with todayâÄ¢s field proven RFID-technology. described by NFCIP-1 (Near Field Communication Interface and Protocol 1).100% ASK Manchester. Furthermore. it is providing compatibility with the millions of contactless smartcards and scanners that already exist worldwide. they can check the radio frequency field and detect a collision if the received signal does not match with the transmitted signal . globally available 13.

Instead. The target receives the initiatorâÄ¢s communication request and sends back a reply. Transitions at the start of a period are not considered. The modulation ratio using modified Miller coding is of high importance for the security of the NFC data transfer. it has to make sure that there is no external RF field. Consequently. Regarding the passive communication mode. like mobile phones. whereas a high-to-low transition stands for a 1 bit. responsible for generating the radio field. no internal power source is required. whereas the communication between an active and a passive device is called passive communication mode.In the case of two passive devices communication is not possible. 1. In contrast to the active mode. in the middle of each bit period there is always a transition. A target responds in a random chosen time slot that may lead to collision with the response of another target. An active device generates its own radio frequency (RF) field. since the devices have to be placed in direct proximity. Passive devices encode data always with Manchester coding and a 10%ASK1. the roles of initiator and target are strictly assigned by the one who starts the communication. For battery-powered devices. MANCHESTER CODE The Manchester coding depends on two possible transitions at the midpoint of a period. Hence. The communication between two active devices case is called active communication mode. In order to reduce the collisions. used for ticketing applications. it is better to act in passive mode. However in passive mode the initiator is able to communicate with multiple targets. While a 1 is always encoded in the same way. a device can be powered by the RF field of an active NFC device and transfers data using load modulation. MANCHESTER CODING 2. The maximal number of time slots is limited to 16. The initiator is the one who wishes to communicate and starts the communication. CODING AND MODULATION The distinction between active and passive devices specifies the way data is transmitted. COMMUNICATION CONFIGURATION In general. it has to send the polling request again. and the Manchester coding using a modulation ratio of 10% if the data rate is greater than 106 kbps. and only act as NFC initiator device if it is required by the application. which is used to perform a Single Device Detection (SDD). which are described in Table . for active devices one distinguishes between the modified Miller coding with 100% modulation if the data rate is 106 kbps. Here the active device is the initiator.short range is not a disadvantage. MODIFIED MILLER CODE INITIATOR AND TARGET Furthermore. In passive mode. first. COMMUNICATION MODES: ACTIVE AND PASSIVE The NFC interface can operate in two different modes: active and passive. at most two devices communicate with each other at the same time. since it aggravates eavesdropping. By default all devices are NFC targets. It has to wait silently as . a target may ignore a polling request set out by the initiator. even when the mobile phone is turned off. If the initiator wants to communicate. COLLISION AVOIDANCE Usually misunderstandings are rather rare. This is realized by a time slot method. bits are coded as shown in Figure. This yields to two possible cases. the protocol allows for card emulation.. e. coding a 0 is determined on the basis of the preceded bit . In the case of an active configuration in which the RF field is alternately generated. A low-to-high transition expresses a 0 bit. If the initiator receives no response. MODIFIED MILLER CODE This line code is characterized by pauses occurring in the carrier at different positions of a period. This concept prevents the target from sending any data without first receiving a message. The protocol proceeds from the principle: listen before talk. it is important to observe the role allocation of initiator and target. whereas a device in passive mode has to use inductive coupling to transmit data.g. in order not to disturb any other NFC communication. Depending on the information to be transmitted. the passive device acts always as NFC target.

the parameters of other wireless protocols can be exchanged allowing for automated set-up of other. The devices have to be literally almost touched to establish the link between them. connections. The initialization comprises the collision avoidance and selection of targets. The protocol allows such a device. the device itself will still need to be powered internally but it does not have to waste the battery on powering the RF communication interface. Though. This allows for the establishment of the network connection between the devices be completely automated and happen in a transparent manner. It supports communication at distances measured in centimeters . to operate in a power-saving mode â¼ the passive mode of NFC communication. before it can start the communication. . In this case the NFC device acts as an initiator and the passive tag is the target.The data exchange protocol. In reader/writer mode data rates of 106 kBit/sec are possible. General initialization and transport protocol UNIQUE FEATURES What makes the communication between the devices so easy is that the NFC protocol provides some features not found in other general. The transport protocol is divided in three parts : 1. OPERATING MODES OF NFC NFC is a proximity coupling technology closely linked to the standard of proximity smart cards as specified in ISO 14443. If the case occurs that two or more targets answer at exactly the same time.purpose protocols. after an accurately defined guardtime. The electromagnetic properties and the protocol (NFCIP-1) is standardized in ISO 18092 and ECMA 320/340. This has two important consequences: (1) The devices can rely on the protocol to be inherently secured since the devices must be placed very close to each other. Of course. READER/WRITER MODE (PCD): NFC devices can be used as a reader/writer for tags and smart cards. the mode (active and passive) and the role (initiator and target) does not change until the communication is finished.The deactivation of the protocol including the Deselection and the Release. which includes the Request for Attributes and the Parameter Selection. the protocol can be used easily in conjunction with other protocols to select devices and automate connection set-up. This mode does not require both devices to generate the RF field and allows the complete communication to be powered from one side only. During one transaction. Also. The whole process feels then like if devices recognize each other by touch and connect to each other once touched. it is a very short-range protocol. (2) The procedure of establishing the protocol is inherently familiar to people: you want something to communicate â¼ touch it. a collision will be detected by the initiator. Using NFC the whole procedure is simplified to a mere touch of one device to another. the data transfer speed may be changed by a parameter change procedure. The difficulty in using long-range protocols like Bluetooth or Wireless Ethernet is in selecting the correct device out of the multitude of devices in the range and providing the right parameters to the connection. and 3. longer-range. like a mobile phone. Another important feature of this protocol is the support for the passive mode of communication.long as another RF field is detected. 2. First of all. NFC Devices are capable of three different operating modes: PEER-TO-PEER MODE (NFC): This mode is the classic NFC mode. This is very important for the battery-powered devices since they have to place conservation of the energy as the first priority. It is easy to control whether the two devices communicate by simply placing them next to each other or keeping them apart.Activation of the protocol. As was demonstrated in the examples of use above. allowing data connection for up to 424 kBit/sec. GENERAL PROTOCOL FLOW As shown in Figure the general protocol flow can be divided into the initialization and transport protocol. where the initiator determines the communication mode (active or passive) and chooses the transfer speed.

A legacy reader canâÄ¢t distinguish a mobile phone operating in tag emulation mode from an ordinary smart card. The concept is simple: in order to make two devices communicate.but faster than infrared (115 kbps). in a way similar to passive RFID tag behavior . which have been integrated into mobile phones. although the physical data transfer mechanism is different. such as access control or public transport ticketing â¼ it is often possible to operate with old infrastructure. The problem with infrared. Bluetooth also supports point-to multipoint communications. NFC simplifies the way consumer devices interact with one another and obtains faster connections. computers and payment terminals. such as a small battery. The significant advantage over Bluetooth is the shorter set-uptime. Bluetooth and infrared. NFCIP-1 is an NFC-specific communication mode. NFC is comparable to other short-range communication technologies such as IrDA. The NFCIP-1 mode is divided into two variants: active mode and passive mode. This makes it possible to save power in the target device. In this mode. All these protocols are point-to-point protocols. 2 .1s). the connection between two NFC devices is established at once (<0. and the target device uses load modulation when communicating back to the initiator. Basically. This mode is intended for peer-to-peer data communication between devices.peer communication . the technologies Radio Frequency Identification and Near Field Communication use the same working standards. bring them together or make them touch. NFCIP-1 is an NFC-specific communication mode. NFC combines the feature to read out and emulate RFID tags. although the physical data transfer mechanism is different. which only support communication between powered devices and passive tags. In passive mode. which reacts sensitively to external influences such as light and reflecting objects. even if operated from a small lithium coin-cell battery. both participants generate their own carrier while transmitting data. NFCIP-2 (specified in ECMA-352) defines how to automatically select the correct operation mode when starting communications.This provides a degree of security and makes NFC suitable for crowded areas . It is possible to make a target device â¼ such as a sensor readable over NFC â¼ last for several years. the oldest wireless technology introduced in 1993. In contrast to Bluetooth and infrared NFC is compatible to RFID. for example. In this mode. to share data between electronic devices that both have active power. short-range communication between electronic devices such as mobile phones. However. This is possible because of NFCâÄ¢s capability to emulate RFID tags (card interface mode).NFC AND RFID The heritage of earlier standards gives NFC compatibility benefits with existing RFID applications. NFC has the shortest range . is the fact that a direct line of sight is required. which is a useful feature if the target device has a very restricted energy source. defined in the ECMA-340 standard. NFC is comparable to other short-range communication technologies such as IrDA. This mode is intended for peer-to-peer data communication between devices. defined in the ECMA340 standard. NFC hardware can include a secure element for improved security in critical applications such as payments. even if the RFID card is replaced with an NFC-enabled mobile phone.Thus. For example. The upper layer defines the mechanism of Selecting the communication mode on the lower layer. This is an advantage of NFC technology as already existing reader infrastructures do not need to be replaced. With less than 10 cm. This will engage the wireless . Table points out these different capabilities of NFC. the essential extension of RFID is the communication mode between two active devices. The smart card chip used for tag emulation is also referred to as secure element. In addition to contactless smart cards (ISO 14443).The data transfer rate of NFC (424 kbps) is slower than Bluetooth (721 kbps). personal data assistants (PDAs). COMPARISON WITH OTHER TECHNOLOGY 1.TAG EMULATION MODE (PICC): In this mode the NFC device emulates an ISO 14443 smart card or a smart card chip integrated in the mobile devices is connected to the antenna of the NFC module. NFC compared with Bluetooth and IrDa Near Field Communication (NFC) is an emerging wireless technology that is designed to facilitate secure. and furthermore.COMPARISON WITH BLUETOOTH AND INFRARED Compared to other short-range communication technologies. only the initiator generates a carrier during communications. a credit card could be integrated into a mobile phone and used over NFC. NFC also provides peer-to. Instead of performing manual configurations to identify the otherâÄ¢s phone. In active mode.

In our prototype development.e. The question how close an attacker has to be located to retrieve an usable RF signal is difficult to answer. they can continue communication using long range and faster protocols such as Bluetooth or wireless Internet (WiFi). Another aspect is the violation of privacy. For detecting errors. Once the device is linked up using NFC.. we will consider different possible types of attacks on the NFC communication. the serial NFC PN531 module from Philips Electronics was used to provide the NFC air interface. The short range between initiator and target for a successful communication is no significant problem. 8 data bits.interface of the two devices and configure them to link up in a peer -to-peer network . If proprietary information is stored on a tag it is important to prevent from unauthorized read and write access.Characteristic of the attackerâÄ¢s antenna (i. The Bluetooth and NFC modules require a 5 VDC power supply each. Driver software is needed in the mobile device to drive the NFC PN531 on the NFCBluetooth Bridge to react to NFC targets that are tapped between each other. For most of these attacks there are countermeasures in order to avoid or at least reduce the threats. There are different possibilities to attack the Near Field Communication technology. To analyze the security aspects of NFC two very interesting papers have been published. In the case of rewritable tags we have to assume that attackers may have mobile readers and the appropriate software which enable unauthorized read and write access if the reader distance is normal. A PCB (labeled as PS in Fig. In this we want to focus on attacks with regard to the communication between two devices. antenna geometry. 1 EAVESDROPPING NFC offers no protection against eavesdropping.e. the PCB. the proposed NFC-Bluetooth Bridge and an NFC card which is embedded on a smart poster. Password authentication was enabled for pairing of the two Bluetooth devices. The read-only tags are secure against an unauthorized write access.) is used to share the power drawn from an external power supply to the two component modules. and also the paper Security Aspects and Prospective Applications of RFID Systems gives some useful information. NFC-BLUETOOTH BRIDGE ARCHITECTURE The NFC-Bluetooth Bridge is a separate electronic device with two different air interfaces: Bluetooth (BT) and NFC. In practice a malicious person would have to keep a longer distance in order not to get noticed. In the following. and to send and receive information from it. The Bluetooth adapter was configured to the discoverable and connectable mode. It comprises a Bluetooth enabled device. 1 stop bit and no parity bit. This method allows devices to check whether the received data has been corrupted. This is depending on a huge number of parameters. though it requires conscious user interaction. NFC uses the cyclic redundancy check (CRC). This mode allows the adapter to be discovered when a mobile device searches for it by the device name. Consequently the maximum distance for a normal read sequence can be exceeded. such as: RF filed characteristic of the given sender device (i. Both the NFC module and the Bluetooth adapter were connected by a RS232 cable and communicated using the following RS232 protocol: 9600 baud. antenna geometry. possibility to change the position in all 3 . RF waves for the wireless data transfer with an antenna enables attackers to pick up the transmitted Monitoring data. shielding effect of the case. and the serial Initium Promi SD102 Bluetooth adapter was used to provide the Bluetooth air interface. SECURITY ASPECTS First of all it should be mentioned that the short communication range of a few centimeters. This may be the removal of a tag from the tagged item or wrapping them in metal foil in order to shield the RF signal.. In Ernst Haselsteiner and Klemens Breitfuà Ÿ discuss some threats and solution for the security of NFC. NFC-BLUETOOTH BRIDGE SYSTEM The system architecture of the NFC-Bluetooth Bridge System is shown in Fig. the environment) 1. since attackers are not bound by the same transmission limits. On the one hand the different used devices can be manipulated physically. does not really ensure secure communication.

and also may change a bit of value one to zero by simply stopping to send anything. which does not generate itâÄ¢s own RF field is much harder to attack. always Manchester coding with 10% ASK is used for NFC data transfer. but at least reduce the risk of this attack. it is possible to eliminate a pause of the RF signal. Experimenting and literature research can be used to get the necessary knowledge.g. If data is transfered with stronger modulation it can be attacked easier. Near Field Communication technology uses modulation of 100% in conjunction with the modified Miller coding which leads to 4 possible cases (see Figure). where really no signal is send in a pause. without being noticed by the decoder. Denoted as the probably best solution is the use of a secure channel. One possibility is the usage of the active communication mode with 106 kbps. As we will point out in the following. In order to modify the transmitted data an intruder has to concern single bits of the RF signal. This attack is relatively easy to realize. where a 1 is followed by another 1. but not to generate a pause where no pause has been.Setup of the location where the attack is performed (e. where a bit might be changed by an attacker is.g. The only case. NFC devices are able to receive and transmit data at the same time. LetâÄ¢s assume. The Feasibility of this attack. ThatâÄ¢s because. Thus.dimensions) 2. This represents the best possible conditions for the malicious intention of modifying NFC data . When a device is sending data in active mode. There is no way to prevent such an attack. based on the active or passive mode. eavesdropping can be done up to a distance of about 10 m. the confidentiality of NFC is not guaranteed.Quality of the attackerâÄ¢s RF signal decoder. The effect is that a service is no longer available. As mentioned above this would not prevent. Due to the agreement of the preceding bit the decoder would verify a valid one. This way of transmitting the data offers a modification attack on all bits. the transferred data is coded and modulated differently . is much more complicated and demands a thorough understanding. If 100% modulation is used. By filling the pause in two half bit of the RF signal the decoder receives the signal of the third case. This would demand an impracticable exact overlapping of the attackers signal with the original signal at the receiverâÄ¢s antenna. this distance is significantly reduced to about 1 m. In this case the usage of the modified Miller coding with a modulation ratio of 100% accomplishes that only certain bits can be modified. 82% of the level of the full signal. Then. 2 DATA DESTRUCTION An attacker who aspires data destruction intends a corruption of the communication. a modulation ratio of 10% is always used together with Manchester coding. However. However. Three countermeasures are described here. That means. For applications which transmit sensitive data a secure channel is the only solution. data modification is possible only under certain conditions. which results in valid messages.Quality of the attackerâÄ¢s receiver. Still. than an active device. One possibility to disturb the signal is the usage of a so called RFID Jammer. The other three cases are not susceptible to such an attack. The data can be send in different ways. eavesdropping is extremely affected by the communication mode. the attacker is not able to generate a valid message. Equipped with such an antenna a malicious person that is able to passively monitor the RF signal may also extract the plain text. the attacker is able to change a zero to one by increasing the RF signal during the first half of the signal period by another 18%. whereas when the sending device is in passive mode. Hence. Bit modification of the Modified Miller Code For NFC. that means if it is possible to change a bit of value 0 to 1 or the other way around. barriers 5. a passive device. This would provide data integrity. 4.. it is possible to let the devices check the RF field as already described. 3 DATA MODIFICATION Unauthorized changing of data. here within a pause the RF signal is e. an attacker may increase the existing RF signal about 18% during the whole session. Furthermore. Instead of eavesdropping this is not a passive attack. but it is possible to detect it. The only exception are active devices transfering data at 106 kbps. we assume that such attacks will occur since the required equipment is available for everyone. they can check the radio frequency field and will notice the collision. Regarding the threat in summary: Except for one case. Furthermore.Power sent out by the NFC device. In contrast to the 100% modulation. 3. . is subject to the strength of the amplitude modulation.

In order to prevent such attacks the device should try to answer with no delay. Plenty of applications are possible. Mobile ticketing in public transport â¼ an extension of the existing contactless infrastructure. Travel cards d. he is not able to transfer a message to device B that would not be recognized by device A. A significant advantages of this technique is the compatibility with existing RFID infrastructures. Electronic keys â¼ car keys. 5.4 DATA INSERTION This attack can only be implemented by an attacker. 6. reader mode: the NFC device is active and read a passive RFID tag. searching. NFC can be used to configure and initiate other wireless network connections such as Bluetooth . It offers an intuitive and simple way to transfer data between electronic devices. The aim of an intruder is to intercept this message and prevent device B from receiving it. NFC is based on existing contactless infrastructure around the world that is already in use by millions of people on a daily basis. g. device A is assigned with the task to check if the received messages really come from device B. Near Field Communication is an efficient technology for communications with short ranges. and others b. FUTURE APPLICATION a. Additionally. This applies particularly if the passive communication mode is used and the RF field is monitored by device A. hotel room keys. the active and the passive communication mode. but can be detected if device . it would bring benefits to the setup of longer-range wireless technologies. 7. waiting. Hence.Middle attack. Bluetooth pairing â¼ in the future pairing of Bluetooth 2. Wi-Fi or Ultra-wideband. There are three main use cases for NFC: 1. etc. card emulation: the NFC device behaves like an existing contactless card 2. the RF field of device A has to be perfectly aligned which is not practically feasible. The process of activating Bluetooth on both sides. pairing and authorization will be replaced by a simple "touch" of the mobile phones.Wifi . Electronic money c. such as: 4. 5 MAN-IN-THEMIDDLE-ATTACK In order to show that NFC is secure against a Man-in. but actually a technology that makes peoples lives easier â¼ easier to . Mobile payment â¼ the device acts as a debit/ credit payment card. again checking the RF field and also the secure channel can be used to protect against attacks. Now the attacker is confronted with another problem. because device A is waiting for a response from device B. for example for interactive advertising 3. In contrast to the passive mode.1 devices with NFC support will be as easy as bringing them close together and accepting the pairing. NFC for Health Monitoring in Daily Life . The first step is possible. Smart poster â¼ the mobile phone is used to read RFID tags on outdoor billboards in order to get info on the move.the-Middle-Attack we have to survey both.A checks the RF field while sending the message. Alternatively. In the following we distinguish between device A and device B that are exchanging data. USES AND APPLICATIONS NFC technology is currently mainly aimed at being used with mobile phones. Identity documents e. Even though he may generate an RF field. h. Disregarding relay attacks. the second one is practically impossible. CONCLUSION In summary. in active mode device A switches off the RF field after sending a message. house/office keys. The next step would be to replace it with a different message. Thus. concert/event tickets. In passive mode the active device (A) generates the RF field in order to send data to a passive device (B). if there is enough time to send an inserted message before the real device starts to send his answers. However. such as Bluetooth . Mobile commerce f. P2P mode: two NFC devices are communicating together and exchanging information. If a collision occurs the data exchange would be stopped at once. NFC is not a fashionable nice-to-have technology. To send a message to device B the attacker would have to generate his own RF field. NFC provides good protection against a Man-in the. Electronic ticketing â¼ airline tickets.

Jorma Ylinen and Pekka Loula Telecommunication Research Center Proceedings of the ITI 2007 29th Int. K. Ramà ³n Hervà ¡s . June 25-28. C. BIBLIOGRAPHY ISO/IEC 18092(ECMA-340): Information technology â¼ Telecommunications and information exchange between systems .P.December2004. K. Ecma International: Standard ECMA-340. First Edition. Tan*.htm.Sixth International Conference on the Management of Mobile Business (ICMB 2008)0-76952803-1/07 $25.org . Croatia Near Field Communication and Bluetooth Bridge System for Mobile Commerce C.00 Ãà 2008 IEEE © Anokwa. O.Near Field Communication . GAN 2006 IEEE International Conference on Industrial Informatics WIKIPEDIA http://WWW. Josà © Bravo. on Information Technology Interfaces.NFCFORUM.Y. Ong . Leong.Interface and Protocol (NFCIP-1). New York .USA.org/publications/standards/Ecma-340. Gabriel Chavira From Implicit to Touching Interaction: RFID and NFC Approaches . 2004-04-01. Y. Conf. A Framework for Integration of Radio Frequency Identification and RichInternet Applications Mikko Koskela. et al.. Near Field Communication Interface and Protocol(NFCIP1).COM http://www.ecmainternational. A User Interaction Model for NFC Enabled Applications . 2007.pay for goods and services.ecma-international.URL:http://www. K. and easier to share data between devices. easier to use public transport. Cavtat . in IEEE International Conference on Pervasive Computing and Communications Workshops 2007.