You are on page 1of 3


  c  c

Submitted by:-


Roll no:-0710420 Roll no:-0710429


This paper gives a case study of security in NFC. It uses a systematic approach to analyze the
various aspects of security whenever an NFC interface is used. It lists the threats, which are
applicable to NFC, and describes solutions to protect against these threats.


Although the communication range of NFC is limited to a few centimeters, NFC alone does not
ensure secure communications. Thereare different possible types of attacks on NFC.Applications
may use higher-layer cryptographic protocols (e.g., SSL) to establish a secure channel.


NFC uses RF signals for communication. The NFC communication is usually done between two
devices at about 10cm away from each other.
The RF signal for the wireless data transfer can be picked up with antennas. The distance from
which an attacker is able to eavesdrop the RF signal depends on numerous parameters, but is
typically a small number of meters. Also, eavesdropping is extremely affected by the
communication mode. When a device is sending data in active mode, eavesdropping can be done
up to a distance of about 10m, whereas when the sending device is in passive mode, this distance
is significantly reduced to about 1m.
A passive device that does not generate its own RF field is much harder to eavesdrop on than an
active device. One Open source device that is able to eavesdrop on passive and active NFC
communications is the Proxmark instrument.

Data modification means unauthorized modification of data which results in valid messages. In
order to modify the transmitted data, an intruder has to deal with the single bits of the RF signal.
The feasibility of this attack highly depends on the applied strength of the amplitude modulation.
It is because the decoding of the signal is different for different amount of modulation. If data is
transferred with the modified Miller codingand a modulation of 100%, only certain bits can be
modified. A modulation ratio of 100% makes it possible to eliminate a pause of the RF signal,
but not to generate a pause where no pause has been. Thus, only a bit of value 1 which is
followed by another bit of value 1 might be changed. Transmitting Manchester-encoded data
with a modulation ratio of 10% permits a modification attack on all bits.
 D  c   
In data corruption the attacker just wants to disturb the communication such that the receiver is
notable to understand the data sent by the other device.This attack is not too complicated, but it
does not allow the attacker to manipulate the actual data. Itis basically a Denial of Service attack.


The man-in-the-middle attack (often abbreviated MITM), bucket-brigade attack, or sometimes
Janus attack, is a form of active eavesdropping in which the attacker makes independent
connections with the victims and relays messages between them, making them believe that they
are talking directly to each other over a private connection, when in fact the entire conversation
is controlled by the attacker. The attacker must be able to intercept all messages going between
the two victims and inject new ones, which is straightforward in many circumstances.

A man-in-the-middle attack can succeed only when the attacker can impersonate each endpoint
to the satisfaction of the other²it is an attack on mutual authentication.


NFC has no built in mechanism to guard against eavesdropping.The data transmitted in passive
modeis significantly harder to be eavesdropped on, but usingonly the passive mode is not
sufficient formost applications which transmit sensitive data.The only real solution to
eavesdropping is toestablish a secure channel.

Protection against data modification can be achievedin various ways.
å NFC devices can check the RF field while sending.
å y using 106k aud in active mode it getsimpossible for an attacker to modify all the
datatransmitted via the RF link
å Secure channel construction.

NFC devices check the RF field, when they are transmittingdata. If NFC devices do this, it will
be able todetect the attack. The power which is needed to corruptthe data is significantly bigger,
than the power whichcan be detected by the NFC device. Thus, every suchattackcan be detected
very easily.


It is practically impossible to do a Man-in-the-Middle-attack on an NFC link. Weneed to use
active-passive communication mode such thatthe RF field is continuously generated by one of
thevalid parties. Moreover, the active party shouldlisten to the RF filed while sending data to be
able todetect any disturbances caused by a potential attacker.