Attacks on NFC enabled phones and their countermeasures

Transcription

1 Attacks on NFC enabled phones and their countermeasures Arpit Jain: September 3, 2012 Philosophy This survey explains NFC, its utility in real world, various attacks possible in NFC enabled phones and the countermeasures available to circumvent such attacks. Summary NFC is standard wireless communication technology for smart phones, which are in close proximity not more than few centimetres. NFC operates at a frequency of 13.56MHz and offers data transmission rate of upto 424Kbps. NFC uses NDEF format for data exchange and works in 3 modes namely a).card emulation, b).reader/writer c).peer-to-peer NFC has found applications in contactless payment system, e-posters, Door-locking system and bluetooth and WiFi connection which makes it vulnerable to many attacks. Prominent among them are Relay attack, skimming and cloning attacks which may badly affects transactions and can make NFC enabled devices as a platform for attackers. As the cost, time, hardware and technical skills needed to perform these attacks on NFC enabled devices are less as compared to other custom built devices, and also API s needed are publicily available, so NFC devices becomes more vulnerable to these attacks. Nevertheless, countermeasures for these attacks are available which helps in ammending the utility of NFC devices in various applications. Commonly available solutions for mitigating these attacks includes Distance bounding protocol, location based security metrics, timing based protocols, securing NFC secure element activity, cryptographically linking the application to a unique identifier etc. 1 Related Work 1.1 NFC and NDEF NFC NFC(near field communication) is a short range radio technology that enables communication between devices either through touch or devices held closely. NFC uses ISO standard(standard for contactless card)[7] and is compatible with existing contactless card infrastructure and enables a consumer to utilize one device across different systems. NFC operates in a frequency range centered on MHz and offers a data transmission rate of up to 424 kbit/s within a distance of approximately 10 centimeters. In contrast to the conventional contactless technology[1] in this frequency range (only active-passive communications), communications between NFC-capable devices can be active-active (peer-to-peer) as well as active-passive NFC Operating modes NFC devices can operate in 3 modes: 1. Read/Write- In this mode, the NFC-enabled phone can read or write data to any of the supported tag types in a standard NFC data format. 1

2 2. Peer-to-Peer- In this mode, two NFC-enabled devices can exchange data. For example, you can share Bluetooth or Wi-Fi link setup parameters to initiate a Bluetooth or Wi-Fi link. You can also exchange data such as virtual business cards or digital photos. Peer-to-peer mode is standardised on the ISO/IEC standard. Note: The Symbian implementation for NFC currently supports initiation of a Bluetooth link, while Wi-Fi is not supported yet. Also, the Java implementation for NFC does not support this mode of operation. 3. Card Emulation- An NFC-enabled phone acts as a reader when in contact with tags. In this mode, the phone can act as a tag or contactless card for existing readers. Note: The Symbian and Java implementations for NFC do not currently support this mode of operation Uses of NFC Many possible NFC applications are being considered. The special advantage of NFC is its straightforward mode of use, simply touch or place a device close to something to initiate the desired service. Some typical uses are: 1. Authentication, access control - store electronic keys, legitimations on NFC phones (a) Secure building access (b) Secure PC log-in (c) Unlock car doors (d) Setup your home office with a touch by your NFC phone 2. Data transfer between different NFC-units (peer-to-peer data exchange) like NFC- smart phones, digital cameras, notebooks, etc. (a) Exchange electronic business cards (b) Print out photos by holding the camera close to printer 3. Unlock another service (such as opening another communication link for data transfer) (a) Setting up Bluetooth, WLAN links 4. Access to digital information (a) Read schedules from smart poster to NFC phone (b) Download maps from smart poster to NFC phone (c) Record location such as a parking in NFC phone 5. Mobile payment (a) Pay with NFC phones for tickets or taxi rides (b) Pay with NFC phones at contactless POS (point of sales) (c) Store vouchers on NFC phones 6. Ticketing (a) Store theater / attraction / event tickets on NFC phone 2

3 Figure 1: NDEF message and records NFC Forum standards 1. NDEF: NDEF specification defines a message encapsulation format to exchange information between NFC device and NFC device/nfc tag. Its a light weight binary message that can be used to encapsulate payload of 1 or more application of arbitrary type and size into a single message. An NDEF message consist of 1 or many NDEF records. The payload contents can be of type URL, MIME media, or an NFC-specific data type. For NFC-specific data types, the payload contents must be defined in an NFC Record Type Definition (RTD) file. When we communicate with our NFC reader devices (mobile phones) to read or write data to NFC tag we read basically the hexa code. 2. RTD(Record Type Definition)- NFC forum specified several record formats which can be carried out in NDEF records. Each NFC Forum record type is specified in a Record Type Definition (RTD) document. NFC defines the following RTDs: (a) NFC Text RTD (b) NFC URI RTD (c) NFC Smart Poster RTD (d) NFC Generic Control RTD (e) NFC Signature RTD The simplest is a Text record type, which can carry a Unicode string. A text record can be included in an NDEF message as a descriptive text for another record. The URI record type can be used to store a URI such as a web address, an , or a phone number in an optimised binary form. The Smart Poster RTD defines how to put URLs, SMSs, or phone numbers on an NFC Forum tag. 3. LLCP- To enhance the peer-to-peer mode of operation, the NFC Forum has specified the link-level protocol known as the Logical Link Control Protocol (LLCP). In the NFC peer-to-peer protocol stack, LLCP provides additional communication capabilities on top of the NFCIP-1/ ISO LLCP introduces a two-way, link-level connection, allowing both peers to send and receive data using the following methods of data exchange: Connection-oriented transfer, where data exchanges are acknowledged; Connectionless transfer, where data exchanges are unacknowledged. 1.2 Relay Attacks on NFC NFC technology now a days has proven its utility in m-payment, ticketing and access control. But the ability of NFC-enabled phones to act as a token and a reader makes it an ideal platform for implementing software relay attack. In relay attack[4], attacker only needs to relay the challenge and reponse to the legitimate token and reader respectively, without minimal knowledge of the data to be relayed and security protocols used. For this the attacker and his/her accomplice uses proxy-devices that communicate over 3

4 Figure 2: Practical relay setup using only NFC mobile phones a proxy channel, and thus requires a high-speed and reliable communication link between the two NFC mobile phones implementing the proxy-reader and proxy-token. Figure3 shows pratical implemention of relay attack where, a person who does not know the rules of chess could play against two grand masters by challenging both of them to a postal game. The player would then simply forward the move received from one grand master to the other, effectively making them play against one another. Each grand master would think that they are playing said person, but in reality they are playing against each other. Relay attack[6] is able to bypass application layer security protocol even if it is based on strong cryptographic principles by simply relaying a challenge to a legitimate token, which will provide him with the correct response, which can then be relayed back to the verifier. 1.3 Skimming and cloning attack on NFC NFC enabled phone with a secure element embedded can be used as a platform for skimming and cloning attacks[5]. For developing clone, some midlet needs to be executed for unlocking of SE and once it gets unlocked, an applet will be loaded and installed on SE using loader, GP shell. Our applet should be designed in a way to recieve the standard communication messages exchanged in the system and respond with the messages which convinced the reader that it is communicating with the legitimate reader. In a same way MIDLET(for skimming) can be developed using nokia SDK and designed to establish an ISO based connection with external smart cards and exchange APDUs(Application protocol data units) with them. The midlet sends the command APDUs required to extract detailed information of the card, which arrived in the form of response APDUs. The API used JSR257 doesnt require any code signing certificate, so any hacker having knowledge of command protocols of a legitimate application could create his own application software to extract details of legitimate contactless card. Figure2 shows illustrates the static messages used to authenticate contactless card. Orientation and problems identified 1. NFC enabled phones has an legitimate acceptable factor which makes them less suspicious in public, unlike custom built hardware used for skimming and cloning attacks. 2. No dedicated hardware is needed for the relay attack to perform, it is possible using unmodified NFC-enabled mobile phones, and requires an attacker to write suitable mobile platform applications using publicly available APIs. 3. Some security vulnerability[8] are also available in NDEF, standard which NFC is using for communication. An attacker may replace tag content or even replace whole tag with the modified tag, this may result in attacks like phishing. 4

5 Figure 3: Message flow obtained from the Data Capture Analysis in our test system NFC Architecture This chapter includes the main components[5] that an NFC-enabled phone platform comprised of, and also API s available for communication between these components. 3 main components are as follows: 1. Application Execution Environment(AEE): The general application area of the mobile phone providing data storage and processing capabilities. 2. Trusted Execution Environment(TEE): It contains the core of NFC system, Secure Element(SE), which is used to control the NFC based transaction by providing a secure platform for containing sensitive applications and key material. Based on where SE is interfaced in NFC devices, we have 3 architectures. The first involves a SE that is an independent embedded hardware module, i.e. an extra smart token IC (Integrated Chip) built into the phone. A second option, preferred by mobile network operators, is to have the existing Subscriber Identity Application module also act as the SE, i.e. to integrate the SE functionality into the Subscriber Identity Module (SIM). The third option is the use a removable memory component such as Secure MultiMediaCard (Secure Figure 4: illustrates the functional diagram of the NFC architecture in mobile phones and how it interacts with internal and external components 5

6 MMC) or Secure Digital card (Secure SD) as a SE. 3. NFC Controller: NFC controller handles the physical transmitting and receiving of data over the RF interface. The SE communicates with the NFC controller, the external reader device and the applications installed on the mobile phone through well defined, and standardised, interfaces. References [1] a nd c ontactless/. [2] N F C D ata E xchange F ormat [3] [4] L. Francis, G. Hancke, K. Mayes, and K. Markantonakis. Practical nfc peer-to-peer relay attack using mobile phones. In Proc. The 6th Workshop on RFID Security (RFIDSec 2010), Istanbul, Turkey. [5] L. Francis, G. Hancke, K. Mayes, and K. Markantonakis. Potential misuse of nfc enabled mobile phones with embedded security elements as contactless attack platforms. In Proc. Internet Technology and Secured Transactions, ICITST International Conference for, pages 1 8, nov [6] Lishoy Francis, Gerhard Hancke, Keith Mayes, and Konstantinos Markantonakis. Practical relay attack on contactless transactions by using nfc mobile phones. In Proc. Cryptology eprint Archive, Report 2011/618, [7] rohde schwarz. White paper on near field communication (nfc) technology and measurements. Cryptology eprint Archive, Report 2011/618, /1MA182 2.pdf. [8] Wei Tang, Guang Jin, Jiaming He, and Xianliang Jiang. Extending android security enforcement with a security distance model. In Proc. Internet Technology and Applications (itap), 2011 International Conference on, pages 1 4, aug