MSF Seminar 9
Low cost, low profile eavesdropping of Near Field Communications (NFC). A privacy threat.
- When?
- Monday 12 December 2011, 16:00 to 17:00
- Where?
- 39BB02
- Open to:
- Public, Staff, Students
- Speaker:
- Mr Thomas P. Diakos
Google CEO, Eric Schmidt, announced on the 15th of November 2010 the plan for their next generation of Android based mobile phones to become electronic wallets by making use of Near Field Technology (NFC). NFC is contactless technology based on high frequency RF tags already found in contactless cards like the Oyster. Little research has been carried out on how secure the services offered by NFC are, one of the reasons being its reliance on proximity (~10cm). Attacks that have been carried out used expensive antennas and other equipment. They have also been targeted at contactless cards and not mobile phones where other side channels exist like Bluetooth and Wi-Fi, making crosstalk and information leakage a security concern.
While most work has focused on the PHY layer, the potential vulnerabilities at higher layers have remained unexplored. The aim of our research is to investigate to what extend a combination of PHY and Application layer attacks could be successful in compromising the privacy and anonymity of contactless payment users. Ensuring that NFC is a secure platform could possibly make credit and access cards obsolete. Such devices could be used for access control, for example getting on trains and buses without needing to purchase a ticket in advance. They could also be used to transfer money to each other and also offer a quick way of checking out account balances quickly and easily and also replace the current chip and pin system.
Our work begins with investigating possible alternatives to expensive and laboratory-grade equipment for carrying out eavesdropping on contactless transactions. We consider discrete antennae-like objects such as a shopping trolley or a rucksack antenna together with low cost electronics to form a receiver. We then examine the best BER obtainable with our equipment and to what extend the privacy of the user is exposed through eavesdropping.
