Introduction

Near Field Communication (NFC) is a new technology developed for pairing two devices over a very short distance. Introduced in 2002 by the joint effort of NXP Semiconductors (a Philips Semiconductors spin-off) and Sony, it has brought to the scene new benefits for modern consumers, particularly mobile users. Bringing additional intelligence – and accordingly new commercial services – to smartphones was meant to generate direct revenue for NFC (although its possible uses are widely applicable). To handle payments among key applications, the technology required the interaction of mobile vendors and financial institutions. To create this standards-based technology, the Near Field Communication Forum (NFC Forum) was founded, with a large list of participating member companies – all the major vendors of mobile phones, mobile operators, credit card companies, payment services etc.

Today's smartphones are increasingly being equipped with the NFC chip, which creates an encrypted communication link to the interrogator device, when briefly exposed to its field in immediate proximity. From a practical standpoint, the connection begins when the user moves his smartphone in front of a place marked with the NFC Forum N-Mark logo shown in Figure 1. (For the list of countries where the N-Mark trademark is registered, see http://www.nfc-forum.org/resources/N-Mark/n-mark_jurisdictions.) An application on the user's smartphone will then be able to execute a certain action (pay for a service, gain access, identify the user, initiate another correlated execution, and similar activities). N-marked places are in testing at the moment, but might soon be available anywhere. Payment sites could become particularly popular places for the use of NFC: no more PIN codes, signatures or complicated online procedures – just a simple wave of the encoded chip within an inch of an “N” sign.

FIGURE 1 :

The N-Mark NFC logo labels related devices to let users know that the equipment is NFC-enabled (SOURCE: NFC FORUM)

Applications of Near Field Communication

The introduction of NFC enables attractive scenarios of numerous possible applications of NFC technology (Figure 2). In many cases, it could reduce investment expenses and procedural complexity. The most attractive and promising application is in eCommerce, where a user could execute a contactless mobile phone payment, with the NFC-enabled device acting like a smartcard (Figure 6). There is no danger of exposing cash in public, or forgetting a credit or debit card or its pin. For many people (juvenile, elderly, mentally or physically handicapped, or technophobic, or anyone who is in a hurry), this is a convenient way to avoid complex technical procedures, reducing the number of necessary items to carry for transacting various types of business – no need for credit cards, banknotes, coins (Figure 3) – and no excess motions. Cash dispensers and point-of-sale terminals, just like mobile phones, are hurriedly being improved to contain the NFC chip and the required memory for mutual communication.

Identifying the user to an NFC-enabled system, instead of entering logins and passwords, or presenting an identity card with photograph, makes NFC useful for secure access. By replacing the functionality of the corporate badge, an NFC-enabled phone might be a single item to carry and use for accessing corporate doors, garages, ramps, elevators etc. In the same manner, a smartphone might become a house key or a car key. This method could also be used to access a computer network, or to identify a patient in a medical institution, with the healthcare professional being able to read the patient's medical history, diagnosis, and current course of treatment.

Data connection improvement is another NFC-enabled exchange of connection credentials, presenting a quick way to pair NFC-enabled devices to continue their connection with a Wi-Fi or Bluetooth link. This technique avoids the delay of searching, waiting and entering parameters.

If there is a need for emergency intervention, a quick close motion of the smartphone across the N-Mark sign could communicate identity and location (an NFC device indicates its global position) of the mobile user reporting the emergency situation.

In addition to retail eCommerce interaction is another useful application – advertising presents personalized products to the consumer. When the shopper's smartphone passes in front of an NFC-enabled product, or an NFC device on the shelf of the target product to be advertised, it will be possible to establish a communication to the smartphone and present the product description or advertisement (audio, video clip) in brief.

A somewhat similar application in a different environment: the NFC-enabled smartphone could initiate playing of multimedia content related to a gallery exhibition or museum collection. The user might obtain information describing the exposed item(s). Students could get their schedules by waving an NFC-enabled device in an appropriate educational setting.

In transportation, NFC might be particularly beneficial to various applications. Several pilot programs are being tested around the world in transportation ticketing and mobile payment. Travelers might purchase train or bus tickets from a ticketing machine (currently requiring a PIN) and check in for departure to gain access to the correct train/bus (Figure 5). Optionally, it could be possible to benefit from the location-based services, to provide directions from the traveler's position to the correct transportation. In the airport, a traveler might check in with the smartphone's NFC, and then be free to use washroom facilities, dine, or peruse shops, paying fees as needed. The NFC-enabled smartphone could order taxi service without the need for the user to search for a taxi stand or taxi company's phone number and make a call. This service would be especially convenient for foreign travelers, who wouldn't need to understand the local language (offering a few world languages translation) or explain their location, since the phone could direct the taxi to the visible parking nearest the N-Mark.

Social networks, as increasingly popular services, might benefit from NFC. One NFC-enabled device would tap another (Figure 4), promptly exchanging contacts, electronic business cards, videos, résumés, website links etc. You might even be able to pay a friend or make a loan to him – tap his NFC-enabled smartphone, and enter the amount of money.

One more social application that has a distinct nature is gaming. One player might tap his smartphone to another to enter a multiplayer game.

FIGURE 2 :

Possible NFC applications

FIGURE 3 :

NFC-enabled phone used for mobile payment and access (SOURCE: NFC FORUM)

FIGURE 4 :

NFC-enabled phones paired for an exchange of social network contents (SOURCE: NFC FORUM)

FIGURE 5 :

NFC-enabled phone used for access to public transportation (SOURCE: NFC FORUM)

FIGURE 6 :

NFC-enabled phone used for mobile payment (SOURCE: NFC FORUM)

NFC technology description

NFC originates from the invention of Radio-Frequency Identification (RFID) as a passive or active antenna that provides basic identity, sent as a radio-signal reply to a request from an interrogator device (Figure 7). NFC is based on a limited range (up to 2 inches) and carrier frequency of 13.56 MHz, with two possible encodings – Manchester and modified Miller coding. Upon a successful connection between the two NFC devices, different transmitted data-rates are feasible: 106 kbps, 212 kbps and 424 kbps, to conform to backward compatibility with older devices. Tags also must have some amount of memory – between 96 and 512 bytes. When an interrogator device transmits an RF field toward the passive target, magnetic inductive coupling creates an air-core transformer, powering the target (a tag without batteries). As a result, NFC tags are small, passive components, easy to install into a smartphone, a smartcard or a sticker.

NFC is recognized by the International Organization for Standardization/International Electrotechnical Commission (ISO/IEC), the European Telecommunications Standards Institute (ETSI) and the European Association for Standardizing Information and Communication Systems (ECMA).

Operating modes of NFC devices:

Reader/write mode – NFC device (interrogator) reads an NFC tag (Read-only or Rewritable) according to the requirements in ISO/IEC 14443A, ISO/IEC 14443B and FeliCa as described in parts of ISO 18092

Peer-to-peer mode – when both NFC devices are powered, this mode is used to exchange data (i.e., to share Bluetooth or Wi-Fi link setup parameters, or to exchange digital pictures)

CardEmulation mode – the NFC device acts as a contactless smartcard used for payments and ticketing, replacing the existing cards, and requires additional secure memory storage for the data obtained by NFC communication

There are certain similarities between NFC and the other technologies:

Bluetooth – wireless standard with a range of up to 10 m (meters)

Infrared - requiring optical visibility

ZigBee – low-cost wireless industrial/residential mesh standard with up to 100 m range

Wi-Fi – extension of the wired Local Area Network (LAN), for a computer network with a range of up to 100 m

RFID – automatic identification method, by reading radio signals containing stored identification information from miniature objects

Contactless smartcard – uses RFID technology combined with the microchip (processor), with a range of up to 4 inches

FIGURE 7:

Basic principle of RFID and NFC: Interrogator(1) Target (2)

Integration of NFC devices into different systems

NFC communication between the two devices (one of which is usually a mobile phone) provides one link of communication between the user and the target system (depending on the application). The other communication link is mobile data access that contacts the necessary target system(s) and might differ from the locally accessed system by NFC (bank account, credit card account, mobile phone bill etc.) or use the same target system. A significant level of complexity exists in the integration of all necessary systems.

For example, suppose an NFC device is integrated in a railway system, where the user is using an NFC-enabled mobile phone locally to access a train and perform ticketing/billing over the phone. The mobile phone has a secured preinstalled application required for this service. The user must register for this service over the Internet. When the user wants to access a railway facility at the departure station, he is recognized at the touchpoint and allowed to enter. The location information (contained in a passive NFC tag on the entrance gate) is sent to the central server by the preinstalled application on the mobile phone. The user receives a check-in record that is stored in the phone, and he is now ready to travel. During the train trip, the conductor has an NFC-enabled portable reader device to access the stored check-in record. After debarking and another touch of the NFC-enabled device that is the only way that allows exit from the railway station, the user's mobile phone receives information from the passive tag of the last station. The application on the phone then contacts the billing server to calculate the charge and process the payment.

NFC security overview

NFC communication is very limited in range (feasible 4 cm, theoretically 20 cm), but it is still subject to possible attacks. Since the nature of the provided communication is often commercial, it is essential to protect the data transmitted, as the NFC itself does not provide a data exchange secure from man-in-the-middle attacks. No standards dictate that obligatory secure elements should be used. In a complex multi-party environment involving several vendors, all the project participants should protect their own data and equipment. Mobile phone vendors will have to implement powerful cryptography and authentication protocols. Mobile users will have to use keypad locks with passwords on their phones and install antivirus software. All other providers (Service Provider, application vendor) will need to use updated antivirus programs to prevent a threat from malicious attacks.

Possible attacks:

Eavesdropping – With an antenna within a distance of a few meters (an active device could be “heard” up to 10 m away; a passive device is more difficult to eavesdrop, with a distance up to 1 m).

Data modification – In this case, the attacker wants the receiving device to get different data than was originally sent. For the modified Miller encoding with 100% amplitude-shift keying (ASK), this attack is partly possible (some bits are always safe). For Manchester encoding with 10% ASK, this attack is possible for all bits.

Data corruption – Instead of just listening, an attacker might want to modify the data received so that it would not be feasible anymore, much like in a denial-of-service (DoS) attack). A good understanding of the modulation is needed to transmit a Radio-Frequency (RF) signal at the correct time on the correct frequency, although the nature of the attack is not too complex.

Data insertion – If the answering device takes a long time to reply, it is possible to insert a message (on the upper layer, not on bit-level as in data modification) and send it before the answer.

Man-in-the-middle – Often in unauthenticated networks it is possible to get between two devices exchanging messages on the application level, with a third device inserting an additional step in a message negotiation, and without the endpoint becoming aware of the interference. However, in practice this is not a feasible method of attack on NFC; it is theoretically possible only for active-to-active NFC communication.

Prevention measures:

Eavesdropping – There are no built-in NFC mechanisms for protection from eavesdropping. Some proprietary techniques of protection exist, but the recommendation is to use higher-layer cryptography such as Secure Sockets Layer (SSL).

Data modification – When the NFC connection uses a particular signal rate in an active mode (active NFC device), an attacker cannot modify any data. If an active mode is used in both directions, the attack would be prevented, but the disadvantage would be that this approach opens the possibility of an eavesdrop attack. A continuous check of the RF field is performed, and transmitting could be stopped if a change is detected by any side of the NFC communication.

Data corruption – Every such attack should be detectable if the NFC receiver device checks the RF field. The signal power of the corrupted data is significantly higher than the expected power.

Data insertion – Three possible steps exist: 1) answer with no delay; 2) listen to an open communication channel until the start time of the transmission - the difference could betray an attacker; and 3) listen to detect any disturbances caused by an attacker.

Man-in-the-middle – Although it is practically impossible to perform this attack on an NFC link, active-passive setup is recommended, so that the RF field is generated all the time by one of the valid sides.

Secure channel – This approach protects the link from any kind of attack. Among several secure methods available, Diffie-Hellman is based on RSA, exchanging secure keys between the two devices.

Conclusion

Global market information provider IHS predicts that by 2015 more than 500 million NFC-enabled smartphones will be used, covering 20% of the market (Figure 8). Another research source (Pyramid) presumes that the value of mobile payments by that year will total more than $30 billion.

As a simplified man-machine interface, NFC brings the value of an intuitive replacement for several manual actions, and provides additional success for smartphones. Mobile-phone vendors and Service Providers could benefit from NFC technology in several ways. Reduced cost and easier use of ticketing operations in transportation companies means a great cost decrease thanks to the use of electronic (non-paper) tickets. Additional revenue comes from the interactive services offered through NFC as advertisements to the user. However, NFC-enabled devices must pay special attention to establishing a secure channel to protect the commercial and private nature of the data exchanged.

FIGURE 8:

NFC-enabled mobile phones are predicted to be increasingly more popular in the next few years (SOURCE: IHS ISUPPLY MAY 2011)