Difference between revisions of "NFC"
(→Solutions) |
(→Solutions) |
||
Line 14: | Line 14: | ||
*Apple had blocked their phones from reading NFC data, but was forced to allow access by the UK government in order to make it easier for the UK government to check the [[Identity]] of people passing into the country.<ref>NFC World (2019-04-09) https://www.nfcworld.com/2019/04/09/362259/apple-to-unlock-iphone-nfc-to-read-passports/?</ref> Home Secretary Sajid Javid is quoted as saying about Brexit “Our EU Settlement Scheme is now up and running and after a successful launch, over 280,000 EU citizens have applied so that they can continue to live their lives as they do now.” Except that their private information is accessible by anyone with a smart phone | *Apple had blocked their phones from reading NFC data, but was forced to allow access by the UK government in order to make it easier for the UK government to check the [[Identity]] of people passing into the country.<ref>NFC World (2019-04-09) https://www.nfcworld.com/2019/04/09/362259/apple-to-unlock-iphone-nfc-to-read-passports/?</ref> Home Secretary Sajid Javid is quoted as saying about Brexit “Our EU Settlement Scheme is now up and running and after a successful launch, over 280,000 EU citizens have applied so that they can continue to live their lives as they do now.” Except that their private information is accessible by anyone with a smart phone | ||
* [https://newsdailyamerica.com/chrome-beta-89-updates-discover-feed-enables-web-sharing-on-the-desktop-and-much-more-apk-download/ Android NFC API] - Google first began testing NFC in web apps with the release of Chrome 81. That version added initial support for the Web NFC API, allowing sites to read and write NFC tags. It’s mainly intended for inventory management, conferences, museum exhibits, and anywhere else NFC is frequently used. Starting with Chrome 89 (Stable on 2021-03-17), the Web NFC API is enabled by default on Android. | * [https://newsdailyamerica.com/chrome-beta-89-updates-discover-feed-enables-web-sharing-on-the-desktop-and-much-more-apk-download/ Android NFC API] - Google first began testing NFC in web apps with the release of Chrome 81. That version added initial support for the Web NFC API, allowing sites to read and write NFC tags. It’s mainly intended for inventory management, conferences, museum exhibits, and anywhere else NFC is frequently used. Starting with Chrome 89 (Stable on 2021-03-17), the Web NFC API is enabled by default on Android. | ||
+ | ==NFC Basics== | ||
+ | |||
+ | NFC, or Near Field Communication, is a set of communication protocols that enables communication between two electronic devices over a distance of 4 cm (1.57 in) or less. It’s a proximity-based wireless communication standard. Unlike Wi-Fi or Bluetooth, however, NFC interaction is limited to an extremely short range. NFC can allow a phone to act as a transit pass or credit card, quickly transfer data, or instantly pair with Bluetooth devices like headphones and speakers. It’s the technology that powers contactless payments via mobile wallets for payment, as well as for contactless cards. | ||
+ | |||
+ | In essence, NFC offers a low-speed connection through a simple setup that can be used to bootstrap more capable wireless connections. It’s an evolution of RFID (radio frequency identification) technology that has already been around for decades. If you’ve ever used a key card to access an office building or hotel room, you’re already familiar with how it works. Both RFID and NFC operate on the principle of inductive coupling and in most smartphone-related applications the software will only initiate communication if there’s physical contact. | ||
+ | |||
+ | |||
+ | |||
+ | Benefits (examples): | ||
+ | # Encryption: Data passing between the two devices is encrypted. The security protocol followed by NFC technology is the same one used by chip-enabled payment cards. This means that data is translated from plaintext to ciphertext. | ||
+ | # Secure Transmission: Depending on the standard being applied, in a transaction using NFC technology, sensitive information is encrypted and transmitted securely. | ||
+ | |||
+ | |||
+ | |||
+ | Limitations (examples): | ||
+ | # Range: NFC can only work in shorter distances, which is about 10-20 cm. This is to prevent accidental triggers, especially important now that the technology is used for transferring sensitive data and is an important architectural design and user-experience consideration for mobile wallets | ||
+ | # Data Transfer Rate: It offers very low data transfer rates which is about 106, 212, or 424 Kbps. This makes NFC suitable for exchanging small amounts of data, but it can become inconvenient and almost unusable if phones and/or readers need to be held together for many seconds to perform the data transfer. This will be a significant architectural, user-experience & exceptions management consideration for wallets | ||
+ | # Data Size: In practice NFC is generally capped at 424Kbits/sec for data transfer, again a key architectural consideration for mobile wallets and the protocols implemented | ||
+ | |||
+ | |||
+ | |||
+ | Security Considerations (Examples): | ||
+ | |||
+ | While NFC is generally considered secure due to its short range, it is not without potential security risks. Here are some examples of security concerns associated with NFC: | ||
+ | # Eavesdropping: Since NFC uses radio waves, it is possible for someone to intercept the data being transmitted between devices or bump a phone to initiate an exchange without the subject's awareness ( ie crowded spaces such as public transit, festivals,,,, ) | ||
+ | # Data Corruption or Manipulation: As with any form of data transmission, there’s a risk that the data could be corrupted or manipulated during an NFC transaction. In a multi-application environment such as a smart phone this is a significant security design consideration for wallets. | ||
+ | # Physical Theft: If an NFC-enabled device is lost or stolen, it could potentially be used to make unauthorized transactions. | ||
+ | # Relay Attacks: In this scenario, an attacker uses two NFC devices to relay communication between a legitimate device and reader. This can allow the attacker to carry out transactions without the legitimate user’s knowledge. | ||
+ | # Data Interception: (Eavesdropping): Data interception presents a significant security risk by exposing the private information of two NFC devices. If an attack is initiated within the range of two devices using NFC communication, the attacker can intercept communication signals and easily record the data being broadcast. NFC tags and reader applications for phones are inexpensive and widely available | ||
+ | # Malware: NFC technology may be used to distribute malware and malicious apps if the wallet application does not "block' NFC signals from non-trusted sources | ||
==References== | ==References== |
Revision as of 20:44, 12 November 2023
Contents
Full Title or Meme
Near Field Communications (NFC) is used by some smart chips to provide Identity Information
Context
Many locations where a large number of Identity checks must be made at high speed, such as passports and door access methods, give the user an Identity Card with an imbedded NFC chip for easy access.
- One of the many Smartphone Wireless radios.
- Designed for close access, unlike BLE which can be accessed up to 10 meters away.
Problems
It's easy to read an NFC chip without the user's knowledge.
Solutions
- Some providers of Identity cards also give the user a tinfoil envelope to block reading of the chip, for example if a user gets an enhanced Driver's License in the state of Washington, they are provided such an envelope.
- Apple had blocked their phones from reading NFC data, but was forced to allow access by the UK government in order to make it easier for the UK government to check the Identity of people passing into the country.[1] Home Secretary Sajid Javid is quoted as saying about Brexit “Our EU Settlement Scheme is now up and running and after a successful launch, over 280,000 EU citizens have applied so that they can continue to live their lives as they do now.” Except that their private information is accessible by anyone with a smart phone
- Android NFC API - Google first began testing NFC in web apps with the release of Chrome 81. That version added initial support for the Web NFC API, allowing sites to read and write NFC tags. It’s mainly intended for inventory management, conferences, museum exhibits, and anywhere else NFC is frequently used. Starting with Chrome 89 (Stable on 2021-03-17), the Web NFC API is enabled by default on Android.
NFC Basics
NFC, or Near Field Communication, is a set of communication protocols that enables communication between two electronic devices over a distance of 4 cm (1.57 in) or less. It’s a proximity-based wireless communication standard. Unlike Wi-Fi or Bluetooth, however, NFC interaction is limited to an extremely short range. NFC can allow a phone to act as a transit pass or credit card, quickly transfer data, or instantly pair with Bluetooth devices like headphones and speakers. It’s the technology that powers contactless payments via mobile wallets for payment, as well as for contactless cards.
In essence, NFC offers a low-speed connection through a simple setup that can be used to bootstrap more capable wireless connections. It’s an evolution of RFID (radio frequency identification) technology that has already been around for decades. If you’ve ever used a key card to access an office building or hotel room, you’re already familiar with how it works. Both RFID and NFC operate on the principle of inductive coupling and in most smartphone-related applications the software will only initiate communication if there’s physical contact.
Benefits (examples):
- Encryption: Data passing between the two devices is encrypted. The security protocol followed by NFC technology is the same one used by chip-enabled payment cards. This means that data is translated from plaintext to ciphertext.
- Secure Transmission: Depending on the standard being applied, in a transaction using NFC technology, sensitive information is encrypted and transmitted securely.
Limitations (examples):
- Range: NFC can only work in shorter distances, which is about 10-20 cm. This is to prevent accidental triggers, especially important now that the technology is used for transferring sensitive data and is an important architectural design and user-experience consideration for mobile wallets
- Data Transfer Rate: It offers very low data transfer rates which is about 106, 212, or 424 Kbps. This makes NFC suitable for exchanging small amounts of data, but it can become inconvenient and almost unusable if phones and/or readers need to be held together for many seconds to perform the data transfer. This will be a significant architectural, user-experience & exceptions management consideration for wallets
- Data Size: In practice NFC is generally capped at 424Kbits/sec for data transfer, again a key architectural consideration for mobile wallets and the protocols implemented
Security Considerations (Examples):
While NFC is generally considered secure due to its short range, it is not without potential security risks. Here are some examples of security concerns associated with NFC:
- Eavesdropping: Since NFC uses radio waves, it is possible for someone to intercept the data being transmitted between devices or bump a phone to initiate an exchange without the subject's awareness ( ie crowded spaces such as public transit, festivals,,,, )
- Data Corruption or Manipulation: As with any form of data transmission, there’s a risk that the data could be corrupted or manipulated during an NFC transaction. In a multi-application environment such as a smart phone this is a significant security design consideration for wallets.
- Physical Theft: If an NFC-enabled device is lost or stolen, it could potentially be used to make unauthorized transactions.
- Relay Attacks: In this scenario, an attacker uses two NFC devices to relay communication between a legitimate device and reader. This can allow the attacker to carry out transactions without the legitimate user’s knowledge.
- Data Interception: (Eavesdropping): Data interception presents a significant security risk by exposing the private information of two NFC devices. If an attack is initiated within the range of two devices using NFC communication, the attacker can intercept communication signals and easily record the data being broadcast. NFC tags and reader applications for phones are inexpensive and widely available
- Malware: NFC technology may be used to distribute malware and malicious apps if the wallet application does not "block' NFC signals from non-trusted sources
References
- ↑ NFC World (2019-04-09) https://www.nfcworld.com/2019/04/09/362259/apple-to-unlock-iphone-nfc-to-read-passports/?
Other Material
- W3C TAG review of the NFC API
- Digital Guide IONOS
- Page on this wiki for Smartphone Wireless