NEAR FIELD COMMUNICATION
ONE OF BASIC GOAL OF TECHNOLOGY HAS BEEN TO MAKE LIFE EASY BY CONVERGING VARIOUS TECHNOLOGIES. NEAR FIELD COMMUNICATION HAS GIVEN THE RAY OF HOPE OF REALISING A ULTIMATE CONVERGENCE DEVICE.
Near Field Communication (NFC) is a technology for contact less short-range communication. Based on the Radio Frequency Identification (RFID), it uses magnetic field induction to enable communication between electronic devices. The number of short-range applications for NFC technology is growing continuously, appearing in all areas of life. Especially the use in conjunction with mobile phones offers great opportunities. The main applications are:
Â¢ payment & ticketing NFC enables users to make fast and secure purchases, go shopping with electronic money, and also to buy, store and use electronic tickets, such as concert/event tickets, plane tickets, travel cards, etc.
Â¢ electronic keys For example, these can be car keys, house/office keys, etc.
Â¢ identification In addition, NFC makes it possible to use mobile phones instead of identity documents. In Japan, for example, student IDs can be stored on cell phones, which allows the students to electronically register for classes, to open locked campus doors, buy food at the school cafeteria, borrow books, and even get discounts at local movie theaters, restaurants, and shops.
Â¢ receive and share information The data stored on any tagged object (e.g. a DVD box or a poster) can be accessed by mobile phones in order to download movie trailers, street-maps, travel timetables etc.
Â¢ set-up service To avoid the complicated configuration process, NFC can be used for the set-up of other longer-range wireless technologies, such as Bluetooth or Wireless LAN. Up to now the convenience of NFC is mostly used in Asia, for instance in Japan or South Korea, where paying with a mobile phone or a NFC-smartcard already belongs to everyday lif
2 .Standards and Compatibility
Near field Communication is an open platform technology, developed by Philips and Sony. NFC, described by NFCIP-1 (Near Field Communication Interface and Protocol 1), is standardized in ISO 18092 , ECMA 340 as well as in ETSI TS 102 190. These standards specify the basic capabilities, such as thetransfer speeds, the bit encoding schemes, modulation, the frame architecture, and the transport protocol. Furthermore, the active and passive NFC modes are described and the conditions that are required to prevent collisions during initialization. . NFC devices have to provide these three functions in order to be compatible with the main international standards for smartcard interoperability, ISO 14443(proximity cards, e.g. Philipâ„¢s Mifare), ISO 15693 (vicinity cards) and to Sonys FeliCa contactless smart card system. Hence, as a combination of smartcard andcontactless interconnection technologies, NFC is compatible with todayâ„¢s field proven RFID-technology. That means, it is providing compatibility with the millions of contactless smartcards and scanners that already exist worldwide.
3. Technology Overview
NFC operates in the standard, globally available 13.56MHz frequency band. Possiblesupported data transfer rates are 106, 212 and 424 kbps and there is potentialfor higher data rates. The technology has been designed for communications up to a distance of 20 cm, but typically it is used within less than 10 cm. This shortrange is not a disadvantage, since it aggravates eavesdropping.
3.1 Communication Modes: Active and Passive
The NFC interface can operate in two different modes: active and passive. An active device generates its own radio frequency (RF) field, whereas a device in passive mode has to use inductive coupling to transmit data. For batterypowered devices, like mobile phones, it is better to act in passive mode. In contrast to the active mode, no internal power source is required. In passive mode, a device can be powered by the RF field of an active NFC device and transfers data using load modulation. Hence, the protocol allows for card emulation, e.g., used for ticketing applications, even when the mobile phone is turned off. This yields to two possible cases, which are described in Table
3.1. The communication between two active devices case is called active communication mode, whereas the communication between an active and a passive device is called passive communication mode.
Table 3.1: Communication Configurations In general, at most two devices communicate with each other at the same time. However, as defined in , Ã‚Â§188.8.131.52, in passive mode the initiator (see Section 6 Technology Overview 3.3) is able to communicate with multiple targets. This is realized by a time slot method, which is used to perform a Single Device Detection (SDD). The maximal number of time slots is limited to 16. A target responds in a random chosen time slot that may lead to collision with the response of another target. In order to reduce the collisions, a target may ignore a polling request set out by the initiator. If the initiator receives no response, it has to send the polling request again.
3.2 Coding and Modulation
The distinction between active and passive devices specifies the way data is transmitted. Passive devices encode data always with Manchester coding and a 10%ASK1. Instead, for active devices one distinguishes between the modified Miller coding with 100% modulation if the data rate is 106 kbps, and the Manchester coding using a modulation ratio of 10% if the data rate is greater than 106 kbps. As we will discuss later the modulation ratio, defined in  is of high importance for the security of the NFC data tranfer
3.2.1 Manchester Code
The Manchester coding depends on two possible transitions at the midpoint of a period. A low-to-high transition expresses a 0 bit, whereas a high-tolow transition stands for a 1 bit. Consequently, in the middle of each bit period there is always a transition. Transitions at the start of a period are not considered.
Figure 3.1: Manchester Code 1Amplitude-shift keying is a form of modulation that represents digital data as variations in the amplitude of a carrier wave  3.3 Initiator and Target 7
3.2.2 Modified Miller Code
This line code is characterized by pauses occurring in the carrier at different positions of a period. Depending on the information to be transmitted, bits are coded as shown in Figure 3.2. While a 1 is always encoded in the same way, coding a 0 is determined on the basis of the preceded bit.
Figure 3.2: Modified Miller Code
3.3 Initiator and Target
Furthermore, it is important to observe the role allocation of initiator and target. The initiator is the one who wishes to communicate and starts the communication. The target receives the initiatorâ„¢s communication request and sends back a reply. This concept prevents the target from sending any data without first receiving a message. Regarding the passive communication mode, the passive device acts always as NFC target. Here the active device is the initiator, responsible for generating the radio field. In the case of an active configuration in which the RF field is alternately generated, the roles of initiator and target are strictly assigned by the one who starts the communication. By default all devices are NFC targets, and only act as NFC initiator device if it is required by the application. In the case of two passive devices communication is not possible (see Table 3.3).
Table 3.3: Possible Combinations Active/Passive with Initiator/Target ()
3.4 Collision Avoidance
Usually misunderstandings are rather rare, since the devices have to be placed in direct proximity. The protocol proceeds from the principle: listen before talk. 8 Technology Overview If the initiator wants to communicate, first, it has to make sure that there is no external RF field, in order not to disturb any other NFC communication. It has to wait silently as long as another RF field is detected, before it can start the communication, after an accurately defined guard-time (, Ã‚Â§11.1). If the case occurs that two or more targets answer at exactly the same time, a collision will be detected by the initiator.
General Protocol flow
As shown in Figure 3.3 the general
protocol flow can be divided into the initialization and transport protocol. The initialization comprises the collision avoidance and selection of targets, where the initiator determines the communication mode (active or passive) and chooses the transfer speed. As defined in , Ã‚Â§12, the transport protocol is divided in three parts:
Â¢ Activation of the protocol, which includes the Request for Attributes and the Parameter Selection.
Â¢ The data exchange protocol, and
Â¢ The deactivation of the protocol including the De selection and the Release. During one transaction, the mode (active and passive) and the role (initiator and target) does not change until the communication is finished. Though, the data transfer speed may be changed by a parameter change procedure. For furtherdetails the reader may refer to the standards  or .
4. Comparison with other Technologies
5. Security Aspects
In this chapter, we want to analyze the security of NFC. In this context two very interesting papers have been published. In  Ernst Haselsteiner and Klemens BreitfuÃƒÅ¸ discuss some threats and solution for the security of NFC, First of all it should be mentioned that the short communication range of a few centimeters, though it requires conscious user interaction, does not really ensure secure communication. There are different possibilities to attack the Near Field Communication technology.On the one hand the different used devices can be manipulated physically. This may be the removal of a tag from the tagged item or wrapping them in metalfoil in order to shield the RF signal. Another aspect is the violation of privacy. If proprietary information is stored on a tag it is important to prevent from unauthorized read and write access. As outlined in  read-only tags are secureagainst an unauthorized write access. In the case of rewritable tags we haveto assume that attackers may have mobile readers and the appropriate software which enable unauthorized read and write access if the reader distance is normal. In this work we want to focus on attacks with regard to the communicationbetween two devices. For detecting errors, NFC uses the cyclic redundancy check (CRC). This method allows devices to check whether the received data has been corrupted
NFC offers no protection against eavesdropping. RF waves for the wireless datatransfer with an antenna enables attackers to pick up the transmitted Monitoringdata. In practice a malicious person would have to keep a longer distance in ordernot to get noticed. The short range between initiator and target for a successfulcommunication is no significant problem, since attackers are not bound by thesame transmission limits. Consequently the maximum distance for a normal read sequence can be exceeded. The question how close an attacker has to be locatedto retrieve an usable RF signal is difficult to answer.
In order to show that NFC is secure against a Man-in-the-Middle-Attack we haveto survey both, the active and the passive communication mode. In the following we distinguish between device A and device B that are exchanging data. In passive mode the active device (A) generates the RF field in order to send data to a passive device (B). The aim of an intruder is to intercept this messageand prevent device B from receiving it. The next step would be to replace itwith a different message. The first step is possible, but can be detected if deviceA checks the RF field while sending the message. However, the second one ispractically impossible. To send a message to device B the attacker would have to generate his own RF field. Hence, the RF field of device A has to be perfectly aligned which is not practically feasible. In contrast to the passive mode, in active mode device A switches off the RF field after sending a message. Now the attacker is confronted with another Man-in-the-Middle-Attack 17 problem. Even though he may generate an RF field, he is not able to transfer amessage to device B that would not be recognized by device A, because device Ais waiting for a response from device B. Thus, device A is assigned with the taskto check if the received messages really come from device B. Disregarding relay attacks, NFC provides good protection against a Man-inthe-Middle attack. This applies particularly if the passive communication mode is used and the RF field is monitored by device A.
5.3 Data Modification
Unauthorized changing of data, which results in valid messages, is much morecomplicated and demands a thorough understanding. As we will point out in thefollowing, data modification is possible only under certain conditions. In order to modify the transmitted data an intruder has to concern single bits of the RF signal. As already mentioned in Section 3.2 data is send in different ways. The feasibility of this attack, that means if it is possible to change a bit of value 0 to 1 or the other way around, is subject to the strength of the amplitude modulation. If 100% modulation is used, it is possible to eliminate a pause of the RF signal, but not to generate a pause where no pause has been. This would demand an impracticable exact overlapping of the attackers signal with the original signal at the receiverâ„¢s antenna. However, Near Field Communication technology uses modulation of 100% in conjunction with the modified Miller coding which leads to 4 possible cases (see Figure 5.1). The only case, where a bit might be changed by an attacker is, where a 1 is followed by another 1. By filling the pause in two half bit of the RF signal the decoder receives the signal of the third case. Due to the agreement of the preceding bit the decoder would verify a valid one. The other three cases are not susceptible to such an attack.
Figure 5.3: Bit modification of the Modified Miller Code For NFC, a modulation ratio of 10% is always used together with Manchester coding. In contrast to the 100% modulation, where really no signal is send in a pause, here within a pause the RF signal is e.g. 82% of the level of the full signal. Letâ„¢s assume, an attacker may increase the existing RF signal about 18% during the whole session, without being noticed by the decoder. Then, the attacker is able to change a zero to one by increasing the RF signal during the first half of the signal period by another 18%, and also may change a bit of value one to zero by simply stopping to send anything. Regarding the threat in summary: Except for one case, always Manchester coding with 10% ASK is used for NFC data transfer. This represents the best possible conditions for the malicious intention of modifying NFC data (compare Table 3.2). This way of transmitting the data offers a modification attack on all bits. The only exception are active devices transfering data at 106 kbps. In thiscase the usage of the modified Miller coding with a modulation ratio of 100%accomplishes that only certain bits can be modified. In  three countermeasures are described. One possibility is the usage of theactive communication mode with 106 kbps. As mentioned above this would notprevent, but at least reduce the risk of this attack
In summary, Near Field Communication is an efficient technology for communications with short ranges. It offers an intuitive and simple way to transfer data between electronic devices. A significant advantages of this technique is thecompatibility with existing RFID infrastructures. Additionally, it would bringbenefits to the setup of longer-range wireless technologies, such as Bluetooth. With regard to the security of NFC, we discussed different attacks and possible countermeasures to mitigate their impact. Despite the restriction of the range, eavesdropping or data modification attacks can be carried out. But, disregarding relay attacks, NFC provides security against Man-in-the-Middle-Attacks. In order to provide protection against these threats, the establishment of a secure channel is necessary. For this purpose simply the well known DH key agreement can be used, because Man-in-the- Middle-Attacks represent no threat. With a secure channel NFC provides confidentiality, integrity and authenticity.
 ISO/IEC 18092(ECMA-340):
Information technology -
and information exchange between
systems - Near Field
Communication - Interface and
Protocol (NFCIP-1). First Edition,
 Ecma International: Standard
ECMA-340, Near Field Communication
Interface and Protocol (NFCIP-1),
December 2004, URL:
 ETSI TS 102 190 V1.1.1: Near
(NFC) IP-1; Interface and Protocol
(NFCIP-1) 2003-03, URL:
 ISO/IEC 21481: Information
technology Telecommunications and
information exchange between
systems Near Field Communication
Interface and Protocol -2 (NFCIP-2).
 Ecma International: Standard
Field Communication Interface and
Protocol -2(NFCIP-2), December
 ETSI TS 102 312, V1.1.1:
Electromagnetic compatibility and
Radio spectrum Matters
(ERM);Normalized Site Attenuation
and validation of a fully lined anechoic
chamber up to 40 GHz 2004-
05, URL: http://www.etsi.org.
 ISO/IEC 14443: Identification cards
- Contactless integrated circuit
cards - Proximity cards. 2001, URL:
 ISO/IEC 15693: Identification cards
- Contactless integrated circuit
cards - Vicinity cards.
 Ernst Haselsteiner and Klemens
Breitfuss:Security in near field
Philips Semiconductors, Printed
handout of Workshop
on RFID Security RFIDSec 06, July
10] Wikipedia: Amplitude-shift-keying,
ude shift keying.