NFC Security Part 1: NFC Tag Reader/Writer
NFC security is highly dependant on the targeted application and mode of operation. This post explores the three modes of NFC: Tag Reader/Writer, Card Emulation and Peer to Peer (P2P) mode.
Part 1 of this post focuses on the security of Tag Reader/Writer mode, Part 2 on Card Emulation mode and Part 3 on P2P mode.
The smartphone is able to read and write 13.56 MHz NFC tags which can have a wide range of capabilities. Simple tags are memory only and can be written and locked to be read-only – think smart poster. More complex tags contain processing for access control and authentication – think transportation ticket. The most sophisticated tags contain a full operating system allowing complex interactions – think chip and pin credit cards for contactless payments.
NFC tags come with a unique identifier (UID). It is a low level serial number, used for anti-collision and identification. Most tags have a static 7 byte UID programmed by the manufacturer, but some tags will generate a random ID every time they are discovered (RID), and there are some tags with no ID at all. The size and format of an ID is specific to the RF technology used by the tag. Some organizations do use the UID for security applications but be careful because companies such as ProxMark can clone the UID onto their tags. For those worried about privacy static UIDs can be tracked every time the tag is scanned and that is one reason electronic passports generate a random ID every time.
NFC use cases and vulnerabilities (i.e. threats) drive they type of tag to use and associated security tools. Naturally higher levels of security will drive up the cost per tag. Simple memory tags cost on the order of $0.10 in volume while crypto enabled tags cost on the order of $1.00 and require infrastructure to manage them. The following table summarizes some use cases, threats, security solution and some comments.
Use Case | Threat | Security Solution | Comments |
---|---|---|---|
Smart Poster, Bluetooth/Wifi Handover | Data Modification i.e. replace a good tag with a malicious tag | NFC Forum Signature RTD | Pure software solution, use low cost memory tag |
Tag with sensitive information i.e. medical tag | Exposure of private information | Encrypted information/Controlled access | Encryption could be an off line process for memory tags OR use a more sophisticated tag with access control |
Ticketing, access control | Copy credentials, man-in-the-middle | Challenge-resposnse protocol | The tag must have a crypto engine and appropriate supporting infrastructure |
Any Tag | Denial of service i.e. destroy the tag | physical location i.e. behind glass |
Its important to note that some of the security solutions are not standard meaning they won’t work out of the box with your NFC enabled smartphone. You will need a special app for that. The NFC Forum Signature RTD is expected to work out of box for all tag types provided there is enough memory on the tag. At a high level the Signature RTD offers a high level of assurance that the tag data was not tampered with. There is infrastructure involved but you can use plain old memory tags. See my post What is the purpose of NFC NDEF Signature Records?
I came across two interesting real world use cases related to this topic. The first Hotel Door Access. There are a number of hotels deploying NFC door locks. The hotel issues the registered user a NFC tag in the form of a card or even your smartphone in card emulation mode. So what do they do for security (door access control)? Turns out they can use the tag UID, you know the number that is easily copied. How do they get away with that? The hotel room access system is centralized meaning that a central system controls access (unlocking the door). The tag issued to the guest is temporary. Thus a temporary UID is assigned to that room for your stay. Copying the tag doesn’t really do that much good because its an ephemeral system meaning the UID assigned to that door will change for the next user. This is likely good enough but there is a risk in that someone could copy your tag during your stay and gain access to your room. This means they must have access to your card temporarily and know your room number. There are more secure (challenge response) solutions that can’t be copied at a higher cost of course. Security is always a risk/cost model.
The second example uses a NFC tag to unlock a residential door lock. They also use the tag’s UID. Unlike the hotel room door example this model is NOT a good idea. A residential door lock is static. It’s like writing your password on a piece of paper for a long time. Its easily copied and replicated either with a tag (as explained above) or with an NFC phone. There are apps that allow you to program a phone in card emulation mode with a custom UID. I would personally want a more secure solution for my home. I would think a challenge-response scheme is more appropriate here.
In higher security applications such as building access and multi-use transportation cards the NFC tags serve as a device authentication method meaning that as long as you have the card you have access. From a security perspective they are challenge-response based. The reader sends a random challenge, you card does a computation with a secret key and the response is sent to a central server for verification.
I look forward to seeing more interesting security applications for NFC Reader/Writer & NFC Tags.