Skip to main content Accessibility help

We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.

Close cookie message
×
Hostname: page-component-77c89778f8-7drxs Total loading time: 0 Render date: 2024-07-25T00:54:24.424Z Has data issue: false hasContentIssue false

10 - Security

from Part II - Technology

Published online by Cambridge University Press:  05 December 2014

Mike Hendry
Get access

Summary

Background

Fear of the unknown

NFC, like many areas of information technology (IT), is beset with concerns about security. These are often expressed in two ways: as demands by policymakers and requirements-setters for bomb-proof security, particularly in matters relating to consumers, and as headline-grabbing demonstrations of a successful attack, often in a laboratory environment and subject to highly esoteric conditions.

The demands for security are often overstated and represent more of a reaction to the unknown than a real requirement; nevertheless the industry must respond to these with more than bland reassurances if it is to establish trust in any new technology. Likewise each demonstration of a successful attack must be analyzed to see if it could be the basis of a real-life attack with significant implications for users, or if there is a gap in the overall security architecture. In general industry players must act responsibly to show both that the NFC infrastructure is fit for purpose and that each application takes appropriate security measures.

This chapter seeks to bridge the gap between users and suppliers by being specific about the classes and levels of security that may be required in an NFC system, and the tools and structures that can be used to provide that security. Users and system specifiers then need to ensure that their needs are accurately defined and that the appropriate tools are being used.

Type
Chapter
Information
Near Field Communications Technology and Applications , pp. 109 - 120
Publisher: Cambridge University Press
Print publication year: 2014

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Piper, F. and Murphy, S., Cryptography: a Very Short Introduction, Oxford Paperbacks, 2002CrossRefGoogle Scholar
Ferguson, N. and Schneier, B., Practical Cryptography, Wiley & Sons, 2003Google Scholar
Martin, K., Everyday Cryptography: Fundamental Principles and Applications, Oxford Paperbacks, 2012CrossRefGoogle Scholar
Announcing the Advanced Encryption Standard, NIST, Nov 2001, available at
Kocher, P. et al., Differential Power Analysis, Cryptography Research Inc, available at
NFC Frequently Asked Questions, Smart Card Alliance web-page,
Near Field Communications: the next experience in mobile, NXP web-page,
Hancke, G. P., Eavesdropping Attacks on High-Frequency RFID Tokens, 4th Workshop on RFID Security (RFIDSec), July 2008
Diakos, T. P. et al., “Eavesdropping near-field contactless payments: a quantitative analysis,” J. Eng., September 2013
Haselsteiner, E. and Breitfuß, K., Security in Near Field Communication (NFC); Strengths and Weaknesses, RFID Security 06, Graz
Roland, M., Practical Attack Scenarios on Secure Element-enabled Mobile Devices, 4th International Workshop on Near Field Communication, Helsinki, March 2012CrossRefGoogle Scholar
NFC-SEC: NFCIP-1 Security Services and Protocol, ECMA, 3rd edn, June 2013
Information technology – Telecommunications and information exchange between systems -NFC Security – Part 1: NFC-SEC NFCIP-1 security services and protocol, ISO-IEC 13157
The Trusted Execution Environment: Delivering Enhanced Security at a Lower Cost to the Mobile Market, GlobalPlatform White paper, February 2011
Fraud detection in a mobile world, ReD Worldwide, October 2013

Save book to Kindle

To save this book to your Kindle, first ensure coreplatform@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

  • Security
  • Mike Hendry
  • Book: Near Field Communications Technology and Applications
  • Online publication: 05 December 2014
  • Chapter DOI: https://doi.org/10.1017/CBO9781107446854.012
Available formats
×

Save book to Dropbox

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox.

  • Security
  • Mike Hendry
  • Book: Near Field Communications Technology and Applications
  • Online publication: 05 December 2014
  • Chapter DOI: https://doi.org/10.1017/CBO9781107446854.012
Available formats
×

Save book to Google Drive

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive.

  • Security
  • Mike Hendry
  • Book: Near Field Communications Technology and Applications
  • Online publication: 05 December 2014
  • Chapter DOI: https://doi.org/10.1017/CBO9781107446854.012
Available formats
×