Near Field Communication
Content
Near Field Communication
I ntroduction:
Near Field Communication (NFC) is a fast emerging short-range wireless connectivity
standard that significantly simplifies the interaction of consumer devices across a range of
applications.The technology can be implemented in mobile phones or other portable devices to
enable secure electronic payments. NFC is a "read/write" technology that enables two-way free
communication between two devices.
Definition
Near Field Communication (NFC) is a short-range wireless connectivity standard that uses magnetic field
induction to enable communication between devices when they're touched together, or brought within
a few centimeters of each other. The standard specifies a way for the devices to establish a peer-to-peer
(P2P) network to exchange data. After the P2P network has been configured, another wireless
communication technology, such as Bluetooth or Wi-Fi, can be used for longer range communication or
for transfering larger amounts of data.
This technology enables the exchange of data between devices over about a 10 centimeter (around
4 inches) distance. The technology is a simple extension of the ISO/IEC 14443 proximity-card standard
(proximity card, RFID) that combines the interface of a smartcard and a reader into a single device. An
NFC device can communicate with both existing ISO/IEC 14443 smartcards and readers, as well as with
other NFC devices, and is thereby compatible with existing contactless infrastructure already in use for
public transportation and payment. NFC is primarily aimed at usage in mobile phones.
Essential specifications
Like ISO/IEC 14443, NFC communicates via magnetic field induction, where two loop antennas
are located within each other's near field, effectively forming an air-core transformer. It
operates within the globally available and unlicensed radio frequency ISM band of 13.56 MHz,
with a bandwidth of 14 kHz.
Working distance with compact standard antennas: up to 20 cm
Supported data rates: 106, 212, 424 or 848 kbit/s
There are two modes:
o Passive Communication Mode: The Initiator device provides a carrier field and the target
device answers by modulating existing field. In this mode, the Target device may draw
its operating power from the Initiator-provided electromagnetic field, thus making the
Target device a transponder.
o Active Communication Mode: Both Initiator and Target device communicate by
alternately generating their own field. A device deactivates its RF field while it is waiting
for data. In this mode, both devices typically need to have a power supply.
Baud Active device passive device
424 kBd Manchester, 10% ASK Manchester, 10% ASK
212 kBd Manchester, 10% ASK Manchester, 10% ASK
106 kBd Modified Miller, 100% ASK Manchester, 10% ASK
NFC employs two different codings to transfer data. If an active device transfers data at 106
kbit/s, a modified Miller coding with 100% modulation is used. In all other cases Manchester
coding is used with a modulation ratio of 10%.
NFC devices are able to receive and transmit data at the same time. Thus, they can check the
radio frequency field and detect a collision if the received signal does not match with the
transmitted signal.
NFC Modes
The NFC forum defines three communication modes, as illustrated next:
Figure 2: NFC Communication Modes (Source: NFC Forum)
where:
Peer-to-Peer mode is defined for device to device link-level communication. Note that
this mode is not supported by the Contactless Communication API.
Read/Write mode allows applications for the transmission of NFC Forum-defined
messages. Note that this mode is not secure. This mode is supported the Contactless
Communication API.
NFC Card Emulation mode allows the NFC-handset behave as a standard Smartcard.
This mode is secure. This mode is supported by the Contactless Communication API.
NFC Terminology
NDEF - NFC Data Exchange Format - standard exchange formats for URI, Smart
Posters, other
RTD - Record Type Definition - An NFC-specific record type and type name which may
be carried in an NDEF record
NDEF message - Basic message construct defined by this specification. An NDEF
message contains one or more NDEF records
NDEF record - Contains a payload described by a type, a length, and an optional
identifier
NDEF payload - The application data carried within an NDEF record
The protocol
The protocol is based on a wireless interface. There are always two parties to the communication; hence
the protocol is also known as peer-to-peer communication protocol. The protocol establishes wireless
network connections between network appliances and consumer electronics devices.
The interfaces operate in the unregulated RF band of 13.56 MHz. This means that no restrictions are
applied and no licenses are required for the use of NFC devices in this RF band. Of course, each country
imposes certain limitations on the electromagnetic emissions in this RF band. The limitations mean that in
practice the distance at which the devices can connect to each other is restricted and this distance may
vary from country to country. Generally speaking, we consider the operating distances of 0~20 cm.
As is often the case with the devices sharing a single RF band, the communication is half-duplex. The
devices implement the “listen before talk” policy – any device must first listen on the carrier and start
transmitting a signal only if no other device can be detected transmitting.
NFC protocol distinguishes between the Initiator and the Target of the communication. Any device may
be either an Initiator or a Target. The Initiator, as follows from the name, is the device that initiates and
controls the exchange of data. The Target is the device that answers the request from the Initiator.
NFC protocol also distinguishes between two modes of operation: Active mode and Passive mode. All
devices support both communication modes. The distinction is as follows:
In the Active mode of communication both devices generate their own RF field to carry the data.
In the Passive mode of communication only one device generates the RF field while the other device
uses load modulation to transfer the data. The protocol specifies that the Initiator is the device
responsible to generate the RF field.
The application sets the initial communication speed at 106, 212 or 424 kbit/s. Subsequently the
application and/or the communication environment may require speed adaptation, which can be done
during communication.
NFCIP-1 uses different modulation and bit encoding schemes depending on the speed. While
establishing the communication, the Initiator starts the communication in a particular mode at a particular
speed. The Target determines the current speed and the associated low-level protocol automatically and
answers accordingly.
The communication is terminated either on the command from the application or when devices move out
of range.
-
4 Unique features
What makes the communication between the devices so easy is that the NFC protocol provides some
features not found in other general-purpose protocols.
First of all, it is a very short-range protocol. It supports communication at distances measured in
centimetres. The devices have to be literally almost touched to establish the link between them. This has
two important consequences:
1) The devices can rely on the protocol to be inherently secured
1
since the devices must be
placed very close to each other. It is easy to control whether the two devices communicate by
simply placing them next to each other or keeping them apart.
2) The procedure of establishing the protocol is inherently familiar to people: you want something
to communicate – touch it. This allows for the establishment of the network connection
between the devices be completely automated and happen in a transparent manner. The
whole process feels then like if devices recognize each other by touch and connect to each
other once touched.
Another important feature of this protocol is the support for the passive mode of communication. This is
very important for the battery-powered devices since they have to place conservation of the energy as the
first priority. The protocol allows such a device, like a mobile phone, to operate in a power-saving mode –
the passive mode of NFC communication. This mode does not require both devices to generate the RF
field and allows the complete communication to be powered from one side only. Of course, the device
itself will still need to be powered internally but it does not have to “waste” the battery on powering the RF
communication interface.
Also, the protocol can be used easily in conjunction with other protocols to select devices and automate
connection set-up. As was demonstrated in the examples of use above, the parameters of other wireless
protocols can be exchanged allowing for automated set-up of other, longer-range, connections. The
difficulty in using long-range protocols like Bluetooth or Wireless Ethernet is in selecting the correct
device out of the multitude of devices in the range and providing the right parameters to the connection.
Using NFC the whole procedure is simplified to a mere touch of one device to another.
The NFC protocol is also compatible with the widely used contactless smart card protocols FeliCa ™
and Mifare ™. The NFC devices are able to work with the smart cards and smart card readers
conforming to these protocols in a seamless manner. Not only a card may be viewed with an NFC
device but also an NFC device can be used instead of a card.
NFC vs Bluetooth
NFC Bluetooth V2.1 Bluetooth V4.0
RFID compatible ISO 18000-3 active active
Standardisation body ISO/IEC Bluetooth SIG Bluetooth SIG
Network Standard ISO 13157 etc. IEEE 802.15.1 IEEE 802.15.1
Network Type Point-to-point WPAN WPAN
Cryptography not with RFID available available
Range < 0.2 m ~10 m (class 2) ~1 m (class 3)
Frequency 13.56 MHz 2.4-2.5 GHz 2.4-2.5 GHz
Bit rate 424 kbit/s 2.1 Mbit/s ~200 kbit/s
Set-up time < 0.1 s < 6 s < 1 s
Power consumption < 15mA (read) varies with class < 15 mA (xmit)
NFC and Bluetooth are both short-range communication technologies which have recently been
integrated into mobile phones. To avoid the complicated configuration process, NFC can be used
for the set-up of wireless technologies, such as Bluetooth.
The earlier advantage of NFC over Bluetooth with the shorter set-up time is still valid with
standard Bluetooth protocol stack, but no more with Bluetooth V4.0 low energy protocol stack.
With NFC, instead of performing manual configurations to identify devices, the connection
between two NFC devices is established at once (faster than a tenth of a second). The maximum
data transfer rate of NFC (424 kbit/s) is slower than Bluetooth V2.1 (2.1 Mbit/s). With less than
20 cm, NFC has a shorter range, which provides a limitation of threat. That mostly makes NFC
suitable for crowded areas when correlating a signal with its transmitting physical device (and by
extension, its user) becomes difficult.
In contrast to Bluetooth, NFC is compatible with existing passive RFID (13.56 MHz ISO/IEC
18000-3) infrastructures. NFC requires comparably low power as Bluetooth V4.0 low energy
protocol. When NFC alternatively works with one of the devices is not powered (e.g. on a phone
that may be turned off, a contactless smart credit card, a smart poster, etc.), then the NFC power
consumption exceeds the Bluetooth V4.0 Low Energy power consumption level due to required
illumnination of then passive tag.
Security aspects
Although the communication range of NFC is limited to a few centimeters, NFC alone does not
ensure secure communications. In 2006, Ernst Haselsteiner and Klemens Breitfuß described
different possible types of attacks.
[11]
NFC offers no protection against eavesdropping and is also vulnerable to data modifications.
Applications have to use higher-layer cryptographic protocols (e.g., SSL) to establish a secure
channel.
Eavesdropping
The RF signal for the wireless data transfer can be picked up with antennas. The distance from
which an attacker is able to eavesdrop the RF signal depends on numerous parameters, but is
typically a small number of meters.
[12]
Also, eavesdropping is extremely affected by the
communication mode. A passive device, which does not generate its own RF field is much
harder to eavesdrop on than an active device. An Open source device which is able to eavesdrop
passive and active NFC communications is the Proxmark instrument.
Data modification
Data destruction is relatively easy to realize. One possibility to perturb the signal is the usage of
an RFID jammer. There is no way to prevent such an attack, but if the NFC devices check the RF
field while they are sending, it is possible to detect it.
Unauthorized modification of data, which results in valid messages, is much more complicated
and demands a thorough understanding. In order to modify the transmitted data an intruder has to
deal with the single bits of the RF signal. The feasibility of this attack, i.e., if it is possible to
change the value of a bit from 0 to 1 or the other way around, is amongst others subject to the
strength of the amplitude modulation. If data is transferred with the modified Miller coding and a
modulation of 100%, only certain bits can be modified. A modulation ratio of 100% makes it
possible to eliminate a pause of the RF signal, but not to generate a pause where no pause has
been. Thus, only a 1 which is followed by another 1 might be changed. Transmitting Manchester
encoded data with a modulation ratio of 10% permits a modification attack on all bits.
Relay attack
Because NFC devices are usually also implementing ISO/IEC 14443 functionality, the relay
attack described are also feasible on NFC.
[13][14]
For this attack the adversary has to forward the
request of the reader to the victim and relay back its answer to the reader in real time, in order to
carry out a task pretending to be the owner of the victim’s smart card. One of libnfc code
examples demonstrates a relay attack using only two stock commercial NFC devices.
Lost property
The very simple problem of losing the mobile phone and therewith opening access to any finder
of the property is not addressed. Either the NFC RFID card or the mobile phone will act as single
factor authenticating entities beyond the fact that the mobile phone is protected with the pin code
again as a single authenticating factor. Hence the elementary aspect to defeat lost property threat
requires an extended security concept including more than one physically independent
authentication factors.
Walk off
Once lawfully opened access to secure function or data is usually protected with time out closing
on pausing the usage. Modern attack concepts may interfere despite the intention to shut down
access when the user turns inactive. The distance of a successful attacker to the locus of lawfully
granted access is not addressed with any of the described concepts
An Example of an iPhone controlling a MacBook via NFC
In one example, the input value may be transmitted to an external device such as a MacBook - as is
indicated in the Apples patent FIG. 7 noted above. The input value may be used to perform a function on
the external device, such as unlocking the external device, or rotating an image displayed on the external
device.
Of course, certain interfaces may require multiple input values. For example, a combination lock interface
may require three input values with corresponding motion data indicating the direction and amount of
rotation.
Accordingly, Apple's patent FIG. 10 noted above, also illustrates an iPhone (or iPod touch) using a motion-
based input to control the display of a document on the external device/MacBook.
As shown in FIG. 10, the iPhone (device 10) may communicate with MacBook using a near field
communication channel established by bringing the near field communication interfaces 44 and 92 within a
close range of each other.
In some embodiments, the near field communication channel may be used for all communications between
the iPhone and MacBook. However, in other embodiments, the near field communication channel may be
used only initially to setup another communication link, such as a LAN or PAN link.
As shown, the iPhone has been rotated to the left, as indicated by the arrows 134, from its original position
136 to a new position 138. A screen 140 of the GUI 28 is displayed on the iPhone to facilitate control of the
MacBook. The iPhone's screen 140 may be displayed in response to selection of the external control icon
34 (noted in yellow in FIG.1 above) or it may be displayed automatically upon establishment of the near
field communication channel. The screen 140 includes a graphical element 142 depicting a document. The
graphical element 142 may represent a corresponding document 144, shown here as a menu for a pizza
restaurant, displayed on the external device display 88.
The MacBook (device 86) may be configured to rotate the document 144 contemporaneously with the
rotation of the iPhone (device 10). As shown on the MacBook'[s display (88), the document has been
rotated in a manner corresponding to the rotation of the iPhone. Specifically, the document 144 has been
rotated to the left from its original position 146 to a new position 144, as indicated by arrows 150. As the
iPhone is rotated, the iPhone may send motion data through the near field communication channel to the
MacBook. Control circuitry of the MacBook may then interpret the motion data and rotate the displayed
document 144 contemporaneously with receiving the motion data.
In other embodiment, the iPhone's screen may display the graphical element 142 to assist the user in
controlling the external document 144. The document rotation techniques may allow the user to rotate
documents and images such as maps, menus, photographs, and the like. Hmm, that's an interesting twist.
In certain embodiments, the motion data sensed by iPhone may be transmitted over a network connection
established between the MacBook and the iPhone. The NFC communication link may be used to establish
the connection, and then once established, the iPhone may be moved further from the MacBook. This may
allow external control from a longer distance.
Opening Locks via NFC
In Apple's patent FIG. 11 we see an illustration of system 152 that may employ motion-based inputs to
open a lock. The system includes an iPhone, an electronic device 154, and a MacBook. The iPhone may
receive motion-based inputs and transmit the inputs to the electronic device 154. In certain embodiments,
the electronic device 154 may be in communication with the MacBook to allow programming of the
electronic device 154. The electronic device 154 may be a stand-alone device incorporated into a locking
system, such as a door for a home or automobile.
The electronic device 154 also may be incorporated into a MacBook, a computer, personal data assistant,
portable media player, cellular telephone, or the like. The MacBook also may include an NFC interface 172
for enabling NFC communication with the electronic device 154 and/or the iPhone. Note the "N" symbol
within a box is shown on the devices in the graphic above under varying numbers such as 44, 172 and 92.
The electronic device 154 also may include a network device such as a network interface card (NIC or 164
not shown) that allows the device 154 to communicate with a MacBook over a network, such as a LAN,
PAN, WAN, or the Internet. Using the MacBook Keyboard, a user may program the code for the lock 162.
In certain embodiments, the GUI noted as 168 on the MacBook is the iTunes web service to facilitate
programming of the electronic device 154.
For example, a code may be entered through the iTunes interface and transmitted to the electronic device
154 for storage in the memory 160. The iTunes interface also may be used to setup and provide security
monitoring for the electronic device 154. For example, if an incorrect code is transmitted to the electronic
device 154, the control circuitry 158 may transmit an alert to MacBook.
While we're on the topic of opening locks, it should be noted that patent discusses how you'll be able to use
an NFC based iPhone, for example, to open up your office door or, for that matter, any door that would
have a corresponding NFC chip incorporated – be it your home door, car door etc.
Apple's patent FIG. 12 illustrates one embodiment of the system 152 shown in FIG. 11 above. As
illustrated, the electronic device 154 has been incorporated into a door 174. The lock 162 is disposed within
a frame of the door and is configured to actuate to allow the door to open upon receipt of the correct code.
The NFC interface 92 is disposed next to the door. The user 176 may bring their iPhone in close proximity
to the NFC interface to enable communication between the iPhone and the electronic device 154. The
iPhone may then be used to enter a motion-based input, such as a security code, and transmit the code to
the NFC device 92.
Apple's adjoining patent FIG. 13 illustrates a method 180 that the electronic device 154 may use to open a
lock in accordance with one embodiment. The identification information may include a serial number,
cellular telephone number, or other identifier of the iPhone.
