NFC (Near Field Communication) defines the set of RFID standards designed to bidirectionally communicate via wireless and interchange data point-to-point between devices in proximity, normally a few centimeters (up to 10cm). Services that use NFC communications as contactless payments are exponentially growing: Public transport, parkings, fast supermarket cashers, vending machines and even NFC-capable credit/debit cards.In this talk, we investigate relay attacks in NFC-capable credit/debit cards. This attack exploits the communication proximity principle in NFC, which is shown to be non secure. Although a lot of attack countermeasures exist, they do not face with this attack vector since up to date special hardware was required to perform it. However, the story is rewritten with the NFC-capable mobile devices available in the market.
This work shows how nowadays a relay attack in NFC-capable credit/debit cards is possible using an NFC-capable Android device without further modifications (i.e., no root permissions, custom firmware, or custom OS are required). A PoC app implementing the attack is shown in the talk, as well as distributed relay attack scenarios that might become real before long.
Near field communication (NFC) is a set of standards for smartphones and similar devices to establish radio communication with each other by touching them together or bringing them into proximity, usually no more than a few inches.
Sept 2009: this is an updated presentation of the Near Field Communication (NFC) technology. I tried to explain how NFC works on a SIM card, what are the standardization bodies, roles and actors in the ecosystem.
This presentation is for developers and describes technical architecture to implement a NFC application on a SIM card using Java and APDU commands (JSR-177, 257 and 268).
These slides will be presented during the Smart University 2009 in Nice, Sophia-Antipolis.
Near field communication (NFC) is a set of standards for smartphones and similar devices to establish radio communication with each other by touching them together or bringing them into proximity, usually no more than a few inches.
Sept 2009: this is an updated presentation of the Near Field Communication (NFC) technology. I tried to explain how NFC works on a SIM card, what are the standardization bodies, roles and actors in the ecosystem.
This presentation is for developers and describes technical architecture to implement a NFC application on a SIM card using Java and APDU commands (JSR-177, 257 and 268).
These slides will be presented during the Smart University 2009 in Nice, Sophia-Antipolis.
Wireless communication is the transfer of information between two or more points that are not connected by an electrical conductor.
The most common wireless technologies use radio
This presentation is prepared for workshop session and is not in detail. You can ask your doubts here or you can email me at prakharbansal1@gmail.com. I'll try to answer to my best.
it gives info about the 4g technology as well as the previous technologies with disadvantages and what are the reasons new technologies are developed. best viewed with animation in office 10 or above
Wireless communication is the transfer of information between two or more points that are not connected by an electrical conductor.
The most common wireless technologies use radio
This presentation is prepared for workshop session and is not in detail. You can ask your doubts here or you can email me at prakharbansal1@gmail.com. I'll try to answer to my best.
it gives info about the 4g technology as well as the previous technologies with disadvantages and what are the reasons new technologies are developed. best viewed with animation in office 10 or above
[Presentation from May 14 Tap into NFC Meetup]
At the Tap into NFC Meetup in Boston on May 14, 2015, attendees learned about NFC technology and where the Internet of Things is headed in 2015 and beyond. Slide deck includes:
-NFC ecosystem overview + Why NFC Should be on Your Radar ~ Paula Hunter, Executive Director, NFC Forum
-NFC Everywhere – bringing new, secure and convenient user experiences and enabling the Internet of Things with a simple touch of your mobile device ~ Suresh Palliparambil, NXP
-Lightning talks from Identiv, TapTrack, Purple Deck Media, and Couchbase
Get involved in or meet us at one of our upcoming events: http://nfc-forum.org/nfc-forum-events/
Guide du tag NFC : quels usages dans quels contextes ?Olivier Devillers
Guide rédigé pour le Forum SMSC sur le tag NFC (Etiquette intelligente lisible avec un smartphone NFC) et ses usages dans le commerce, le tourisme, les transports publics.
droidcon 2012: What's the Hack is NFC .., Hauke Meyn, NXPDroidcon Berlin
NFC, the intuitive contactless technology is finding its way into more and more mobile phone devices. NFC stands for Near Field Communication and is a contactless technology gearing to massively ease information gathering and content sharing. It's very easy to use and allows short range, point to point communication between NFC enabled devices as well as access to content on passive tags and cards. The presentation will focus to provide a technology introduction, some hints on already available applications with a life demonstration of the technology. We will discuss the use cases driving the technology, the level of NFC integration in Android. The NCF API and it's classes will be presented and last but not least we plan to run a little life coding session to show how easy applications can be enabled and can benefit from NFC.
VISIONFC – an NFC Forum event: The future of NFC in Wearables, Health Care & ...NFC Forum
At the recent VISIONFC sessions hosted by the NFC Forum, NXP, Silicon Craft, and DART shared their perspective on what the future holds for NFC and wearables, healthcare, and transport.
Presentation Abstracts:
NXP - Wearable –Your Personal Wallet, as easy as A-B-C
Mobile phones, thanks to NFC, start to provide solutions for contactless payments, but what if we can bring in a disruptive approach? A simple wearable device performs as a secure application container hosting, not only your payment cards but also your transport and any others. This presentation addresses the vision of the personal virtual wallet, allowing any service provider irrespective of size to deploy their applications in a mobile form.
Silicon Craft Technology - Vision of NFC Technology: Passively-Operated Health Monitoring
Recently, there has been a remarkable upsurge in activity surrounding the adoption of personal health monitoring devices for patients and consumers. With the significant increase in the number of NFC phones in the marketplace, passive battery-less NFC technology is able to validate or enable many healthcare applications. NFC is the only technology that is capable of providing energy harvesting to connect medical device(s).
DART - Leveraging Public Transit to Springboard Widespread Adoption: Opportunities and Obstacles
Dallas Area Rapid Transit (DART) will be deploying an account-based, open payment payment platform in midyear 2017. The system will be capable of handling contactless payments made via a proprietary card issued by DART or a smartphone equipped with NFC communication. DART will be building upon its experience with the mobile ticketing app called GoPass which was introduced in 2013 and has now been downloaded over 500,000 times. The deployment will be supported by VIX Technology (system integrator), moovel (mobile ticketing) and PayNearMe (retail merchant manager). The Pay Near Me team will distribute cards to over 800 locations at which customers will be able to purchase cards and add value to their account using either their card or their smartphone. DART is working with UBER, Lyft, taxi companies and other entities to permit an integrated payment and settlement process to be developed for the convenience of the customer.
Visit http://nfc-forum.org/ to learn more about NFC.
NEAR FIELD COMMUNICATION (NFC) TECHNOLOGY: A SURVEY IJCI JOURNAL
Near Field Communication, NFC- is one of the latest
short range wireless communication technologies.
NFC provides safe communication between electronic
gadgets. NFC-enabled devices can just be pointed or
touched by the users of their devices to other NFC-
enabled devices to communicate with them. With NFC
technology, communication is established when an NF
C-compatible device is brought within a few
centimetres of another i.e. around 20 cm theoretica
lly (4cm is practical). The immense benefit of the
short
transmission range is that it prevents eavesdroppin
g on NFC-enabled dealings. NFC technology enables
several innovative usage scenarios for mobile devic
es. NFC technology works on the basis of RFID
technology which uses magnetic field induction to c
ommence communication between electronic devices in
close vicinity. NFC operates at 13.56MHz and has 42
4kbps maximum data transfer rate. NFC is
complementary to Bluetooth and 802.11 with their lo
ng distance capabilities. In card emulation mode NF
C
devices can offer contactless/wireless smart card s
tandard. This technology enables smart phones to
replace traditional plastic cards for the purpose o
f ticketing, payment, etc. Sharing (share files bet
ween
phones), service discovery i.e. get information by
touching smart phones etc. are other possible
applications of NFC using smart phones. This paper
provides an overview of NFC technology in a detaile
d
manner including working principle, transmission de
tails, protocols and standards, application scenari
os,
future market, security standards and vendor’s chip
sets which are available for this standard. This
comprehensive survey should serve as a useful guide
for students, researchers and academicians who are
interested in NFC Technology and its applications [
1].
The NFC technology evolved from contactless radio frequency identification (RFID). The RFID transmission range can reach several meters or even tens of meters. It can only read and determine information, and NFC technology emphasizes information exchange. Near field, communication is operated at a frequency of 13.56 MHz within a distance of 20 cm, and its transmission speed is 106 Kbit/s, 212 Kbit/s, or 424 Kbit/s.
INTEGRATION OF AN RFID READER TO A WIRELESS SENSOR NETWORK AND ITS USE TO IDE...ijasuc
The objective of this research is to integrate an RFID (Radio Frequency Identification) reader into a
Wireless Sensor Network (WSN) to authorize or keep track of people carrying RFID tags. The objective
was accomplished by integrating hardware and software. The hardware consisted of two WSN nodes –
the RFID node connected to one of the WSN nodes, and a computer connected to the other WSN node.
For the RFID equipment, we used the SM130-EK kit, which included the RFID reader and the RFID tags;
and for the WSN, we used the Synapse Network Evaluation kit, which included the two sensor nodes. The
software consisted of a program module developed in Python to control the microprocessors of the
nodes; and a database controlled by a simple program to manage the tag IDs of people wearing them.
The WSN and RFID nodes were connected through I2C interfacing. Also, the work of sending commands
to the RFID node, to make it read a tag and send it back to the computer, was accomplished by the
Python code developed which also controls the data signals. At the computer, the received tag ID is
evaluated with other existing tag IDs on the database, to check if that tag has authorization or not to be
in the covered area. Our research has the potential of being adapted for use with secure real-time access
control applications involving WSN and RFID technologies.
INTEGRATION OF AN RFID READER TO A WIRELESS SENSOR NETWORK AND ITS USE TO IDE...ijasuc
The objective of this research is to integrate an RFID (Radio Frequency Identification) reader into a
Wireless Sensor Network (WSN) to authorize or keep track of people carrying RFID tags. The objective
was accomplished by integrating hardware and software. The hardware consisted of two WSN nodes –
the RFID node connected to one of the WSN nodes, and a computer connected to the other WSN node.
For the RFID equipment, we used the SM130-EK kit, which included the RFID reader and the RFID tags;
and for the WSN, we used the Synapse Network Evaluation kit, which included the two sensor nodes. The
software consisted of a program module developed in Python to control the microprocessors of the
nodes; and a database controlled by a simple program to manage the tag IDs of people wearing them.
The WSN and RFID nodes were connected through I2C interfacing. Also, the work of sending commands
to the RFID node, to make it read a tag and send it back to the computer, was accomplished by the
Python code developed which also controls the data signals. At the computer, the received tag ID is
evaluated with other existing tag IDs on the database, to check if that tag has authorization or not to be
in the covered area. Our research has the potential of being adapted for use with secure real-time access
control applications involving WSN and RFID technologies.
INTEGRATION OF AN RFID READER TO A WIRELESS SENSOR NETWORK AND ITS USE TO IDE...ijasuc
The objective of this research is to integrate an RFID (Radio Frequency Identification) reader into a
Wireless Sensor Network (WSN) to authorize or keep track of people carrying RFID tags. The objective
was accomplished by integrating hardware and software. The hardware consisted of two WSN nodes –
the RFID node connected to one of the WSN nodes, and a computer connected to the other WSN node.
For the RFID equipment, we used the SM130-EK kit, which included the RFID reader and the RFID tags;
and for the WSN, we used the Synapse Network Evaluation kit, which included the two sensor nodes. The
software consisted of a program module developed in Python to control the microprocessors of the
nodes; and a database controlled by a simple program to manage the tag IDs of people wearing them.
The WSN and RFID nodes were connected through I2C interfacing. Also, the work of sending commands
to the RFID node, to make it read a tag and send it back to the computer, was accomplished by the
Python code developed which also controls the data signals. At the computer, the received tag ID is
evaluated with other existing tag IDs on the database, to check if that tag has authorization or not to be
in the covered area. Our research has the potential of being adapted for use with secure real-time access
control applications involving WSN and RFID technologies.
International Journal of Engineering Research and DevelopmentIJERD Editor
Electrical, Electronics and Computer Engineering,
Information Engineering and Technology,
Mechanical, Industrial and Manufacturing Engineering,
Automation and Mechatronics Engineering,
Material and Chemical Engineering,
Civil and Architecture Engineering,
Biotechnology and Bio Engineering,
Environmental Engineering,
Petroleum and Mining Engineering,
Marine and Agriculture engineering,
Aerospace Engineering.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
On Relaying NFC Payment Transactions using Android devices
1. On Relaying NFC Payment
Transactions using Android devices
Pepe Vila
Ricardo J. Rodríguez
2. other title candidates…
‣ Holystic relay attacks on NFC cyber-
payments with Android mobile cloud
phones
2
‣ ENE-FE-SÉ relai con droides movibles
3. about
‣D. Pepe Vila
IT security consultant at EY
University of Zaragoza
@cgvwzq
‣Dr. Ricardo J. Rodríguez
PhD by University of Zaragoza
Senior Researcher at University of León
@RicardoJRdez
3
4. agenda
1.NFC: what and how
2.EMV (a.k.a. credit card payments)
3.Relay attacks
4.Android NFC history
5.NFC implementation in Android
6.PoC + attack scenarios
7.Limitations and conclusions
4
5. agenda
1.NFC: what and how
2.EMV (a.k.a. credit card payments)
3.Relay attacks
4.Android NFC history
5.NFC implementation in Android
6.PoC + attack scenarios
7.Limitations and conclusions
5
6. 1. Near Field Communication
“Set of technologies that enable radio based
communications between two devices in proximity”
William Shakespeare (uncredited)
‣ Based on RFID: ISO/IEC 14443, FeLiCa, and others
- 13.56MHz
‣ Rates: 106 – 424 kbit/s
‣ Two main actors:
- PCD (or reader) generates RF field
- PICC (or tag) active/passive
‣ Distance: ≤10cm
‣ Short read range limitation = SECURITY ? (hard eavesdropping)
6
7. 1. Near Field Communication
7
http://www.nxp.com/documents/application_note/AN78010.pdf
8. 1. Near Field Communication
ISO/IEC 14443: International Standard for contactless
integrated circuit cards
‣ Part 1: Defines size and physical characteristics
‣ Part 2: Powering and modulation schemes (type A & B)
‣ Part 3: Initialisation and anti-collision
‣ Part 4: Transmission protocol
Tags compliant with all parts are named Type 4 (or IsoDep)
Can use ISO/IEC 7816-4 APDUs for communication
8
9. 1. Near Field Communication
Initialisation and anti-collision (ISO/IEC 14443-3A)
9
Distinct for Type A and B
Command set:
• REQA
• WUPA
• ANTICOLLISION
• SELECT
• HLTA
Use of CRCs
Low frame delay timings (FDT)
(e.g., MIFARE Classic)
10. 1. Near Field Communication
Transmission Protocol (ISO/IEC 14443-4)
10
• RATS or Request ATS
• ATS or Answer To Select: tag
connection parameters (e.g., frame
size,timeouts…)
• PPS req/resp: allow PCDs to modify
some parameters (if tag supports it)
Establishes a logical half-duplex
communication channel between
PCD and PICC
11. 1. Near Field Communication
Transmission Protocol (ISO/IEC 14443-4)
11
Block Format used
Three types of blocks (depending on Protocol Control Byte):
• I-block: application layer information
• R-block: acknowledgments (empty INF field)
• S-block: control information (used for WTX and DESELECT)
12. 1. Near Field Communication
“ISO/IEC 7816 is an international standard for
electronic identification cards, specially smart cards.”
Application Protocol Data Unit (or APDU):
‣ Communication unit between a reader and a SC
‣ Defined by ISO/IEC 7816-4
‣ Command-response pair
APDUs are encapsulated in the INS field
12
13. 1. Near Field Communication
13
‣ APDU command: 4 byte header + 0..255 bytes data
‣ APDU response: 0..65536 bytes data + 2 status bytes
14. 1. Near Field Communication
14
‣ Wide set of commands: SELECT, READ/WRITE
BINARY, GET DATA, GENERATE APP CRYPTOGRAM…
‣ Used to interact with smart card applications and
the File System.
‣ Special interest on SELECT:
- Smart cards can have multiple applications
- Each one with its own AID or Application Identifier
- Registered Application Provider Identifier (RID)
- Proprietary Application Identifier Extension (PIX)
- Applications are isolated and have different files
- Before any command the reader have to SELECT the
specific AID that wants to talk (also exists implicit
selection)
15. agenda
1.NFC: what and how
2.EMV (a.k.a. credit card payments)
3.Relay attacks
4.Android NFC history
5.NFC implementation in Android
6.PoC + attack scenarios
7.Limitations and conclusions
15
16. 3. EMV (a.k.a. credit card payments)
“Standard Europay-Mastercard-VISA defines communication
between smart cards, POS, and ATMs to authenticate credit/
debit card transactions”
‣ APDU commands (defined by ISO/IEC 7816-3 and ISO/IEC
7816-4)
‣ Support for strong cryptographic (chip & PIN)
‣ Backwards compatibility, always prone to downgrade attacks.
‣ Few architecture changes with NFC payments compared to
chip & PIN
(EMV protocols are another surface attack that we have not covered)
16
17. 3. EMV (a.k.a. credit card payments)
17
NFC payments:
‣ Up to 20 GBP, 20€, US$50, 50CHF, CAD100 or AUD100
‣ Limit of using times without PIN verification
‣ Mag-stripe track emulation (CVV3 or dynamic CVV)
18. agenda
1.NFC: what and how
2.EMV (a.k.a. credit card payments)
3.Relay attacks
4.Android NFC history
5.NFC implementation in Android
6.PoC + attack scenarios
7.Limitations and conclusions
18
19. 3. Relay Attacks
‣ Introduced by Conway in
1976
‣ Used in challenge-response
protocol scenarios
‣ Can exploit security based
in proximity concerns
19
21. 3. Relay Attacks
Some classical examples of NFC relay attacks
21
Mole Proxy
Gerhard Hancke. A practical relay attack on ISO 14443 proximity cards. February, 2005
22. 3. Relay Attacks
Some classical examples of NFC relay attacks
22
Practical Relay Attack on Contactless
Transactions by Using NFC Mobile Phones. February, 2012
23. 3. Relay Attacks
Some classical examples of NFC relay attacks
23
NFC Proxy with CyanogenMod 9.1. Eddie Lee, DEFCON 20.
24. 3. Relay Attacks
Our contribution?
‣ NFC relay attacks with off-the-shelf Android devices:
- No root
- No custom firmware
‣ Analysis of NFC capabilities on Android
24
25. agenda
1.NFC: what and how
2.EMV (a.k.a. credit card payments)
3.Relay attacks
4.Android NFC history
5.NFC implementation in Android
6.PoC + attack scenarios
7.Limitations and conclusions
25
27. 27
NFC support began with Android 2.3
“Gingerbread” this is API level 9 and December 2010
4. Android NFC history
‣ Only two operation modes: read/write and P2P (now Android Beam)
‣ Card emulation only via hardware SE (Secure Element):
- Tamper-proof platform to securely store data and execute
applications (Global Platform specifications)
- Isolated from the untrusted host
- Very restricted environment due to Trusted Service Managers
Intermediary authority between network operators,
manufacturers and service providers
- OTA updates and installations
- Virtually exclusive use for Google Wallet (and some banks entities)
28. 28
As a result, many developers asked for an
easier access to this resource
4. Android NFC history
‣ First solution was BlackBerry 7 OS; which included software card
emulation or “soft-SE”
‣ soft-SE (also called Host Card Emulation) allows the OS to receive
APDU commands and to response them by any application instead of by
SE’s applets
‣ In 2011, Doug Year released a set of patches including HCE support for
Android Cyanogen Mod (version 9.1)
- Only for NXP PN544 chipset (Samsung Galaxy S, Nexus 7, etc.)
‣ Finally Android officially supported HCE in October 2013 with the
Android 4.4 “KitKat” release (API level 19)
29. agenda
1.NFC: what and how
2.EMV (a.k.a. credit card payments)
3.Relay attacks
4.Android NFC history
5.NFC implementation in Android
6.PoC + attack scenarios
7.Limitations and conclusions
29
30. 5. NFC implementation in Android
30
Event-driven API with two native implementations, depending on the NFC chip:
libnfc-nxp and libnfc-nci.
NCI (or NFC Controller Interface) leads the NFC development:
‣ provides an open architecture not focused on a single chip
‣ offers an open interface between the NFC Controller and the Device Host
‣ has been standardised by the NFC Forum
31. 5. NFC implementation in Android
31
The NCI defines two types of messages:
‣ Control messages; subdivided in commands (only from DH to NFCC),
responses and notifications
‣ Data messages; carry the information addressed to (or originated from) the
NFC endpoint
We have also the NCI modules, such as the RF Interface Modules:
‣ define how the DH can communicate through the NCI with a specific NFC
endpoint
‣ each RF interface support a specific RF protocol
‣ determines how the payload in a data message, fits on a RF message
Other modules focused on RF discovery or AID routing (discussed later)
32. 5. Android NFC: R/W mode
32
Applications are not allowed to directly set the device into read/write mode
1. Register NFC tags of interest (in the AndroidManifest.xml)
2. NFC service selects and starts the registered app whether a tag is
discovered (apps can also ask preference when in foreground mode)
Tags are discovered by the NFCC, which polls the magnetic field
1. The tag protocol and technology is determined
2. An NCI message is sent from NFCC to DH with tag details
3. The DH (or NfcService) handles the message and fills a Tag object
4. The NfcService creates and emits an Intent with the EXTRA_TAG field
with the Tag object
5. Android registered application receives the Intent and the Tag object
33. 33
Android NFC read/write API offers specific classes per tag type:
‣ NfcA and NfcB for ISO/IEC 14443-3A and B compliant tags
‣ IsoDep for ISO/IEC 14443-4 tags using ISO/IEC 7816-4 APDUs
‣ NfcF for FeLiCa cards (standard JIS 6319-4)
‣ NfcV for ISO/IEC 15693 vecinity cards
‣ …
Extend BasicTagTechnology, which in turn implements the TagTechnology
interface. All the classes use a high level I/O blocking method:
byte[] transceive(byte[] data, boolean raw) {
...
mTag.getTagService().transceive(mTag.getServiceHandle(), data, raw);
...
}
To communicate the DH with an NFC remote tag
5. Android NFC: R/W mode
34. 34
HCE mode is supported by extending the HostApduService abstract class to
process commands and generate responses, by implementing:
byte[] processCommandApdu(byte[] commandApdu, Bundle extras);
and
void onDeactivated(int reason);
methods.
‣ The application has to the register AIDs of interest in its manifest (since Lolipop
also dynamic register support)
‣ IsoDep compliant readers initiates NFC communication with a SELECT
command with an specific AID
‣ After a SELECT, the system will route all APDUs to the appropriate service
according to its AID, until another application is selected or a DESELECT
command is received
5. Android NFC: HCE mode
36. agenda
1.NFC: what and how
2.EMV (a.k.a. credit card payments)
3.Relay attacks
4.Android NFC history
5.NFC implementation in Android
6.PoC + attack scenarios
7.Limitations and conclusions
36
41. agenda
1.NFC: what and how
2.EMV (a.k.a. credit card payments)
3.Relay attacks
4.Android NFC history
5.NFC implementation in Android
6.PoC + attack scenarios
7.Limitations and conclusions
41
42. 7. Limitations and conclusions
42
Currently, there are several limitations when performing NFC relay
attacks with Android off-the-shelf devices
‣ Not support for raw ISO/IEC 14443-3 commands (no read/write
mode for MIFARE Classic or other proprietary protocols)
‣ Emulation constrained to APDUs over ISO/IEC 14443-4
‣ Pre-registering of AIDs to emulate and explicit SELECTion
‣ Timing restrictions: maximum delay in the relay channel
FWT = 256·(16/fc)·2FWI, 0 ≤ FWI ≤ 14, where fc = 13.56MHz
Frame Waiting Time from 500µs to 5s
Note: about libnfc-nci implementation
43. 7. Limitations and conclusions
43
Countermeasures against NFC relay attacks
‣ Distance-bounding protocols
‣ Hardware or RF fingerprinting identification
‣ Physical activation (button or switch)
‣ Secondary authentication methods within the cards
(e.g., Zwipe cards)
44. 7. Limitations and conclusions
44
Android NFC off-the-shelf devices (no root nor custom firmware)
are able to:
‣ Perform a relay attack over an ISO/IEC 14443-4 communication
‣ Contactless payment transactions affected (regardless the EMV
security)
Thus, a simple Android app can be used to study NFC transactions
without need of custom hardware
But also could be abused by malware…