3. Welcome to the future...NFC Technical Information
BROADCOM Near Field Communication
December 6, 2013 • Techpubs_NFC-TI100-R Page 1
®
Near Field Communication
Part 1: “The Magic Touch”
WELCOME TO THE FUTURE...
Now that Near Field Communications (NFC) is fast becoming an integral part of the mobile payment sector, should it be
viewed as the next evolutionary step in mobile computing?
Mobile to fingertips...
6:00 AM
You wake up and
realize that you’re
almost out of cereal.
You tap your phone
on the NFC chip on
the box to add it to
your shopping list.
Milk and toothpaste
go on there, too.
7:30 AM
You run to the train station and use
your phone to tap the reader on the
turnstile, which lets you through. While
you wait for the train, you tap your
phone on the ATM to get some cash for
a coffee from the kiosk on the platform.
8:30 AM
On the walk to work, you
notice the new John Grisham
book is out. You tap your
phone on the poster to find out
how much it costs and read a
more in-depth blurb. You
decide to buy it and, with two
taps on your touchscreen,
order it from Amazon.
9:00 AM
Using your NFC-
enabled fob, you gain
secure entry to your
office building and log
into your computer.
A DAY IN THE LIFE...
LUNCHTIME
You visit Starbucks and use your phone to
cash in your loyalty points for a free coffee
and to add some new ones with your tuna
melt. You also use the phone to find out
what special offers are coming up and pay
for your meal using your MasterCard.
4. Welcome to the future...NFC Technical Information
BROADCOM Near Field Communication
December 6, 2013 • Techpubs_NFC-TI100-R Page 2
®
Touch and take...
Secure and safe...
4:00 PM
You forgot your contactless debit
card at home, so you buy a snack
and a newspaper using the debit
card loaded on your phone.
1:00 PM
You tap your phone to the cover of
SciFiNow to renew your subscription and
to buy a gift subscription for your partner
of another magazine by the same
publishing house. A free subscribers-only
online version appears on your laptop.
6:00 PM
Oh dear, you left your phone on the train! A
quick call to the network operator from your
land line disables your phone for all NFC
activities and tracks it to the nearest station.
Fortunately, an honest passenger gave it to
the conductor. You can easily reactivate your
services in the morning.
9:00 PM
Using your NFC-enabled
tablet, you get a coupon from
an ad for half-price movie
tickets. Oops, you’re a bit late!
Luckily, you can tap your tablet
on the seat arm and have
popcorn delivered to you.
5. What is Near Field Communication?NFC Technical Information
BROADCOM Near Field Communication
December 6, 2013 • Techpubs_NFC-TI100-R Page 3
®
Section 1: What is Near Field
Communication?
INTRODUCTION
Near Field Communication (NFC) is a standards-based,
contactless, short range communications technology used
to provide secure, two-way wireless connectivity between
electronic devices. Some of the basic ideas for NFC derive
from earlier achievements in Radio-Frequency
IDentification (RFID) technology. Sony® and Phillips® (now
NXP®) Semiconductors took the lead and jointly developed
the NFC technology.
Initially approved as an ECMA (European Computer
Manufacturers Association) standard, the standard for
NFC technology was approved as an ISO/IEC standard on
December 8, 2003.
In March 2004, Nokia®, Sony, and Phillips formed the NFC
Forum. In June, 2006, the NFC Forum formally outlined the
architecture for NFC technology. In August, 2006, the NFC
Forum released four Forum-approved specifications.
These NFC specifications provided a road map that made it
possible for interested parties to create their own
products. By 2008, the NFC Forum had over 160 members,
including manufacturers, applications developers, and
financial services institutions.
PRACTICAL REAL-WORLD APPLICATIONS
NFC, which is characterized as a very short-range radio
communication technology, has a lot of potential uses,
particularly when applied to mobile handsets. NFC is ideal
for use in environments in which other forms of wireless
communication would be unsuitable.
NFC is used in a wide variety of applications, including:
• Mobile phones, tablets, and PDAs
• Personal computers
• Cash registers and point-of-sale equipment
• Turnstiles
• Vending machines
• Parking meters
• ATMs
• Garage door openers
• Electronic ticketing
• Electronic money
• Identity documents
• Electronic keys
• Initiating wireless connections
Imagine using your cellphone to interact with posters,
magazines, and even products while at the store. And
these interactions, in turn, initiating requests or searches
for related information in real-time. Or imagine using your
handset as an electronic wallet to make payments the
same way you would use a credit card. With NFC, all of this
is possible.
CONNECTIVITY
NFC technology makes it possible to easily connect devices
over short distances of only a few centimeters. In fact, the
effective range of NFC communications is a key to its
operation and success. By operating only over short
distances, NFC provides a large degree of inherent security
since devices normally come into contact, and hence only
communicate when the user intends this to happen.
Electronic devices are able to communicate with each
other by simply bringing them into close proximity of each
other.
NFC significantly simplifies identification and security
issues and makes it extremely easy for devices to exchange
Touch To
Connect
Payment
Your phone
is your credit
card
Sharing
Share files
between
phones
Service Discovery
Get information
by touching
smart posters
Ticketing
Your phone
is your travel
card
NFC used in a digital mall
network application
NFC used in an Electronic
Wallet application
NFC used to simplify identification
6. NFC StandardsNFC Technical Information
BROADCOM Near Field Communication
December 6, 2013 • Techpubs_NFC-TI100-R Page 4
®
information. With NFC, users can perform contactless
transactions, gain access to digital content, and connect to
electronic devices by simply bringing the devices within
close proximity (about 4 or 5 centimeters) of each other or
touching them together. However, compared to many
other wireless standards, NFC is slow. So using NFC to
transfer large files isn’t really practical.
Communicating using NFC is simple. You do not have to
perform the detailed setup procedures that other longer
range wireless communications technologies, such as
Bluetooth, Wi-Fi/IEEE 802.11™, and RFID require. All you
need are two NFC-enabled devices—two phones, a phone
and an access point or kiosk, a phone and a payment
station, etc.
Since NFC is a non-contact technology, it does not require
physical electrical contact between devices. Instead, NFC
uses inductive-coupling at a frequency of 13.56 MHz
(a license-free allocation in the high-frequency (HF)
portion of the radio spectrum). And since NFC does not
rely on hardware connectors, the connection is more
reliable and the problems associated with contact wear,
corrosion, and dirt that systems with physical connectors
experience are avoided.
NFC STANDARDS
Even though NFC is a form of RFID and some of the basic
ideas behind NFC are directly derived from RFID
technology, it is defined by a unique set of standards that
define the contactless operating environment, data
formats, and data transfer rates.
NFC was standardized in ECMA-340 and ISO/IEC 18092 as
an open platform technology approved as an ISO/IEC
standard on December 8, 2003, and later as an ECMA
standard. In addition, NFC is also compatible with NXP
Semiconductors MIFARE® (refer to ISO 14443 A) and Sony
FeliCa® smart card protocols.
These standards enable NFC equipment and the various
NFC elements produced by a variety of manufacturers to
work together. As a result, NFC has been standardized by a
number of globally accepted standards bodies and is
positioned for wide acceptance and use in a variety of
applications.
The ECMA-340 and ISO/IEC 18092 standards specify the
modulation schemes, coding, transfer speeds, and frame
format of the RF interface of NFC devices, as well as the
initialization schemes and conditions required for data
collision-control during the initialization of both passive
and active NFC operating modes. They also define the
transport protocol and protocol activation and data-
exchange methods.
The NFC air interface is standardized in the ISO/IEC 18092/
ECMA-340 and ISO/IEC 21481/ECMA-352 specifications—
Near Field Communication Interface and Protocol (NFCIP-1
and NFCIP-2, respectively).
The NFC Forum defined a common data format called NFC
Data Exchange Format (NDEF) that can store and transport
various items, ranging from any MIME-typed object to
ultra-short RTD-documents such as URLs. The NFC Forum
added the Simple NDEF Exchange Protocol to the
specification, which allows messages to be transferred
between two NFC-enabled devices.
Section 2: How Does NFC Stack Up
Against Other Wireless Technologies?
INTRODUCTION
NFC is designed for bursts of communication with nearby
NFC devices. Therefore, NFC transmissions are very short
range (only about 4 or 5 centimeters). Compared to other
short-range wireless technologies, NFC is considered
“human-centric”.
Some short-range communication technologies, like RFID,
have characteristics similar to NFC. Whereas, other short-
range technologies, like Bluetooth and infrared (IrDA), are
complimentary yet completely different. For example,
using NFC to pair (authenticate) a Bluetooth session
demonstrates the complimentary use of NFC and
Bluetooth® to transfer data. Even though NFC has more in
common with Bluetooth than it does with Wi-Fi, it is not a
good substitute for either technology.
TECHNOLOGY COMPARISON
This section highlights some of the differences between
NFC and other short-range wireless technologies.
NFC vs. Bluetooth
Though Bluetooth and NFC are both short-range
communication technologies, Bluetooth, which is
designed to transfer data over greater distances than NFC,
has a transmission range of about 10 meters (30 feet).
NFC, however, is designed for close proximity use and has
a transmission range of only 4 to 5 centimeters to avoid
unwanted interruptions in crowded areas.
WebiTap cloud-based service using
NFC to connect to its app
7. How Does NFC Work?NFC Technical Information
BROADCOM Near Field Communication
December 6, 2013 • Techpubs_NFC-TI100-R Page 5
®
Bluetooth also has a faster data transfer rate than NFC. The
maximum data transfer rate of NFC is 424 kbps. The
maximum data transfer rate of Bluetooth V2.1 can exceed
2 Mbps (actual payload).
Setting up a Bluetooth connection is significantly more
complicated than the steps required to set up an NFC
connection. In fact, NFC can be used to initiate and
authenticate a Bluetooth connection.
NFC vs. IrDA
Though Infrared Data Association (IrDA) and NFC are both
defined as short-range communication technologies, IrDA
is a line-of-sight communication standard for data
exchanges over infrared light. Unlike NFC, IrDA does not
have built-in security and does not support encryption
technologies such as Secure Sockets Layer (SSL).
NFC vs. Radio Frequency Identification (RFID)
RFID is an automatic identification method that relies on
storing and remotely retrieving data using RFID tags.
Though RFID is very similar to NFC, RFID is a much broader
defined technology.
NFC vs. Wi-Fi
Though Wi-Fi/IEEE 802.11 and NFC are both wireless
technologies, Wi-Fi is designed for local area networks
(LAN), not short range communications.
Section 3: How Does NFC Work?
NFC TARGETS AND INITIATORS
NFC technology uses short-range wireless transmitters to
communicate with other devices. Interacting
electromagnetic radio fields transmit small bits of
information between the devices.
For example, the exchange of information between a
smartphone and a keyless digital door lock illustrates the
interaction between NFC devices.
Typically, an NFC data transfer involves the use of an
initiator and a target. The NFC initiator actively generates
an electromagnetic RF field that can power a passive
target, initializes the NFC communication, and controls the
exchange of data. The NFC target responds to requests
made by the NFC initiator.
This allows NFC targets to have very simple form factors
such as tags, stickers, key fobs, and cards that do not
require batteries to operate.
Only one of the communicating devices has to be
powered. However, for target-to-target (peer-to-peer)
communications, both devices must be powered.
OPERATING MODES
The NFC standard defines two operating modes—active
and passive. In active mode, both devices generate RF
signals on which data is carried. However, in passive mode,
only one NFC device generates an RF field. The passive
device (or target) uses a technique called load modulation
to transfer data back to the primary device (the initiator).
COMMUNICATION MODES
The NFC standard defines three communication modes—
Read/Write, NFC Card Emulation, and Peer-to-Peer.
Read/Write mode allows applications to transfer data in an
NFC Forum-defined message format. Read/Write mode
communications are not secure, but Read/Write mode is
supported by the Contactless Communication API.
NFC Card Emulation mode enables the NFC device to
behave as a standard Smartcard. In this mode, data
transfers are secure. NFC Card Emulation mode is also
supported by the Contactless Communication API.
Peer-to-Peer (P2P) mode supports device to device, link-
level communication. However, this NFC communication
mode is not supported by the Contactless Communication
API.
WIRELESS DATA TRANSFER
The NFC wireless technology operates at a 13.56 MHz
radio frequency, which is within the globally available and
unregulated 13.56 MHz frequency band (licenses are not
Tag
Data
Field
Electromatic RF FieldEmitter
Smartphone used to open a keyless digital door lock
NFC key fob
8. How Does NFC Handle Security Issues?NFC Technical Information
BROADCOM Near Field Communication
December 6, 2013 • Techpubs_NFC-TI100-R Page 6
®
required to operate on these frequencies). Since the same
channel is used both to transmit and receive data, NFC
radio transmissions are half-duplex.
Data can be transferred via NFC at either 106, 212, or 424
kbps. The application sets up the initial communication
speed, but data transfer rate may change to address the
specific demands of the communication environment.
To prevent two NFC devices from transmitting at the same
time, the devices communicate using a listen before talk
protocol, where each device transmits only after making
sure no other device is transmitting.
A connection between two NFC devices occurs when the
devices are brought to within about 4 centimeters of each
other. Though the actual distance depends on a number of
factors, maximum distances of up to 20 centimeters have
been reported. Simply waving an NFC device close to
another NFC device or touching the two devices together
is sufficient to establish an NFC connection.
Because of the limited short transmission range of NFC,
security does not need to be as comprehensive as the
security used with other wireless technologies. And
therefore, NFC-enabled transactions are inherently
secure.
To provide the standard interfaces, the underlying layers of
the NFC technology adhere to ISO standards.
Section 4: How Does NFC Handle
Security Issues?
INTRODUCTION
An electronic wallet or an NFC-enabled smartphone can
be used to make contactless payments at NFC retail
terminals and parking meters, or even to pay your taxi
fare. Since contactless payment is a principal application of
NFC, system security is a major issue and having security
measures built into the basic structure of NFC is essential.
By ensuring that the basic structure can accommodate
security measures, the overall NFC security system is less
likely to be vulnerable to attack.
An NFC signal can be easily detected using an antenna,
even though the antenna may be further than a few
centimeters from the device. The attacker can use
jammers that can cause the NFC field to malfunction,
giving the attacker time to successfully gain access into an
NFC-capable device. Also, there is the concern that an NFC
device will connect to an NFC device that is pretending to
be the initiator. In this scenario, information is sent to the
wrong device, exposing the data on the responding NFC
device (target) visible to the attacker.
NFC SECURITY THREATS
Although the transmission range of NFC communications
is short, which reduces the possibility of a security threat,
it does not guarantee system security. Consequently, all
security concerns must be addressed in order to ensure
that security is not compromised.
The following are some of the attacks attempted to
compromise NFC security:
• Eavesdropping attacks
• Data corruption attacks
• Data modification attacks
• Man-in-the-middle attacks
• Relay attacks
Eavesdropping Attacks
NFC devices use RF waves to communicate. During an
eavesdropping attack, the attacker uses an antenna to
listen in on the RF communication between NFC devices.
Since each NFC operating mode uses a different method to
transmit data, an important thing to consider is the
operating mode of the NFC device sending the data—is
the device generating its own RF field (active mode) or is it
using the RF field generated by another NFC device
(passive mode). And even though transmitting data in
passive mode is more difficult to eavesdrop on, it probably
is not adequate for most applications that transmit
sensitive data.
The best way to prevent eavesdropping is to establish a
secure channel between the NFC devices (see “NFC Secure
communication Channel” on page 7).
Data Corruption Attacks
A data corruption attack is essentially a form of the denial
of service (DoS) attack, where the attacker interferes with
data transmission by disturbing or blocking data flow in
such a way that the receiving device is not able to decipher
the information. The attacker does not need to access the
transmitted data, he or she simply needs to transmit radio
signals to reduce the signals to random noises, thereby
destroying the information in the communication.
A common remedy implemented in NFC devices is to check
the RF signal during data transmission. Since the amount
of power required to corrupt data is greater than the
amount of power required to send the data, the sending
Attacker
Device A Device B
9. NFC Secure communication ChannelNFC Technical Information
BROADCOM Near Field Communication
December 6, 2013 • Techpubs_NFC-TI100-R Page 7
®
device is able to detect the attack and stop the data
transmission automatically.
Data Modification Attacks
In a data modification attack, the intent of the attacker is
to provide the receiving device with valid, although
manipulated data. This differs from a data corruption
attack. The attacker captures the data being exchanged,
and then modifies the data using a radio frequency device
that is capable of inhibiting the NFC data exchange long
enough to alter the binary coding. The feasibility of this
type of attack depends on the applied strength of the
amplitude modulation and is practically impossible to
implement. However in rare cases, the data can be
modified, especially if the data is sent via an active mode
transmission.
The best way to prevent a data modification attack is to
establish a secure channel between the NFC devices (see
“NFC Secure communication Channel”).
Man-In-The-Middle Attacks
Despite the NFC standard that requires proximity of
devices during a data transfer, the data is theoretically
susceptible to man-in-the-middle attacks. In this attack
scenario, the attacker intercepts the information, possibly
manipulating it, and then relays it to the receiving device.
The use of encryption mechanisms such as AES for secure
communication makes the implementation of MITM
attacks difficult.
It is particularly difficult to achieve a man-in-the-middle
attack on an NFC link. To completely minimize the risk, use
an active-passive communication mode. By doing this, it is
possible to detect an unwanted third party.
Relay Attacks
A relay attack exploits NFC compliance of the ISO/
IEC14443 protocol. To execute a relay attack, the attacker
must forward the request of the reader to the victim, and
then relay the victim’s answer back to the reader in real
time in order to pretend to be the owner of the victim’s
smart card.
This attack technique focuses on the extension of the
range between the token such as a NFC-enabled card and
the reader. To carry out the attack, two NFC-enabled
devices are required, one to act as a reader and the other
to act as a card emulator. The system being attacked
cannot detect the attack because it thinks a card is actually
within its field.
In this attack scenario, the attacker holds the NFC reader
near the card being attacked and relays the data over a
different communication channel to a second NFC reader
placed in close proximity of the original reader that
emulates the card being attacked.
NFC SECURE COMMUNICATION CHANNEL
The best way to ensure NFC security is to use an NFC
secure channel to protect against eavesdropping and data
modification attacks. To prevent attackers from
compromising transmitted data, NFC often creates a
secure channel for communication and uses data
encryption when sending sensitive information between a
phone and another device like a card reader. The NFC
secure channel ensures the confidentiality, integrity, and
authenticity of data transfers between NFC devices.
WHAT’S NEXT?
Part two in this tutorial series, Near Field Communication;
Part 2: “Behind the Magic Touch”, provides details on
various technical aspects of NFC. Specifically, Part 2
addresses:
• NFC modulation and RF signal
• NFC Data Exchange Format (NDEF), message structure,
and records
• NFC tags and tag types
Device A Device B
Attacker
Device A Device BAttacker
Communication Channel
Bluetooth
Wireless LAN
Internet
Emulated
PICC
PDC
NFC
Reader
Original
PICC
Data
10. ReferencesNFC Technical Information
BROADCOM Near Field Communication
December 6, 2013 • Techpubs_NFC-TI100-R Page 8
®
References
The following sources were referenced in the preparation of this paper:
• NFC Near Field Communication Tutorial (Radio-Electronics.com: http://www.radio-electronics.com/info/wireless/nfc/
near-field-communications-tutorial.php)
• NFC - Near Field Communication (About.com: http://google.about.com/od/socialtoolsfromgoogle/g/Nfc-Near-Field-
Communication.htm)
• NFC For Dummies: A quick overview (WohoTech: http://techtimewithmikebed96.wordpress.com/2011/03/05/nfc-
for-dummies-a-quick-overview/)
• WikipediA (wikipedia.org)
• Near Field Communication (NFC) Technology, Vulnerabilities and Principal Attack Schema (Infosec:
infosecinstitute.com)
• Ernst Haselsteiner and Klemens Breitfuß, Security in Near Field Communication (NFC), Strengths and Weaknesses,
Philips Semiconductors, Mikronweg 1, 8101 Gratkorn, Austria
• NFC: The magic touch; published in the Review - Issue 1, 2012; Author: Tasmin Oxford – Illustration: Robin Boyden
(http://www.gemalto.com/index.html)