Security Issues in Mobile NFC Devices

The recent emergence of Near Field Communication (NFC) enabled smart phones lead to an increasing interest in NFC technology and its applications by equipment manufacturers, service providers, developers, and end-users. Nevertheless, frequent media reports about security and privacy issues of electronic passports, contactless credit cards, asset tracking systems, NFC-enabled mobile phones, and proprietary contactless technologies suggest that NFC is a potentially unsafe technology whose main beneficiaries are thieves. While these weaknesses are often bound to specific applications and products, they boost the fear that NFC technology as a whole is dangerous, threatens our privacy and helps identity theft and fraud. In order to defend their own products and services, manufacturers and service providers often position themselves on the opposite extreme, stating that their products and services incorporate sufficient countermeasures.
This work aims for assessing the actual state of NFC security, for discovering new attack scenarios and for providing concepts and solutions to overcome any identified unresolved issues. Based on exemplary use-case scenarios, application-specific security aspects of NFC are extracted. The current security architectures of NFC-enabled mobile phones are evaluated with regard to the identified security aspects. As a result of the exemplary use-cases, this research focuses on the interaction with NFC tags and on card emulation. For each of these two modes of NFC, this thesis reveals attack scenarios that are possible despite existing security concepts. For the interaction with NFC tags, a new attack scenario is introduced that allows modification of tag content even though its authenticity and integrity were supposedly guaranteed by a digital signature scheme. Moreover, potential privacy issues and remaining problems have been identified in the NFC Forum's signature scheme specification. For the card emulation scenario, the mobile phone itself is identified as a significant, yet unconsidered, threat. Specifically, the well-known concept of relay attacks on smartcards is extended to the mobile phone platform. By using the phone's processing capabilities and communication facilities, relay attacks can be mounted in a significantly easier and less obvious way. These assumptions are verified through prototypical implementations. Possible solutions and workarounds to overcome these issues are outlined and evaluated with regard to their advantages and disadvantages.