``Potential Misuse of NFC Enabled Mobile Phones with Embedded ...
``Potential Misuse of NFC Enabled Mobile Phones with Embedded ...
``Potential Misuse of NFC Enabled Mobile Phones with Embedded ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
“Potential <strong>Misuse</strong> <strong>of</strong> <strong>NFC</strong> <strong>Enabled</strong> <strong>Mobile</strong> <strong>Phones</strong><br />
<strong>with</strong> <strong>Embedded</strong> Security Elements as Contactless<br />
Attack Platforms”, RISC (ICITST) 2009.<br />
Lishoy Francis, Gerhard Hancke, Keith Mayes and Konstantinos<br />
Markantonakis<br />
The Information Security Group Smart Card Centre,<br />
Information Security Group,<br />
Royal Holloway University <strong>of</strong> London,<br />
Egham TW20 0EX, Surrey, United Kingdom.<br />
10 November 2009 09:00
..<br />
◮ Part I: Overview <strong>of</strong> <strong>NFC</strong> <strong>Enabled</strong> <strong>Mobile</strong> <strong>Phones</strong>.<br />
◮ Part II: Proposed Security Attacks.<br />
◮ Part III: Proposed Security Countermeasures.<br />
◮ Part IV: Conclusions.
Part I<br />
Part I<br />
Overview <strong>of</strong> <strong>NFC</strong> <strong>Enabled</strong> <strong>Mobile</strong> <strong>Phones</strong>
Part I<br />
.<br />
Overview <strong>of</strong> <strong>NFC</strong> <strong>Enabled</strong> <strong>Mobile</strong> <strong>Phones</strong><br />
Objective:<br />
To investigate the potential misuse <strong>of</strong> <strong>NFC</strong> (Near Field Communications)<br />
enabled mobile phones <strong>with</strong> embedded Security Element (SE).<br />
◮ <strong>NFC</strong> is a short range and standardised (ISO 18092) wireless<br />
communications technology (adds contactless functionality to mobile<br />
devices, e.g. mobile phones and PDAs).<br />
◮ <strong>NFC</strong> enabled mobile phone can act both as a “contactless card” and<br />
a “contactless reader” (supports ISO 14443, ISO 15693, FeliCa and<br />
Mifare Standard).<br />
◮ <strong>NFC</strong> finds applications in ticketing, banking, access control, etc and<br />
is tipped to be the next ’click’.<br />
◮ Three architectures currently exist, SE as embedded hardware<br />
module; SE functionality integrated into the Subscriber Identity<br />
Application module such as (U)SIM; SE as removable memory<br />
component (Secure MMC, Secure SD).
Part I<br />
.<br />
A functional view <strong>of</strong> the <strong>NFC</strong> enabled <strong>Mobile</strong> Phone<br />
showing relevant APIs and operational modes
Part I<br />
.<br />
Security <strong>of</strong> <strong>NFC</strong><br />
Secure Element (SE):<br />
◮ controls the <strong>NFC</strong> based transactions,<br />
establishes the trust between service<br />
provider and the mobile phone.<br />
◮ designed to provide a secure platform for<br />
containing sensitive applications and key<br />
material.<br />
◮ The SE supports Java Card 2.2.1 (Java<br />
Card Open Platform), Global Platform<br />
2.1.1 & Mifare Standard emulation.<br />
◮ The mobile phone vendor allows SE<br />
“unlocking”, which sets the<br />
authentication keyset to a known public<br />
value.
Part I<br />
.<br />
Security <strong>of</strong> <strong>NFC</strong><br />
Related Contactless Security Attacks:<br />
◮ Contactless token skimmers and emulators currently exist, but a<br />
<strong>NFC</strong> phone platform <strong>of</strong>fers distinct advantages in that it is a small,<br />
mobile device and more importantly that is has an acceptable form<br />
factor, i.e. it does not physically look like a skimmer or an emulator.<br />
◮ Heydt-Benjamin et.al. 2007 (skimming, replay and relaying on<br />
payment systems).<br />
◮ E-passport clones (Steve Boggan article in Times, August, 2008).<br />
◮ Designs for hardware emulators for ISO 14443 tokens (Carluccio<br />
et.al., R. Verdult, 2006); & hardware skimmers, available for<br />
purchase (OpenPCD.org; HF RFID Demo Tag, IAIK, Graz).<br />
◮ We demonstrate how a <strong>NFC</strong> mobile phone can be configured as a<br />
contactless reader which may be used as a contactless skimming<br />
tool, and how the attacker can use the gathered information to<br />
create a “clone” by emulating a token.
Part I<br />
.<br />
<strong>NFC</strong> <strong>Enabled</strong> <strong>Mobile</strong> Phone as a Contactless Card & as a<br />
Contactless Reader<br />
<strong>NFC</strong> <strong>Enabled</strong> <strong>Mobile</strong> Phone as a Contactless Card:<br />
◮ The SE supports Java Card 2.2.1 (Java Card Open Platform),<br />
Global Platform 2.1.1 & Mifare Standard emulation.<br />
◮ The mobile phone vendor allows SE “unlocking”, which sets the<br />
authentication keyset to a known public value.<br />
◮ SE communicates <strong>with</strong> the <strong>NFC</strong> controller, the external reader<br />
device and the applications installed on the mobile phone through<br />
well defined, and standardised, interfaces.<br />
<strong>NFC</strong> <strong>Enabled</strong> <strong>Mobile</strong> Phone as a Contactless Reader:<br />
◮ Nokia 6131 supports S40 platform, providing J2ME layer for MIDP<br />
(<strong>Mobile</strong> Information Device Pr<strong>of</strong>ile) 2.0 applications (MIDlets).<br />
◮ Contactless reader mode uses JSR 257 API to communicate <strong>with</strong><br />
any external SE and if needed uses SATSA (JSR 177) API to<br />
communicate <strong>with</strong> the internal SE.<br />
◮ JSR 257 API Extensions allow <strong>NFC</strong> enabled mobile devices to<br />
communicate in P2P mode.
Part II<br />
Part II<br />
Proposed Security Attacks
Part II<br />
Proposed Security Attacks<br />
<strong>NFC</strong> <strong>Enabled</strong> <strong>Mobile</strong> Phone as an Attack Platform<br />
Practical Pro<strong>of</strong> <strong>of</strong> Concept for the Proposed Attacks:<br />
◮ Transaction Data Capture & Analysis.<br />
◮<br />
◮<br />
Captured RF (Radio Frequency) communication between a<br />
contactless card and a legacy contactless reader in our test system.<br />
The test system is based on a ‘static authentication’ system.<br />
◮ Developing the “Clone”.<br />
◮<br />
◮<br />
◮<br />
By default, the SE on 6131 is locked <strong>with</strong> the Issuer keyset.<br />
Unlockable, the unlocking process sets the authentication keyset to a<br />
known public values (keyset-42).<br />
Java Card Applets which emulated the test application were loaded<br />
and installed on the unlocked SE.<br />
◮ Developing the <strong>Mobile</strong> Pick Pocketing Tool.<br />
◮<br />
◮<br />
A MIDP (<strong>Mobile</strong> Information Device Pr<strong>of</strong>ile) 2.0 application<br />
(MIDlet) running on the mobile phone which reads (skims) the<br />
contactless card.<br />
No code signing was required to use the contactless APIs.
Part II<br />
Proposed Security Attacks<br />
<strong>NFC</strong> <strong>Enabled</strong> <strong>Mobile</strong> Phone as an Attack Platform<br />
a) Custom-built Sniffer & Card<br />
Emulator.<br />
b) Skimming & Cloning using <strong>NFC</strong><br />
<strong>Mobile</strong> Phone.
Part III<br />
Part III<br />
Proposed Security Countermeasures
Part III<br />
Proposed Security Countermeasures<br />
Security Countermeasures<br />
◮ Timing, RF Shielding may not work.<br />
◮ Control measures on the <strong>NFC</strong> Secure Element (SE).<br />
◮ Making code signing mandatory for <strong>NFC</strong> communications API.<br />
◮ Securing the <strong>NFC</strong> Secure Element activity.<br />
◮ Cryptographically linking the application to Unique Identifiers.<br />
◮ Application Protocol <strong>with</strong> strong cryptography (for e.g. dynamic<br />
authentication).
Part IV<br />
Part IV<br />
Conclusions
Part IV<br />
Conclusions<br />
Conclusions<br />
◮ <strong>NFC</strong> enabled <strong>Mobile</strong> <strong>Phones</strong> are found to be easily configured as<br />
Cloning, Skimming Platforms.<br />
◮ Legitimate form-factor <strong>of</strong> mobile phone arouse less suspicion in the<br />
public.<br />
◮ Easily and freely available development tools.<br />
◮ More security controls needed on the Secure Element.<br />
◮ If not secured, the Secure Element (SE) embedded in certain <strong>NFC</strong><br />
mobile phones could become a platform for malicious s<strong>of</strong>tware.<br />
◮ In conclusion, our findings indicate that the embedded SE <strong>with</strong> the<br />
existing security controls and the available contactless APIs could be<br />
exploited to configure the mobile phone as a contactless attack<br />
platform.