Can Near Field Communication Be Secure In the IoT? NXP’s New NFC Tag Aims For Highest Security

Despite worries about security of RFID and NFC, their use continues to grow. NXP aims to make NFC even more secure with its NTAG 424 DNA.

RFID and NFC Technology and Security

RFID technology has been in use for decades, with the first patent being granted back in 1983. Despite security concerns with the initial technology, as well as some public debates as to its security and privacy, RFID has remained an extremely popular technology.

Its ability to identify tags, whether passively at close distance or over distances up to 100 meters with an active power source, make inventory, manufacturing, and attendee tracking applications a good fit for RFID.  With this range comes fears of hacking and privacy with RFID, though some argue that the fears of RFID security have been addressed or are largely overblown.

NFC (Near Field Communication) is a protocol of of RFID that has been defined since 2003, and began appearing widely in smartphones in 2010. In recent years, NFC has been adopted rapidly in mobile applications, perhaps most prominently in the use of payment applications like Apple Pay, Google Pay and Android Pay.

 

NFC payment interaction across close range. Image courtesy of MobileAppCost.

 

NFC devices can function as both a reader and tag, and the communications only occur in a limited range of a few centimeters, rather than the long range of RFID. This close-range adds a layer of security, as it would be very difficult to intercept communications within the centimeters between devices.

There are still some concerns with NFC privacy and safety, but developers are actively addressing NFC security. Google Pay, for example, masks your account number with a Virtual Account Number temporary alias. Others argue that basic phone security like a lock screen or fingerprint ID makes NFC much safer than credit cards in a wallet.

However, with the development of the IoT, NFC applications will grow rapidly, and with that comes many new security threats as well as opportunities. According to Mintel, customers are holding brands accountable for data transparency, while NFC offers the chance to deliver a personalized experience to customers. 

NXP's NTAG 424 DNA

To address these risks and opportunities with NFC, NXP has introduced the NTAG 424 DNA, an NFC tag with enhanced levels of security and privacy. The tag uses ISO/IEC 14443-A communication, NFC Forum Type 4 Tag NFC interoperability. Offering AES-128 encryption, it uses 416 bytes of memory with three standard data files, ISO-IEC 7816-4 file system, CC(32 bytes), NDEF (256-byte) and secure data (128-byte).

 

NXP's NTAG 424 DNA. Image courtesy NXP.

It has five keys and access rights that can be configured for specific security needs like messaging, authentication, and encrypted communication.

The security built into the tag has a focus in four key areas.

Cryptography

The NTAG 424 DNA utilizes AES-128 encryption, which is the government standard worldwide for classified information. Additionally it offers a Leakage Resilient Primitive (LRP) wrapper aroud AES-128 to add an additional software layer to further mask the data sent from the tag.

Privacy

The tag is capable of producing a random ID, in which each tap of the NFC produces a different output. It also allows for encrypted user identification and content.

Authentication

Messages can be sent cryptographically secure with the Secure Unique NFC (SUN) message authentication on the tag. Using AES-128 encryption, each tap creates a new SUN. The NFC reader reads the unique url with the SUN code, and sends it to the server. The server authenticates the message and the tag, and returns the message to the NFC reader. 

 

SUN encrypted communication path. Image courtesy NXP.

 

The tag also offers 3-pass Mutual Authentication between a reader and a tag, in which both authenticate the other by sharing the common secret key before communicating with each other. 

Secure Data Access

Users can set access rights to secure data stored on the tag, allowing authorized users or a specific number of taps to access files.I In addition, data communicated over the air remains encrypted.

TagTamper

In addition, the tag offers an extra tamper loop, TamperTag, a two-stage status detection that can permanently store the tag information once it has been opened. It can also indicate the current status as part of a SUN message to indicate whether the tag has been tampered or manipulated.

 

TagTamper status indication communication. Screenshot from webinar courtesy NXP. 

 

As the world of connected devices grows rapidly and consumer demands for privacy and security increase, hardware solutions like the NTAG 424 DNA for NFC may become key players in consumer trust.

---

What experience or concerns do you have with RFID and NFC communications? What applications do you see NFC playing an important role with in the IoT? Please join the conversation in the comments.