Near Field Communication Technology Security Issues - Case Study Example

? NFC Security issues: A case study Introduction Near Field Communication technology is a form of technology that utilises the Smartphone technology in the enhancement of services such as contactless payments through pre-stored information in the credit cards. It is the current technology that has the capabilities to turn one’s cell phone into an array of several other functions such as being a wallet to be used for currency, a key to locking and unlocking items and a form of personal identification. The technology due to its promising security features has been widely embraced by most people and organizations that perceive it more relatively efficient in usage than other forms of technology. Particularly, this form of technology is quite popular in advanced nations such as Japan (Gordon & British Computer Society, 2007). However, according to various studies that have been conducted into the technology, especially in the UK by a team of researchers from Surrey University, an alarm is fast being raised about the security risks involved with the same, particularly with regard to the safety of private information of a client that is stored in it. This is because, the likely threats that arise are when the transmission for payments are made, which can be a few meters away from the payment terminal, may create a window of opportunity for someone to tap into the same and transmit that same private information to another phone for their own malicious use. In this paper, I seek to establish and discuss the various possible security risks associated with the use of NFC technology. This may include eavesdropping as slightly mentioned above, data or message corruption or modification, and interception or relay attacks. Another risk can be the physical theft of the Smart phones in order to gain access to the required passwords and credit card details. In order to ensure that trust in the continued use of this technology is maintained, there should be efficient means by which the breaches in the security can be prevented (Taylor & British Computer Society, 2008). a. Eavesdropping This form of security risk is one which occurs when there is an inappropriate listening of the NFC transactions by an unauthorised third party. Criminals who practice this form of activity engage in it with the intent of copying such transactions so as to capture the transcript images of the NFC passwords and other financial information contained in it that are related to the user’s credit cards. This form of a security breach is the most common today and happens in the manner that the criminal needs not pick on only one signal to be able to gather the required information but, collects all the available data at that particular point and scams through them until the sufficient matches are met. To be able to prevent this form of a security breach or risk on Near Form Communication (NFC) technology, there are two main methods that can be efficiently applied. The first solution is in line with the determination of the range of NFC transactions from the purchase terminal. Since the NFC data theft devices used by the criminals require close range to work in, it is essential that a short range transmission of the signals be adopted so that users have to get nearer to the terminal point to use NFC and not send the signals from a far off distance. If the signals are made to be close ranged, the criminals are denied the opportunity to tap into the channel as in order to do so, they will require moving closer to the terminal points, which implies risking arrests. However, in case of a more determined eavesdropper, the short signal range may not be deterrent to their malice; hence, the concerned NFC authorities need to adopt much safer means to shield users from such kind of data theft from eavesdropping. The second most efficient means by which this problem can be solved is through the use of secure channels when making NFC transactions. When the NFC users are capable of establishing secure channels for their transactions, which are mostly encrypted, it becomes extremely difficult for eavesdroppers to get through or into it since, that would require them to have authorization of the same. This method seems more effective than the former since it entails the use of specific devices to decode the information sent through NFC technology. As such, it should be the responsibility of every NFC user to ensure that the organization they transact with, be it a bank or restaurant has a secure channel over which NFC technology can be used. b. Data or message corruption or modification This is another form of security risk that arises from the use of the NFC technology. This form of threat is nearly similar to that of eavesdropping except for the fact that the criminal in this case instead of tapping into the data, manipulates or distorts the nature of the data that is being sent through the NFC technology to the reader so that it appears corrupted when it gets to the intended destination. The intention of carrying out this form of malice is still unknown since, in most instances, the criminals do not take the information and use it for their own gain. A message modification operates in the form of a middleman existing between the two NFC devices, cell phone and NFC reader, to alter and change the information that passes across his/her device into the intended devices. The only best option through which this form of security risk to NFC technology can be prevented is when a secure channel is adopted for the communication of the NFC information. In some instances, the various organizations can acquire the NFC devices that have the capability to listen for any forms of data corruption attacks and prevent the same from taking place (Berna et al, 2010). c. Interception or relay attacks This is another form of security risk or threat to NFC technology in which the data manipulation is enhanced. According to this form of attack, a person acts as a middleman between the two NFC devices and receives and alters the subsequent information that passes through them. This is the most difficult form of attack to NFC technology and the least common to detect. According to the Surrey University stud, this study if not properly detected and analyzed, can prove to be the most lethal and yet most difficult form to solve. Consequently, the study recommends that the most efficient way by which to deal with this threat would be to use NFC devices that are in an active-passive pairing. The implication of having this form of arrangement implies that one device cannot perform the two functions of receiving and sending the NFC information at the same time. Therefore, it would be essential that there be two devices with one device solely receiving the data while the second device solely tasked with sending of the data. This study was against the intention of having one Near Form Communication devices receiving and sending the information at the same time. This is because the same can slow the process and thus, create a window of opportunity for the data criminals to tap into the system. d. Theft of the NFC cell phones This is the last form of threat to the NFC technology, which is quite tricky since it cannot be prevented even with the greatest form of data encryption. In this form of security risk, the owner of a phone may suffer from the loss of their NFC device when criminals attack them and steal it from them this is very lethal as it exposes all of the private NFC information of the user which were stored in the phone (Whitman & Mattord, 2012). The best way by which this threat can be prevented or at least if it occurs, the NFC accounts of a user remains safe is to set up passwords for the phones. As such, when the thieves cannot be able to unlock one’s phone, they would not be able to gather NF information from a particular phone. Conclusion In the world today, technology has changed or completely altered the form and manner in which transactions are conducted. One such avenue is the adoption of NFC technology. While it may appear that this form of technology is the most efficient and secure, still security issues dodge its application as most people are afraid of losing or exposing their private information over the channel that can be easily attacked by criminals. Therefore, the only feasible way by which its continued use and application by most users than using credit cards would be to ensure that there are efficient data encryption and communication channels that are secure. This will guarantee that there would be no hacking of the same information by fraudsters when one attempts to use the same NFC technology in conducting their transactions (Jung & Yung, 2012). References Berna, S., Yalcin, O., & International Workshop on Radio Frequency Identification: Security and Privacy Issues, RFIDSec. (2010). Radio frequency identification: security and privacy issues: 6th international workshop, RFIDSec 2010, Istanbul, Turkey, June 8-9, 2010 : revised selected papers. Berlin [etc.: SpringerLink. Gordon, K., & British Computer Society. (2007). Principles of data management: Facilitating information sharing. Swindon: British Computer Society. Jung, Souhwan, & Yung, Moti. (2012). Information Security Applications: 12th International Workshop, Wisa 2011, Jeju Island, Korea, August 22-24, 2011. Revised Selected Papers. Springer-Verlag New York Inc. Taylor, A., & British Computer Society. (2008). Information security management principles: An ISEB certificate. Swindon: British Computer Society. Whitman, M. E., & Mattord, H. J. (2012). Principles of information security. Boston, MA: Course Technology. Read More