NFC in IoT-Based Payment Architecture

0 downloads 0 Views 724KB Size Report
Jun 12, 2017 - Identification or RFID technology that was patented by Charles Walton (1983). NFC was standardized as ... 9.4 NFC-Based Payment Systems .
9 NFC in IoT-Based Payment Architecture Alak Majumder, Shirsha Ghosh, Joyeeta Goswami, and Bidyut K. Bhattacharyya CONTENTS 9.1

Introduction ........................................................................................................................ 203 9.1.1 Reader/Writer Mode ............................................................................................. 204 9.1.2 Peer-to-Peer Mode.................................................................................................. 204 9.1.3 Card Emulation Mode ........................................................................................... 205 9.1.4 NDEF Stack Description ....................................................................................... 206 9.1.5 Security in NFC...................................................................................................... 206 9.2 Basic Overview of IoT Universe ....................................................................................... 208 9.3 Use Cases of NFC in IoT Universe................................................................................... 210 9.4 NFC-Based Payment Systems .......................................................................................... 213 9.5 Common Threats and Vulnerabilities of NFC-Based Payment System and the Process to Eliminate Them ................................................................................ 216 9.6 Conclusion .......................................................................................................................... 218 References..................................................................................................................................... 219

9.1 Introduction In the era of ubiquitous computing, many wireless technologies have emerged to serve several types of communication needs. Near Field Communication or NFC is a shortrange wireless communication protocol, which is a successor of popular Radio-Frequency Identification or RFID technology that was patented by Charles Walton (1983). NFC was standardized as an ISC/IEC standard in 2003 and works in a very short range using 13.56-MHz frequency that makes it perfect for contactless payments. It extends the ISO 14443 RFID standard. Since its inception, NFC is on the limelight because of its versatility, inherent security, and interoperable nature. The basic mechanism of NFC is based on the Faraday’s Law of Induction in which current is flown between two devices by creating a magnetic field. In the case of NFC, the reader or the active device creates a magnetic field using its antenna coil. Then, the passive devices present in that field get energy from the magnetic field and modify the properties of the incoming frequency. When the active device gets information about the passive device, a very small amount of AC current emerges from the sinusoidal waves. The AC current is converted into DC inside the tag chip using the rectifier and the passive device also generates carrier wave to pass information to the active device. Currently NFC is involved in three major devices: Smartphones, NFC readers and NFC tags. Based on the different working and application areas, NFC has three different 203

K30327_C009.indd 203

06/12/17 10:46:36 AM

204

The Internet of Things

operating modes known as Reader/Writer mode, Peer-to-Peer Mode and Card Emulation mode. NXP semiconductors have documented all these modes in a document entitled “NFC Everywhere” (2015a). 9.1.1 Reader/Writer Mode In this mode, the communication settles between a passive NFC tag and an active NFC device such as NFC enabled smartphone or NFC terminal. The main purpose of this communication is two: • To read prestored data from the tags. The involving steps are as follows: • Read request: The user requests data by active device such as mobile to the NFC tags that may be installed into various places. • Data transfer: The prestored data are then transferred to the active device from the passive tag to the reader. • Processing by the Reader device: After getting data from the passive tag, the reader processes the data for various functions. • To write values to the NFC tags or writer mode. In this case if some data are prestored in the tag, then the writer overwrites or updates those data by the latest. The steps are as follows: • Write request: First user makes a request to write data to the NFC tag. • Data transfer: Then the NFC tag endorses the success of the operation. This operating mode has data rate up to 106 kbps. The main applications of this mode are smart posters, ticketing, accessing internet or any media files, and so on. Figure 9.1 represents the mode. 9.1.2 Peer-to-Peer Mode This operating mode is about the communication between two NFC active devices. This operating mode takes the advantages of two communication technology: NFCIP-1 (NearField Communication Interface and Protocol), LLCP (Logical Link Control Protocol), and SNEP (Simple NDEF Exchange protocol). In NFCIP-1 mode, both NFC devices must have own power source to generate magnetic fields. And in the LLCP communication, both

NFC passive device (Tag) NFC active device (Smartphone) FIGURE 9.1 NFC reader/writer mode.

K30327_C009.indd 204

06/12/17 10:46:36 AM

205

NFC in IoT-Based Payment Architecture

NFC active device (Smartphone)

NFC active device (Smartphone)

FIGURE 9.2 NFC peer-to-peer mode.

the devices stay identical. SNEP allows the exchange of NDEF messages analogous to tag operation specifications. In Peer-to-Peer mode, first data are exchanged between two active devices then using those data, several tasks are executed. A 424-kbps data rate is provided by this operating mode. This mode has several important tasks including exchanging data, peer-to-peer money transfer, pairing devices, and so on. Figure 9.2 shows the mode. 9.1.3 Card Emulation Mode Card Emulation mode provides a way to use an NFC enabled mobile as a substitute of contactless smart card in which the mobile devices can store different credit card information with a much secure way. The working steps of this operating mode include the following: • Service request: The user establishes an NFC communication with an NFC reader and makes a request to any service provider in which the reader transfer the data collected’ from the mobile phone to the service provider. Figure 9.3 shows the mode. • Backend service: The service provider will run this service in backend after receiving the required data. • Service usage: Finally the service provider processes the data and provides a service to the user.

NFC active device (Smartphone) (Using as emulated card)

Point of sale terminal (POS)

FIGURE 9.3 NFC card emulation mode.

K30327_C009.indd 205

06/12/17 10:46:36 AM

206

The Internet of Things

The major application fields of this operating mode are Payment, Ticketing, Identity service, Smart environment, and so on with the advantage that it removes the physical objects, cash money and gives higher security. 9.1.4 NDEF Stack Description The format by which data are exchanged between two NFC devices is known as NFC Data Exchange Format or NDEF. NFC Forum specified all the technical specification in their official documentation (2006) on NDEF. It is a binary message format in which every message contains several records, and each record consists of a payload of size 232-1 octet. Each record has header fields and a payload field, where header field contains five flags: MB (Message Begin): Points the first record of an NDEF message. ME (Message End): Points the last record of an NDEF message. CF (Chunk Flag): Defines the continuation of payloads from one record to its next record. SR (Short Record): Specifies the size of the payload length that is the number of octets present in the payload. IL (ID Length Present): Presence of the optional ID field and its corresponding length field. The NFC Protocol Stack is shown in Figure 9.4. 9.1.5 Security in NFC As NFC is widely used for payment-related applications, it is very important to take care of the security measures. Due to NFC’s very small distance communication range, it is very difficult for an attacker to intersect the communication medium, but it is very important to increase the security as high as possible to eliminate the chance of data theft. NFC uses hardware secure elements that provide security at its level best. Typically, the secure element comes included with the NFC active element such as Smartphone. Several libraries are also written in the software stack to combine NFC with several role players such as Trusted Service Manager (TSM), Mobile Network Operator (MNO), and POS. The communication is performed over a secure channel using symmetric or asymmetric cryptographic keys. There are several types of secure elements available. They are as follows: Universal Integrated Circuit Card (UICC): They are mandatory for GSM applications and necessary about the network. They are coded on Java and Global Platform that allow 3rd party developer to run their applications using UICC. The main host controller uses Single Wire Protocol (SWP) to communicate with UICC. Embedded Secure Element (eSE): This type of secure element is separate hardware that is embedded in the mobile handset by the manufacturer. These will verify the legitimacy of all NFC-based Transfer. Once embedded in the hardware, they can only be removed by the manufacturers. MicroSD: Several 3rd parties other than the smartphone manufacturers, and Mobile Network operators, use the MIcroSD as an alternative to UICC and eSE. Trusted Execution Environment (TEE): It is a part of main processor core that can be used to store and process sensitive information.

K30327_C009.indd 206

06/12/17 10:46:36 AM

K30327_C009.indd 207

FIGURE 9.4 NDEF stack.

ISO 14443 A-2/ISO 18092

ISO 14443 A-3/ISO 18092

16RF

SLE66CL

ISO 14443 A-4

ISO 14443 B-1

ISO 14443 B-2

ISO 14443 B-3

ISO 14443 B-4

ISO/IEC 7816-4 (APDUs)

MIFARE DESfire

Type 4 tag

NFC forum NDEF messages

MIFARE ultralight protocol

MIFARE ultralight

Type 2 tag

Physical characteristics

MIFARE protocol

MIFARE STD 1K/4K

NFC forum formatted tag

ISO 14443 A-2/ISO 18092

No anti collision

Topaz protocol

Topaz

Type 1 tag

RF

Initialization anti collision product activation

Protocol

Applicative protocol

Product example

Tag types

Application layer

Felica/JIS X 6319-4 and ISO 18092

Felica

Type 3 tag

ISO 18092

LLCP (peer to peer)

NFC device

NFC in IoT-Based Payment Architecture 207

06/12/17 10:46:37 AM

208

The Internet of Things

9.2 Basic Overview of IoT Universe The concept of IoT-based application began from the inception of RFID technology. The primary focus of IoT development was to devise some electronics equipment that will boost the use of RFID. But soon when the need of connectivity among several peripherals was raised, researchers started to explore the use cases of other wireless technologies. Soon IoT became a much broader scope for research, and it continued to be bigger ever since. As given by International Telecommunication Union (2005), the main motto of IoT development is very simple: “from anytime, anyplace connectivity for anyone, we will now have connectivity for anything.” The vision is that there will be a world where things can communicate with internet and provide important feedback about their environment that will rather improve the quality of human life. For proper implementation of the motto of IoT, seamless integration between several wireless technologies is very much essential. Actualization of the IoT concept into the real world is possible through the integration of several enabling technologies. Though several technologies are integrated in the development in IoT, RFID remains the main driver technology. RFID tag is basically a microchip with an antenna used for transmitting the tag ID and receiving the reader signal. They are assigned a unique identifier. The tags are attached with different objects and using the unique identifier, different objects can be identified, and mapped into a virtual environment (Atzori et al., 2010). Another critical technology in IoT universe is Wireless Sensor Network or WSN. In Wireless Sensor Network, several sensor nodes are connected in a distributed or centralized and multihop fashion. The sensor data are shared between the different nodes that thereafter collected by the main server for data manipulation. WSN mainly contains the following elements: 1. Hardware: Comprises sensor interface, A/D Converter, transceiver, and power supply. 2. Communication stack: Designing the software stack for convenient topology, suitable routing and MAC Layer. 3. Middleware: A software infrastructure to combine the WSN hardware, communication stacks, cyber infrastructure, and application. 4. Secure data aggregation: It extends the lifetime of the network and ensures reliable data collection. The recent trend is to integrating the sensor technologies with the RFID chip. This allows much more capability of sensor nodes. This system is very much useful in medical system, in which microsensors can be fitted into patients body and get essential medical data from there. Atzori et al. (2010) compared the RFID system, WSN, and RFID Sensor Network (RSN) in their literature as shown in Table 9.1. For an IoT system to be useful, it should be scalable. Means addition or reduction of sensor hardware should not affect the performance of the system. To make the system scalable, Uniform Resource Name (URN) system is widely used in IoT system. Several replicas of resources are made by the URN that is then accessed by URL (Gubbi et  al., 2013). All the different sensor data are acquired by the central node are made addressable by URN and thereafter made accessible to the web server by URL.

K30327_C009.indd 208

06/12/17 10:46:37 AM

209

NFC in IoT-Based Payment Architecture

TABLE 9.1 Comparison between RFID system, WSN, and RFID Sensor Network (RSN) RFID WSN RSN

Processing

Sensing

No Yes Yes

No Yes Yes

Communication

Range

Power

Lifetime

Asymmetric Peer-to-Peer Asymmetric

10 m 100 m 3 m

Harvested Battery Harvested

Indefinite