Evaluation of the security capabilities on NFC-powered devices

Conference: RFID Systech 2010 - European Workshop on Smart Objects: Systems, Technologies and Applications
06/15/2010 - 06/16/2010 at Ciudad, Spain

Proceedings: RFID Systech 2010

Pages: 9Language: englishTyp: PDF

Personal VDE Members are entitled to a 10% discount on this title

Authors:
Jara, Antonio J.; Alcolea, Alberto F.; Zamora, Miguel A.; Skarmeta, Antonio F. G. (Department of Information and Communications Engineering, Computer Science Faculty, University of Murcia, Murcia, Spain)

Abstract:
New generation of cellular devices and services are being defined with Near Field Communications (NFC) technology. Cellular phones are being considered to be used as credit card, ID card etc., where our private matters, information, identification and money are being managed. These new services must be reliable in order to protect our privacy. The problem is that NFC is based on RFID, where security was not considered. RFID was defined as a solution limited to identification. The problem arises because the applications of RFID are being extended with NFC to solutions where security needs to be considered, e.g. payment and identification. For this reason, this paper evaluates the security capabilities of NFC-powered devices: Smart phones (Google Nexus One), Personal Computer (PC) and Personal Digital Assistant (Acer N30). Specifically, we are evaluating the capabilities of these devices to carry out asymmetric ciphered based on public key encryption algorithm (RSA). The data overload and latency have been evaluated for different platforms and for different key and information lengths. From that analysis was found some throughput problems to carry out asymmetric ciphered in constrained devices such as Pocket PC. For that reason, this paper concludes, proposing a hybrid security scheme to combine security based on asymmetric key encryption algorithm, such as RSA, to exchange a shared key and symmetric encryption algorithm, such as Advanced Encryption Standard (AES), to exchange the data.