How we Implemented the Latest Security Protocol to design an NFC environment sans Vulnerability

Date: April 23, 2018

The unprecedented Expansion of NFC


Near Field Communication (NFC) has enabled the crucial linking and information transfer between devices over short distances and a combination of interconnection and contactless identification technology has furthered its reach. Gradually, it has gained popularity in consumer electronics market, especially after its adoption in the payment sector. Several major Banks and card issuers in payment and infrastructure management systems have already decided to move to NFC smart payment and access control. Reason is simple - it extends an enhanced user experience of ‘touch and go’ and an additional layer of security to personal and financial data.


Data Compromise - an immediate threat


Data Compromise Threat to NFC

The technology, however, has been at the receiving end w.r.t the web of security concerns -  privacy, data protection etc. - despite its backers vouching for its security and uncompromised data transfer. Coupled with the NFC deployment growth, security threats are also inflating. Threats to one’s personal and financial data have already started cropping its heads.  As a result, securing over-the-air-interface (OTA) communication is of paramount importance so as to provide security from hackers and poachers.

How do we determine a Secure OTA interface?


Secure OTA Interface


Agreed that OTA interface is the most common interface which stands exposed to the hackers. Its common knowledge that an ‘Open channel’ can be easily exploited by any novice. What is required here is a secure channel which can act as a vital security entity for securing the system and thus user data. It enables a robust and trusted communication path between the participating entities with proven confidentiality, integrity and authenticity of the messages for every communication session.

 

The Solution We Chose


To enable secure bidirectional communication between the participating entities we chose ‘Global Platform’ (GP). GP is a non-profit organization that develops specifications to facilitate secure and interoperable embedded application development for secure chip technology. It is a widely accepted standard for secure management of data and devices such as smart cards, secure elements, SD cards, application processors etc.


The Protocol We Implemented


GP specifications were defined considering stringent security requirements for sensitive data transfer and storage. They provide solutions to these concerns via its Secure Channel Protocol (SCP03). These specifications are the core of any secure, interoperable embedded applications on secure chips. And, we decided to analyse its efficacy by implementing it on a device that falls under a unique category of desktop PC designed to protect sensitive data. The results were extremely encouraging and our experiment achieved the desired result.

To read and explore about our experiment, download our Whitepaper now.

You might also like these blogs

post
Challenges faced by Facial Recognition System

The Facial Recognition System has come a long way. Its…

Read More
post
Product Engineering Services

As part of our product engineering services we take care…

Read More
post
Automotive & Industrial vision

PathPartner is taking huge strides in the Automotive and Industrial…

Read More