How we Implemented the Latest Security Protocol to design an NFC environment sans Vulnerability

Date: April 23, 2018

Author: RaviKiran HV & Vikas Srivastava

The unprecedented Expansion of NFC

Near Field Communication (NFC) has enabled the crucial linking and information transfer between devices over short distances and a combination of interconnection and contactless identification technology has furthered its reach. Gradually, it has gained popularity in consumer electronics market, especially after its adoption in the payment sector. Several major Banks and card issuers in payment and infrastructure management systems have already decided to move to NFC smart payment and access control. Reason is simple - it extends an enhanced user experience of ‘touch and go’ and an additional layer of security to personal and financial data.

Data Compromise - an immediate threat

Data Compromise Threat to NFC

The technology, however, has been at the receiving end w.r.t the web of security concerns -  privacy, data protection etc. - despite its backers vouching for its security and uncompromised data transfer. Coupled with the NFC deployment growth, security threats are also inflating. Threats to one’s personal and financial data have already started cropping its heads.  As a result, securing over-the-air-interface (OTA) communication is of paramount importance so as to provide security from hackers and poachers.

How do we determine a Secure OTA interface?

Secure OTA Interface

Agreed that OTA interface is the most common interface which stands exposed to the hackers. Its common knowledge that an ‘Open channel’ can be easily exploited by any novice. What is required here is a secure channel which can act as a vital security entity for securing the system and thus user data. It enables a robust and trusted communication path between the participating entities with proven confidentiality, integrity and authenticity of the messages for every communication session.


The Solution We Chose

To enable secure bidirectional communication between the participating entities we chose ‘Global Platform’ (GP). GP is a non-profit organization that develops specifications to facilitate secure and interoperable embedded application development for secure chip technology. It is a widely accepted standard for secure management of data and devices such as smart cards, secure elements, SD cards, application processors etc.

The Protocol We Implemented

GP specifications were defined considering stringent security requirements for sensitive data transfer and storage. They provide solutions to these concerns via its Secure Channel Protocol (SCP03). These specifications are the core of any secure, interoperable embedded applications on secure chips. And, we decided to analyse its efficacy by implementing it on a device that falls under a unique category of desktop PC designed to protect sensitive data. The results were extremely encouraging and our experiment achieved the desired result.

To read and explore about our experiment, download our Whitepaper now.

By submitting this form, you authorize PathPartner to contact you with further information about our relevant content, products and services. You may unsubscribe any time. We are committed to your privacy. For more details, refer our Privacy Policy

Notify of
Inline Feedbacks
View all comments
Back to Top