1 / 34

EnGarde : Protecting the mobile phone from malicious NFC interactions

EnGarde : Protecting the mobile phone from malicious NFC interactions. Ivan Chiou. Authors . J. Gummeson University of Massachusetts Amherst fgummeson@cs.umass.edu PhD Candidate B. Priyantha Microsoft Research bodhip@microsoft.com

dacey
Download Presentation

EnGarde : Protecting the mobile phone from malicious NFC interactions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EnGarde: Protecting the mobile phone from malicious NFCinteractions Ivan Chiou

  2. Authors • J. Gummeson • University of Massachusetts Amherst • fgummeson@cs.umass.edu • PhD Candidate • B. Priyantha • Microsoft Research • bodhip@microsoft.com • RESEARCHER, Sensing and Energy Research Group (SERG). • D. Ganesan • University of Massachusetts Amherst • dganesan@cs.umass.edu • Associate Professor • D. Thrasher • University of Massachusetts Amherst • thrasher@cs.umass.edu • Undergraduate Research at University of Massachusetts Amherst • P. Zhang • University of Massachusetts Amherst • pyzhangg@cs.umass.edu • Ph.D. Student

  3. INTRODUCTION • Near Field Communication (NFC) • Application • Payment industry • Security issues • NFC tag open application without requiring user assent • Technical issues • complex and intertwined web of control for payment mechanism • Nowadays security concerns • Malicious rootkit can keep the NFC interface turned on when the screen is locked • Once the pin-code is cracked, a rootkit can potentially bypass user input entirely • hardware is not available for phones acting as readers.

  4. What is EnGarde • Protect mobile phones from these threats. • 4 contributions • a hardware-based NFC guardian • self-contained and self-powered to the back of the phone and different dock connectors. • a range of NFC protocols • defends against a wide range of passive tag and active reader based on NFC protocols • interacting with a malicious tag • interacting with a malicious reader • interacting with a malicious phone • extremely low power • Using power scavenged from the NFC reader so it has small effect on power leverage • intelligent jammer to specific blacklist • be programmed to trigger upon detecting specific types of messages, protocols, or transactions • Without compromising user experience

  5. What is EnGarde • Design descriptions • Requiring no active transmission in most cases to reduce power consumption • Design algorithms that maximize the energy scavenging efficiency • Design an early warning mechanism that detects presence or absence of an NFC device • prototype the complete system and hardware • five square inches demonstrating.

  6. What is EnGarde • Our results • consuming only 6.4 uW of power efficient than active jamming. • accuracy of 95% under a wide range of conditions • NFC-based power scavenging 4x more efficient than a naive harvesting approach • 100% accuracyto defend against URL attacks.

  7. DESIGN REQUIREMENTS • Protect all NFC Modes • Malicious tags • malicious device in peer-to-peer mode • An external reader reads and discovers the ID • An external reader initiates communication • after the phone's ID is discovered. • Resilient to malware • EnGarde should be a physically separate piece of hardware that does not need to communicate with the phone.

  8. DESIGN REQUIREMENTS • No impact on usability • should be small enough that it can be a patch stuck on a phone • should not diminish user experience for NFC transactions • No impact for legitimate NFC device communication • Programmable Rules • should be programmable • block only those interactions that are known to be vulnerable • allowing other messages to get through to the phone • Fail Safe • Jams NFC interactions when the MCU does not have sufficient power.

  9. AN OVERVIEW OF NFC • NFC Communication Layer • High Frequency (HF) RFID • Tag • unique ID • some data which is optionally writable by a reader. • Passive electronic device • Reader • magnetic field. 13.56MHz • the reader uses the tag ID to uniquely address the tag for reading and writing tag data. • The communication is always reader initiated. • the reader coil induces a voltage on the tag coil. • the communication range can go up to 1 meter

  10. NFC Communication Layer • Reader to tag communication: • communication uses Amplitude Modulation (AM) 13.56MHz • Tag to reader communication: • generate a 847.5kHz sub carrier

  11. NFC Device-Level Interactions(1/2) • NFC Device-Level Interactions • NFC has more capabilities than RFID • Communication modes: • Phone as a reader: • behaves as an RFID reader • used to scan QR-code like tags that contain a short piece of information such as phone numbers and URLs. • Phone as an emulated tag: • behaves likean RFID tag • canbe active even when the phone has no power. • used for mobile payments in transit card-like applications. • Phone as a peer: • supports the highest rate of communication • share small les between mobile phones

  12. NFC Device-Level Interactions(2/2) • NFC Data Exchange Format (NDEF) standard • Providesa common language • Platform support • across all these platforms and OSs

  13. IDENTIFYING NFC PROTOCOLS(1/2) • Supports programmable blacklisting rules • decide which ones to block and which ones to allow. • Search through all possible protocols to determine which one is being used. • Result in considerable energy overhead. • The high rate of carrier sampling • Substantial processing overhead of performing the search

  14. IDENTIFYING NFC PROTOCOLS(2/2) • How to identify the protocol • Leverage reader-to-tag message portion. • ASK modulated carrier signal • examine the first pulse of the amplitude modulated carrier at the start of an NFC message • Low-power protocol detector. • uses a small sampling coil to sample the RF signal • The power consumption of the analog portion of the circuit is only 34 uW • After protocol identified, using off-the-shelf NFC reader chip for decoding the data.

  15. JAMMING NFC COMMUNICATION(1/3) • Active jamming techniques • requires several 100 mWs of power • much higher than what we can afford on EnGarde • Cheaper jamming mechanism on energy • Two phase • reader communication • tag response

  16. JAMMING NFC COMMUNICATION(2/3) • Jamming Primitives • reflective jamming • Tag • NFC protocols use a common 847.5kHz subcarrier • only consumes 6.4 W of power. • pulse jamming • Reader • ASK-based carrier pulse only needs to be • shorter than the duration of the shortest valid NFC message. • one drawback • it is possible that a high-powered NFC reader generates a strong enough signal that our attempts at corrupting the signal does not result in a sufficiently high signal-strength difference, and is therefore unsuccessful. • block a large fraction of reader transmissions, because EnGarde would be much closer to the phone than an external NFC device

  17. JAMMING NFC COMMUNICATION(3/3) • Jamming During NFC Communication • Tag Reader Mode: • Use subcarrier-based jamming to disrupt the data exchange with the tag. • Tag Emulation Mode: • use the subcarrier-based jamming to prevent leakage of sensitive information from the phone. • Peer-to-Peer Mode: • transmit a jamming pulse signal to block malicious interactions in this instance.

  18. ENERGY SCAVENGING • Energy scavenging is to allows the device to operate perpetually despite having a small energy buffer. • Ability to jam communications while at the same time scavenging energy from the source. • How much power can be harvested? • Measure • using a Monsoon power meter on • a Samsung Galaxy Nexus phone • running Android 4.1 (Jelly Bean) • NFC tag is in front of the phone vsNFC is turned off. • Result • EnGardehas only a small impact on the phone's battery.

  19. ENERGY SCAVENGING MECHANISM(1/3) • Three Scavenging alternatives mechanisms • Opportunistic • The phone sends out “discovery messages” periodically (10% duty-cycle) to check for the presence of nearby devices. • increases only by 14.1 mW for transmitting discovery messages • transfer efficiency of 17.3%, which is almost double of the transfer efficiency when the phone is in full NFC active mode. • only gets 10% of the power that it would have received were the phone's carrier continually active.

  20. ENERGY SCAVENGING MECHANISM(2/3) • Tag-Spoofing • trick the dedicated NFC chip into delivering more power without interrupting the Android OS • modulating the harvesting coil via a resistor using a short pulse that is 10 us in length. • Result: active for 33.3% of the time, • 41mW overhead on the phone (i.e. 27mW more than for discovery messages • transfer efficiency is high at about 19%,

  21. ENERGY SCAVENGING MECHANISM(3/3) • Subcarrier • Closes the gap between tag-spoofing and full-NFC • a transfer efficiency of 12.49% • 50% better in efficiency

  22. Demand Harvesting Algorithm(1/2) • Demand-based harvesting algorithm two steps: • use a simple EWMA filter over the history of unlock durations • estimated unlock duration to determine the fraction of time to use each harvesting mode needs to be used. • using opportunistic and needs to decide how to use a combination of the other two harvesting modes

  23. Demand Harvesting Algorithm(2/2) • We formally dene the parameters described in the model as:

  24. NFC DEVICE DETECTION • EnGarde detect the presence or absence of an NFC device • Two way • avoid disrupting legitimate interactions between the phone and an NFC device • stop jamming when it detects that the offending device • switches from discovery mode to active mode (or software tag emulation mode) • EnGardetwo key contributions • a reliable and fast NFC device detector • a dual-coil hardware design that includes a harvesting coil and a call sampling coil

  25. NFC DEVICE DETECTIONMutual Coupling-based NFC Detection • detect this change in voltage at the output of the rectifier, and use it as an indicator of the presence of another NFC device. • drawback • nearby metallic materials that might couple to have the same effecton voltage. • detection accuracy of 95%

  26. Dual-coil Design • using a small call sampling coil for communication. • use a harvesting coil solely for harvesting and jamming purposes. • The call sampling coil is small enough not to impact communication between the tag and external device while still retaining the ability to decode messages.

  27. ENGARDE IMPLEMENTATION • prototype version of EnGarde • current hardware implements all the design elements, except for the pulse jamming. • Hardware subcomponents • Small call sensing coil • tuned coil and a capacitor arranged in parallel • fails safe • energy scavenging module • MAX17710 Battery manage on-board Thinergy MEC201 1 mAHthinfilm battery • MSP430F2274 16-bit low power micro-controller

  28. ENGARDE IMPLEMENTATION • State Machine

  29. EXPERIMENTAL EVALUATION Scavenging performance • Trace-driven simulation • 35 users • a year • contain the screen unlock data • Three harvesting strategy • Two metrics • the average battery level across the users • the total energy overhead on the phone to provide this energy.

  30. Jamming Effectiveness • trace-driven simulation

  31. Targeted blocking of malicious interactions • Jamming malicious tags • Jamming malicious readers • EnGardev.s. RFID Guardian

  32. RELATED WORK • The RFID Guardian have more cost in form factor and power consumption • The Proxmark RFID tool’s drawbacks are its size and power consumption • Audio interface, much like our NFC energy scavenger, are more different by phones • implanted medical devices (IMD) Shield use noninvasive jamming and a power-hungry software radio • EnGarde serves as a hardware firewall that can augment software protection mechanisms

  33. CONCLUSION • EnGarde Benefits • Entirely passive • small enough to integrated within a phones case • widely deployable for market-ready • log any NFC interaction that it decodes • The future work:analysis of NFC interactions

  34. Backup Ivan Chiou

More Related