As NFC enters the mass market, so too should NFC security

NFC logoAll the stars are in line, and tech industry experts now expect an explosion in the close-range wireless communications technology known generally as Near Field Communicaitons (NFC.) But is it as secure a method of sharing as it could be? According to one company the answer is yes, but cost has been a prohibitive factor up to now.

This week, market research firm iSuppli predicted that the market for NFC chips will grow by a factor of four over the next three years, and NFC chipmaker NXP Semiconductor recently made a prediction that 50 million NFC-enabled consumer devices will enter the market in 2011 alone.

This rapid expansion will be thanks in no small part to the support NFC has received from Google, who incorporated the technology into Android 2.3, and from three of the four major wireless carriers who formed a new joint venture called Isis which focuses on using NFC for mobile banking and "wallet phones."

"Nokia has been carrying NFC phones for the last three years, but now that Google has brought out the Nexus S at a time when smartphones are more popular than they've ever been, you're going to really start seeing these types of solutions in the average consumers' hands," said Vivek Khandelwal, VP of Marketing and Business Development for NFC security company Verayo.

Historically, however, the simple passive RFID components in NFC systems have proven very easy to skim, clone and spoof. This extends even into the chips used in modern US passports which contain an access key to the passport owner's identification. These cards provide very little in the way of security, and a whole industry around RFID shields has sprung up around it. Between July 2008 and March 2010, the State Department has issued more than 2.7 million Passport cards equipped with simple EPC RFID tags.

The problem is that large-scale deployments of RFID tags and readers can get costly, and applying additional layers of encryption can add to the cost.

"Customers have become aware that the most basic RFIDs are susceptible to compromise," Khandelwal said. "They are looking for something more secure than passive RFID, and more affordable than MCU-based smart cards with high-end cryptography."

This middleground is where Verayo wants to step in. The silicon valley company is led and funded by former Sun Microsystems execs, a company which was itself no stranger to RFID technology, and its core offering is an affordable method of authenticating RFID tags using "silicon biometrics."

Verayo's CTO is Dr. Srini Devadas, the Associate head of Electrical Engineering and Computer Science at MIT, and inventor of a technology known as PUF, or "Physical Unclonable Functions," which received its most recent patent (#7,839,278) just one month ago. It is this technology that acts as the cornerstone for Verayo's security offerings.

At a deep enough atomic level, every silicon chip is different, and Verayo's technology isolates these minute variations and uses them to generate a unique "fingerprint" for each chip or RFID tag. These variations simply cannot be cloned by traditional RFID cloning methods, and no personal information can be skimmed from the chip because all that is available is a random key that is useless without the "fingerprint" to authenticate it.

Devadas described it to the International Association for Cryptological Research in the following way:

"The PUF-enabled RFID uses a simple challenge-response protocol for authentication that shifts complexity to the reader or server, and therefore only requires a small number of transistors on the device side. The PUF-enabled processor generates its public/private key pair on power-up so its private key is never left exposed in (on-chip or off-chip) non-volatile storage."

The only hardware that must be endowed with Verayo's PUF system are the ISO 14443-A (13.56MHz) passive chips, and the rest of the identification is taken care of with software on either an NFC reader terminal or smartphone which communicate with the PUF authentication server.

So as NFC enters the mass market, Verayo is looking to supply the security that the mass market can afford to deploy.

"We're telling the world, if you are planning to spend five cents on a plain vanilla RFID, you can get a solution for 5.5 cents that is safe and verified," Khandelwal said.

Source: Betanews

Tags: mobile phones, NFC

Add comment

Your name:
Sign in with:
Your comment:

Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party

Last news

A mobile hotspot in Australia will be capable of hitting gigabit speeds on the go
A new game could be in the works as Blizzard appears to have been hiring for a Diablo-related project
Nokia CEO Rajeev Suri will speak at MWC 2017
However what if you could go way, way back?
The Helio P15 packs an octa-core Cortex-A53 processor clocked at 2.2GHz
Samsung claims up to 27-percent higher performance or 40-percent lower power
Preliminary data for October shows another Windows 10 boom
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
HP Slate 7 is a 7-inch Android 4 Tablet PC with good sound
A cost-effective, 7-inch tablet PC from a renowned manufacturer
October 25, 2013 / 4

News Archive



Do you use microSD card with your phone?
or leave your own version in comments