As NFC enters the mass market, so too should NFC security

NFC logoAll the stars are in line, and tech industry experts now expect an explosion in the close-range wireless communications technology known generally as Near Field Communicaitons (NFC.) But is it as secure a method of sharing as it could be? According to one company the answer is yes, but cost has been a prohibitive factor up to now.

This week, market research firm iSuppli predicted that the market for NFC chips will grow by a factor of four over the next three years, and NFC chipmaker NXP Semiconductor recently made a prediction that 50 million NFC-enabled consumer devices will enter the market in 2011 alone.

This rapid expansion will be thanks in no small part to the support NFC has received from Google, who incorporated the technology into Android 2.3, and from three of the four major wireless carriers who formed a new joint venture called Isis which focuses on using NFC for mobile banking and "wallet phones."

"Nokia has been carrying NFC phones for the last three years, but now that Google has brought out the Nexus S at a time when smartphones are more popular than they've ever been, you're going to really start seeing these types of solutions in the average consumers' hands," said Vivek Khandelwal, VP of Marketing and Business Development for NFC security company Verayo.

Historically, however, the simple passive RFID components in NFC systems have proven very easy to skim, clone and spoof. This extends even into the chips used in modern US passports which contain an access key to the passport owner's identification. These cards provide very little in the way of security, and a whole industry around RFID shields has sprung up around it. Between July 2008 and March 2010, the State Department has issued more than 2.7 million Passport cards equipped with simple EPC RFID tags.

The problem is that large-scale deployments of RFID tags and readers can get costly, and applying additional layers of encryption can add to the cost.

"Customers have become aware that the most basic RFIDs are susceptible to compromise," Khandelwal said. "They are looking for something more secure than passive RFID, and more affordable than MCU-based smart cards with high-end cryptography."

This middleground is where Verayo wants to step in. The silicon valley company is led and funded by former Sun Microsystems execs, a company which was itself no stranger to RFID technology, and its core offering is an affordable method of authenticating RFID tags using "silicon biometrics."

Verayo's CTO is Dr. Srini Devadas, the Associate head of Electrical Engineering and Computer Science at MIT, and inventor of a technology known as PUF, or "Physical Unclonable Functions," which received its most recent patent (#7,839,278) just one month ago. It is this technology that acts as the cornerstone for Verayo's security offerings.

At a deep enough atomic level, every silicon chip is different, and Verayo's technology isolates these minute variations and uses them to generate a unique "fingerprint" for each chip or RFID tag. These variations simply cannot be cloned by traditional RFID cloning methods, and no personal information can be skimmed from the chip because all that is available is a random key that is useless without the "fingerprint" to authenticate it.

Devadas described it to the International Association for Cryptological Research in the following way:

"The PUF-enabled RFID uses a simple challenge-response protocol for authentication that shifts complexity to the reader or server, and therefore only requires a small number of transistors on the device side. The PUF-enabled processor generates its public/private key pair on power-up so its private key is never left exposed in (on-chip or off-chip) non-volatile storage."

The only hardware that must be endowed with Verayo's PUF system are the ISO 14443-A (13.56MHz) passive chips, and the rest of the identification is taken care of with software on either an NFC reader terminal or smartphone which communicate with the PUF authentication server.

So as NFC enters the mass market, Verayo is looking to supply the security that the mass market can afford to deploy.

"We're telling the world, if you are planning to spend five cents on a plain vanilla RFID, you can get a solution for 5.5 cents that is safe and verified," Khandelwal said.

Source: Betanews

Tags: mobile phones, NFC

Comments
Add comment

Your name:
Sign in with:
or
Your comment:


Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party


Last news

 
Consumer group recommends iPhone 8 over anniversary model
 
LTE connections wherever you go and instant waking should come to regular PCs, too
 
That fiction is slowly becoming a reality
 
The Snapdragon 845 octa-core SoC includes the Snapdragon X20 LTE modem
 
Human moderators can help make YouTube a safer place for everyone
 
Google says Progressive Web Apps are the future of app-like webpages
 
All 2018 models to sport the 'notch'
 
The biggest exchange in South Korea, where the BTC/KRW pair is at $14,700 now
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 /
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
 
 

News Archive

 
 
SuMoTuWeThFrSa
     12
3456789
10111213141516
17181920212223
24252627282930
31      




Poll

Do you use microSD card with your phone?
or leave your own version in comments (4)