Secure data transmission between an NFC tag and an NFC enabled smartphone

Master's Thesis, 2015

37 Pages


Table of Contents


Chapter 1 Introduction

Chapter 2
2.1 Near Field Communication
2.1.1 Tag Reader/Writer Mode
2.1.2 Peer to Peer Mode
2.1.3 Card Emulation Mode
2.2 NFC tags
2.2.1 Tag types
2.3 NFC Data Exchange Format (NDEF)
2.4 Reading NDEF data from an NFC tag
2.5 Cryptography
2.5.1 Symmetric Key Cryptography
2.5.2 Public Key Cryptography
2.6 Artificial Neural Network (ANN)
2.7 Category Classifier

Chapter 3
NFC Security Threats
3.1 Exposure to Adult/Objectionable content
3.2 Phishing
3.3 Automated malware download and malicious web pages
3.4 Eavesdropping
3.5 Data Corruption
3.6 Data Modification

Chapter 4
4.1 Exposure to Adult/Objectionable content
4.2 Phishing
4.3 Automated malware downloads and malicious websites

Chapter 5
Proposed Security Model
5.1 Components
5.2 User Sign-Up
5.3 Working
5.3.1 Personalised Security List
5.3.2 Data Uploading
5.3.3 Data Retrieval
5.4 Anonymity

Chapter 6
Conclusion and Future Work
6.1 Conclusion
6.2 Future work



NFC technology is considered extremely secure for communication and the number of phone that can support NFC is also at a rise. The technology is gaining worldwide recognition and as it is easy to implement and since it is really economical a numerous applications are using it. Most of NFC applications involves usage of tags, which can easily be duplicated or can be replaced by a fake one easily. Therefore, though the technology is so useful and secure, this weakness makes it vulnerable to certain attacks.

NFC has numerous application but in this thesis, I will be discussing various security threats related to NFC applications involving NFC tag and an NFC enabled smartphone For example smart posters. This thesis will evaluate various security threats like phishing, exposure to adult content etc., what they are and how an attacker can carry out these attacks. Thesis will also discuss about what an artificial neural network (ANN) is and how can it be used to eliminate these threats. The thesis also proposes a security model that will use ANN, to provide security against threats and will also provide user confidentiality, anonymity and privacy, and a category classifier to increase the overall efficiency of the model and to decrease the memory usage, and will also provide user an added feature of personalizing his security according to his requirements.

Chapter 1 Introduction

The primary goal of this thesis is to provide appropriate security checks to the data scanned, by a

smartphone, from an NFC tag. As we know, the biggest advantage of using NFC instead of using any other technology for data transmission is that the data transmission rate is extremely quick, thus counter-measures should be implemented in such a manner that it should not affect the transmission rate i.e. transmission rate shouldn’t be decreased.

Apart from basic security the proposed model in the thesis will provide user anonymity, confidentiality and privacy. The structure of the report is as follow Chapter 2 provides a basic idea about NFC technology. In this chapter the reader will study about how the NFC works and how the data is transmitted between two NFC devices. This chapter will also discuss about cryptography, artificial neural network and category classifier. Chapter 3 will discuss about the various attacks that can possess security threats to NFC technology. In this chapter I have also discussed the effect of these attacks on user’s privacy and have also put some light on how an attacker can implement these attacks. Chapter 4 discusses about various counter-measures that can be implemented In order to protect user from getting exposed to these attacks. It will also discuss about few useful approaches or methodologies that has been implemented in past to provide security and will examine how effectively these methodologies can train an artificial neural network (ANN).

Chapter 5 will reveal the proposed security model and will disclose the construction and working of this model. Each step of the model is discussed in detail i.e. how it works, its main components, how it not only helps in achieving the primary goal of the thesis but also provide other security feature and user added feature of personalising his security according to his requirements.

Chapter 6 concludes the thesis and also discuss the any future work possible.

Chapter 2 Background

In this section I will show what NFC technology is, how it operates in three different modes and its various applications. I will also discuss about NFC tags like what are the different types of NFC tags, how they communicate with NFC enabled devices and how much data they can store. As my project is about how an NFC tag embedded in a smart poster can be exploited, we will also discuss how the data after being scanned from the tag is processed by the smartphone.

2.1 Near Field Communication

(Faulkner, 2015) Suggests that NFC is a unique contactless communication technology which allows two devices placed in close proximity (distance between two devices shouldn’t be more than 10 cm) to connect and transfer data quickly, without using internet. In any NFC communication there are two devices, one is known as active device, also known as reader, and the other one is known as passive device. Sometimes the communication can also take place between two active devices, example communication between two NFC enabled smartphone. According to (, n.d.), the passive device usually stores the information that is read by the active devices over a radio frequency band of 13.56 MHz NFC tags embedded in a smart poster can be treated as an example of a passive tag.

NFC devices operate in three modes -

-Tag Reader/Writer
-Peer to Peer
-Card Emulation

2.1.1 Tag Reader/Writer Mode

In this mode of operation the communication takes place between an active device and a passive device. For example, reading an NFC tag embedded in a smart poster using a smart phone. Here, NFC tag is the passive device and smartphone will act as an active device. NFC tag embedded in the poster can contain any information depending upon for what purpose that poster is used. The NFC tag can contain information about any special offers that company is providing or information about a new product that the company will be launching in near future or can just have the company’s URL, which will take the customer directly to the company’s website. The NFC tag is a passive device because it can only store data and is not capable of reading any other NFC tag, whereas NFC enabled smart phone can read and even write data on any NFC tag thus it act as an active device or can also be called a reader (Forum, n.d.).

2.1.2 Peer to Peer Mode

In this mode of operation, the communication takes place between two active devices, or in other words between two NFC enabled devices. Example of this type of communication can be sharing contact details between two NFC enabled smart phones, or to exchange photos or any other data. This is done by just tapping or bring two NFC enabled smart phones in close proximity (Forum, n.d.). Also according to (Forum, n.d.) “Peer-to-peer mode is standardized on the ISO/IEC 18092 standard and based on NFC Forum’s Logical Link Control Protocol Specification.”

2.1.3 Card Emulation Mode

This mode is mainly used for financial transaction i.e. a user can use this mode to pay for purchased good or for buying ticket. The NFC enabled device used in this mode is known as or act like a smart card. Examples of NFC enabled devices acting as a smart card are credit card, smart phones etc. In this mode the communication take place between an NFC enabled device and a remote card reader. The biggest advantage of using this mode is that even if a normal credit card is converted into an NFC enable device i.e. into a smart card, by embedding an NFC chip in the card, it will still work as normal. And by just embedding an NFC chip in the card reader, used to read the conventional contactless cards, we can use it to read our smart card, thus not forcing us to change the existing infrastructure (Forum, n.d.).

2.2 NFC tags

NFC tags comes under the category of passive tags i.e. they are not capable of reading or writing data on any other tag. They can be used for various purposes like they can be embedded in a smart poster or can be embedded on a wristband or can be embedded in a visiting card or in any application where we don’t need to transfer or store big data. They can be read or written by an active NFC enabled devices like smartphones. URLs are the most preferred form of data to be stored on an NFC tag as they take very less space and can contain a lot of information. For example, by storing a URL on an NFC tag embedded into a smart poster, a company can redirect the customers to their website, where they have displayed latest offers rather than storing all the offers on the tag itself (Poole, n.d.).

Taking in the consideration the format and the capacity of a tag, NFC tags are divided into 4 different types. According to (Poole, n.d.) “These NFC tag type formats are based on ISO 14443 Types A and B which is the international standard for contact-less smartcards) and Sony FeliCa which conforms to ISO 18092, the passive communication mode, standard).”

2.2.1 Tag types

Different types of NFC tags are -

-Tag Type 1 - Based on ISO14443A type 1 tags are the most cost effective tags. Since, only 96 bytes of memory is available, upgradable up to 2kbyte, to store data they are suitable for applications which doesn’t need a lot of memory space like storing URL of a website. These tags can be re written and they communicate at a speed of 106 Kbit/s. Though they are capable of re-writing data but a user, if he wants, can deprive the tag with this capability and can make it a read-only tag. For example, a company can use this property of type 1 tag in their smart poster. After writing the company’s URL on the tag they can configure the tag in such a manner that it can’t be re-written. Now anyone can read the tag but no one can write anything on the tag, thus protecting the data from getting modified (Poole, n.d.).
-Tag Type 2 - Type 2 is almost similar to type 1 i.e. they are based on ISO14443A standard and are rewritable (Poole, n.d.). As in type 1, type 2 tag also provide user with an option of making the tag read-only. Type 2 tag provide data collision protection and communicate at a speed similar to that of type 1 i.e. 106 Kbit/s. The only difference between type 1 and type 2 is that type 1 have 96 bytes of memory to store data whereas type 2 just have 48 bytes of memory which can be upgraded to 2 Kbyte. Type 2 tags can also be used for storing URLs but user tends to prefer type 1 tag over type 2 as the later provides less default memory space (, n.d.).
-Tag Type 3 - Sometimes called as FeliCa, type 3 are compatible with JIS X 6319-4. Unlike type 1 and type 2, once a type 3 is configured as read and re-writable or as read-only a user cannot re-configure it. They communicate at a speed of 212 Kbit/s or 424 Kbit/s and have variable memory limit up to 1 Mbyte (Cassidy, 2007).
-Tag Type 4 - Based on ISO14443A and B standards they communicate at a speed up to 424 Kbit/s. They can store data up to 32 Kbytes and are either, read and re-writable or read only (Cassidy, 2007).

2.3 NFC Data Exchange Format (NDEF)

To exchange data structures through NFC, few formats and rules needs to defined and this is done by NFC data exchange format i.e. NDEF (Roland & Langer, 2010). A message called NDEF message containing the NDEF record and the data is transmitted through NFC (Developers, n.d.). NDEF records contain application specific data structures and type information (Roland & Langer, 2010).

illustration not visible in this excerpt


As shown in Fig.1 in an NDEF record there is a payload field and multiple header fields. (Roland & Langer, 2010) Insists that the header has following flags -

-Message Begin (MB) - It is the first record of an NDEF message. Message End (ME) - It is the last record of an NDEF message.
-Chunk Flag (CF) - It can be set to two values 1 or 0, where 1 means the current record
-contains the payload partially and the rest of the payload is in the next record.
-Short Record (SR) - It can also be set to 1 or 0 and indicates the size of the payload length (PL) field, where 1 means the PL is a 1-byte unsigned integer and 1 refers to 4-byte unsigned integer.
-ID Length Present (IL) - It can also be set to 1 or 0, where 1 means the field is present whereas 0 states its absence. Any unique identifier can be specified using this field.

According to (Roland & Langer, 2010) , “The value of the TNF field determines the format of the type information:

-0h: The record is empty. The fields Type, ID and Payload are not present and their length fields are set to zero.
-1h: The Type field contains the relative URI (Uniform Resource Identifier) of an NFC Forum well-known type according to the NFC Record Type Definition (RTD).
-2h: The Type field contains a MIME media type identifier (RFC 2046).
-3h: The Type field contains an absolute URI (RFC 3986).
-4h: The Type field contains the relative URI of an NFC Forum external type according to the RTD.
-5h: The record contains data in an unknown format. No type information is present and the length of the Type field is zero.
-6h: The record continues the payload of the preceding chunked record. No type information is present and the length of the Type field is zero.
-7h: Reserved for future use.”

The main data that is stored in the payload is processed according to the above mentioned values.

2.4 Reading NDEF data from an NFC tag

According to (Developers, n.d.),” Reading NDEF data from an NFC tag is handled with the tag dispatch system, which analyses discovered NFC tags, appropriately categorizes the data, and starts an application that is interested in the categorized data. An application that wants to handle the scanned NFC tag can declare an intent filter and request to handle the data.” It means when NDEF data, which is stored on the tag, is scanned by an NFC enabled device, the device tries to find the most appropriate application to handle the scanned data. This is done in order to make sure that a user is not asked to manually choose an application, as it might cause the connection between the tag and the device to break (Developers, n.d.). Tag dispatch system handles the NDEF data, finds an appropriate application to handle that data and on finding one passes the data to the application. For examples if the tag contains a URL, the tag dispatch system passes it to the web browser. The browser, without asking the user, runs the URL in the browser (Developers, n.d.).

One thing that attracts attention here is that the scanned data is handed to an appropriate application based on the type of the data i.e. if it’s a URL it is sent to a browser or if it’s an image it is opened in the gallery. The data dispatch system does not actually check whether the data has been modified in an unauthorised manner or in case of URL it doesn’t check whether the link is redirecting a user to a legitimate page or to a phishing page. In the later chapter’s we will see what security threats this property can cause and how badly it can effect a user.

2.5 Cryptography

Cryptography is a technique which allows individuals to share secret or important information in a more secure or secret way. For example, imagine two people, say Alice and Bob, who shared important secret have to split up. This require them to share private information from a distance. However an eavesdropper, also wants this information, and has the ability to intercept their messages. So, now Alice can communicate with Bob by locking her message in a box, using a lock that is only known to her and Bob. This locking of the message can be called as encryption. And then sending the message over to Bob. On receiving the box, Bob opens up the lock using the key they shared in advance and reads the message. This unlocking of message is known as decryption. Cryptography begins when we replace physical locks with ciphers. The cipher allows both Alice and Bob to scramble and descramble their messages so that they would appear meaningless to an eavesdropper, who tries to intercept their message.

(Kessler, 2015) Says that cryptography can provide -

-Authentication - Proving one’s identity to other.
-Privacy/confidentiality - Ensuring that no eavesdropper can read the message.
-Integrity - It means that the receiver received the exact same message that was sent by the sender i.e. it wasn’t modified. Cryptography can’t prevent modification but can identify any modification.
-Non-repudiation - It means the message was actually sent by the sender and not by an imposter.

2.5.1 Symmetric Key Cryptography

Symmetric key cryptography, also known as secret key cryptography, means performing encryption and decryption using the same key. In this type of cryptography the sender and the receiver knows each other, in any way, in advance and shares a secret. This secret key is first, used to encrypt a plain text into a cipher text. The cipher text is transmitted to the receiver, who uses the same key to decrypt the cipher text and obtains the plain text (Ayushi, 2010).

Advantages of using symmetric key cryptography are -

-It is faster as compared to public key system.
-Easy to implement and doesn’t require high processing power.
-Identity authentication is achievable.

Disadvantages of using symmetric key cryptography are -

-Key distribution is really difficult
-Brute force attack can be used to crack it (Clercq, 2006).

2.5.2 Public Key Cryptography

In public key cryptography, instead of using the same key for encryption and decryption, there are two keys one for encryption and one for decryption. It is also known as asymmetric key cryptography. In this cryptography system, both sender and receiver have two keys. One of the key is known as public key, it is known to everyone one, and the other key is known as private key, it is only known to themselves. The sender encrypts the plaintext using receiver’s public key and sends it to the receiver. Receiver on receiving the cipher text uses his private key to decrypt it and obtain the plain text. The receiver now, encrypts the reply with sender’s public key and sends it over. The sender decrypts it using his private key and obtains the plain text (Ayushi, 2010). Even if the attacker knows the cipher text and the public key of the sender or the receiver, it is still almost impossible to obtain the private key of the sender or the receiver.

Advantage of public key cryptography are-

-Key distribution is easy.
-They are securer than symmetric key cryptography as data can only be decrypted if the attacker has the public key, which is almost impossible to obtain.

Disadvantages of public key cryptography -

-Slower as compared to symmetric key cryptography.
-Requires high computational power and are more complex (Dunning, n.d.).

2.6 Artificial Neural Network (ANN)

The problems we face in digital world are often complex and it takes considerable amount of time and hardware to solve these problems. One competent way to solve and understand such complex problems can be by breaking them into simpler elements (Gershenson, n.d.) And logically connecting them to each other. This logical connections can also be known as a network.

One type of such network is artificial neural network. (Gurney, 2004) Insists that “A neural network is an interconnected assembly of simple processing elements, units or nodes, whose functionality is loosely based on the animal neuron. The processing ability of the network is stored in the inter unit connection strengths, or weights, obtained by a process of adaptation to, or learning from, a set of training patterns.”

illustration not visible in this excerpt

Fig.2 Basic Neural Network

When an input is given, it is exchanged between different neuron through these interconnections. Each connection has some mathematical weight and based on the experience these weights are adjusted accordingly. Thus allowing the network to adjust according the input and making it capable of learning. “This process of adjusting the weights is called learning or training” (Gershenson, n.d.) .

There are two ways in which they can be trained, namely-

-Unsupervised Training or Self-Organising ANN - In this type of training data is collected in abundance and is given as an input to the ANN. ANN tries to “discover patterns and relationships in that data” (Kay, 2001). This type of training is advantageous when we wants to analyse data outputted by an experiment (Kay, 2001).
-Supervised Training - As the name suggest this type of training is supervised by a trainee or a teacher. Teacher serves the network with certain input values, whose output values are known to him. The network processes the input and outputs a value and that value is cross checked with expected output. On receiving the correct output, the teacher re-uses the neural weights that were responsible in producing that output. On the other hand, on receiving a negative or incorrect output, the weights are discarded (Kay, 2001). This type of training helps to minimise the chances of outputting a wrong or incorrect value.

Once the training is completed, an ANN can be used for problem-solving applications, security purposes detecting anomalies or any specific pattern of data, character recognition etc. ANN can be implemented on a single computer but the processing will be slower as compared to other algorithmic solutions. But this problem can be resolved, if the ANN is implemented on a parallel platform i.e. rather than using a single processor, multiple processors are used in its construction.


Excerpt out of 37 pages


Secure data transmission between an NFC tag and an NFC enabled smartphone
Royal Holloway, University of London
Msc Information Security
Catalog Number
ISBN (eBook)
ISBN (Book)
File size
718 KB
This text was written by a non-native English speaker. Please excuse any errors or inconsistencies.
NFC, Smart cards, Information Security, Cryptography
Quote paper
Siddharth Sharma (Author), 2015, Secure data transmission between an NFC tag and an NFC enabled smartphone, Munich, GRIN Verlag,


  • No comments yet.
Read the ebook
Title: Secure data transmission between an NFC tag and an NFC enabled smartphone

Upload papers

Your term paper / thesis:

- Publication as eBook and book
- High royalties for the sales
- Completely free - with ISBN
- It only takes five minutes
- Every paper finds readers

Publish now - it's free