Listening to NFC at higher harmonic frequencies
DOI:
https://doi.org/10.30837/rt.2021.1.204.11Keywords:
NFC devices, RFID devices, higher operating frequency harmonics, radiation spectrum, cybersecurityAbstract
The widespread use of the NFC technology (Near Field Communication) arouses interest to various security aspects. There are known examples of information exchange with card at a distance greater than standard 5-10 cm. It is also interesting to use signals of higher harmonics, which potentially may be radiated in the form of electromagnetic waves, rather than exists as a magnetic field of scattering. In this work, the radiation of third harmonic by card of standard ISO 14443-3А with the fundamental frequency 13.56 MHZ for various excitation modes using the RFID-RC522 reader, smartphone Sony Xperia Z5 Premium, and continuous 10% amplitude modulated 13.56 MHz signal from generator with the subcarrier of imitated smart card response 847.5 kHz was investigated. The card response at third harmonic was simulated in circuit analysis software. Both simulation and experiment proved, that the third harmonic with its side frequencies 40,68 ± 0,8475 MHz have the highest level after the fundamental. To receive the third harmonic signal, the resonant loop antenna in the form of ring vibrator loaded on capacitor was used. This allows the sizes of the received system to be reduced, but the problem of complex field structure in the near-field zone remains. Due to narrow bandwidth of the receiver antenna, the registration of card response signal was complicated. The experiments with three methods of signal generation proved, that third-harmonic signal is registered at the distance more than 1.5m, which may pose a threat for contactless smart-cards transactions security. At the same time, the influence of high level of noise at such a distance may cause difficulties to decode the short-duration signals, which requires further study.
References
Чернов Д.В., Крыжановський В.Г. Усилитель класса Е в составе трансивера системы ближнеполевой коммуникации // Технічна електродинаміка. Тем. вип. Силова електроніка та енергоефективність. 2011. Ч. 1. С. 293-298.
Finkenzeller K. RFID handbook: fundamentals and applications in contactless smart cards and Identification. ; 2nd ed. John Wiley & Sons Ltd, 2003. 427 p.
Bolhuis M. Using an NFC-equipped mobile phone as a token in physical access control. Thesis… University of Twente, 2014. 129 p. http://essay.utwente.nl/65419/1/thesis_nfc_martijn_bolhuis_ final.pdf
Hancke G. P. Practical eaves dropping and skimming attacks on high-frequency RFID tokens // J. Comput. Security. Mar. 14, 2011. Vol. 19, no. 2, pp. 259–288,
Van den Broek F., Poll E., Vieira B. (2015). Securing the Information Infrastructure for EV Charging // Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 61–74.
Engelhardt M., Pfeiffer F., Finkenzeller K. and Biebl E. Extending ISO/IEC 14443 Type A Eavesdropping Range using Higher Harmonics // Smart SysTech 2013; European Conference on Smart Objects, Systems and Technologies, Erlangen/Nuremberg, Germany, 2013, pp. 1-8.
Habraken R., Dolron P., Poll E & De Ruiter J. 2015 An RFID Skimming Gate Using Higher Harmonics // S Mangard & P Schaumont (eds), Radio Frequency Identification. Security and Privacy Issues. vol. 9440, Lecture Notes in Computer Science, vol. 9440, Springer, pp. 122-137, 11th Workshop on RFID Security, New York, United States, 23/06/15.
Ilan Kirschenbaum, Avishai Wool. How to Build a Low-Cost, Extended-Range RFID Skimmer. 15th Security Symposium Security 06. Vancouver, B.C. Canada, 07/2006 https://documen.site/download/how-to-build-a-low-cost-extended_pdf.
Brown T. W. C., Diakos T. and Briffa J. A. Evaluating the eavesdropping range of varying magnetic field strengths in NFC standards // 2013 7th European Conference on Antennas and Propagation (EuCAP), Gothenburg, Sweden, 2013, pp. 3525-3528.
MFRC522 library https://github.com/miguelbalboa/rfid (ПО для МС)
Oren Y., Schirman D., Wool A. Range extension attacks on contactless smart cards // Crampton, J., Jajodia, S., Mayes, K. (eds.) Computer Security – ES-ORICS 2013, LNCS, vol. 8134, pp. 646–663. Springer (2013).
Downloads
Published
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
