1. Field of the Invention
The present invention relates to the field of short-range wireless communication network and more particularly to secure communication in a short-range or near field communication network.
2. Description of the Related Art
Conventionally, wireless communication devices, such as mobile phones, personal digital assistance (PDA), smart tags, audio/video equipment, and set-top boxes are frequently used for communication. These typical communication devices can communicate with each other through short range wireless communication. For example, a mobile phone can communicate with a set-top box using one or more short range wireless communication systems such as, short range radio (e.g., Bluetooth®), infrared light (IR) and Near Field Communication (NFC).
Near Field Communication (NFC) refers to a contactless-type short range wireless communication technology. NFC employs a frequency band of 13.56 Megahertz and transmits data at a maximum rate of 424 Kbps. The communication devices in NFC operate in close proximity, for example in the order of 10 centimeters, and consume very low power. As a result, NFC is becoming more prevalent for exchanging and sharing information and many devices are incorporating such NFC systems to become NFC compatible communication devices.
NFC compatible communication devices adheres to ISO 18092 standards. In Near Field Communication (NFC), the communication devices can communicate with each other in active mode and/or passive mode. In active mode, an NFC device, for example a first device, has its own power source and can generate a Radio Frequency (RF) field for a data frame transfer. In passive mode, the first NFC device does not have its own power source. Hence, communication is always initiated by another NFC device known as initiator device.
In NFC, the target device cannot initiate a command on its own, irrespective of whether the communication is in an active mode or passive mode. In passive mode, the initiating device (initiator) initially sends a request message for establishing communication with the first device (generally referred as a target device). This creates a RF field between the initiating device and the target device. The RF field then triggers a receiver circuit in target device. The target device then returns a response in load modulation scheme.
Generally, communication using NFC technology is inherently secure due to communication occurring between communication devices over a very short distance (e.g., in the order of 10 centimeters). However, as the communication is through a wireless medium, a security framework should be provided to insure confidentiality, data integrity and authenticity. Various standards are being developed for providing security framework for NFC communications. The security framework is supported in an NFC-SEC layer. The NFC-SEC layer provides security services to applications layer and Media Access Control (MAC) layer and, thus, provides privacy and security feature in communication devices.
Two basic services provided by the NFC-SEC layer are Secure Channel Service and Shared Secret Service. In the Secure Channel Service, a link key is used to establish a secure channel. Thereafter a link encryption key and link integrity key are derived from the link key. Hence, all data frames received from different applications use the same link key during communication.
In the Shared Secret Service, a shared secret is agreed between a plurality of devices. A key is generated and/or selected based on the shared secret. This shared secret and the key are then associated with an application residing on the plurality of communication devices. Hence, data frame transfer associated with the application is done based on the shared key. In shared secret service, each application can use a different key for transfer of data frames.
The NFC device in every data frame transmission maintains and increments a sequence number (SN) counter. The NFC-SEC layer then inserts a value of the SN in a SN field of request commands and response commands that are exchanged between communicating devices. The SN is a three (3) byte (24 bits) field in the request and response commands. An application service and/or secure channel service, used by NFC link, uses a same key in the request and response commands for a maximum limit of frames, (e.g., 224frames). The NFC device before inserting a new value in the SN field compares the counter with the maximum limit. Thereafter, the counter is cycled and reset when the SN reaches the maximum limit. The data link communication is then closed and a new set of keys are negotiated for further communication.
However, as the same key is used for a large number of data frame exchanges, there is a possibility of a successful brute force attack, wherein the communication is compromised during transmission. Also, the NFC-SEC layer causes the communication to be paused and stops the data frame exchange when the SN counter resets. Hence, this leads to an abrupt discontinuity in NFC communication. The upper layer connections may also experience a discontinuity in the link before the NFC-SEC re-instantiates a new set of keys and starts with a new initial value for SN.
Hence there exists a need to establish secure and uninterrupted communication between communication devices in NFC.