NFC or Near Field Communication is a technology where small amounts of data can be transferred from one NFC-enabled device to another. In many ways, NFC is similar to RFID (Radio Frequency Identification) which has been in use for many years in the retail industries and package tracking as well as being used to track lost or stolen pets. NFC provides extremely low data transfer rates. Transmission of significant amounts of data should be done using other means if possible.
The real difference between NFC and RFID is that in most NFC cases, both devices are powered which provides the ability to transfer data in both directions. In the case of RFID, tagged items, like clothing or books, only emit their data stream when passed through a magnetic field, like those found at the exit of many retail stores. In the retail case, unless the specific RFID tag is cleared by the cashier, alarms will sound as you pass the RFID tag through the magnetic field. Another significant difference is that NFC devices must come within extremely close proximity to operate (touching or within several inches). RFID, on the other hand, can be read from much larger distances. Being able to read RFID from further away has raised privacy concerns. NFC-enabled devices can read RFID tags.
Many companies are embedding NFC technology in their devices. Generally, any portable electronic device would make a good candidate since NFC requires a power source. Many smart phones, tablets and laptop computers are already being produced that take advantage of NFC. Some companies like Yubico, are producing authentication devices, like the Yubikey NEO, with NFC built right in. Hak5 had a story about this device in episode 1103. The logo on the right will be found on NFC certified devices.
So why would I consider getting a device with NFC capabilities? Here is a short list of possible uses, some of which are already in place today.
- Point of Sale purchases, like your coffee at Starbuck’s (already in operation in some areas) and Google Wallet.
- Part of a multi-factor authentication system like described above with Yubikey NEO.
- Passing small bursts of information from one device to another like calendar entries, business cards, phone numbers or maps.
- Healthcare and tracking of medical information.
- Coupons and other customer loyalty programs.
The current standard for NFC doesn’t contain any real specifications for security. It is up to the implementor to secure the data transmission with encryption or other techniques. This lack of security may lead to eavesdropping on your transactions or, worse yet, modification of your transmitted or received data. This would require special antennas and additional hardware and would still only be possible from several feet away.
Another possible drawback of NFC is that if the device is your only authentication method and it is lost or stolen, you have lost the keys to your kingdom. Anyone who possesses your device can access or use your data. It is strongly encouraged that NFC be one part of a multi-factor authentication system. Adding a PIN or a password would significantly increase the security of the system.
Another common method of increasing the security of NFC is to define a timeout period for the transaction to occur. This would prevent others who follow behind you from intercepting your NFC session and accessing or using your digital rights or resources.
Additional information about NFC can be found at http://www.nfc-forum.org.