Feeds

SQUEEEEE! Microsoft goes retro with pay-by-squawk NFC tech

Slow acoustic data transfer could work with any mobe

Secure remote control for conventional and virtual desktops

Researchers at Microsoft Research India have proposed a new form of near-field communication (NFC) for mobile phones, one that even works on devices that lack any kind of specialized NFC hardware.

The technique is a modern throwback to the earliest days of computer communications, and a big clue to how it works can be found in the name the boffins gave it: Dhwani, a Hindi word that translates roughly to "sound."

"A key advantage of Dhwani over conventional NFC is that it is a purely software-based solution, that can run on legacy phones, including feature phones, so long as they have a speaker and a microphone," Microsoft researchers Rajalakshmi Nandakumar, Krishna Kant Chintalapudi, Venkata N. Padmanabhan, and Ramarathnam Venkatesan write in their joint paper.

In essence, Dhwani works like the analog modems of old, using an acoustic software-defined radio to translate data into sound, which then can be picked up and decoded by a receiver.

The researchers say their current implementation can handle data rates of up to 2.4Kbps, roughly comparable to the top speed of a Hayes Smartmodem in the late 1980s. In other words, you wouldn't want to use it to swap MP3s – an 8MB file would take about 7.5 hours – but it should be fast enough for most typical NFC transactions.

In fact, such data rates are actually quite a feat when you consider that the sender and receiver aren't even connected over a hard line, the way the old 2400bps modems were. By comparison, the really old modems that used acoustic couplers never got over 1200bps.

Photo of a vintage analog modem with an acoustic coupler

The good old days of using sound to transmit data could be here again

Because NFC is used for mobile payments, however – that's the Holy Grail, anyway, no matter what else it gets used for – the researchers had to bake in a sophisticated security model to ensure that Dhwani communications can't be snooped by a nearby eavesdropping device.

Your humble Reg hack lacks the telecom engineering background to do proper justice to the Dhwani security technique, dubbed JamSecure by its inventors. But in a nutshell, it works by having the receiving device transmit pseudorandom noise that jams the sender's transmission, preventing an eavesdropper from picking it up. The receiver then takes that noise signal, known only to it, and performs self-interference cancellation to recover the original transmission and decode the data.

To add an additional layer of protection, Dhwani packets are scrambled using AES encryption, to prevent an eavesdropper from picking up even a partial message from a signal that has been insufficiently jammed.

So is it secure? As the researchers note, these measures should be enough to render man-in-the-middle attacks on Dhwani ineffective. But it could still be vulnerable to denial-of-service attacks (blasting a bunch of white noise), or to attacks that either disable the receiver's jamming signal or boost the sender's signal so that its strength exceeds the jamming. So: not perfect, but pretty darn secure.

One point the boffins don't discuss, however, is just how much processing power might be needed to do all of the necessary calculations in real time. They did their tests using a Samsung Galaxy S2, an HTC Sapphire, and an HP Mini notebook. It's not clear whether the typical feature phone sold today – and around 85 per cent of all phones sold in India are feature phones – would be able to support Dhwani.

But phones are only half of the mobile-payments equation. For stores to accept payment-by-bonk, they must be set up to use NFC, too – and as the paper's authors point out, most aren't.

"The prevalence of NFC-enabled point-of-sale (POS) terminals is also low – under 5% today and expected to rise to only about 49% globally by 2017," the Microsoft techs write. "Even disregarding the optimism that usually colours such forecasts, it seems likely that the majority of phones and POS terminals globally will not be NFC-enabled even 3-4 years from now."

Given NFC's slow adoption rate, it seems feasible that pay-by-bonk could be replaced by pay-by-squawk in the short term, particularly in developing markets. But even in advanced markets such as the US and the UK, where NFC-enabled phones are becoming more common, NFC-based mobile payment systems have yet to catch on in a big way. The question is: will Dhwani fare any better? ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
The Fourth Amendment... and it IS better
Microsoft to enter the STRUGGLE of the HUMAN WRIST
It's not just a thumb war, it's total digit war
Tim Cook: The classic iPod HAD to DIE, and this is WHY
Apple, er, couldn’t get the parts for HDD models
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
Sporty in all but name: Peugeot 308 e-THP 110
Car of the Year? Arguably. Engine of the Year? Indubitably
Caterham Seven 160 review: The Raspberry Pi of motoring
Back to driving's basics with a joyously legal high
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
How to simplify SSL certificate management
Simple steps to take control of SSL certificates across the enterprise, and recommendations centralizing certificate management throughout their lifecycle.