Feeds

SQUEEEEE! Microsoft goes retro with pay-by-squawk NFC tech

Slow acoustic data transfer could work with any mobe

Internet Security Threat Report 2014

Researchers at Microsoft Research India have proposed a new form of near-field communication (NFC) for mobile phones, one that even works on devices that lack any kind of specialized NFC hardware.

The technique is a modern throwback to the earliest days of computer communications, and a big clue to how it works can be found in the name the boffins gave it: Dhwani, a Hindi word that translates roughly to "sound."

"A key advantage of Dhwani over conventional NFC is that it is a purely software-based solution, that can run on legacy phones, including feature phones, so long as they have a speaker and a microphone," Microsoft researchers Rajalakshmi Nandakumar, Krishna Kant Chintalapudi, Venkata N. Padmanabhan, and Ramarathnam Venkatesan write in their joint paper.

In essence, Dhwani works like the analog modems of old, using an acoustic software-defined radio to translate data into sound, which then can be picked up and decoded by a receiver.

The researchers say their current implementation can handle data rates of up to 2.4Kbps, roughly comparable to the top speed of a Hayes Smartmodem in the late 1980s. In other words, you wouldn't want to use it to swap MP3s – an 8MB file would take about 7.5 hours – but it should be fast enough for most typical NFC transactions.

In fact, such data rates are actually quite a feat when you consider that the sender and receiver aren't even connected over a hard line, the way the old 2400bps modems were. By comparison, the really old modems that used acoustic couplers never got over 1200bps.

Photo of a vintage analog modem with an acoustic coupler

The good old days of using sound to transmit data could be here again

Because NFC is used for mobile payments, however – that's the Holy Grail, anyway, no matter what else it gets used for – the researchers had to bake in a sophisticated security model to ensure that Dhwani communications can't be snooped by a nearby eavesdropping device.

Your humble Reg hack lacks the telecom engineering background to do proper justice to the Dhwani security technique, dubbed JamSecure by its inventors. But in a nutshell, it works by having the receiving device transmit pseudorandom noise that jams the sender's transmission, preventing an eavesdropper from picking it up. The receiver then takes that noise signal, known only to it, and performs self-interference cancellation to recover the original transmission and decode the data.

To add an additional layer of protection, Dhwani packets are scrambled using AES encryption, to prevent an eavesdropper from picking up even a partial message from a signal that has been insufficiently jammed.

So is it secure? As the researchers note, these measures should be enough to render man-in-the-middle attacks on Dhwani ineffective. But it could still be vulnerable to denial-of-service attacks (blasting a bunch of white noise), or to attacks that either disable the receiver's jamming signal or boost the sender's signal so that its strength exceeds the jamming. So: not perfect, but pretty darn secure.

One point the boffins don't discuss, however, is just how much processing power might be needed to do all of the necessary calculations in real time. They did their tests using a Samsung Galaxy S2, an HTC Sapphire, and an HP Mini notebook. It's not clear whether the typical feature phone sold today – and around 85 per cent of all phones sold in India are feature phones – would be able to support Dhwani.

But phones are only half of the mobile-payments equation. For stores to accept payment-by-bonk, they must be set up to use NFC, too – and as the paper's authors point out, most aren't.

"The prevalence of NFC-enabled point-of-sale (POS) terminals is also low – under 5% today and expected to rise to only about 49% globally by 2017," the Microsoft techs write. "Even disregarding the optimism that usually colours such forecasts, it seems likely that the majority of phones and POS terminals globally will not be NFC-enabled even 3-4 years from now."

Given NFC's slow adoption rate, it seems feasible that pay-by-bonk could be replaced by pay-by-squawk in the short term, particularly in developing markets. But even in advanced markets such as the US and the UK, where NFC-enabled phones are becoming more common, NFC-based mobile payment systems have yet to catch on in a big way. The question is: will Dhwani fare any better? ®

Internet Security Threat Report 2014

More from The Register

next story
Hi-torque tank engines: EXTREME car hacking with The Register
Bentley found in a hedge gets WW2 lump insertion
What's MISSING on Amazon Fire Phone... and why it WON'T set the world alight
You fought hard and you saved and earned. But all of it's going to burn...
Trousers down for six of the best affordable Androids
Stylish Googlephones for not-so-deep pockets
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
prev story

Whitepapers

Seattle children’s accelerates Citrix login times by 500% with cross-tier insight
Seattle Children’s is a leading research hospital with a large and growing Citrix XenDesktop deployment. See how they used ExtraHop to accelerate launch times.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.