Feeds

SQUEEEEE! Microsoft goes retro with pay-by-squawk NFC tech

Slow acoustic data transfer could work with any mobe

High performance access to file storage

Researchers at Microsoft Research India have proposed a new form of near-field communication (NFC) for mobile phones, one that even works on devices that lack any kind of specialized NFC hardware.

The technique is a modern throwback to the earliest days of computer communications, and a big clue to how it works can be found in the name the boffins gave it: Dhwani, a Hindi word that translates roughly to "sound."

"A key advantage of Dhwani over conventional NFC is that it is a purely software-based solution, that can run on legacy phones, including feature phones, so long as they have a speaker and a microphone," Microsoft researchers Rajalakshmi Nandakumar, Krishna Kant Chintalapudi, Venkata N. Padmanabhan, and Ramarathnam Venkatesan write in their joint paper.

In essence, Dhwani works like the analog modems of old, using an acoustic software-defined radio to translate data into sound, which then can be picked up and decoded by a receiver.

The researchers say their current implementation can handle data rates of up to 2.4Kbps, roughly comparable to the top speed of a Hayes Smartmodem in the late 1980s. In other words, you wouldn't want to use it to swap MP3s – an 8MB file would take about 7.5 hours – but it should be fast enough for most typical NFC transactions.

In fact, such data rates are actually quite a feat when you consider that the sender and receiver aren't even connected over a hard line, the way the old 2400bps modems were. By comparison, the really old modems that used acoustic couplers never got over 1200bps.

Photo of a vintage analog modem with an acoustic coupler

The good old days of using sound to transmit data could be here again

Because NFC is used for mobile payments, however – that's the Holy Grail, anyway, no matter what else it gets used for – the researchers had to bake in a sophisticated security model to ensure that Dhwani communications can't be snooped by a nearby eavesdropping device.

Your humble Reg hack lacks the telecom engineering background to do proper justice to the Dhwani security technique, dubbed JamSecure by its inventors. But in a nutshell, it works by having the receiving device transmit pseudorandom noise that jams the sender's transmission, preventing an eavesdropper from picking it up. The receiver then takes that noise signal, known only to it, and performs self-interference cancellation to recover the original transmission and decode the data.

To add an additional layer of protection, Dhwani packets are scrambled using AES encryption, to prevent an eavesdropper from picking up even a partial message from a signal that has been insufficiently jammed.

So is it secure? As the researchers note, these measures should be enough to render man-in-the-middle attacks on Dhwani ineffective. But it could still be vulnerable to denial-of-service attacks (blasting a bunch of white noise), or to attacks that either disable the receiver's jamming signal or boost the sender's signal so that its strength exceeds the jamming. So: not perfect, but pretty darn secure.

One point the boffins don't discuss, however, is just how much processing power might be needed to do all of the necessary calculations in real time. They did their tests using a Samsung Galaxy S2, an HTC Sapphire, and an HP Mini notebook. It's not clear whether the typical feature phone sold today – and around 85 per cent of all phones sold in India are feature phones – would be able to support Dhwani.

But phones are only half of the mobile-payments equation. For stores to accept payment-by-bonk, they must be set up to use NFC, too – and as the paper's authors point out, most aren't.

"The prevalence of NFC-enabled point-of-sale (POS) terminals is also low – under 5% today and expected to rise to only about 49% globally by 2017," the Microsoft techs write. "Even disregarding the optimism that usually colours such forecasts, it seems likely that the majority of phones and POS terminals globally will not be NFC-enabled even 3-4 years from now."

Given NFC's slow adoption rate, it seems feasible that pay-by-bonk could be replaced by pay-by-squawk in the short term, particularly in developing markets. But even in advanced markets such as the US and the UK, where NFC-enabled phones are becoming more common, NFC-based mobile payment systems have yet to catch on in a big way. The question is: will Dhwani fare any better? ®

High performance access to file storage

More from The Register

next story
Feast your PUNY eyes on highest resolution phone display EVER
Too much pixel dust for your strained eyeballs to handle
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Report: Apple seeking to raise iPhone 6 price by a HUNDRED BUCKS
'Well, that 5c experiment didn't go so well – let's try the other direction'
Rounded corners? Pah! Amazon's '3D phone has eye-tracking tech'
Now THAT'S what we call a proper new feature
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Nvidia gamers hit trifecta with driver, optimizer, and mobile upgrades
Li'l Shield moves up to Android 4.4.2 KitKat, GameStream comes to notebooks
AMD unveils Godzilla's graphics card – 'the world's fastest, period'
The Radeon R9 295X2: Water-cooled, 5,632 stream processors, 11.5TFLOPS
Sony battery recall as VAIO goes out with a bang, not a whimper
The perils of having Panasonic as a partner
NORKS' own smartmobe pegged as Chinese landfill Android
Fake kit in the hermit kingdom? That's just Kim Jong-un-believable!
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.