Journal of Information Security Reserach ›› 2022, Vol. 8 ›› Issue (12): 1178-.

Previous Articles     Next Articles

NFC Secure Payment Protocol Based on Pseudonym

  

  • Online:2022-12-03 Published:2022-12-01
  • About author:赵兴文 副教授.主要研究方向为互联网安全应用、隐私保护、数据共享安全. sevenzhao@hotmail.com 段懿入 硕士研究生.主要研究方向为保护隐私的密码协议、网络与信息安全. yrduan@stu.xidian.edu.cn

基于假名的NFC安全支付认证协议

赵兴文, 段懿入   

  1. (西安电子科技大学网络与信息安全学院西安710119)
  • 通讯作者: 赵兴文 副教授.主要研究方向为互联网安全应用、隐私保护、数据共享安全. sevenzhao@hotmail.com

Abstract: Near field communication (NFC) is a contactless communication technology based on ISOIEC 18092 with a working distance of less than 10 cm. Nowadays, NFC has attracted the attention of most smart phone manufacturers and industries due to its usability and ease of use, and has been widely used in the field of ecommerce. In order to ensure the security of their communications, in the past few years, many researchers have focused on solving the security threats existing in NFC environments. In this regard, these studies have led to the introduction of the NFC Security standard (NFCSEC), which, however, does not provide users with privacy protection. Recently, some researchers have successively proposed pseudonymitybased NFC authentication and key agreement protocols, claiming that the proposed solutions meet the security requirements. However, the previous protocol still had security flaws, such as an inability to defend against insider privilege attacks. Based on this, a security authentication protocol based on pseudonymity is proposed, and the security of the protocol is proved. In the proposed scheme, the user generates his own key, which is verified by a third party through a zeroknowledge proof scheme, and generates a pseudonym accordingly, through which the key negotiation is completed.

Key words: NFC, privacy protection, safety certification, electronic commerce, zero knowledge proof

摘要: 近场通信(near field communication, NFC)是基于ISOIEC 18092标准的一种工作距离小于10cm的非接触通信技术.如今,NFC由于其可用性和易用性,吸引了大多数智能手机厂商和行业的关注,并在电子商务领域得到了广泛的应用.为了保证通信的安全,在过去的几年里,许多研究者都致力于解决NFC环境中存在的安全威胁.这些研究导致了NFC安全标准(NFCSEC)的引入,然而,该标准并没有为用户提供隐私保护.最近,有研究者先后提出了基于假名的NFC认证和密钥协商协议,分别声称所提出的解决方案符合安全要求.但是,之前的协议仍然存在安全缺陷,如无法抵御内部特权攻击.基于此提出了一种基于假名的安全认证协议,并证明了该协议的安全性.在提出的方案中,用户生成自己的密钥,由第三方通过零知识证明方案进行验证,并据此生成假名,通过该假名完成密钥协商.

关键词: 近场通信, 隐私保护, 安全认证, 电子商务, 零知识证明