NFC Secure Payment Protocol Based on Pseudonym

Abstract

Abstract: Near field communication (NFC) is a contactless communication technology based on ISOIEC 18092 with a working distance of less than 10 cm. Nowadays, NFC has attracted the attention of most smart phone manufacturers and industries due to its usability and ease of use, and has been widely used in the field of ecommerce. In order to ensure the security of their communications, in the past few years, many researchers have focused on solving the security threats existing in NFC environments. In this regard, these studies have led to the introduction of the NFC Security standard (NFCSEC), which, however, does not provide users with privacy protection. Recently, some researchers have successively proposed pseudonymitybased NFC authentication and key agreement protocols, claiming that the proposed solutions meet the security requirements. However, the previous protocol still had security flaws, such as an inability to defend against insider privilege attacks. Based on this, a security authentication protocol based on pseudonymity is proposed, and the security of the protocol is proved. In the proposed scheme, the user generates his own key, which is verified by a third party through a zeroknowledge proof scheme, and generates a pseudonym accordingly, through which the key negotiation is completed.

Key words: NFC, privacy protection, safety certification, electronic commerce, zero knowledge proof

摘要： 近场通信(near field communication, NFC)是基于ISOIEC 18092标准的一种工作距离小于10cm的非接触通信技术.如今，NFC由于其可用性和易用性，吸引了大多数智能手机厂商和行业的关注，并在电子商务领域得到了广泛的应用.为了保证通信的安全，在过去的几年里，许多研究者都致力于解决NFC环境中存在的安全威胁.这些研究导致了NFC安全标准(NFCSEC)的引入，然而，该标准并没有为用户提供隐私保护.最近，有研究者先后提出了基于假名的NFC认证和密钥协商协议，分别声称所提出的解决方案符合安全要求.但是，之前的协议仍然存在安全缺陷，如无法抵御内部特权攻击.基于此提出了一种基于假名的安全认证协议，并证明了该协议的安全性.在提出的方案中，用户生成自己的密钥，由第三方通过零知识证明方案进行验证，并据此生成假名，通过该假名完成密钥协商.

关键词: 近场通信, 隐私保护, 安全认证, 电子商务, 零知识证明

赵兴文, 段懿入. 基于假名的NFC安全支付认证协议[J]. 信息安全研究, 2022, 8(12): 1178-.

References

［1］Shobha N S S, Aruna K S P, Bhagyashree M D P, et al. NFC and NFC payments: A review［C］ Proc of 2016 Int Conf on ICT in Business Industry & Government (ICTBIG). Piscataway, NJ: IEEE, 2016: 17［2］Yang J H, Lin P Y. A mobile payment mechanism with anonymity for cloud computing［J］. Journal of Systems and Software, 2016, 116: 6974［3］Coskun V, Ozdenizci B, Ok K. A survey on near field communication (NFC) technology［J］. Wireless Personal Communications, 2013, 71(3): 22592294 ［4］Thammarat C. Efficient and secure NFC authentication for mobile payment ensuring fair exchange protocol［J］. Symmetry, 2020, 12(10): 1649 ［5］European Standards. ISOIEC 18092 Information Technology—Telecommunications and Information Exchange between Systems—Near Field CommunicationInterface and Protocol (NFCIP1)［SOL］. 2004 ［20221124］. https:www.enstandard.euisoiec18092informationtechnologytelecomm unicationsandinformationexchangebetweensystemsnearfieldcommunicationinterfaceandprotocolnfcip1［6］Fischer J. NFC in cell phones: The new paradigm for an interactive world［J］. IEEE Communications Magazine, 2009, 47(6): 2228 ［7］Abouhogail R A. A new secure lightweight authentication protocol for NFC mobile payment［J］. International Journal of Communication Networks and Information Security, 2019, 11(2): 283289 ［8］Bojjagani S, Sastry V N. A secure endtoend proximity NFCbased mobile payment protocol［J］. Computer Standards & Interfaces, 2019, 66: 103348 ［9］Pourghomi P, Saeed M Q, Ghinea G. A secure cloudbased NFC mobile payment protocol［J］. International Journal of Advanced Computer Science and Applications, 2014, 5(10): 2431［10］Nashwan S. Secure authentication protocol for NFC mobile payment systems［J］. International Journal of Computer Science and Network Security, 2017, 17(8): 256262 ［11］Chen X, Choi K, Chae K. A secure and efficient key authentication using bilinear pairing for NFC mobile payment service［J］. Wireless Personal Communications, 2017, 97(1): 117 ［12］Khan W, Ullah H. Authentication and secure communication in GSM, GPRS, and UMTS using asymmetric cryptography［J］. International Journal of Computer Science Issues, 2010, 7(3): 1015［13］digwatch. Standard ECMA E386 NFCSEC01: NFCSEC Cryptography Standard Using ECDH and AES［SOL］. 2010 ［20221124］. https:dig.watchresourcestandardecma386nfcsec01nfcseccryptographystandardusingecdhandaes［14］祝烈煌, 刘哲理. 数据安全与隐私计算［J］. 信息安全研究, 2022, 8(10): 954955［15］Benarous L, Kadri B, Bitam S, et al. Privacypreserving authentication scheme for onroad ondemand refilling of pseudonym in VANET［J］. International Journal of Communication Systems, 2020, 33(10): e4087 ［16］Gao T, Deng X, Li Q, et al. APPAS: A privacypreserving authentication scheme based on pseudonym ring in VSNs［J］. IEEE Access, 2019, 7: 6993669946 ［17］高小龙, 王玉, 安鹏, 等. 一种适用于大规模场景的匿名电子投票系统［J］. 信息安全研究, 2022, 8(10): 990999［18］Eun H, Lee H, Oh H. Conditional privacy preserving security protocol for NFC applications［J］. IEEE Trans on Consumer Electronics, 2013, 59(1): 153160 ［19］He D, Kumar N, Lee J H. Secure pseudonymbased near field communication protocol for the consumer Internet of things［J］. IEEE Trans on Consumer Electronics, 2015, 61(1): 5662［20］Odelu V, Das A K, Goswami A. SEAP: Secure and efficient authentication protocol for NFC applications using pseudonyms［J］. IEEE Trans on Consumer Electronics, 2016, 62(1): 3038［21］Xu Jie, Xue Kaiping, Yang Qingyou, PSAP: Pseudonymbased secure authentication protocol for NFC applications［J］. IEEE Trans on Consumer Electronics, 2018, 64(1): 8391［22］Ghafoorian M, Nikooghadam M. An anonymous and secure key agreement protocol for NFC applications using pseudonym［J］. Wireless Networks, 2020, 26(6): 42694285［23］Singh M M, Adzman K, Hassan R. Near field communication (NFC) technology security vulnerabilities and countermeasures［J］. International Journal of Engineering & Technology, 2018, 7: 298305

[1]	. [J]. Journal of Information Security Reserach, 2022, 8(6): 554-.
[2]	. [J]. Journal of Information Security Reserach, 2022, 8(5): 484-.
[3]	. Technology and Research Progress of Generative Adversarial Networks [J]. Journal of Information Security Reserach, 2022, 8(3): 235-.
[4]	. [J]. Journal of Information Security Reserach, 2022, 8(3): 270-.
[5]	. A Traceable Deep Learning Classifier Based on Differential Privacy [J]. Journal of Information Security Reserach, 2022, 8(3): 277-.
[6]	. Research on Customers Information Detection and Security Analysis for ISP [J]. Journal of Information Security Reserach, 2022, 8(12): 1192-.
[7]	. Study on the Influence and Compliance of Personal Information Protection Law on Postal Industry [J]. Journal of Information Security Reserach, 2022, 8(11): 1085-.
[8]	. Design and Analysis of a Forward Security Blindcoin Protocol [J]. Journal of Information Security Reserach, 2022, 8(10): 974-.
[9]	. A Privacy Model for 5G Application Based on Blockchain [J]. Journal of Information Security Reserach, 2022, 8(1): 43-.
[10]	. Privacy Considerations of European Contact Tracing Technology (DP3T) [J]. Journal of Information Security Reserach, 2021, 7(9): 810-814.
[11]	. Discussion on 5G Radio Access Network Security [J]. Journal of Information Security Reserach, 2021, 7(5): 457-465.
[12]	. Governance of Data Security in Artificial Intelligence and Overview of Technology Development [J]. Journal of Information Security Research, 2021, 7(2): 110-119.
[13]	. Research on Dual-blockchain Model for Medical Privacy Protection [J]. Journal of Information Security Research, 2021, 7(2): 136-144.
[14]	. Research on Security Technologies in Data Security Governance [J]. Journal of Information Security Reserach, 2021, 7(10): 907-.
[15]	. Multi-source network data privacy protection method based on blockchain technology [J]. Journal of Information Security Research, 2021, 7(1): 86-89.