A Research Of Near Field Communication Authentication Protocol

Near Field Communication(NFC)is a short-range wireless communication technology evolved from the radio frequency identification(RFID)and connectivity technology.The NFC enables identification and data exchange with compatible devices over short distances.Nowadays,with the rapid development of information technology,communication technology and internet of things technology,NFC brings many conveniences and also many security risks.If the security authentication protocols used in NFC communication are not designed properly,it may destrory NFC users' data and privacy.Therefore,the design of security authentication protocols for NFC systems is particularly important.According to the NFC communication modes,the authentication protocols of the NFC system are mainly divided into two types,authentication protocols based on the peer-to-peer communication mode and authentication protocols based on card simulation mode or reader mode.The main work of this paper is to research the two types of NFC authentication protocols.(1)In the peer-to-peer communication mode based on NFC,two users hold their NFC devices close to each other.After completing security authentication,operations such as file mutual transmission and secret sharing can be implemented.In order to protect users' privacy and communication security,in recent years,researchers have proposed many authentication protocols based on NFC peer-to-peer communication mode.However,our analysis found that many existed protocols are insecure against impersonation attacks.In 2016,Odelu et al.proposed the SEAP protocol and stated that SEAP could resist impersonation attacks.Unfortunately,according to the analysis in this paper,SEAP still fails to protect NFC users from an impersonation attack against target object.To remove the vulnerability,this paper proposes a new protocol called Secure Privacy Preserving Authentication Protocol(SPPAP)for NFC applications.Security and performance analyses show that SPPAP provides stronger privacy guarantee for NFC users at the same time consume less communication and storage resources than SEAP.(2)NFC card emulation mode can simulate a NFC device into a smart card for access control or bus check.NFC reader mode is to simulate a NFC device as a card reader,for example,simulating as a POS machine can read credit cards' information.In these NFC application scenarios which involve identity authentication and financial transactions,users' passwords and communication security are particularly important.In 2017,Xie et al.proposed a TF-AKE protocol and stated that TF-AKE can resist offline dictionary attacks.However,after analyzing in this paper,we found that there was still an offline dictionary attack vulnerability in TF-AKE protocol.This paper proposes a new offline dictionary attack method against TF-AKE protocol.To remove this vulnerability,we also proposed a new authentication protocol called Resist Offline Dictionary Attacks Authentication Exchange Protocol(RODA-AKE)based on NFC card emulation mode or reader mode.The security analysis proves that the RODA-AKE protocol can successfully resist offline dictionary attacks.It also provides other security characters such as multi-party authentication,key agreement,anonymity,untraceability,and forward security.