PSAP: Pseudonym-Based Secure Authentication Protocol for NFC Applications

Nowadays, near field communication (NFC) has been widely used in electronic payment, ticketing, and many other areas. NFC security standard requires the use of public key infrastructure (PKI) to implement mutual authentication and session keys negotiation in order to ensure communication security. In traditional PKI-based schemes, every user uses a fixed public/private key pair to implement authentication and key agreement. An attacker can create a profile based on user’s public key to track and compromise the user’s privacy. Recently, He et al. and Odelu et al. successively proposed pseudonym-based authentication key and agreement protocols for NFC after Eun et al.’s protocol (2013), which is first claimed to provide conditional privacy for NFC. They respectively claimed that their scheme can satisfy the security requirements. In this paper, first, we prove that their protocols still have security flaws, including the confusion of the user’s identity and the random identity. Then, we propose a pseudonym-based secure authentication protocol (PSAP) for NFC applications, which is effective in lifetime and includes time synchronization-based method and nonce-based method. In our scheme, trusted service manager issues pseudonyms but does not need to maintain verification tables and it could reveal the user’s identity of internal attackers. Furthermore, security and performance analysis proves that PSAP can provide traceability and more secure features with a little more cost.

[1]  Iolie Nicolaidou,et al.  Health and rescue services management system during a crisis event. , 2016, Healthcare technology letters.

[2]  Saraju P. Mohanty,et al.  Swing-Pay: One Card Meets All User Payment and Identity Needs: A Digital Card Module using NFC and Biometric Authentication for Peer-to-Peer Payment , 2017, IEEE Consumer Electronics Magazine.

[3]  Shengli Xie,et al.  MixGroup: Accumulative Pseudonym Exchanging for Location Privacy Enhancement in Vehicular Social Networks , 2016, IEEE Transactions on Dependable and Secure Computing.

[4]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[5]  Vanga Odelu,et al.  SEAP: Secure and efficient authentication protocol for NFC applications using pseudonyms , 2016, IEEE Transactions on Consumer Electronics.

[6]  Günter Schreier,et al.  Design and Evaluation of Near Field Communication (NFC) Technology Based Solutions for mHealth Challenges , 2015 .

[7]  Sophia G. Petridou,et al.  Formal security analysis of near field communication using model checking , 2016, Comput. Secur..

[8]  Busra Ozdenizci,et al.  A Survey on Near Field Communication (NFC) Technology , 2012, Wireless Personal Communications.

[9]  Debiao He,et al.  Secure pseudonym-based near field communication protocol for the consumer internet of things , 2015, IEEE Transactions on Consumer Electronics.

[10]  Jeffrey Fischer,et al.  NFC in cell phones: The new paradigm for an interactive world [Near-Field Communications] , 2009, IEEE Communications Magazine.

[11]  Degang Sun,et al.  A Near Field Communication(NFC) Security Model Based on OSI Reference Model , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[12]  Tomi Dahlberg,et al.  A critical review of mobile payment research , 2015, Electron. Commer. Res. Appl..

[13]  Ashok Kumar Das,et al.  A survey on user access control in wireless sensor networks with formal security verification , 2014, Int. J. Trust. Manag. Comput. Commun..

[14]  Weider D. Yu,et al.  NFC based m-Healthcare application focusing on security, privacy and performance , 2013, 2013 IEEE International Conference on Communications (ICC).

[15]  Heekuck Oh,et al.  Conditional privacy preserving security protocol for NFC applications , 2012, 2012 IEEE International Conference on Consumer Electronics (ICCE).

[16]  Peilin Hong,et al.  A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture , 2012, J. Comput. Syst. Sci..

[17]  Prosanta Gope,et al.  A Realistic Lightweight Anonymous Authentication Protocol for Securing Real-Time Application Data Access in Wireless Sensor Networks , 2016, IEEE Transactions on Industrial Electronics.

[18]  Dijiang Huang,et al.  PACP: An Efficient Pseudonymous Authentication-Based Conditional Privacy Protocol for VANETs , 2011, IEEE Transactions on Intelligent Transportation Systems.