An Application Security Framework for Near Field Communication

Smart phones equipped with Near Field Communication (NFC) provide a simple way to initiate contactless transactions and data exchange without having the need to carry additional items such as credit cards, personal IDs, and access keys. To prevent unauthorized NFC transactions in the case of lost or stolen devices, the user needs to be authenticated before each transaction, which adds extra burden on users. In this paper we propose an NFC security framework that simplifies the initiation of secure NFC transactions. The framework calculates a current measure of device security based on user activities and behavior. NFC transactions are authorized if the current device security measure meets the minimum requirement of the application. The framework uses a combination of authentication methods such as password, pin, pattern, finger print, voice and face recognition. In addition, we propose adjusting the device security level dynamically based on user activities, behavior, and background face and voice authentication. As a case study, the framework has been implemented on the Google Android platform. The NFC security framework minimizes the need to intrusively authenticate the user for every NFC transaction thus maintaining the simplicity of using NFC while enhancing its security.

[1]  Ying Zhu,et al.  Graphical passwords: a survey , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[2]  Tuomas Aura,et al.  Strong Authentication with Mobile Phone , 2012, ISC.

[3]  Alan H. Karp,et al.  Near-field communication-based secure mobile payment service , 2009, ICEC.

[4]  Johannes Sametinger,et al.  Secure and usable authentication on mobile devices , 2012, MoMM '12.

[5]  Maurizio Rebaudengo,et al.  Tampering in RFID: A Survey on Risks and Defenses , 2010, Mob. Networks Appl..

[6]  N. Asokan,et al.  Identity verification schemes for public transport ticketing with NFC phones , 2011, STC '11.

[7]  G.R. Doddington,et al.  Speaker recognition—Identifying people by their voices , 1985, Proceedings of the IEEE.

[8]  Sadiq Almuairfi,et al.  IPAS: Implicit Password Authentication System , 2011, 2011 IEEE Workshops of International Conference on Advanced Information Networking and Applications.

[9]  Byoungcheon Lee,et al.  Resuscitating privacy-preserving mobile payment with customer in complete control , 2010, Personal and Ubiquitous Computing.

[10]  Haichang Gao,et al.  Design and Analysis of a Graphical Password Scheme , 2009, 2009 Fourth International Conference on Innovative Computing, Information and Control (ICICIC).

[11]  Teddy Mantoro,et al.  Smart card authentication for Internet applications using NFC enabled phone , 2010, Proceeding of the 3rd International Conference on Information and Communication Technology for the Moslem World (ICT4M) 2010.

[12]  Atilla Elçi,et al.  Securing RFID-based authentication systems using ParseKey+ , 2010, SIN.

[13]  Zhong Chen,et al.  A Secure RFID Communication Protocol Based on Simplified DES , 2013 .

[14]  Naftali Z. Tisby On the application of mixture AR hidden Markov models to text independent speaker recognition , 1991, IEEE Trans. Signal Process..