Off-line NFC Tag Authentication

Near Field Communication (NFC), a short range wireless technology, has recently experienced a sharp rise in uptake because of its integration with cell phones. NFC-enabled cell phones interact with NFC tags to retrieve information in a single touch. Such tags can be used in variety of applications like smart posters, product identification, access control etc. The integrity of the data stored on these tags is assured by digital signatures. However, this does not guarantee the legitimacy of tags. They may be replaced with counterfeits. At present the NFC Forum does not provide any mechanism to detect duplicate tags. In an offline environment, when there is no shared secret between the tag and the reader, it is very challenging to differentiate between legitimate and counterfeit tags. This paper presents a protocol for the off-line authentication of NFC tags and provides a framework, based on NFC Forum specifications, to support the authentication. The proposal is based on a challenge-response protocol using public key cryptography and a PKI. In order to make the framework compatible with existing NFC Forum devices, a new Tag Authentication Record, designed according to the NFC Data Exchange Format (NDEF), is introduced. Our proposed framework successfully differentiates between legitimate and cloned tags which have sufficient resources to perform the required cryptography.

[1]  Mikko Lehtonen,et al.  From Identification to Authentication – A Review of RFID Product Authentication Techniques , 2008 .

[2]  Lejla Batina,et al.  RFID-Tags for Anti-counterfeiting , 2006, CT-RSA.

[3]  Collin Mulliner,et al.  Vulnerability Analysis and Attacks on NFC-Enabled Mobile Phones , 2009, 2009 International Conference on Availability, Reliability and Security.

[4]  David A. Wagner,et al.  Security and Privacy Issues in E-passports , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[5]  Martin Feldhofer,et al.  A low-resource public-key identification scheme for RFID tags and sensor nodes , 2009, WiSec '09.

[6]  Colin D. Walter,et al.  An Attack on Signed NFC Records and Some Necessary Revisions of NFC Specifications , 2013 .

[7]  Avishai Wool,et al.  Toward practical public key anti-counterfeiting for low-cost EPC tags , 2011, 2011 IEEE International Conference on RFID.

[8]  Josef Langer,et al.  NFC Devices: Security and Privacy , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[9]  X Itu,et al.  Information technology-open systems interconnection-the directory: Public-key and attribute certific , 2000 .