The Journal of Korean Institute of Communications and Information Sciences (한국통신학회논문지)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지
DOI QR코드

DOI QR Code

Active Authentication Method using NFC

NFC를 활용한 능동형 인증 방법

  • Received : 2011.09.27
  • Accepted : 2012.01.30
  • Published : 2012.02.29
Download PDF
⟨ Previous Next ⟩

Abstract

Since most of recently launched smart devices support NFC(Near Field Communication), RFID applications are tend to be replaced. For instance, previous RFID application areas such as entrance control, mobile e-ticket, electronic payment and et. al are subject to change using NFC. Due to the limitation of passive communication in RFID, it is impossible to cover all security requirements of authentication and authorization mechanism that wide areas of applications demand. Therefore authentication and authorization mechanism based on NFC is very attractive to such applications because active communication methods make it possible to be highly secure in authentication and authorization. In this paper, authors propose a new approach of secure authentication and authorization mechanism using NFC smart devices based on EAP(Extensible Authentication Protocol) and AAA(Authentication, Authorization and Accounting) protocols.

최근 NFC(Near Field Communcation) 기반 통신 기능을 채용한 스마트기기 및 OS 등이 확산됨에 따라 기존 RFID를 이용하던 다양한 응용 분야에 대하여 NFC로의 대체가 진행되고 있다. 대표적으로 출입 통제나, e-ticket, 전자 결제 등의 분야에서 NFC가 RFID를 대체하고 있다. 기존의 RFID는 수동적 통신 기능만 제공하여 충분히 안전한 인증 및 권한 검증 방법을 제시하지 못하였으나, 능동형 통신기능을 제공하는 NFC를 활용하면 보다 안전한 인증 방식을 제공하여 다양한 응용에서 요구하는 보안 요구사항을 만족시킬 수 있다. 그러므로 본 논문은 NFC의 능동형 통신 기능을 활용하여 신용카드 결제, 출입통제 시스템 등에 활용될 수 있는 능동형 인증 방식을 제공할 수 있는 방법으로 EAP(Extensible Authentication Protocol)과 AAA(Authentication. Authorization and Accounting) 규약을 활용하는 방법을 제안한다.

Keywords

References

  1. NFC Forum, "What is NFC?", http://www.nfc-forum.org/aboutnfc/
  2. Zigbee Alliance, "Understanding ZigBee", http://www.zigbee.org/About/UnderstandingZigBee.aspx
  3. Bluetooth Special Interest Group, "Bluetooth Basics", http://www.bluetooth.com/Pages/Basics.aspx
  4. 이유지, "KT텔레캅, NFC 적용한 출입통제시 스템 개발", 디지털 데일리, 2011년 5월 24일, http://www.kttelecop.co.kr/jsp/board/board.jsp?sa=ci&bid=8&pg=2&no=5181
  5. Darren Murphy, "Charge Anywhere update turns Nexus S into full-on mobile payment terminal", Engadget, 2011년 3월 25일, http://www.engadget.com/2011/03/25/charge-anywhere-update-turns-nexus-s-into-full-on-mobile-payment/
  6. ISO/IEC 14443, Identification cards-Contractless integrated circuit cards-Proximity cards, ISO, Geneva, Switzerland, 2008
  7. Ernst Haselsteiner and Klemens Breitfuss, "Security in near field communication (NFC)," Philips Semiconductors Workshop on RFID Security(RFIDSec 06), July 2006
  8. ECMA International, "NFC-SEC NFCIP-1 Security Services and Protocol, Cryptography Standard using ECDH and AES", Ecma/TC47/2008/089, http://www.ecmainternational.org/activities/Communications/tc47-2008-089.pdf
  9. Joan Daemen and Vincent Rijmen, "The Design of Rijndael: AES-The Advanced Encryption Standard." Springer, 2002. ISBN 3-540-42580-2
  10. Pablo Holman, "How to hack RFID-enabled Credit Cards for $8", BoingBoingTV, http://www.youtube.com/watch?v=vmajlKJlT3U
  11. NXP Semiconductor, MIFARE Classic - a pioneer and front runner in contactless smart card ICs, http://www.nxp.com/products/identification_and_security/smart_card_ics/mifare_smart_card_ics/mifare_classic/
  12. Gerhard P. Hancke, "A practical relay attack on ISO/IEC 14443 proximity cards", Project Report, 2005년 1월
  13. Dan Balaban, "Tansport for London to Discard Mifare classic", NFC times, Jan. 21, 2010, http://www.nfctimes.com/news/transport-london-discard-mifare-classic-seeks-desfire-sims
  14. 길민권, "해킹 시연 'RFID 적용 탄약고.물류센터 등 해킹에 무방비'," 보안뉴스, 2007년 5월 22일, http://www.boannews.com/media/view.asp?idx=6226&kind=2
  15. T. S. Heydt-Benjamin, D. V. Bailey, K. Fu, A. Juels, and T. O'Hare. "Vulnerabilities in first-generation RFID-enabled credit cards". In Proceedings of Eleventh International Conference on Financial Cryptography and Data Security, Lecture Notes in Computer Science, Vol. 4886, pages 2-14, Lowlands, Scarborough, Trinidad/Tobago, Feb. 2007.
  16. Thomas Ricker, "Duch RFID e-passport cracked-US next?" Engadget, 2006년 2월 23일, http://www.engadget.com/2006/02/03/dutch-rfid-e-passport-cracked-us-next/
  17. 양진비, "전자여권, 10분이면 감쪽같이 '해킹'", 프레시안, 2008년 9월 29일, http://www.pressian.com/article/article.asp?articlenum=60080929141547&Section=
  18. Hsu-Chen Cheng, Wen-Wei Liao, Tian-Yow Chi and Siao-Yun Wei, "A secure and practical key management mechanism for NFC read-write mode", The 13th International Conference on Advanced Communication Technology(ICACT), Feb. 13-16, 2011, Seoul, Korea, 2011
  19. Sandeep Tamrakar, Jan-Erik Ekberg and N. Asokan, "Identity Verification Schemes for Public Transport Ticketing with NFC Pohones", Proceedings of the sixth ACM workshop on Scalable trusted computing, OCT. 17-21, Chicago, USA, 2011
  20. Wei-Dar Chen, Mayes, K.E, Yuan-Hung Lien and Jung-Hui Chiu, "NFC Mobile Payment with Citizen Digital Certificate", The 2nd International Conference on Next Generation Information Technology (ICNIT), Jun. 21-23, Gyeongju, Korea, 2011
  21. Wei-Dar Chen, Mayes, K.E, Yuan-Hung Lien and Jung-Hui Chiu, "NFC Mobile Transactions and Authentication based on GSM Network", The 2nd International Workshop on Near Field Communication, Apr. 20-20, Monaco, 2010
  22. Wei-Dar Chen, Mayes, K.E, Yuan-Hung Lien and Jung-Hui Chiu, "Using 3G Network Components to Enable NFC Mobile Transactions and Authentication", 2010 IEEE International Conference on Progress Informatics and Computing (PIC), Dec. 10-12, Sanghai, China, 2010
  23. 이민구, 김동완, 손진수, "시간제 차량 임대 사업과 NFC 활용", R&D Horizon, Vol. 25, No. 2, Jun. 2011
  24. Nakhjiri and Nakhjiri, AAA and Network Security for Mobile Access, Wiley, 2005
  25. Carl Rigney, Allan C. Rubens, William Allen Simpson and Steve Willens, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, http://ietf.org/rfc/rfc2865.txt
  26. Pat R. Calhoun, John Loughney, Jari Arkko, Erik Guttman and Glen Zorn, "Diameter Base Protocol", RFC 3588, http://ietf.org/rfc/rfc3588.txt
  27. Brian Lloyd and William Allen Simpson, "PPP Authentication Protocols", RFC 1334, http://ietf.org/rfc/rfc1334.txt
  28. Bernard Aboba, Larry J. Blunk, John R. Vollbrecht, James Carlon and Henrik Levkowetz, "Extensible Authentication Protocol(EAP)", RFC 3748, http://ietf.org/rfc/rfc3748.txt
  29. Jari Arkko and Henry Haverinen, "Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)", RFC 4187, http://ietf.org/rfc/rfc4187.txt
  30. Bernard Aboba and Dan Simon, "PPP EAP TLS Authentication Protocol", RFC 2716, http://ietf.org/rfc/rfc2716.txt
  31. Paul Funk and Simon Blake-Wilson, "Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0)", RFC 5281, http://ietf.org/rfc/rfc5281.txt
  32. Florent Bersani and Hannes Tschofenig, "The EAP-PSK Protocol: A Pre-Shared Key Extensible Authentication Protocol (EAP) Method", RFC 4764, http://ietf.org/rfc/rfc4764.txt

Cited by

  1. An Implementation of Car Navigation System using NFC vol.18, pp.5, 2014, https://doi.org/10.6109/jkiice.2014.18.5.1194
  2. Design and Implementation of Exercise Machines Reservation System for Fitness Center vol.20, pp.3, 2016, https://doi.org/10.6109/jkiice.2016.20.3.599