Journal of the Korea Academia-Industrial cooperation Society (한국산학기술학회논문지)

The Korea Academia-Industrial cooperation Society (한국산학기술학회)
권호 표지
DOI QR코드

DOI QR Code

Security Analysis on NFC-based M-coupon Protocols and its Countermeasure

NFC에 기반한 모바일 쿠폰 프로토콜에 대한 안전성 분석 및 대응 방안

  • Ha, Jae-Cheol (Dept. of Information Security, Hoseo University)
  • 하재철 (호서대학교 정보보호학과)
  • Received : 2014.09.11
  • Accepted : 2015.02.12
  • Published : 2015.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, an application business model was proposed to implement an M-coupon system using the NFC-based mobile devices. In this paper, the security requirements were surveyed for a secure M-coupon system and to analyze the threats on the existing NFC-based M-coupon protocols. After considering the implementation efficiency and security, this paper presents a novel M-coupon protocol based on the Diffie-Hellman key agreement scheme. This protocol can be an alternative to solve the security problems related to the PKI (Public Key Infrastructure) and secret key distribution. Furthermore, this M-coupon protocol is designed to provide user authentication and counteract the relay attack.

최근 NFC 기반의 모바일 디바이스를 이용하여 모바일 쿠폰 시스템을 구현하는 응용 비즈니스 모델이 제안되었다. 본 논문에서는 안전한 모바일 쿠폰 시스템을 위한 보안 요구 사항을 살펴보고 기존에 제시된 프로토콜에 대해 보안성 침해요소를 분석하였다. 그리고 구현의 효율성과 안전성을 고려하여 D-H(Diffie-Hellman) 키 일치 기법에 기반한 새로운 모바일 쿠폰 프로토콜을 제안하였다. 제안한 프로토콜은 공개 키 기반 구조나 비밀 키 분배 문제를 해결하면서 사용자 인증 기능을 제공하며 중계 공격에도 대응할 수 있도록 설계되었다.

Keywords

References

  1. International Organization for Standardization (ISO), "ISO/IEC 18092: Information Technology -telecommunication and information exchange between systems -Near Field Communication- interface and protocol(NFCIP-1)," 2004.
  2. ECMA, "Near Field Communication Interface and Protocol (NFCIP-1)- 2nd Edition ECMA-340," 2004.
  3. A. Kusuma, "Real World Applications of Near Field Communication," Interactive Multimedia Conference (IMC'12), 2012. Available From: http://mms.ecs.soton.ac.uk/2012/
  4. E. Haselsteiner and K. Breitfuss, "Security in near field communication (NFC)," Workshop on RFID and Lightweight Crypto (RFIDSec'06), pp. 3-13, 2006.
  5. M. Aigner, S. Dominikus, and M. Feldhofer, "A system of secure virtual coupons using NFC technology," Pervasive Computing and Communications Workshops (PerComW'07), pp. 362 - 366, 2007.
  6. S. Domonikus and M. Aigner, "mCoupons: An application for near field communication (NFC)," Advanced Information Networking and Applications Workshops (AINAW'07), pp. 421-428, 2007.
  7. H. Hsiang H. Kuo, and W. Shih, "Secure mcoupons scheme using NFC," International Journal of Innovative Computing, Information and Control, vol. 5, no. 11, pp. 3901-3909, 2009.
  8. A. Alshehri, and S. Schneider, "Formal security analysis of NFC M-coupon protocols using Casper/ FDR," International Workshop on Near Field Communication (NFC'13), pp. 1-6, 2013.
  9. A. Alshehri, and S. Schneider, "Formally defining NFC M-coupon requirements, with a case study," International Conference for Internet Technology and Secured Transactions (ICITST'13), pp. 52-58, 2013. DOI: http://dx.doi.org/10.1109/ICITST.2013.6750161
  10. A. Alshehri, and S. Schneider, "Formal security analysis and improvement of a hash-based NFC M-coupon protocol," CARDIS'13, LNCS 8419, pp. 152-167, 2014.
  11. National Institute of Standards and Technology, "Advanced Encryption Standards," NIST FIPS PUB 197, 2001.
  12. W. Diffie and M. Hellman, "New directions in cryptography," IEEE Transactions on Information Theory, vol. IT-22, no. 6, pp. 644-654, Nov. 1976. DOI: http://dx.doi.org/10.1109/TIT.1976.1055638
  13. M. Feldhofer, S. Dominikus, and J. Wolkerstorfer, "Strong authentication for RFID system using the AES algorithm," CHES'04, LNCS 3156, pp. 357-370, 2004.
  14. G. Hancke, "Practical eavesdropping and skimming attacks on high-frequency RFID tokens," Journal of Computer Security, vol. 19, no. 2, pp. 259-288, 2011. https://doi.org/10.3233/JCS-2010-0407
  15. L. Francis, G. Hancke, K. Mayes, and K. Markantonakis, "Practical NFC peer-to-peer relay attack using mobile phones," Workshop on RFID and Lightweight Crypto (RFIDSec'10), pp. 35-49, 2010.
  16. R. Rivest and A. Shamir, "How to expose an eavesdropper," Communications of the ACM, vol. 27, no. 4, pp. 393-395, 1984. DOI: http://dx.doi.org/10.1145/358027.358053
  17. National Institute of Standard and Technology, "Digital Signature Standard : FIPS-PUB 186-3," 2009.
  18. D. Hong, J. Lee. D. Kim. D. Kwon, K. Ryu, and D. Lee, "LEA : A 128-bit block cipher for fast encryption on common processors," WISA'13, LNCS 8367, pp. 3-27, 2013.
  19. A. Bogdanov, L. Knudsen, G. Leander, C. Paar, A. Poschmann, M. Robshaw, Y. Seurin, and C. Vikkelsoe, "PRESENT: An Ultra-Lightweight Block Cipher," CHES 2007, LNCS 4727, pp. 450-66, 2007.