Please use this identifier to cite or link to this item:
標題: The study of NFC wallet
作者: 陳正豪
Cheng-Hao Chen
關鍵字: NFC
NFC security
Elliptic Curve Cryptosystem
Card Emulation Mode
引用: [1] 黃明祥,林詠章。《資訊與網路安全概論:建構雲端運算安全(第四版)》。台北:美商麥格羅.希爾國際股份有限公司台灣分公司出版,2011。 [2] ISO/IEC 14443-3 Identification cards — Contactless integrated circuit(s) cards - Proximity cards — Part 3: Initialization and anticollision (2008). [3] ISO/IEC 14443-4:2008 Identification cards — Contactless integrated circuit(s) cards — Proximity cards — Part 4: Transmission protocol (2007). [4] ISO/IEC 18092:2013 Information technology -- Telecommunications and information exchange between systems -- Near Field Communication -- Interface and Protocol (NFCIP-1)(2013). [5] NFC Analog Specification Technical Specification(1st Edition, 2012). [6] Standards ECMA 385 NFC-SEC:NFCIP-1 Security Services and Protocol (3rd Edition, 2013). [7] Standards ECMA 386 NFC-SEC-01:NFC-SEC Cryptography Standard using ECDH and AES (2rd Edition, 2010). [8] Alzahrani, A., Alqhtani, A., Elmiligi, H., Gebali, F., Yasein, M. S., 'NFC security analysis and vulnerabilities in healthcare applications', 2013 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing (PACRIM), pp.302-305, Victoria, BC, Canada, August 27-29, 2013. [9] Charl, A. O., Gerhard, P. H., 'A Generic NFC-enabled Measurement System for Remote Monitoring and Control of Client-side Equipment', 2011 Third International Workshop on Near Field Communication, pp. 44-49, Hagenberg, Austria, February 22, 2011. [10] Elbagoury, A., Mohsen, A., Ramadan, M., Youssef, M., 'Practical provably secure key sharing for near field communication devices', 2013 International Conference on Computing, Networking and Communications (ICNC), pp.750-755, San Diego, USA, January 28-31, 2013. [11] Hasoo, E., Hoonjung, L., Heekuck, O., 'Conditional Privacy Preserving Security Protocol for NFC Applications', 2013 IEEE International Conference on Consumer Electronics (ICCE), pp.153-160, Las Vegas, NV, USA, January 11-14, 2013. [12] Jara, A. J., Zamora, M. A., Skarmeta, A. F. G., 'Secure use of NFC in medical environments', 2009 5th European Workshop on RFID Systems and Technologies (RFID SysTech), pp.1-8, Blockhaus, Germany, June 16-17, 2009. [13] Koblitz, N., 'Elliptic Curve Cryptosystems', Mathematics of Computation, Volume 48,Issue 177, pp. 203-209, January 1987. [14] Madlmayr, G., Langer, J., Kantner, C., Scharinger, J.,' NFC Devices: Security and Privacy', 2008. ARES 08. Third International Conference on Availability, Reliability and Security, pp.642-647, Barcelona, Spain,March 4-7, 2008. [15] Menezes, A.J.,Vanstone, S.A., 'Elliptic Curve Cryptosystems and Their Implementation', Journal of Cryptology,Volume 6, Issue4, pp.209-224, September 1993. [16] Roland, M., Langer, J., Scharinger, J., 'Practical Attack Scenarios on Secure Element-enabled Mobile Devices', 2012 4th International Workshop on Near Field Communication (NFC), pp.19-24, Helsinki, Finland, March 13, 2012. [17] Standardized NFC Security Protocols-Mobile Payment and NFC Tutorial Date: February 2, 2014). [18] NFC Forum Issues Specifications For Four Tag Types | NFC Forum (Reference Date: June 24, 2014). [19] NFC Forum Technical Specifications (Reference Date: June 24, 2014). [20] NFC Analog Specification Technical - Technical Specification (Reference Date: June24, 2014)
摘要: The Near Field Communication (NFC)Technology can connect each other within one second. It is a very convenient and populartechnology now. However, there are many threats in transfer process. We discuss seven attacks about NFC technology. It has six unsolved problems. The Peer-to-Peer Modehas a secure communication standard butCard Emulation Mode and Reader/Writer Mode do not have a secure protocol. Users should to design the protective protocolby themselves when they use the NFC technology in these modes. In our method,we use the Diffie-Hellman Key Exchange and Elliptic Curve Cryptosystem to design a secure communication protocol on NFC wallet. Our methodachievesfive security requirements which are Data Confidentiality, Data Integrity, Unobservability, Unlinkability and Traceability. It is aquitesecure method. It should to enhance security in verifying identification of application in card emulation mode.It will prevent the illegal application to disable the function of secure chip. The identification of NFC tag should be careful, or it will infringe the privacy of user.
近場距離通訊(Near Field Communication, NFC)技術能在一秒鐘之內就能將通訊雙方的連結建立好,其便利性與實用性使其成為一種相當火紅的通訊技術,但是在短短幾秒鐘的通訊過程中,卻暗藏著許多危險,因此本研究整理了七種NFC相關的攻擊行為與威脅,其中有六種安全議題尚待解決。   我們發現NFC三種模式當中,唯獨點對點模式具備安全通訊標準,而「卡片模擬模式」與「讀取∕寫入模式」則仰賴於使用者自行設計安全機制,故本研究使用Diffie-Hellman金鑰交換法與橢圓曲線密碼系統,針對「卡片模擬模式」提出一套NFC電子錢包的安全通訊機制,並透過安全性分析來證明我們的方法滿足五點安全需求,達到「交易資料的機密性」、「資料的一致性」、「不可觀察性」、「不可連結性」、「可追蹤性」,因此所提出的方法具有相當程度的安全性。   在未來的研究中,可加強手機內部安全元件對於應用程式的身分辯識程度,防止非法程式癱瘓手機晶片卡功能,也須針對NFC標籤內容的正確性著手,藉此防範惡意程式碼滲入手機,侵犯使用者隱私。
其他識別: U0005-2811201416185666
文章公開時間: 2014-08-31
Appears in Collections:資訊管理學系



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.