- ALL COMPUTER, ELECTRONICS AND MECHANICAL COURSES AVAILABLE…. PROJECT GUIDANCE SINCE 2004. FOR FURTHER DETAILS CALL 9443117328
Projects > ELECTRONICS > 2018 > IEEE > COMMUNICATION
Nowadays, Near Field Communication (NFC) has been widely used in electronic payment, ticketing and many other areas. NFC security standard requires the use of Public Key Infrastructure (PKI) to implement mutual authentication and session keys negotiation in order to ensure communication security. In traditional PKI-based schemes, every user uses a fixed public/private key pair to implement authentication and key agreement. An attacker can create a profile based on user’s public key to track and compromise the user’s privacy. Recently, He et al. and Odelu et al. successively proposed pseudonym-based authentication key and agreement protocols for NFC after Eun et al.’s protocol (2013), which is first claimed to provide conditional privacy for NFC. They respectively claimed that their scheme can satisfy the security requirements. In this paper, first, we prove that their protocols still have security flaws, including the confusion of the user’s identity and the random identity. Then, we propose a pseudonym-based secure authentication protocol (PSAP) for NFC applications, which is effective in lifetime and includes time synchronization based method and nonce based method. In our scheme, Trusted Service Manager (TSM) issues pseudonyms but does not need to maintain verification tables and it could reveal the user’s identity of internal attackers. Furthermore, security and performance analysis proves that PSAP can provide traceability and more secure features with a little more cost.
Elliptic Curves Diffie-Hellman (ECDH), Advanced Encryption Standard (AES) algorithm
The main contributions of this paper can be summarized as follows: 1) We analyze the security of two currently proposed NFC protocols and propose a secure authentication and key agreement mechanism for preserving privacy in NFC with two variants respectively based time-synchronization and nonce. 2) PSAP provides an efficient tracing mechanism, which can further reveal the identity of malicious users, to defend against internal attacks. 3) The Trusted Service Manager (TSM) does not need to store users’ identities and private keys, which reduces the risk of leaking users’ confidential information stored on TSM.
