The Theoretical And Application Study Of Near Field Communication Offline Security Protocols

When enjoying the mobile internet of "everybody can participate", we are experiencing the changes brought about by the near field communication technology. By using the carrier of contactless smart card and RFID tag, the near field communication technology makes the "anytime, anywhere, and portable" offline mobile e-commerce possible. The key problem of the offline mobile e-commerce is how to ensure the information interaction more secure and more reliable based on the carrier with limited computing capacity and storage space. While in the near field communication environment, the portable hardware, the offline back-end systems and the interaction at the scene put forward a higher request to the offline security protocol design. As a result, the research of the offline security protocol in the near field communications environment faces many new challenges that have not seen in the traditional security protocol research. In order to improve security and balance conflicts of the reliability, security, and efficient, this paper conducts the studies of the offline security protocols in near field communication environment from the aspects of anonymity, fairness and scalability.The main contributions of the dissertation are as follows:(1) Aiming at the conflict of the storage cost and the anonymity, and the problem of replay attack, we propose a lightweight semi-anonymous offline near field payment protocol, which supports both the customers and the merchants being offline. It makes the offline payment possible by the initialization of the mobile network operator. The way of combining the long-term keys and the session keys enhances the security of the protocol and reduces the cost of the key management. By randomizing the identification information, the protocol can make the customer being anonymous in normal payment but non-repudiation in disputable transactions. Moreover, the scheme can resist the replay attack by the one-time pad mechanism of the session key while keeping the smart card’s computation cost low.(2) Secondly, basing on the improved concurrent signature algorithm, we propose a fair semi-anonymous non-contact offline payment protocol to solve the problem of anti-pull in near field communication environment and breakthrough the digital commodity limit of the previous proposal. The protocol is not only semi-anonymous but also fair for both the customer and the merchant. The offline payment protocol only needs two interactions without a third party. The user’s identity confirmation in controversial transactions can be dealt by the MNO without a third party’s supervision.(3) From the aspect of scalability, we propose an improved scalable RFID ownership transfer protocol, LSDARP, to address the conflict between storage costs and update frequency, and the weakness against desynchronizing attack in the existing RFID ownership transfer protocol. By using a sliding window mechanism, the new scheme stores only the tag’s old and new adjacent eigenvalues to reduce storage cost and avoids search efficiency degeneration when the eigenvalues are used up. It can also resynchronize when suffering continuous desynchronizing attacks. A comparative analysis shows that LSDARP performs better in storage cost, computational complexity, forward security, desynchronizing attack resistance and tag-killing resistance.(4) One of the key problems in the back-end server dependent RFID system is the heavy peak load and strong dependency upon the network. To further enhance the scalability of the RFID security protocols in the near field communication environment, we propose a scalable off-line authentication and controlled delegation protocol for EPC C1G2tags, SOACDP. SOACDP is scalable for off-line authentication by using the group keys with group identifications as indexes, which avoid the reader’s searching and matching the tag eigenvalues. In addition, SOACDP supports the repeat and recovery of the off-line delegation which makes the off-line authentication flexible while controlled. Security analysis shows that SOACDP is privacy secure and resistant to various attacks. Performance evaluation illustrates that SOACDP uses much less storage on the readers and requires fewer resources in terms of searching and computing.