Secure and Lightweight Authentication Protocol for NFC Tag Based Services

Near Field Communication(NFC) technology is one of the most promising technologies in the field of mobile application services recently. The integration of NFC technology and smart mobile device (e.g., smart phones, tablet PC and etc.) stimulates the daily increasing popularity of NFC-based mobile applications which having proliferated in the mobile society. However, this proliferation of NFC-based mobile services in a mobile environment can cause another security threat in the field of mobile application services. Recently, mobile phishing and smishing are one of the most serious security issues in the mobile application services. And, the NFC tag-based mobile services (i.e. NFC tag based services) also have the same problem because an NFC tag have security vulnerabilities. Actually, NFC-enabled device can communicate with NFC tag using specified data format, be called NFC Data Exchange Format(NDEF). The NDEF message is composed one or more NDEF records such as text, URI, Smart post(text and URL) and so on. Therefore, if an attacker overwrite the NDEF message in a tag or replace a NFC tag with hacked tag, they might deliver a mobile malware to an NFC-enabled device. In this paper, a secure and lightweight authentication protocols for NFC tag based services is proposed which effectively achieves security with preventing spoofing, DoS, data modification and phishing attack. And, this authentication protocols are also requires less memory storage and computational power for low-cost NFC tags.