基于假名的NFC安全支付认证协议  被引量：1

作　　者：赵兴文 段懿入 Zhao Xingwen;Duan Yiru(School of Cyber Engineering,Xidian University,Xi'an 710119)

机构地区：[1]西安电子科技大学网络与信息安全学院,西安710119

出　　处：《信息安全研究》2022年第12期1178-1186,共9页Journal of Information Security Research

基　　金：国家自然科学基金项目(61732022)。

摘　　要：近场通信(near field communication, NFC)是基于ISO/IEC 18092标准的一种工作距离小于10 cm的非接触通信技术.如今,NFC由于其可用性和易用性,吸引了大多数智能手机厂商和行业的关注,并在电子商务领域得到了广泛的应用.为了保证通信的安全,在过去的几年里,许多研究者都致力于解决NFC环境中存在的安全威胁.这些研究导致了NFC安全标准(NFC-SEC)的引入,然而,该标准并没有为用户提供隐私保护.最近,有研究者先后提出了基于假名的NFC认证和密钥协商协议,分别声称所提出的解决方案符合安全要求.但是,之前的协议仍然存在安全缺陷,如无法抵御内部特权攻击.基于此提出了一种基于假名的安全认证协议,并证明了该协议的安全性.在提出的方案中,用户生成自己的密钥,由第三方通过零知识证明方案进行验证,并据此生成假名,通过该假名完成密钥协商.Near field communication(NFC) is a contactless communication technology based on ISO/IEC 18092 with a working distance of less than 10 cm. Nowadays, NFC has attracted the attention of most smart phone manufacturers and industries due to its usability and ease of use, and has been widely used in the field of e-commerce. In order to ensure the security of their communications, in the past few years, many researchers have focused on solving the security threats existing in NFC environments. In this regard, these studies have led to the introduction of the NFC Security standard(NFC-SEC), which, however, does not provide users with privacy protection. Recently, some researchers have successively proposed pseudonymity-based NFC authentication and key agreement protocols, claiming that the proposed solutions meet the security requirements. However, the previous protocol still had security flaws, such as an inability to defend against insider privilege attacks. Based on this, a security authentication protocol based on pseudonymity is proposed, and the security of the protocol is proved. In the proposed scheme, the user generates his own key, which is verified by a third party through a zero-knowledge proof scheme, and generates a pseudonym accordingly, through which the key negotiation is completed.

关 键 词：近场通信 隐私保护 安全认证 电子商务 零知识证明 

分 类 号：TP309.2[自动化与计算机技术—计算机系统结构]