A Method of Identity Authentication Based on Zero Knowledge Proof in HCE Mode

doi:10.3969/j.issn.1671-1122.2017.06.011

Abstract

Abstract: Mobile phones with NFC (near field communication) function are being popularized in recent years, and the HCE (host-based card emulation) mode greatly facilitates the development and the use of NFC applications. There are also more and more related applications using NFC function. In the HCE mode, because of the lack of local SE modules, the security of data and the reliability of identity authentication are deeply questioned. This paper proposes an identity authentication method in the HCE mode based on the zero-knowledge proof theory, which reduces the possibility of eavesdropping, duplication and cracking in the process of information transmission. By hiding the identity documents retained locally, the security of the local data is handled better. In untrusted network environments and on local devices with less security, more reliable identity authentication is achieved.

Key words: NFC, HCE, zero knowledge proof, identity authentication

CLC Number:

TP393

LIU Chuanbao, CHEN Mingzhi, LIN Weining, FENG Yingyan. A Method of Identity Authentication Based on Zero Knowledge Proof in HCE Mode[J]. 信息网络安全, 2017, 17(6): 68-74.

References

[1] Frost & Sullivan. Promised Market for NFC Effectively Commences in 2011 with Commercial Roll out within All Verticals[EB/OL].http://www.frost.com/prod/servlet/press-release.pag?docid=223107191,2011-1-31.
[2] 腾讯科技.In-Stat：2015年NFC芯片出货量将超12亿[EB/OL].http://tech.qq.com/a/20111025/000145.htm,2011-10-25.
[3] 蒋欣辰. 基于Android平台的NFC服务框架的设计与实现[D]. 成都：电子科技大学, 2014.
[4] 熊良林. 基于Android手机NFC应用系统的开发[D]. 广州：华南理工大学, 2014.
[5] POURGHOMI P. Managing Near Field Communication (NFC) Payment Applications through Cloud Computing[EB/OL].https://core.ac.uk/download/pdf/20443918.pdf,2017-4-20.
[6] Ecma International.Near Field Communication Interface and Protocol (NFCIP-1)[EB/OL]．http://read.pudn.com/downloads134/doc/comm/572238/NFC%D0%AD%D2%E9%BC%B0%B2%E2%CA%D4%B7%BD%B7%A8/Ecma-340_Near%20Field%20Communication%20Interface%20and%20Protocol%20(NFCIP-1).pdf,2004-12-14.
[7] LEPOJEVIC B, PAVLOVIC B, RADULOVIC A. Implementing NFC Service Security - SE VS TEE VS HCE[EB/OL].https://www.researchgate.net/publication/263506976_Implementing_NFC_service_security_-_SE_VS_TEE_VS_HCE,2017-4-20.
[8] 电子产品世界.英国一NFC研究成功截取无接触支付传输信号[EB/OL].http://www.eepw.com.cn/article/198091.htm,2013-12-2.
[9] 子阳.NFC移动支付专家：HCE安全仅有Tokenization还不够[EB/OL].http://news.rfidworld.com.cn/2015_03/f386405e34605df6.html,2015-3-13.
[10] 张玉婷,严承华. 一种基于双向认证协议的RFID标签认证技术研究[J]. 信息网络安全,2016（1）：64-69.
[11] MADLMAYR G, KANTNER C, GRECHENIG T. Near Field Communication[J]. Pervasive Computing IEEE, 2014, 4(2):4-7.
[12] DERAWI M O, MCCALLUM S,WITTE H, et al. Biometric Access Control Using Near Field Communication and Smart Phones[C]//IEEE.Iapr International Conference on Biometrics,March 29 -April 1, 2012. New Delhi, India.NJ:IEEE, 2012:490-497.
[13] 张博. HCE技术在移动支付中的应用研究[D].西安：西安电子科技大学,2014.
[14] 杨婷. 基于Android和NFC技术的校园一卡通的关键技术研究[D].北京：北京邮电大学, 2015.
[15] CHEN W D, MAYES K E, LIEN Y H, et al. NFC Mobile Payment with Citizen Digital Certificate[C]//IEEE. The 2nd International Conference on Next Generation Information Technology,June 21-23, 2011.Gyeongju, South Korea.NJ: IEEE, 2011:120-126.
[16] COSKUN V, OZDENIZCI B, OK K. A Survey on Near Field Communication (NFC) Technology[J]. Wireless Personal Communications, 2013, 71(3):2259-2294.
[17] ALATTAR M, ACHEMLAL M. Host-Based Card Emulation: Development, Security, and Ecosystem Impact Analysis[C]//IEEE. High Performance Computing and Communications, 2014 IEEE, Intl Symp on Cyberspace Safety and Security, 2014 IEEE, Intl Conf on Embedded Software and Syst, August 20-22, 2014.Paris, France.NJ:IEEE, 2014:506 - 509.
[18] 张涛,裴蓓,文伟平,等. 一种安卓平台下提权攻击检测系统的设计与实现[J]. 信息网络安全,2016（2）：15-21.
[19] 罗勤文. NFC移动支付管理系统的设计与实现[D]. 北京：北京邮电大学, 2015.
[20] ARFAOUI G, GHAROUT S, LALANDE J F, et al. Practical and Privacy-Preserving TEE Migration[A]// Information Security Theory and Practice[M].New York:Springer International Publishing, 2015:153-168.
[21] 罗净. 基于智能终端可信操作系统的安全支付研究与实现[D].成都：电子科技大学, 2014.
[22] BLUM M, FELDMAN P, MICALI S. Non-Interactive Zero-Knowledge and Its Applications[C]//ACM.STOC '88 Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing,May 2 - 4, 1988.Chicago, Illinois, USA. New York:ACM, 1988:103-112.
[23] FIEGE U, FIAT A,SHAMIR A. Zero Knowledge Proofs of Identity[J]. Journal of Cryptology, 1988, 1(2):77-94.
[24] SCHNORR C P. Efficient Signature Generation by Smart Cards[J]. Journal of Cryptology, 1991, 4(3):161-174.
[25] 王坤, 周清雷. 新物联网下的RFID双向认证协议[J]. 小型微型计算机系统, 2015, 36(4):732-738.
[26] CHA B, KIM J. Design of NFC Based Micro-payment to Support MD Authentication and Privacy for Trade Safety in NFC Applications[C]//IEEE.2013 Seventh International Conference on Complex, Intelligent, and Software Intensive Systems (CISIS),July 3-5, 2013.Taichung, China.NJ:IEEE, 2013:710-713.
[27] 马庆,郭亚军,曾庆江,等. 一种新的超轻量级RFID双向认证协议[J]. 信息网络安全,2016（5）：44-50.
[28] SYAMSUDDIN I, DILLON T, CHANG E, et al. A Survey of RFID Authentication Protocols Based on Hash-Chain Method[C]//IEEE.International Conference on Convergence and Hybrid Information Technology, November 11-13,2008. Busan, South Korea .NJ:IEEE, 2008:559-564.
[29] Martínez S, VALLS M, ROIG C, et al. A Secure Elliptic Curve-based RFID Protocol[J]. Journal of Computer Science and Technology, 2009, 24(2):309-318.