Authentication Issues in Near Field Communication and RFID

Near field Communication is a short-range wireless technology based on RFID standard ISO 18092, ISO 14443 and ISO 15693. This means, it provided compatibility with the millions of contactless smartcards and RFID scanners that already exist worldwide. NFC is now available on the phones and this integration has resulted in a sharp rise in its utility. An NFC- enable cell phone acts as an RFID reader to read compatible RFID tags (NFC tags), such as smart posters. The same cell phone can also be used as an NFC tag storing relevant data. In this case, a cell phone transforms into a digital wallet storing bank cards (money), vouchers, loyalties card, etc., at a secure place "Secure Element". Abuse of NFC technology is also on sharp rise because of large numbers of users and inadequate security standards. This thesis looks at security issues of NFC and RFID and provides mechanisms to improve the security features. NFC Forum (an association for developing NFC standards) released the signature specification in 2010 describing the rules to digitally sign the NFC tag's contents. A part of the thesis covers the security related issues of the signature specification. Later in the thesis, a new specification for authenticating an NFC tag is proposed, including a framwork of its implementation in a supply chain in order t detect counterfeit products. The thesis also includes a framework for NFC mobile wallet, where the Secure Element in the cell phone is only used for customer authentication and the banking credentials are stored in a cloud. At the end of the thesis, security analysis of an authentication protocol for low-cost RFID tags is described with multiple attacks resulting in full disclosure of secret keys.