Secure data transmission between an NFC tag and an NFC enabled smartphone

Table of Contents

1. Introduction

2. Background

2.1 Near Field Communication

2.1.1 Tag Reader/Writer Mode

2.1.2 Peer to Peer Mode

2.1.3 Card Emulation Mode

2.2 NFC tags

2.2.1 Tag types

2.3 NFC Data Exchange Format (NDEF)

2.4 Reading NDEF data from an NFC tag

2.5 Cryptography

2.5.1 Symmetric Key Cryptography

2.5.2 Public Key Cryptography

2.6 Artificial Neural Network (ANN)

2.7 Category Classifier

3. NFC Security Threats

3.1 Exposure to Adult/Objectionable content

3.2 Phishing

3.3 Automated malware download and malicious web pages

3.4 Eavesdropping

3.5 Data Corruption

3.6 Data Modification

4. Counter-Measures

4.1 Exposure to Adult/Objectionable content

4.2 Phishing

4.3 Automated malware downloads and malicious websites

5. Proposed Security Model

5.1 Components

5.2 User Sign-Up

5.3 Working

5.3.1 Personalised Security List

5.3.2 Data Uploading

5.3.3 Data Retrieval

5.4 Anonymity

6. Conclusion and Future Work

6.1 Conclusion

6.2 Future work

Objectives and Research Themes

This thesis aims to develop a robust security model for NFC-enabled smartphones to protect users from malicious data scanned from NFC tags. The research focuses on mitigating specific security threats—such as phishing, unauthorized exposure to adult content, and automated malware delivery—without compromising the inherent high-speed transmission performance of NFC technology.

• Implementation of Artificial Neural Networks (ANN) for real-time threat detection and URL classification.
• Development of a user-centric "Personalised Security List" for customizable white-listing and black-listing.
• Methods for ensuring user anonymity and confidentiality via unique ID (UID) generation and encrypted data storage.
• Evaluation of counter-measures against common NFC vulnerabilities like eavesdropping, data corruption, and data modification.

Excerpt from the Book

Summary of Chapters

Chapter 1: Introduction: Outlines the primary goal of the thesis, which is to implement security checks for NFC tag data without reducing transmission speed, and provides a brief structure of the remaining report.

Chapter 2: Background: Introduces the fundamental concepts of NFC technology, communication modes, tag types, NDEF data formats, cryptographic principles, and the role of Artificial Neural Networks (ANN) and category classifiers.

Chapter 3: NFC Security Threats: Details various attack vectors targeting NFC, including exposure to objectionable content, phishing, automated malware downloads, eavesdropping, data corruption, and unauthorized data modification.

Chapter 4: Counter-Measures: Explores strategies to neutralize threats, specifically utilizing ANN training techniques to classify web content as infectious or non-infectious based on page features and URL structures.

Chapter 5: Proposed Security Model: Presents the core architecture of the proposed security solution, including component integration, user sign-up procedures via UID generation, data uploading/retrieval mechanisms, and anonymity protection.

Chapter 6: Conclusion and Future Work: Summarizes the findings regarding the effectiveness of the proposed ANN-based model and discusses potential future optimizations, such as prioritizing detection algorithms to reduce processing time.

Keywords

NFC Technology, Security Model, Artificial Neural Network, Phishing, Malware, Data Confidentiality, User Anonymity, NDEF, Cryptography, NFC Tags, URL Classification, Personalised Security List, Data Integrity, Threat Detection, Smart Posters

Frequently Asked Questions

What is the core focus of this research?

The work focuses on enhancing the security of Near Field Communication (NFC) environments by implementing a model that filters data scanned from NFC tags to protect users from malicious web content and phishing attempts.

What are the primary security threats addressed in the work?

The thesis specifically addresses the risks of users being directed to adult or objectionable content, phishing websites, and pages that trigger automated malware downloads.

What is the main goal or research question?

The primary goal is to implement security checks on NFC-scanned data before it is handled by the user's browser, ensuring that these security measures do not decrease the high data transmission speed of NFC.

Which scientific methods are employed?

The author employs Artificial Neural Networks (ANN) for threat classification and training, along with cryptographic methods like unique ID (UID) generation, One-Way functions, and SSL-based encrypted data transmission.

What does the main body of the work cover?

It provides an overview of NFC technology, an analysis of common NFC-related vulnerabilities, a review of existing counter-measures, and the detailed architecture and working steps of a novel security model.

Which keywords best describe this study?

Key terms include NFC Technology, ANN, Phishing, Security Model, Data Confidentiality, and User Anonymity.

How does the UID generator prevent unauthorized tracking?

The UID generator functions as a One-Way function; it is computationally easy to compute the UID from user credentials but nearly impossible to reverse the process to reveal the original identity, ensuring anonymity.

How does the "Personalised Security List" improve efficiency?

Instead of storing individual URLs, the model classifies and stores categories in a personal list. This approach drastically reduces memory usage and speeds up the verification process when a user scans a tag.

Why is a "two-stage classification model" used for malware detection?

This approach uses static feature extraction to quickly identify clearly harmless or harmful URLs, only passing suspicious links to a more resource-intensive run-time feature monitor, thus balancing security and performance.