NFC-Enabled Systems Integrated OTP Security Authentication Design

Abstract

With smart phones, such as Apple iPhones and Android phones, growing in popularity, smart phones that have NFC-enabled are also a growing trend. We believe that it will become one of the major electronic money for daily business consumption in the future. However, the stability and security of the data transaction will be more important for the demand of business applications. In the existing solutions, we have yet found an effective way to completely prevent forgery and attack on NFC-enabled tags. In this paper, we analyze the security problem of radio frequency identification (RFID) authentication and propose security authentication for RFID tags based on a one-time password (OTP) authentication method. By the way of OTP authentication, we can improve the security of the RFID tag authentication. It can identify the authorized RFID Tag by an additional OTP authentication. If an attacker uses eavesdropping to clone a RFID tag, the cloned one can be identified by OTP authentication. We use RFC-6238 Time-Based One-Time password (TOTP) algorithm which is based on HMAC-SHA1 algorithm to enhance the authentication mechanism of RFID security. And we also use the computing power of the NFC-enabled smart phone to generate TOTP by OTP generator which is designed in this paper. The TOTP can be repeated and the security written to the tag. Through using RADIUS AAA authentication technology, manufacturers can easily apply this technology to the existing RFID system. It is easily provided to users to use the roaming function between the different service providers, as long as they are using the same frequency and standard of RFID technology.