Certain resourceful and powered Internet of Things (IoT) can become victims to launch cyber attacks. Near field communication (NFC) can be used for their secure on-demand access. In this paper, we present a novel framework for the NFC secure element (SE)-based mutual authentication and attestation for IoT access with a user device such as a mobile device using NFC-based Host Card Emulation (HCE) mode for the first time. HCE is robust as compared to the other NFC modes. A cloud-based Trusted Certified Authority (TCA) manages all cryptographic credentials and stores them in the tamper-resistant SE and Trusted Platform Module (TPM)-based attestation modules on the devices. It uses a newly proposed NFC SE-based mutual authentication and attestation (NSE-AA) protocol for proof-of-locality, end-to-end anonymous mutual authentication between the SEs and an associated remote attestation for trust. The protocol is robust and lightweight as compared to the existing schemes. We provide its informal and formal security analysis using the Real-Or-Random (ROR) model. A simulation on the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool proves its safety. We also briefly present the details of a prototype with a commercial mid-range priced mobile device and Single Board Computer (SBC)-based IoT device.
Read full abstract