臺灣博碩士論文加值系統

NFC (Near Field Communication，近場通訊)，其為RFID (Radio Frequency Identification) 技術的延伸，電子裝置透過此技術可以簡單快速地在近距離內相互連結並傳遞資料。NFC具有短距離傳輸的原生安全性及相當直覺的操作方式。因此，該技術被廣泛的應用在門禁管理、票券服務、電子付款、裝置配對等應用上。然而隨著NFC應用的普及和使用上的需求，安全性的議題便成為了重要的考量。尤其是針對於沒有處理器能夠執行加密機制來建立安全通道的Passive Tag而言，目前都沒有很完善的機制保護使用者的資料不被竊取。

因此，在本研究中，提出一個防止越權存取的加密機制，透過對稱式加密演算法來保護NFC Tag中的個人資料，並藉由非對稱式加密演算法的特性達到金鑰交換 (Key Exchange) 的目的，藉此擴大NFC Tag應用的範疇。經由具有NFC功能的Android智慧型手機實作加解密功能，將NFC Tag上所載有的明文資料透過加密演算法處理後，再將加密後的密文寫回NFC Tag中。因此若有惡意的攻擊者想使用非法的讀取裝置 (Reader) 對NFC進行越權存取時，將會得到無法辨識的資訊，藉以保護使用者的個人資料安全。

經由實測數據得知，在現今的NFC智慧型手機上對NFC Tag中700個位元組的個人資料進行金鑰長度256位元的AES (Advanced Encryption Standard) 加解密動作，僅需約20ms的時間內即可完成資料的加解密。而實測RSA演算法得知，使用2048位元的金鑰對32個位元組( 256位元)的AES Key進行加解密動作，約在140ms內即可完成。並且，透過壓縮技術 (Huffman Coding)，可將存放在NFC Tag中700個位元組的個人資料壓縮至400個位元組左右。藉此減少NFC Tag中42%的記憶體空間佔用，並減少約400ms的存取時間。

NFC (Near Field Communication) refers to a standards-based connectivity technology, is an extension of existing RFID (Radio Frequency Identification) standards. NFC technology provides wireless connectivity in close proximity, enabling communication and data transfer between electronic devices. Given the inherent security of transmission over short distances and its fairly intuitive operation, NFC technology is extensively used in access control, ticketing, electronic payment and device pairing.

With increasing use of NFC applications, security issues have become more serious. In particular, the “Passive Tag” has no CPU to establish a secure channel by performing encryption. Currently, no significant mechanisms for protecting sensitive data stored in tags.

This study, a security mechanism is proposed for preventing unauthorized access. Encryption and decryption functions are implemented on an Android smartphone application to store encrypted data in NFC tags. Malicious attackers see only unreadable and unrecognizable “Cipher text” from NFC tags when gain unauthorized access. Therefore, the proposed security mechanism can be used to secure personal data in NFC tags.

Measurements made using a currently available Android smart phone reveal that, 700bytes of data can be encrypted/decrypted by AES Encryption in less than 20ms, and that 32bytes of data can be encrypted/decrypted by RSA encryption/decryption in less than 140ms. The data can be compressed using Huffman coding before they are stored in NFC Tags. 700bytes of uncompressed data can be compressed to 400bytes. The time for Tag access is also reduced.

摘要 III
Abstract V
致謝 VII
圖目錄 X
表目錄 XII
第一章 緒論 1
1.1研究動機 1
1.2研究貢獻 3
1.3論文架構 4
第二章 文獻探討與背景知識 5
2.1 NFC技術發展與應用 5
2.1.1近場通訊 (Near Field Communication, NFC) 5
2.1.2 NFC的應用 8
2.2 NFC安全議題 9
2.2.1 Signature Record Type Definition 10
2.2.2 MIFARE 11
2.2.3 Passive Tag 13
2.3對稱式與非對稱式加密系統 14
2.3.1 對稱式加密 (Symmetric Encryption) 14
2.3.2 非對稱式加密 (Asymmetric Encryption) 16
2.4 Android 應用程式開發環境 18
2.4.1 Android SDK (Software Development Kit ) 19
2.4.2 Eclipse 21
2.4.3 ADT (Android Development Tools) Plugin 22
2.4.4 JDK 22
2.4.5 Android Software Stack 23
第三章 應用情境及假設 25
3.1應用情境 25
3.2解決方案 27
第四章 系統架構及開發環境 31
4.1系統架構 31
4.2系統功能 33
4.2.1一般使用者 34
4.2.2醫療救護人員 35
4.2.3系統維護人員 36
第五章 系統實作及驗證 37
5.1研究環境 37
5.2一般使用者功能驗證 39
5.3醫療救護人員功能驗證 45
5.4系統維護人員 50
5.5加解密所需時間分析 53
5.6加密所產生的資料長度增加 57
5.7存取NFC Tag所需時間分析 59
5.8資料壓縮 60
第六章 結論與未來研究方向 62
參考文獻 64

[1]K. Ok, V. Coskun, M.N. Aydin and B. Ozdenizci, “Current benefits and future directions of NFC services,” Proceedings of the International Conference on Education and Management Technology, pp.334-338, 2010.
[2]ISO/IEC 14443, “Identification cards - Contactless integrated circuit cards Proximity cards”.
[3]ISO/IEC 18092 (ECMA-340), “Information technology - Telecommunications and information exchange between systems - Near Field Communication - Interface and Protocol (NFCIP-1)”.
[4]J.J. Antonio, M.A. Zamora and A.F.G Skarmeta, “Secure use of NFC in medical environments,” Proceedings of the 5th European Workshop on RFID Systems and Technologies, pp.1-8, 2009.
[5]W.D. Chen, K.E. Mayes, Y.H. Lien and J.H. Chiu, “NFC mobile payment with Citizen Digital Certificate,” Proceedings of the 2nd International Conference on Next Generation Information Technology, pp.120-126, 2011.
[6]S.M. Nasution, E.M. Husni, A.I. Wuryandari, “Prototype of train ticketing application using Near Field Communication (NFC) technology on Android device,” Proceedings of the International Conference on System Engineering and Technology, pp.1-6, 2012.
[7]NFCForum, “Bluetooth Secure Simple Pairing Using NFC - Application Document - NFCForum-AD-BTSSP_1.0,” 2011.
[8]H. Zhang and J. Li,“NFC in medical applications with wireless sensors,” Proceedings of the International Conference on Electrical and Control Engineering, pp.718-721, 2011.
[9]A. Matos, D. Romao and P. Trezentos, “Secure hotspot authentication through a Near Field Communication side-channel,” Proceedings of the IEEE 8th International Conference on Wireless and Mobile Computing, Networking and Communications, pp. 807-814, 2012.
[10]H. Eun, H. Lee and H. Oh, “Conditional privacy preserving security protocol for NFC applications,” IEEE Transactions on Consumer Electronics, Vol. 59, No. 1, pp.153 – 160, 2013.
[11]E. Haselsteiner and K. Breitfus, “Security in Near Field Communication (NFC),” Proceedings of the Workshop on RFID Security, 2006.
[12]T.W.C. Brown, T. Diakos and J.A. Briffa, “Evaluating the eavesdropping range of varying magnetic field strengths in NFC standards,” Proceedings of 7th European Conference on Antennas and Propagation, pp.3525-3528, 2013.
[13]NFCForum, “NFC Data Exchange Format (NDEF) - Technical Specification - NFCForum-TS-NDEF_1.0,” 2006.
[14]NFCForum, “Signature Record Type Definition - Technical Specification - NFCForum-TS-Signature_RTD-1.0,” 2010.
[15]M. Roland and J. Langer, “Digital Signature Records for the NFC Data Exchange Format,” Proceedings of the Second International Workshop on Near Field Communication, pp.71-76, 2010.
[16]M.Q. Saeed and C.D. Walter, “Off-line NFC Tag Authentication,” Proceedings of the International Conference for Internet Technology and Secured Transactions, pp.730- 735, 2012.
[17]T. Korak and L.Wilfinger, “Handling the NDEF signature record type in a secure manner,” Proceedings of the IEEE International Conference on RFID-Technologies and Applications, pp.107-112, 2012.
[18]M. Roland, J. Langer and J. Scharinger, “Security Vulnerabilities of the NDEF Signature Record Type,” Proceedings of the 3rd International Workshop on Digital Near Field Communication, pp.65-70, 2011.
[19]M.Q. Saeed and C.D. Walter, “A Record Composition/Decomposition attack on the NDEF Signature Record Type Definition,” Proceedings of the International Conference for Internet Technology and Secured Transactions, pp.283-287, 2011.
[20]G. Koning Gans, J.-H. Hoepman and F. D. Garcia, “A practical attack on the mifare classic,” Proceedings of the 8th IFIP WG 8.8/11.2 International Conference on Smart Card Research and Advanced Applications, pp.267-282, 2008.
[21]C.C. Chen, I.T. Chen, C.M. Cheng, M.Y. Chih and J.R. Shih, “A Practical Experience with RFID Security,” Proceedings of the Tenth International Conference on Mobile Data Management: Services and Middleware, 2009. MDM '09, pp.395-396, 2009.
[22]J.J. Antonio, A.F. Alcolea, M.A. Zamora and A.F.G. Skarmeta, “Evaluation of the security capabilities on NFC-powered devices,” Proceedings of the European Workshop on Smart Objects: Systems, Technologies and Applications, pp.1-9, 2010.
[23]M. Hutter and R. Toegl, “A Trusted Platform Module for Near Field Communication,” Proceedings of the Fifth International Conference on Systems and Networks Communications, pp.136-141, 2010
[24]National Institute of Standards and Technology (NIST), “Federal Information Processing Standards Publication 46-3, DATA ENCRYPTION STANDARD (DES),” 1999.
[25]National Institute of Standards and Technology (NIST), “Federal Information Processing Standard Publication 197, the Advanced Encryption Standard (AES)”, 2001.
[26]R. Rivest, A Shamir and L. Aldeman, "A Methoed for Obtaining Digital Signatures and Public-key Cryptosystems," Proceedings of the Communications of the ACM, pp.120-126, 1978.
[27]S. Lee and J.W. Jeon, "Evaluating Performance of Android Platform Using Native C for Embedded Systems," Proceedings of the International Conference on Control Automation and Systems, pp.1160-1163, 2010.
[28]F. Khomh, Y. Hao and Y. Zou, "Adapting Linux for Mobile Platforms: An Empirical Study of Android," Proceedings of the International Conference on Software Maintenance, pp.629-632, 2012.
[29]M.Z. Bjelica, V. Zdravkovic, M. Punt and N. Teslic, "TV-Centric Gaming Applications for Android OS: Architecture and a Framework," Proceedings of the International Conference on Consumer Electronics, pp.667-668, 2013.
[30]NXP Semiconductors, “MIFARE Classic 1K - Mainstream contactless smart card IC, Product data sheet Rev.3.0,” 2011.

中文參考文獻

[31]陳映達，「高級到院前救護制度之評估研究-救護技術員與急診醫護人員出勤模式之成效差異」，國立台灣大學醫療機構管理研究所碩士論文。 2002年。