DOI QR코드

DOI QR Code

NFC 서비스 보안 위협 분석 및 대응방안 연구

A Study on Analysis and Countermeasure of Security threat in NFC

  • Kim, Hyung-Uk (School of Computer Science & Engineering, Soongsil University) ;
  • Kim, Hyung-joo (School of Computer Science & Engineering, Soongsil University) ;
  • Kang, Jung-ho (School of Computer Science & Engineering, Soongsil University) ;
  • Jun, Moon-seog (School of Computer Science & Engineering, Soongsil University)
  • 투고 : 2016.09.26
  • 심사 : 2016.12.20
  • 발행 : 2016.12.28

초록

최근들어 스마트폰에서 NFC 기능을 지원함에 따라 스마트폰을 정보의 송 수신을 위한 매개체로 활용하여 결제, 의료, 개인인증 등 다양한 분야에서 융 복합된 형태의 서비스로 NFC 서비스가 전개되고 있다. 또한 기존 서비스에 NFC 기술이 융합됨에 따라 기존 서비스 구조에서 찾아볼 수 없던 신규 사업자가 기존 서비스에서 취급되던 개인정보를 취급하거나 기존 사업자가 NFC 사업자로 전환됨에 따라 기존에 취급하던 개인정보 이외의 다양한 개인정보를 취급할 수 있다. 이러한 서비스적 배경 및 시대적 배경을 바탕으로 NFC서비스 환경을 구축하기 위해 보안위협 분석 및 대응방안을 마련하고자 한다.

Most recent trend reveals broader state of provision of NFC service as NFC technology was applied on smartphones which has become core communication tools by providing integrated services such as payment, medical, and personal authentication. Moreover, with integration of original service and NFC technology, new service providers now can handle personal information of original service or can handle other personal information with transition of previous service provider to NFC service provider. Considering current state of security industry along with NFC technology and service, we would like to analyze current stage of security threats and plan the counter strategies to create NFC service structure.

키워드

참고문헌

  1. Ernst Haselsteiner, Klemens BreitfuB, "Security in Near Field Communication (NFC)", Workshop on RFID Security RFIDSec, 2006.[1] ECMA International : "ECMA-089 NFC-SEC White paper," Dec 9, 2008
  2. GSMA, "mobile NFC echnical guidelines V2.0," 2007
  3. GSMA, "mobile NFC Service V1.0," 2007
  4. EU, "Privacy and Data Protection Impact Assessment Framework for RFID Application", 2011.1.12.
  5. ECMA International : "ECMA-089 NFC-SEC White paper," Dec 9, 2008
  6. ISO/IEC 14443-3:2011, Identification cards - Contactless integrated circuit cards - Proximity cards - Part 3: Initialization and anticollision
  7. ISO/IEC 14443-4:2008, Identification cards - Contactless integrated circuit cards - Proximity cards - Part 4: Transmission protocol
  8. ISO/IEC 15693-1:2010, Identification cards - Contactless integrated circuit cards - Vicinity cards - Part 1: Physical characteristics
  9. ISO/IEC 21481:2005, Information technology - Telecommunications and information exchange between systems - Near Field Communication Interface and Protocol 2 (NFCIP-2)
  10. ISO/IEC 13157-2:2010, Information technology - Telecommunications and information exchange between systems - NFC Security - Part 2: NFC-SEC cryptography standard using ECDH and AES
  11. NFC technology trends and certification, TTA Journal Vol.133, 2011
  12. Sun-Hee Lim, Jae-woo Jeon, Jung Imjin, Okyeon Yi, "Study on NFC Security Analysis and UICC Alternative Effect". J-KICS Vol36 No.1, 01.2011
  13. Ernst Haselsteiner and Klemens Breitfub, "Security in NFC", Workshop on RFID Security RFIDSec, 2006
  14. Gerhard P. Hancke, Markus G. kuhn, "An RFID Distance Bounding Protocol." Security and Privacy for Emerging Areas in Communications Networks, 2005.
  15. Collin Mulliner, "Vnlnerability Analysis and Attack on NFC-enabled Mobile Phones", International Conference on Availability, Reliability and Security, 2009.
  16. NFC Forum-TS-signature RTD-1.0, 2010-11-18
  17. C.H. Choi. "CPND ecosystem ICCT (Information, Communication, Contents Technology)." Journal of Digital Convergence. 12.3 (2014): 7-16. https://doi.org/10.14400/JDC.2014.12.3.7
  18. S.H. Won, and H.S. Yang. "Research and policy direction for the success of ICT-based company Fusion." Journal of Digital Convergence. 13.4 (2015): 39-50. https://doi.org/10.14400/JDC.2015.13.4.39
  19. J.H.Han, et al. "Effects of perceived usefulness and ease reliance on payment services and loyalty mall ." Journal of Digital Convergence 13.12 (2015): 75-87. https://doi.org/10.14400/JDC.2015.13.12.75
  20. Seong-Hoon Lee, "Actual Cases and Analysis of IT Convergence for Green IT", Journal of the Korea Convergence Society, Vol. 6, No. 6, pp. 147-152, 2015. https://doi.org/10.15207/JKCS.2015.6.6.147
  21. Seong-Hoon Lee, Dong-Woo Lee, "FinTech- Conversions of Finance Industry based on ICT", Journal of the Korea Convergence Society, Vol. 6, No. 3, pp. 97-102, 2015. https://doi.org/10.15207/JKCS.2015.6.3.097