According to the International Telecommunication Union, there are around six billion mobile phone subscriptions in the world today, almost one subscription for every person. These devices are becoming more popular and useful every day, with constant enhancements adding to the vast array of functionality currently on offer. One of the most exciting developments is the introduction of Near Field Communication (NFC), which enables smartphones to quickly and securely communicate with other phones and unpowered devices. While wireless communication has been around for a long time in mobile phone terms, it is the ability for NFC enabled smartphones to communicate without power or manual authentication that opens a range of exciting opportunities. NFC allows users to send data between active and passive NFC enabled devices, with at least one active device required for communication to be initiated. Active devices require power and are able to both send and receive information.
Passive devices simply provide information but do not require power to operate. Smartphones can act as passive devices, in performing verification, or they can be active devices by reading information from sources such as a tag in a promotional poster. Smartphones are also capable of exchanging information with other active devices, including another NFC enabled phone. In this project, we propose to create a smartphone authentication system for data sensitive areas where mobile devices are generally prohibited. In this system, we have an RFID tag reader which will be used to collect the smartphone’s information. The application will have a companion website to authenticate requests and maintain and generate logs and reports. The challenge-response authentication procedure between the phone and the server will happen over an encrypted communication link. For encryption of mobile data, various encryption techniques will be evaluated and an appropriate method will be chosen. The web application then validates and evaluates the data received from the reader against that which is stored in the database and accordingly approves or denies the smartphone access inside the area.
Today there exists a myriad of different types of access control systems that use a smart card or mobile device as a key. The mobile device enabled smart locks, as they are often referred to, operate using either Wi‑Fi or Bluetooth. This project explores the use of a third emerging wireless technology called Near Field Communication (NFC). NFC technology is a relatively new technology that is on the rise and is included in almost every new mobile device. Using a NFC enabled mobile device, a highly secure access control system was developed for a data sensitive region inorder to allow certain people who are high enough in the hierarchy to carry their devices inside such areas. Several different authentication protocols, mobile operating systems and NFC modes of operation where analyzed and evaluated, to ensure that the system was as secure as possible. Eventually the system was implemented using the Secure Remote Password authentication protocol on top of a NFC card emulation scheme with the client application running on the Android operating system.
The final system was a secure and responsive system that would be easy to deploy in many different situations. This project shows that NFC enables a mobile device to act as a key in a secure access control system for data sensitive regions as such places deal with classified information crucial to national security. Aim And ObjectivesProblem Statement In strategic prohibited areas, no electronic devices are allowed beyond a certain point. This is to ensure security and confidentiality of data as such places deal with classified information crucial to national security. However, with changing times, smartphones have become a necessity as a lot of the office work can take place over it, you can prepare presentations, read reports, check emails etc.
But due to security constraint any personal phones cannot be brought inside the premises, the only organisation provided sanitised phones must be brought inside. To check this presently only a manual system is in place. To have a more reliable, accurate mechanism to verify the device, IMEI number has to be verified every time it is brought in. To read the IMEI no. by pressing few key combinations is cumbersome and time-consuming. To make it easy yet reliable NFC is used to get its IMEI no. The strength of NFC technology arises from its ease of use by triggering the communication just with a simple touch in a short distance, and terminating the communication immediately as the devices detach. However, NFC by itself poses risks of eavesdropping, man in the middle attack, replay attack, etc. So our proposed system intends to incorporate the features of NFC to build a secure mechanism to read the mobile details for such strategic prohibited areas.
Scope The scope of the project is that will authenticate smartphones inside the strategic prohibited areas. It will be a real-time application wherein the employee details (Name and Employee No) will be already stored in the system along with IMEI no. of the smartphone. The authentication process begins when the user taps the NFC-enabled phone on the RFID tag and the system will send an alert whether the device is to be permitted or not. The system will also prevent some of the external attacks thus making it more secure. Framework and Authentication Protocols for Smartphone, NFC, and RFID Authors: Pascal Urien, Selwyn Piramuthu Year: 2013 Summary: Suggested public key infrastructure options: 1. RSA 2. Diffie-Hellman (DH) or Digital Signature Algorithm (DSA) 3. Elliptic Curve that could be either Elliptic Curve Diffie-Hellman (ECDH) or Elliptic Curve Digital Signature Algorithm (ECDSA). The smartphone sign-in protocol proposed in the paper is useful for authentication process that will be implemented in our project.
