{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T14:44:28Z","timestamp":1740149068120,"version":"3.37.3"},"reference-count":32,"publisher":"Wiley","license":[{"start":{"date-parts":[[2021,6,28]],"date-time":"2021-06-28T00:00:00Z","timestamp":1624838400000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100002858","name":"China Postdoctoral Science Foundation","doi-asserted-by":"publisher","award":["2019M650606","2017YFC1201204","3201012","328201909"],"award-info":[{"award-number":["2019M650606","2017YFC1201204","3201012","328201909"]}],"id":[{"id":"10.13039\/501100002858","id-type":"DOI","asserted-by":"publisher"}]},{"name":"National Key R&D Program of China","award":["2019M650606","2017YFC1201204","3201012","328201909"],"award-info":[{"award-number":["2019M650606","2017YFC1201204","3201012","328201909"]}]},{"name":"First-Class Discipline Construction Project of Beijing Electronic Science and Technology Institute","award":["2019M650606","2017YFC1201204","3201012","328201909"],"award-info":[{"award-number":["2019M650606","2017YFC1201204","3201012","328201909"]}]},{"DOI":"10.13039\/501100012226","name":"Fundamental Research Funds for the Central Universities","doi-asserted-by":"publisher","award":["2019M650606","2017YFC1201204","3201012","328201909"],"award-info":[{"award-number":["2019M650606","2017YFC1201204","3201012","328201909"]}],"id":[{"id":"10.13039\/501100012226","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security and Communication Networks"],"published-print":{"date-parts":[[2021,6,28]]},"abstract":"<jats:p>Near-field communication (NFC) is a set of communication protocols that enable two electronic devices. Its security and reliability are welcomed by mobile terminal manufactures, banks, telecom operators, and third-party payment platforms. Simultaneously, it has also drawn more and more attention from hackers and attackers, and NFC-enabled devices are facing increasing threats. To improve the security of the NFC technology, the paper studied the technology of discovering security vulnerabilities of NFC Data Exchange Format (NDEF), the most important data transmission protocol. In the paper, we proposed an algorithm, GTCT (General Test Case Construction and Test), based on fuzzing to construct test cases and test the NDEF protocol. GTCT adopts four strategies to construct test cases, manual, generation, mutation, and \u201creverse analysis,\u201d which can detect logic vulnerabilities that fuzzing cannot find and improve the detection rate. Based on GTCT, we designed an NDEF vulnerability discovering framework and developed a tool named \u201cGNFCVulFinder\u201d (General NFC Vulnerability Finder). By testing 33 NFC system services and applications on Android and Windows Phones, we found eight vulnerabilities, including DoS vulnerabilities of NFC service, logic vulnerabilities about opening Bluetooth\/Wi-Fi\/torch, design flaws about the black screen, and DoS of NFC applications. Finally, we give some security suggestions for the developer to enhance the security of NFC.<\/jats:p>","DOI":"10.1155\/2021\/9946022","type":"journal-article","created":{"date-parts":[[2021,6,28]],"date-time":"2021-06-28T20:55:24Z","timestamp":1624913724000},"page":"1-14","source":"Crossref","is-referenced-by-count":1,"title":["GNFCVulFinder: NDEF Vulnerability Discovering for NFC-Enabled Smart Mobile Devices Based on Fuzzing"],"prefix":"10.1155","volume":"2021","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1789-8414","authenticated-orcid":true,"given":"Zhiqiang","family":"Wang","sequence":"first","affiliation":[{"name":"Beijing Electronic Science and Technology Institute, Cyberspace Security Department, Beijing 100070, China"},{"name":"State Information Center, Post-Doctoral Scientific Research Workstation, Beijing 100045, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6953-2385","authenticated-orcid":true,"given":"Yuheng","family":"Lin","sequence":"additional","affiliation":[{"name":"Beijing Electronic Science and Technology Institute, Cyberspace Security Department, Beijing 100070, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1426-4803","authenticated-orcid":true,"given":"Zihan","family":"Zhuo","sequence":"additional","affiliation":[{"name":"National Internet Emergency Center, Beijing 100029, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2466-988X","authenticated-orcid":true,"given":"Jieming","family":"Gu","sequence":"additional","affiliation":[{"name":"National Internet Emergency Center, Beijing 100029, China"}]},{"given":"Tao","family":"Yang","sequence":"additional","affiliation":[{"name":"Key Lab of Information Network Security, Ministry of Public Security, Shanghai 200031, China"}]}],"member":"311","reference":[{"key":"1","doi-asserted-by":"publisher","DOI":"10.1007\/s11277-012-0935-5"},{"volume-title":"Secure Smart Embedded Devices, Platforms and Applications","year":"2013","author":"K. Markantonakis","key":"2"},{"key":"3","doi-asserted-by":"publisher","DOI":"10.1109\/mprv.2011.55"},{"key":"4","doi-asserted-by":"publisher","DOI":"10.11591\/ijece.v2i3.234"},{"article-title":"NFC-enabled cellphone shipments to soar fourfold in next five years","year":"2017","author":"IHS Technology","key":"5"},{"volume-title":"Google Wallet Security: Pin Exposure Vulnerability","year":"2012","author":"J. Rubin","key":"6"},{"article-title":"Second major security flaw found in Google Wallet","year":"2017","author":"T. Huynh","key":"7"},{"author":"C. Miller","key":"8","article-title":"Exploring the NFC attack surface"},{"author":"C. Benninger","key":"9","article-title":"\u201cNFC for free rides and rooms (on your phone)"},{"article-title":"NFC security awareness project","year":"2017","author":"WallofSheep","key":"10"},{"article-title":"Samsung SBeam image remote information disclosure vulnerability","year":"2017","author":"Z. D. Initiative","key":"11"},{"article-title":"Apple watch exploit","year":"2017","author":"GadgetHacks","key":"12"},{"key":"13","doi-asserted-by":"publisher","DOI":"10.5446\/36287#t=00:00,00:33"},{"key":"14","doi-asserted-by":"publisher","DOI":"10.1007\/s11277-017-4261-9"},{"key":"15","doi-asserted-by":"publisher","DOI":"10.1109\/tdsc.2020.3030213"},{"author":"E. Haselsteiner","key":"16","article-title":"Security in near field communication (NFC)"},{"article-title":"Vulnerability analysis and attacks on NFC-enabled mobile phones","author":"C. Mulliner","key":"17","doi-asserted-by":"crossref","DOI":"10.1109\/ARES.2009.46"},{"author":"V. Gauthier","key":"18","article-title":"\u201cPractical experiences with NFC security on mobile phones"},{"author":"J. Antonio","key":"19","article-title":"\u201cEvaluation of the security capabilities on NFC-powered devices"},{"key":"20","first-page":"1460","article-title":"Threat modeling for mobile payments using NFC phones","volume":"52","author":"F. Jia","year":"2012","journal-title":"Journal of Tsinghua University & Technoogy"},{"key":"21","doi-asserted-by":"publisher","DOI":"10.5120\/9369-3825"},{"volume-title":"Fuzzing-to-go: A Test Framework for Android Devices","year":"2012","author":"W. Norbert","key":"22"},{"first-page":"445","article-title":"\u201cEngarde: protecting the mobile phone from malicious NFC interactions","author":"J. Gummeson","key":"23"},{"first-page":"298","article-title":"Debugging and rapid prototyping of NFC secure element applications","author":"M. Roland","key":"24"},{"article-title":"NFC forum technical specifications","year":"2017","author":"N. Forum","key":"25"},{"author":"Z. Wang","key":"26","article-title":"\u201cA research on vulnerability discovering for router protocols based on fuzzing"},{"volume-title":"Fuzzing: Brute Force Vulnerabilty Discovery","year":"2007","author":"M. Sutton","key":"27"},{"volume-title":"Fuzzing: The Past, the Present and the Future,","year":"2009","author":"A. Takanen","key":"28"},{"key":"29","doi-asserted-by":"publisher","DOI":"10.1002\/sec.1681"},{"key":"30","doi-asserted-by":"publisher","DOI":"10.1002\/sec.714"},{"key":"31","doi-asserted-by":"publisher","DOI":"10.3837\/tiis.2013.08.014"},{"article-title":"National vulnerability database","year":"2017","author":"NVD","key":"32"}],"container-title":["Security and Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2021\/9946022.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2021\/9946022.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2021\/9946022.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,6,28]],"date-time":"2021-06-28T20:55:36Z","timestamp":1624913736000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/scn\/2021\/9946022\/"}},"subtitle":[],"editor":[{"given":"Jinguang","family":"Han","sequence":"additional","affiliation":[]}],"short-title":[],"issued":{"date-parts":[[2021,6,28]]},"references-count":32,"alternative-id":["9946022","9946022"],"URL":"https:\/\/doi.org\/10.1155\/2021\/9946022","relation":{},"ISSN":["1939-0122","1939-0114"],"issn-type":[{"type":"electronic","value":"1939-0122"},{"type":"print","value":"1939-0114"}],"subject":[],"published":{"date-parts":[[2021,6,28]]}}}