Online security protocol for NFC mobile payment applications
Ali Al-Haj2017, 2017 8th International Conference on Information Technology (ICIT)
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
Near Field Communication (NFC) is a short range wireless technology that allows exchange of data between devices communicating within a short distance. Recently, the NFC functionality has been integrated inside mobile devices to allow them act as identifiers for customers, credit cards, and access cards. Payment transaction using NFC-enabled Mobile devices is continuously increasing because of its speed, convenience, and ease of use. However, a widespread of NFC-based payment can be guaranteed, if and only if, the payment transactions are made in a secured wireless environment. Unfortunately, the Europay, Mastercard and Visa (EMV) protocol, which is currently used to provide the required security, has some serious vulnerabilities which could lead to obvious risks for users of NFC-based payments. This paper presents an effective solution to enhance the security of NFC payments by solving the vulnerabilities of the EMV protocol. The proposed protocol adds a security layer to the EMV p...
Related papers
Security Enhancements in EMV Protocol for NFC Mobile Payment
2016 IEEE Trustcom/BigDataSE/ISPA, 2016
Today, by integrating Near Field Communication (NFC) technology in smartphones, bank cards and payment terminals, a purchase transaction can be executed immediately without any physical contact, without entering a PIN code or a signature. Europay Mastercard Visa (EMV) is the standard dedicated for securing contactless-NFC payment transactions. However, it does not ensure two main security proprieties: (1) the authentication of the payment terminal to the client's payment device, (2) the confidentiality of personal banking data. In this paper, we first of all detail EMV standard and its security vulnerabilities. Then, we propose a solution that enhances the EMV protocol by adding a new security layer aiming to solve EMV weaknesses. We formally check the correctness of the proposal using a security verification tool called Scyther.
Payment with mobile NFC phones" How to analyze the security problems
We present in this paper a method to analyze the security problems which can occur in a NFC mobile phone payment. In the first section, we give a simplified description of the technical realization for this pilot limited to a part of the system. In the second section, we present the security concepts as a major issue in this scenario. Roughly main requirement is to have same level of security as standard payment EMV transaction. The methodology described in the third section concerns the application payment and its communication with the payment terminal through a NFC link. This study, realized for the ITEA SmartTouch project, starts from a pilot experience that is carried out at Strasbourg in France, in 2007. This trial is the first experiment of a NFC-based payment application that fully supports the international EMV standard and the PayPass program. The end of this article presents different research perspectives to overstepping the encountered problems.
Secure Payment With NFC Mobile Phones In The Smart Touch Project
HAL (Le Centre pour la Communication Scientifique Directe), 2008
We present in this paper a method to analyze the security problems which can occur in a NFC mobile phone payment. In the first section, we give a simplified description of the technical realization for this pilot limited to a part of the system. In the second section, we present the security concepts as a major issue in this scenario. Roughly main requirement is to have same level of security as standard payment EMV transaction. The methodology described in the third section concerns the application payment and its communication with the payment terminal through a NFC link. This study, realized for the ITEA SmartTouch project, starts from a pilot experience that is carried out at Strasbourg in France, in 2007. This trial is the first experiment of a NFC-based payment application that fully supports the international EMV standard and the PayPass program. The end of this article presents different research perspectives to overstepping the encountered problems.
Secure payment with NFC mobile phone in the smarttouch project
… and Systems, 2008. CTS …, 2008
We present in this paper a method to analyze the security problems which can occur in a NFC mobile phone payment. In the first section, we give a simplified description of the technical realization for this pilot limited to a part of the system. In the second section, we present the security concepts as a major issue in this scenario. Roughly main requirement is to have same level of security as standard payment EMV transaction. The methodology described in the third section concerns the application payment and its communication with the payment terminal through a NFC link. This study, realized for the ITEA SmartTouch project, starts from a pilot experience that is carried out at Strasbourg in France, in 2007. This trial is the first experiment of a NFC-based payment application that fully supports the international EMV standard and the PayPass program. The end of this article presents different research perspectives to overstepping the encountered problems.
Towards more secure EMV purchase transactions
Annals of Telecommunications, 2020
EMV is the protocol implemented to secure the communication, between a client's payment device and a merchant's payment device, during a contact or an NFC purchase transaction. It represents a set of security messages and rules, exchanged between the different transaction actors, guaranteeing several important security properties, such as authentication, non-repudiation and integrity. Indeed, researchers, in various studies, have analyzed the operation of this protocol in order to verify its safety: unfortunately, they have identified two security vulnerabilities that lead to multiple attacks and dangerous risks threatening both clients and merchants. In this paper, we are firstly interested in presenting a general overview of the EMV protocol and secondly, in proposing a new security solution that enhances the EMV protocol by solving the two dangerous EMV vulnerabilities. We verify the accuracy of our solution by using the Scyther security verification tool. Keywords Authentication • Bank • Card • Confidentiality • EMV • Vulnerabilities • NFC • Security 1 Introduction EMV (Europay MasterCard Visa) is the international standard implemented to secure contact and contactless-NFC (Near Field Communication) purchase transactions.
Efficient tag-to-tag near field communication (NFC) protocol for secure mobile payment
2011
Communication between the near field communication (NFC) devices occurs in a very close distance of less than 10 cm. In the NFC-based payment system, close proximity between devices will increase the security of transactions. The disadvantage is the interaction between devices requires more physical activity of device owners because the device must be brought near to other devices some times. Besides requiring more physical activity, NFC-based interaction also takes a longer time because the device needs to be moved from one position to another. This paper proposed Secure and efficient protocol that will reduce the physical activity of the device owners and reducing transaction time. The data sending between merchant and payer will be executed without waiting for each other and one transaction will require two data transmissions are performed by the merchant and payer. Transactions are secured by the use of encryption on each data which sent by the merchant and payer. In addition, the protocol also guarantees the security of offline micro transactions and online macros transactions.
A cloud-based secure authentication protocol for contactless-NFC payment
2015 IEEE 4th International Conference on Cloud Networking (CloudNet), 2015
Nowadays, NFC technology is used in contactless payment applications by offering the NFC payment functionality in credit/debit cards, smartphones and payment terminals. Thus, an NFC payment transaction is executed in a simple and practical way. EMV is the security protocol for both contact and contactless payment systems. However, during an EMV payment transaction, this standard does not ensure two main security constraints between a customer payment device and a payment terminal: (1) mutual authentication, (2) confidentiality of sensitive banking data exchanged. These weaknesses represent a major risk in the case of NFC payment because the transaction is performed using NFC radio waves in an open environment. The risk is reduced in the case of contact payment because the transaction is executed in a closed environment by inserting the card into the terminal. In this paper, we propose a new security protocol for NFC payment transactions based on a Cloud infrastructure. We verify the correctness of this proposal using Scyther tool that provides formal proofs for security protocols.
A Lightweight Security Protocol for NFC-based Mobile Payments
Procedia Computer Science, 2016
In this work, we describe a security solution that can be used to securely establish mobile payment transactions over the Near-Field Communication (NFC) radio interface. The proposed solution is very lightweight one; it uses symmetric cryptographic primitives on devices having memory and CPU resources limitations. We show that our approach maintains the security of NFC communications and we further demonstrate that our solution is simple, scalable, cost-effective, and incurs minimal computational processing overheads.
ScienceDirect A lightweight security protocol for NFC-based mobile payments
In this work, we describe a security solution that can be used to securely establish mobile payment transactions over the Near-Field Communication (NFC) radio interface. The proposed solution is very lightweight one; it uses symmetric cryptographic primitives on devices having memory and CPU resources limitations. We show that our approach maintains the security of NFC communications and we further demonstrate that our solution is simple, scalable, cost-effective, and incurs minimal computational processing overheads.
A new design of Mobile Payment system based on NFC Technology
2017
Mobile Payment researches has increased rapidly in recent years. A most recent researchers are focusing on contactless mobile payment systems that uses mobile phones wireless technologies to achieve payment system success factors like availability, simplicity, security, and privacy of payment transaction. Moreover, Mobile technologies has a number of security risks. This paper proposes a new secured design of mobile payment system using a Near Field Communication (NFC) technology. The proposed system uses the features of NFC system to achieve an efficient and complete payment cycle. Furthermore, a solution to the relay attack is proposed. Also the proposed design satisfies the three most important security measures, Confidentiality, integrity and availability. Index Term-Mobile Payment Privacy protection; Secured Payment System; NFC Payment System.
A New Secure Lightweight Authentication Protocol for NFC mobile Payment
International Journal of Communication Networks and Information Security (IJCNIS)
As mobile applications grow, securing these applications become an important factor for their success. Especially, when these applications are related to financial transactions. Nowadays, mobile payment that is based on NFC technology is considered one of these important topics. In this paper, we propose A New Secure and Lightweight Authentication Protocol for NFC mobile Payment (NSLA) protocol. NSLA protocol presents a new method to update the users’ identities and the valid session keys, which preserves the privacy and ensures the integrity of the system. The presented performance analysis shows that NSLA protocol satisfies low computation overhead. Moreover, the security analysis proves that NSLA protocol has an immunity against replay attack, brute force attack, denial of service attack, and others types of attacks.
A Secure NFC Application for Credit Transfer among Mobile
Abstract: Since the late 1990s, people have enjoyed a comfortable lifestyles. Mobile devices supported by the development of wireless networks have spread throughout the world and mobile commerce applications become the most popular application for mobile device users those who want to do business and financial transactions are available anytime, anywhere. Today the use of physical cash is experiencing a decline in popularity in the business world, because it is being acquireded by e-money. An important technology behind mobile payments is now called Near Field Communication (NFC). As it indicates that the NFC has tremendous business potential, leading companies Microsoft, Nokia and Visa Inc. is actively engaged on them. Payment processing integrated with NFC technology based mobile operating system that is a trend today. The prototype Android application is designed to pay for the user side as consumer and the merchant side as a trader or seller by using the handset that already have NFC technology is Google Nexus S. This application also implements the concept of security in e-commerce transactions by using the protocol Tag-to-Tag so thatthe user needs for security and comfort during the financial transaction are met. Keywords: Android Platform, Java Programming Language, Credit Transfer Application, Social Engineering. Title: A Secure NFC Application for Credit Transfer among Mobile Author: Prof. N.B. Kadu, Mr. Akshaykumar B. Tilekar, Mr. Avinash D. Kanawade, Mr. Shiril Y. Pathak, Mr. Harshit R. Gandhi International Journal of Computer Science and Information Technology Research ISSN 2348-1196 (print), ISSN 2348-120X (online) Research Publish Journals
Authentication Issues in Near Field Communication and RFID
2014
Near Field Communication is a short-range wireless technology based on RFID standard ISO 18092, ISO 14443 and ISO 15693. This means, it provides compatibility with the millions of contactless smartcards and RFID scanners that already exist worldwide. NFC is now available on the phones and this integration has resulted in a sharp rise in its utility. An NFC-enabled cell phone acts as an RFID reader to read compatible RFID tags (NFC tags), such as smart posters. The same cell phone can also be used as an NFC tag storing relevant data. In this case, a cell phone transforms into a digital wallet storing bank cards (money), vouchers, loyalties card etc., at a secure place called ‘Secure Element’. Abuse of NFC technology is also on sharp rise because of large number of users and inadequate security standards. This thesis looks at security issues of NFC and RFID and provides mechanisms to improve the security features. NFC Forum (an association for developing NFC standards) released the si...
RONFC: A Novel Enabler-Independent NFC Protocol for Mobile Transactions
IEEE Access, 2019
The use of near field communication (NFC) technology for contactless mobile transactions has become popular in the past decade with the availability of this technology in mobile devices. Today, there are millions of the NFC-enabled mobile handsets in the market, with mobile handset manufacturers and mobile network operators enabling m-wallet solutions using the secure elements (SEs) that they own, thus can remotely control, on the devices. While this approach gives full control to the SE owner to activate any mobile transaction system on a device, having a more flexible approach would increase the benefits that end users could obtain from this technology in a variety of use cases. In this paper, we introduce a novel protocol for the NFC-based mobile transaction procedure, which uses tamper-resistant SEs that are already installed at the transaction terminals, and is mobile handset manufacturer and mobile network operator-independent. We evaluate and show the feasibility of the use of our proposed model with common mobile electronic payment scenarios. The evaluation results demonstrate that the proposed solution is promising for adoption as a secure NFC transaction model, which will have applications in various security-sensitive IoT scenarios, including but not limited to, mobile identification, healthcare, payment, and access control. INDEX TERMS Contactless transactions, mobile wallet applications, near field communication, secure element.
Security in near field communication (NFC)
Workshop on RFID Security RFIDSec, 2006
This paper gives a comprehensive analysis of security with respect to NFC. It is not limited to a certain application of NFC, but it uses a systematic approach to analyze the various aspects of security whenever an NFC interface is used. The authors want to clear up many misconceptions about security and NFC in various applications. The paper lists the threats, which are applicable to NFC, and describes solutions to protect against these threats. All of this is given in the context of currently available NFC hardware, NFC applications and possible future developments of NFC.
EMV Electronic Payment System and its Attacks: A Review
AL-Rafidain Journal of Computer Sciences and Mathematics
Recently,The Automated Teller Machines (ATM) and Point of Sale (POS) are based on the Europay, MasterCard and VisaCard (EMV) protocol. The goal of the EMV protocol is to enhance and improve the level of transaction security at both ATMs and Points of Sale. Despite the high performance of electronic payment systems, they suffer from attacks that can lead to unauthorized disclosure of cardholder data. This paper describes the EMV protocol and its features, and common attacks that threaten EMV card users in transactions at both ATMs and Points of Sale. The study will document the vulnerabilities that threaten EMV card holders and provide countermeasures against various potential attacks. It also describes the proposed methods that have been introduced in recent years to overcome these attacks and enhance the security level of the EMV protocol. The results of the comparison showed that biometrics has the highest performance in card security based on the EMV protocol with additional improvements in the encryption phase against all types of attacks.
Security Analysis of NFC Technology Compared with other Mobile Wireless Technologies
There are a many popular ways for mobile devices to connect wirelessly. This connectiongives users the ability to transfer data between two or more devices in additionto control a device remotely. Therefore, the security of such functions is insufficient for widespread use of these wireless technologies. However, in the near future,Near Field Communication (NFC) technology willbecome widespread for users, so its security weakness which can be dangerous to the privacy of the user’s confidential information should be evaluated and handled accurately. The security issues of NFC are anactive area of research for the coming years. This paper gives a detailed comprehensive analysis of security with respect to NFC, Bluetooth and infrared.Finally, the paper puts the most important recommendations for future security improvement that can bedeveloped in NFC and other wireless technologies.
Design and Development of an Advanced Authentication Protocol for Mobile Applications using NFC Technology
Journal of Computer Science, 2019
In this paper, we proposed a new Authentication Protocol for Mobile Applications using NFC technology (AP for MAN). The proposed protocol minimizes the required time to complete the authentication process between the shared entities with a high level of privacy. According to the main security measures, the proposed protocol is evaluated. The current paper presents a new idea for preventing denial of service attack and preserves the limited mobile device capability. The proposed protocol is checked using BAN logic and established that it has no redundancy, the mutual authentication property between the shared parties is verified. The implementation of the proposed protocol shows that it works as designed and it is practical.
A Secure and Optimized Proximity Mobile Payment Framework with Formal Verification
International Journal of E-Services and Mobile Applications, 2014
In this paper the authors propose a Secure and Optimized Proximity Mobile Payment (SOPMP) Framework using NFC (Near Field Communication) technology, WPKI (Wireless Public Key Infrastructure), UICC (Universal Integrated Circuit Card). The novelty of this proposed mobile payment framework is messages are exchanged in the form of Digital Signature with Message Recovery (DSMR) and merchant sends Invoice in the form of Digital Invoice Certificate (DIC) (which is digitally signed by the merchant). The communication link between mobile phone and merchant POS (Point Of Sale) is NFC. Digital Signature with Message Recovery based on ECDSA eliminates the need of adopting PKI cryptosystems thereby reducing the consumption of resources i.e. it consumes less computational and communication cost. DSMR eliminates the need of certificates validation and removes the hurdle of PKI thereby reducing storage space, communication cost and computational cost. The authors proposed protocol ensures Authentic...
Contactless Credit Cards Payment Fraud Protection by Ambient Authentication
Sensors, 2022
In recent years, improvements to the computational ability of mobile phones and support for near-field-communication have enabled transactions to be performed by using mobile phones to emulate a credit card or by using quick response codes. Thus, users need not carry credit cards but can simply use their mobile phones. However, the Europay MasterCard Visa (EMV) protocol is associated with a number of security concerns. In contactless transactions, attackers can make purchases by launching a relay attack from a distance. To protect message transmission and prevent relay attacks, we propose a transaction protocol that is compatible with EMV protocols and that can perform mutual authentication and ambient authentication on near-field-communication-enabled mobile phones. Through mutual authentication, our protocol ensures the legitimacy of transactions and establishes keys for a transaction to protect the subsequent messages, thereby avoiding security problems in EMV protocols, such as ...
Related topics
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.