Skip to main content
SpringerLink
Log in

NFC Payment Security with Cloud Based Authentication System

  • Conference paper
  • First Online:
Intelligent Technologies and Applications (INTAP 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1198))

Included in the following conference series:

  • 938 Accesses

Abstract

Near Field Communication is a new medium of wireless communication. NFC technology is now widely introducing in smartphones. NFC technology in smartphone has made them capable of contact-less payment on POS terminals. The security protocol used for contact and contact-less payments is named as EMV (Europay Master Visa). EMV sets the security standards for online transactions in contact and contact-less payments. When deeply analyzed, EMV protocol has security vulnerabilities in (1) Mutual Authentication and (2) Exchange of banking information between payment device and payment terminal. As NFC payment involves exchange of sensitive data in open environment within a range of 10 cm, risks are involved for data being theft. We introduced cloud hosted security protocol to overcome vulnerabilities in EMV standards. The authenticity of this protocol is analyzed using Scyther tool. The protocol uses an authentication server hosted on cloud and asymmetric encryption in mutual authentication and exchange of banking data between payment device and payment terminal.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Pasquet, M., Reynaud, J., Rosenberger, C.: Secure payment with NFC mobile phone in the SmartTouch project. In: 2008 International Symposium on Collaborative Technologies and Systems (2008). https://doi.org/10.1109/cts.2008.4543921

  2. Madhoun, N.E., Guenane, F., Pujolle, G.: An online security protocol for NFC payment: formally analyzed by the scyther tool. In: 2016 Second International Conference on Mobile and Secure Services (MobiSecServ) (2016). https://doi.org/10.1109/mobisecserv.2016.7440225

  3. Integrated Circuit Specifications for Payment Systems (2019). http://mathdesc.fr/documents/normes/emv_book4.pdf

  4. Lifchitz, R.: Hacking the NFC credit cards for fun and debit. In: Hackito Ergo Sum Conference (2012)

    Google Scholar 

  5. Ward, M.: EMV card payments–an update. Inf. Secur. Tech. Rep. 11, 89–92 (2006)

    Article  Google Scholar 

  6. de Ruiter, J., Poll, E.: Formal analysis of the EMV protocol suite. In: Mödersheim, S., Palamidessi, C. (eds.) TOSCA 2011. LNCS, vol. 6993, pp. 113–129. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27375-9_7

    Chapter  Google Scholar 

  7. Porkess, R., Mason, S.: Looking at debit and credit card fraud. Teach. Stat. 34, 87–91 (2011). https://doi.org/10.1111/j.1467-9639.2010.00437.x

    Article  Google Scholar 

  8. Eun, H., Lee, H., Oh, H.: Conditional privacy preserving security protocol for NFC applications. IEEE Trans. Consum. Electron. 59, 153–160 (2013). https://doi.org/10.1109/tce.2013.6490254

    Article  Google Scholar 

  9. Elbagoury, A., Mohsen, A., Ramadan, M., Youssef, M.: Practical provably secure key sharing for near field communication devices. In: 2013 International Conference on Computing, Networking and Communications (ICNC) (2013). https://doi.org/10.1109/iccnc.2013.6504182

  10. Urien, P., Piramuthu, S.: Framework and authentication protocols for smartphone, NFC, and RFID in retail transactions. In: IEEE Eighth International Conference on Intelligent Sensors, Sensor Networks and Information Processing (2013). https://doi.org/10.1109/issnip.2013.6529768

  11. Ceipidor, U.B., Medaglia, C.M., Marino, A., et al.: KerNeeS: a protocol for mutual authentication between NFC phones and POS terminals for secure payment transactions. In: 2012 9th International ISC Conference on Information Security and Cryptology (2012). https://doi.org/10.1109/iscisc.2012.6408203

  12. Cremers CIn: Cas Cremers (2019). https://people.cispa.io/cas.cremers/publications/index.html

  13. 2nd International Workshop on Automated Specification and Verification of Web Systems. In: 2nd International Workshop on Automated Specification and Verification of Web Systems (WWV06) (2006). https://doi.org/10.1109/wwv.2006.2

  14. Cremers, C.J.F.: The scyther tool: verification, falsification, and analysis of security protocols. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 414–418. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70545-1_38

    Chapter  Google Scholar 

  15. Cremers, C., Mauw, S.: Operational semantics. In: Cremers, C., Mauw, S. (eds.) Operational Semantics and Verification of Security Protocols Information Security and Cryptography, pp. 13–35. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-540-78636-8_3

    Chapter  MATH  Google Scholar 

  16. Lowe, G.: A hierarchy of authentication specifications. In: Proceedings 10th Computer Security Foundations Workshop. https://doi.org/10.1109/csfw.1997.596782

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Kinnaird College for Women, Lahore, Pakistan

    Saira Raqib & Muhammad Rizwan

Authors
  1. Saira Raqib
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muhammad Rizwan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Saira Raqib .

Editor information

Editors and Affiliations

  1. Islamia University of Bahawalpur, Baghdad, Pakistan

    Imran Sarwar Bajwa

  2. Metropolitan University, Belgrade, Serbia

    Tatjana Sibalija

  3. University of Technology Malaysia, Johor Bahru, Malaysia

    Dayang Norhayati Abang Jawawi

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Raqib, S., Rizwan, M. (2020). NFC Payment Security with Cloud Based Authentication System. In: Bajwa, I., Sibalija, T., Jawawi, D. (eds) Intelligent Technologies and Applications. INTAP 2019. Communications in Computer and Information Science, vol 1198. Springer, Singapore. https://doi.org/10.1007/978-981-15-5232-8_63

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-5232-8_63

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-5231-1

  • Online ISBN: 978-981-15-5232-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation