Abstract
Near Field Communication is a new medium of wireless communication. NFC technology is now widely introducing in smartphones. NFC technology in smartphone has made them capable of contact-less payment on POS terminals. The security protocol used for contact and contact-less payments is named as EMV (Europay Master Visa). EMV sets the security standards for online transactions in contact and contact-less payments. When deeply analyzed, EMV protocol has security vulnerabilities in (1) Mutual Authentication and (2) Exchange of banking information between payment device and payment terminal. As NFC payment involves exchange of sensitive data in open environment within a range of 10 cm, risks are involved for data being theft. We introduced cloud hosted security protocol to overcome vulnerabilities in EMV standards. The authenticity of this protocol is analyzed using Scyther tool. The protocol uses an authentication server hosted on cloud and asymmetric encryption in mutual authentication and exchange of banking data between payment device and payment terminal.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Pasquet, M., Reynaud, J., Rosenberger, C.: Secure payment with NFC mobile phone in the SmartTouch project. In: 2008 International Symposium on Collaborative Technologies and Systems (2008). https://doi.org/10.1109/cts.2008.4543921
Madhoun, N.E., Guenane, F., Pujolle, G.: An online security protocol for NFC payment: formally analyzed by the scyther tool. In: 2016 Second International Conference on Mobile and Secure Services (MobiSecServ) (2016). https://doi.org/10.1109/mobisecserv.2016.7440225
Integrated Circuit Specifications for Payment Systems (2019). http://mathdesc.fr/documents/normes/emv_book4.pdf
Lifchitz, R.: Hacking the NFC credit cards for fun and debit. In: Hackito Ergo Sum Conference (2012)
Ward, M.: EMV card payments–an update. Inf. Secur. Tech. Rep. 11, 89–92 (2006)
de Ruiter, J., Poll, E.: Formal analysis of the EMV protocol suite. In: Mödersheim, S., Palamidessi, C. (eds.) TOSCA 2011. LNCS, vol. 6993, pp. 113–129. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27375-9_7
Porkess, R., Mason, S.: Looking at debit and credit card fraud. Teach. Stat. 34, 87–91 (2011). https://doi.org/10.1111/j.1467-9639.2010.00437.x
Eun, H., Lee, H., Oh, H.: Conditional privacy preserving security protocol for NFC applications. IEEE Trans. Consum. Electron. 59, 153–160 (2013). https://doi.org/10.1109/tce.2013.6490254
Elbagoury, A., Mohsen, A., Ramadan, M., Youssef, M.: Practical provably secure key sharing for near field communication devices. In: 2013 International Conference on Computing, Networking and Communications (ICNC) (2013). https://doi.org/10.1109/iccnc.2013.6504182
Urien, P., Piramuthu, S.: Framework and authentication protocols for smartphone, NFC, and RFID in retail transactions. In: IEEE Eighth International Conference on Intelligent Sensors, Sensor Networks and Information Processing (2013). https://doi.org/10.1109/issnip.2013.6529768
Ceipidor, U.B., Medaglia, C.M., Marino, A., et al.: KerNeeS: a protocol for mutual authentication between NFC phones and POS terminals for secure payment transactions. In: 2012 9th International ISC Conference on Information Security and Cryptology (2012). https://doi.org/10.1109/iscisc.2012.6408203
Cremers CIn: Cas Cremers (2019). https://people.cispa.io/cas.cremers/publications/index.html
2nd International Workshop on Automated Specification and Verification of Web Systems. In: 2nd International Workshop on Automated Specification and Verification of Web Systems (WWV06) (2006). https://doi.org/10.1109/wwv.2006.2
Cremers, C.J.F.: The scyther tool: verification, falsification, and analysis of security protocols. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 414–418. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70545-1_38
Cremers, C., Mauw, S.: Operational semantics. In: Cremers, C., Mauw, S. (eds.) Operational Semantics and Verification of Security Protocols Information Security and Cryptography, pp. 13–35. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-540-78636-8_3
Lowe, G.: A hierarchy of authentication specifications. In: Proceedings 10th Computer Security Foundations Workshop. https://doi.org/10.1109/csfw.1997.596782
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Raqib, S., Rizwan, M. (2020). NFC Payment Security with Cloud Based Authentication System. In: Bajwa, I., Sibalija, T., Jawawi, D. (eds) Intelligent Technologies and Applications. INTAP 2019. Communications in Computer and Information Science, vol 1198. Springer, Singapore. https://doi.org/10.1007/978-981-15-5232-8_63
Download citation
DOI: https://doi.org/10.1007/978-981-15-5232-8_63
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-5231-1
Online ISBN: 978-981-15-5232-8
eBook Packages: Computer ScienceComputer Science (R0)