Skip to main content
SpringerLink
Log in

Cryptanalysis of Near Field Communication Based Authentication Protocol for Mobile Payment System

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Near field communication (NFC) is one of the utmost pullulating technology in the lea of pervasive computing. In the domain of mobile commerce, mobile payments have advantages akin user convenience (anytime and anywhere) enhanced throughout. Several mutual authentication protocols by this time have been schemed to provide security in NFC applications. To guarantee secure communication a conditional privacy preserving security protocol, pseudonym-based NFC protocol and secure and efficient authentication protocol were schemed which could not forfend impersonation attack. In the direction of guaranteeing safe communication a security protocol for NFC-based mobile payments have been proposed. The proposed NFC-based authentication protocol (NAP) describes a simplified authentication process and pawn secure information in mobile commerce transaction. A major concern when using NFC-enabled mobile payment system is user anonymity therefore, users in the mobile payment system are guaranteed their anonymity with the help of pseudonym. The payment transactions are susceptible to variant attacks like replay attack, impersonation attack, man in the middle attack/relay attack and double spending attack thereupon, NAP is the first concern to defend an unauthorized user from retrieving the sensitive payment transaction information.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig.1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Odelu, V., Das, A. K., & Goswami, A. (2016). SEAP: Secure and efficient authentication protocol for NFC applications using pseudonyms. IEEE Transactions on Consumer Electronics, 62(1), 30–38. https://doi.org/10.1109/TCE.2016.7448560

    Article  Google Scholar 

  2. Coskun, V., Ozdenizci, B., & Ok, K. (2013). A survey on near field communication (NFC) technology. Wireless Personal Communications, 71(3), 2259–2294.

    Article  Google Scholar 

  3. Yang, J. H., & Chang, C. C. (2012). A low computational-cost electronic payment scheme for mobile commerce with large-scale mobile users. Wireless Personal Communications, 63, 83. https://doi.org/10.1007/s11277-010-0109-2

    Article  Google Scholar 

  4. Available: https://www.insidesecure.com/Company/More/whitepapers/Securing-Mobile-Payments, 9, May 2019.

  5. Vishwakarma, P. P., Tripathy, A. K., & Vemuru, S. (2020). Designing a cryptosystem for data at rest encryption in mobile payments. International Journal of Applied Science and Engineering, 17, 373–382. https://doi.org/10.6703/IJASE.202012_17(4).373

    Article  Google Scholar 

  6. Vishwakarma, P., Tripathy, A. K., & Vemuru, S. (2016). A hybrid security framework for near field communication driven mobile payment model. International Journal of Computer Science and Information Security, 14(12), 337–348.

    Google Scholar 

  7. Gorantla, M. C., Boyd, C., Nieto, J. M. G., & Manulis, M. (2011). Modeling key compromise impersonation attacks on group key exchange protocols. ACM Transactions on Information and System Security (TISSEC), 14(4), Article No. 28. https://doi.org/10.1145/2043628.2043629

    Article  MATH  Google Scholar 

  8. Wu, L., Zhang, Y., Xie, Y., et al. (2017). An efficient and secure identity-based authentication and key agreement protocol with user anonymity for mobile devices. Wireless Personal Communications, 94, 3371. https://doi.org/10.1007/s11277-016-3781-z

    Article  Google Scholar 

  9. Goga, O., Venkatadri, G., and Gummadi, K.P. (2015). The doppelgänger bot attack: Exploring identity impersonation in online social networks. In Proceedings of the 2015 internet measurement conference (IMC '15). ACM, Tokyo, Japan (pp. 141–153). https://doi.org/10.1145/2815675.2815699

  10. Gummeson, J.J., Priyantha, B., Ganesan, D., Thrasher, D., and Zhang, P. (2013). EnGarde: Protecting the mobile phone from malicious NFC interactions. In Proceeding of the 11th Annual International Conference on Mobile systems, applications, and services (MobiSys '13). ACM, Taipei, Taiwan (pp. 445–458). https://doi.org/10.1145/2462456.2464455.

  11. Thiranant, N., Lee, Y.S., and Lee, H. (2015). Performance comparison between RSA and elliptic curve cryptography-based QR code authentication In 2015 IEEE 29th international conference on advanced information networking and applications workshops, Gwangiu, South Korea (pp. 278–282).

  12. Gurulian, I., Akram, R.N., Markantonakis, K., and Mayes, K. (2017). Preventing relay attacks in mobile transactions using infrared light. In Proceedings of the Symposium on Applied Computing (SAC '17). ACM, Marrakech, Morocco (pp. 1724–1731). https://doi.org/10.1145/3019612.3019794.

  13. Akinyokun, N., and Teague, V. (2017). Security and privacy implications of NFC-enabled contactless payment systems. In Proceedings of the 12th International conference on availability, reliability and security (ARES '17). ACM, Reggio Calabria, Italy Article 47, 10 pages. https://doi.org/10.1145/3098954.3103161.

  14. Eun, H., Lee, H., & Oh, H. (2013). Conditional privacy preserving security protocol for NFC applications. IEEE Transactions on Consumer Electronics, 59(1), 153–160. https://doi.org/10.1109/TCE.2013.6490254

    Article  Google Scholar 

  15. He, D., Kumar, N., & Lee, J. H. (2015). Secure pseudonym-based near field communication protocol for the consumer internet of things. IEEE Transactions on Consumer Electronics, 61(1), 56–62. https://doi.org/10.1109/TCE.2015.7064111

    Article  Google Scholar 

  16. Xu, J., Xue, K., Yang, Q., & Hong, P. (2018). PSAP: Pseudonym-based secure authentication protocol for NFC applications. IEEE Transactions on Consumer Electronics, 64(1), 83–91. https://doi.org/10.1109/TCE.2018.2811260

    Article  Google Scholar 

  17. Yang, S. S., Jang, Y. H., Park, M. H., et al. (2021). Design and implementation of active access control system by using NFC-based EAP-AKA protocol. Wireless Personal Communications. https://doi.org/10.1007/s11277-021-08139-2

    Article  Google Scholar 

  18. Madhoun, N.E., Guenane, F., and Pujolle, G. (2015). A cloud-based secure authentication protocol for contactless-NFC payment. In 2015 IEEE 4th international conference on cloud networking (CloudNet), Niagara Falls, ON (pp. 328–330). https://doi.org/10.1109/CloudNet.2015.733533.

  19. Boureanu, I., Chen, L., and Ivey, S. (2020). Provable-security model for strong proximity-based attacks: With application to contactless payments. In Proceedings of the 15th ACM asia conference on computer and communications security (ASIA CCS '20). Association for Computing Machinery, New York, NY, USA (pp. 87–100). https://doi.org/10.1145/3320269.3384748.

  20. Al-Haj, A., and Al-Tameemi, M.A. (2018). Providing security for NFC-based payment systems using a management authentication server. In 2018 4th International conference on information management (ICIM) (pp. 184–187). https://doi.org/10.1109/INFOMAN.2018.8392832.

  21. Li, P., Fang, H., Liu, X., and Yang, B. (2017)) A countermeasure against relay attack in NFC payment. In Proceedings of the second international conference on internet of things, data and cloud computing (ICC '17). ACM, Cambridge, United Kingdom, Article 96 (5 pages). https://doi.org/10.1145/3018896.3025144.

  22. Cavdar, D., and Tomur, E. (2015). A practical NFC relay attack on mobile devices using card emulation mode. In 2015 38th International convention on information and communication technology, electronics and microelectronics (MIPRO), Opatija (pp. 1308–1312). https://doi.org/10.1109/MIPRO.2015.7160477

  23. Francis, L., Hancke, G., Mayes, K., & Markantonakis, K. (2010). Practical NFC peer-to-peer relay attack using mobile phones. In S. B. Ors Yalcin (Ed.), Radio frequency identification: security and privacy issues. RFIDSec 2010. Lecture notes in computer science. (Vol. 6370). Springer.

    Google Scholar 

  24. Luo, J. N., Yang, M. H., & Huang, S.-Y. (2016). An unlinkable anonymous payment scheme based on near field communication. Computers & Electrical Engineering, 49, 198–206. https://doi.org/10.1016/j.compeleceng.2015.08.007

    Article  Google Scholar 

  25. Ceipidor, U.B., Medaglia, C.M., Marino, A., Sposato, S., and Moroni, A. (2012). KerNeeS: A protocol for mutual authentication between NFC phones and POS terminals for secure payment transactions. In 2012 9th international ISC conference on information security and cryptology, Tabriz (pp. 115–120). https://doi.org/10.1109/ISCISC.2012.6408203

  26. Fan, K., Li, H., Jiang, W., Xiao, C., and Yang, Y. (2017). U2F based secure mutual authentication protocol for mobile payment. In Proceedings of the ACM turing 50th celebration conference - China (ACM TUR-C '17), Article 27, Shanghai, China. (6 pages). https://doi.org/10.1145/3063955.3063982.

  27. Alabrah, A., and Bassiouni, M. (2017). Preventing single sign-on impersonation attacks with a keyless signature scheme. In 2017 10th IFIP wireless and mobile networking conference (WMNC), Valencia (pp. 1–7). https://doi.org/10.1109/WMNC.2017.8248852

  28. Badra, M., Badra, R.B. (2016). A lightweight security protocol for NFC-based mobile payments. Procedia Computer Science, vol. 83 (pp. 705–711) ISSN 1877-0509. https://doi.org/10.1016/j.procs.2016.04.156.

  29. Li, D., Wong, W.E., Chau, M., Pan, S., and Koh, L.S. (2020). A survey of NFC mobile payment: Challenges and solutions using Blockchain and Cryptocurrencies. In 2020 7th International conference on dependable systems and their applications (DSA) (pp. 69–77) https://doi.org/10.1109/DSA51864.2020.00018.

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, KLE Foundation, Vaddeswaram, Andhra Pradesh, India

    Pinki Prakash Vishwakarma & Srikanth Vemuru

  2. Department of Computer Engineering, Don Bosco Institute of Technology, Mumbai, India

    Amiya Kumar Tripathy

  3. School of Science, Edith Cowan University, Perth, Australia

    Amiya Kumar Tripathy

Authors
  1. Pinki Prakash Vishwakarma
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Amiya Kumar Tripathy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Srikanth Vemuru
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pinki Prakash Vishwakarma.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Vishwakarma, P.P., Tripathy, A.K. & Vemuru, S. Cryptanalysis of Near Field Communication Based Authentication Protocol for Mobile Payment System. Wireless Pers Commun 121, 963–983 (2021). https://doi.org/10.1007/s11277-021-08667-x

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-021-08667-x

Keywords

Search

Navigation