Advertisement

Formal Security Analysis and Improvement of a Hash-Based NFC M-Coupon Protocol

  • Ali Alshehri
  • Steve Schneider
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8419)

Abstract

Near field communication (NFC) is a Radio Frequency (RF) technology that allows data to be exchanged between devices that are in close proximity. We formally analyse a hash based NFC mobile coupon protocol using formal methods (Casper/FDR2). We discover a few possible attacks which break the requirements of the protocol. We propose solutions to address these attacks based on two different threat models. In addition, we illustrate the modelling from the perspective of the underlying theory perspective, which is beyond the knowledge required for modelling using CasperFDR tool (black-box approach). Therefore, this paper is a facilitating case study for a “black-box” CasperFDR user to become a more powerful analyser.

Keywords

NFC M-coupon CasperFDR Formal verification Protocol security 

Notes

Acknowledgement

This research was supported by Ministry of Higher Education in Saudi Arabia. We thank the anonymous reviewers for their constructive comments.

References

  1. 1.
    ISO/IEC: Information technology - telecommunications and information exchange between systems - near field communication - interface and protocol (NFCIP-1) (2004)Google Scholar
  2. 2.
    Finkenzeller, K.: RFID Handbuch: Fundamentals and Applications in Contact-less Smart Cards, Radio Frequency Identification and Near-Field Communication, 3rd edn. John Wiley and Sons, Ltd., New York (2010)CrossRefGoogle Scholar
  3. 3.
    Haselsteiner, E., Breitfuß, K.: Security in near field communication (NFC). In: Proceedings of Workshop on RFID and Lightweight Crypto (RFIDSec06) (2006)Google Scholar
  4. 4.
    Mulliner, C.: Vulnerability analysis and attacks on NFC-enabled mobile phones. In: ARES, pp. 695–700 (2009)Google Scholar
  5. 5.
    Juniper Research: Mobile coupons – ecosystem analysis and marketing channel strategy 2011–2016. Technical report, Juniper Research (2011)Google Scholar
  6. 6.
    Clark, S.: Survey: discounts and coupons will drive adoption of mobile payments (2011). http://www.nfcworld.com/2011/06/23/38289/survey-discounts-and-coupons-will-drive-adoption-of-mobile-payments
  7. 7.
    Smart Card Alliance: Proximity mobile payments business scenarios: Research report on stakeholder perspective. Technical report, Smart Card Alliance (2008)Google Scholar
  8. 8.
    Brown, C.: The future is NFC says coupons.com exec (2011). http://www.nfcworld.com/2011/03/10/36399/the-future-is-nfc-says-coupons-com-exec/
  9. 9.
    Wolverton, T.: Disney battles coupon goof (2002). http://news.cnet.com/2100-1017-964831.html
  10. 10.
    Hsiang, H.C., Shih, W.K.: Secure mcoupons scheme using nfc. In: International Conference on Business and Information (2008)Google Scholar
  11. 11.
    Lowe, G.: An attack on the needham-schroeder public-key authentication protocol. Inf. Process. Lett. 56(3), 131–133 (1995)CrossRefzbMATHGoogle Scholar
  12. 12.
    Lowe, G.: Casper: a compiler for the analysis of security protocols. J. Comput. Secur. 6(1–2), 53–84 (1998)Google Scholar
  13. 13.
    Hoare, C.A.R.: Communicating Sequential Processes. Prentice-Hall, Upper Saddle River (1985)zbMATHGoogle Scholar
  14. 14.
    Ryan, P.Y.A., Schneider, S.A., Goldsmith, M., Lowe, G., Roscoe, A.W.: Modelling and Analysis of Security Protocols. Addison-Wesley-Longman, New York (2001)Google Scholar
  15. 15.
    Donovan, B., Norris, P., Lowe, G.: Analyzing a library of security protocols using Casper and FDR. In: Proceedings of the Workshop on Formal Methods and Security Protocols (1999)Google Scholar
  16. 16.
    Dolev, D., Yao, A.: On the security of public-key protocols. IEEE Trans. Inf. Theory 2(29), 198–208 (1983)CrossRefMathSciNetGoogle Scholar
  17. 17.
    Alshehri, A., Schneider, S.: Formally defining NFC M-coupon requirements, with a case study. In: International Conference for Internet Technology and Secured Transactions, ICITST 2013 (2013). doi: 10.1109/ICITST.2013.6750161, http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6750161&tag=1

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  1. 1.Department of ComputingUniversity of SurreyGuildfordUK

Personalised recommendations