Formal Security Analysis and Improvement of a Hash-Based NFC M-Coupon Protocol

Alshehri, Ali; Schneider, Steve

doi:10.1007/978-3-319-08302-5_11

Ali Alshehri¹⁷ &
Steve Schneider¹⁷

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8419))

Included in the following conference series:

International Conference on Smart Card Research and Advanced Applications

969 Accesses
1 Citations

Abstract

Near field communication (NFC) is a Radio Frequency (RF) technology that allows data to be exchanged between devices that are in close proximity. We formally analyse a hash based NFC mobile coupon protocol using formal methods (Casper/FDR2). We discover a few possible attacks which break the requirements of the protocol. We propose solutions to address these attacks based on two different threat models. In addition, we illustrate the modelling from the perspective of the underlying theory perspective, which is beyond the knowledge required for modelling using CasperFDR tool (black-box approach). Therefore, this paper is a facilitating case study for a “black-box” CasperFDR user to become a more powerful analyser.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

ISO/IEC: Information technology - telecommunications and information exchange between systems - near field communication - interface and protocol (NFCIP-1) (2004)
Google Scholar
Finkenzeller, K.: RFID Handbuch: Fundamentals and Applications in Contact-less Smart Cards, Radio Frequency Identification and Near-Field Communication, 3rd edn. John Wiley and Sons, Ltd., New York (2010)
Book Google Scholar
Haselsteiner, E., Breitfuß, K.: Security in near field communication (NFC). In: Proceedings of Workshop on RFID and Lightweight Crypto (RFIDSec06) (2006)
Google Scholar
Mulliner, C.: Vulnerability analysis and attacks on NFC-enabled mobile phones. In: ARES, pp. 695–700 (2009)
Google Scholar
Juniper Research: Mobile coupons – ecosystem analysis and marketing channel strategy 2011–2016. Technical report, Juniper Research (2011)
Google Scholar
Clark, S.: Survey: discounts and coupons will drive adoption of mobile payments (2011). http://www.nfcworld.com/2011/06/23/38289/survey-discounts-and-coupons-will-drive-adoption-of-mobile-payments
Smart Card Alliance: Proximity mobile payments business scenarios: Research report on stakeholder perspective. Technical report, Smart Card Alliance (2008)
Google Scholar
Brown, C.: The future is NFC says coupons.com exec (2011). http://www.nfcworld.com/2011/03/10/36399/the-future-is-nfc-says-coupons-com-exec/
Wolverton, T.: Disney battles coupon goof (2002). http://news.cnet.com/2100-1017-964831.html
Hsiang, H.C., Shih, W.K.: Secure mcoupons scheme using nfc. In: International Conference on Business and Information (2008)
Google Scholar
Lowe, G.: An attack on the needham-schroeder public-key authentication protocol. Inf. Process. Lett. 56(3), 131–133 (1995)
Article MATH Google Scholar
Lowe, G.: Casper: a compiler for the analysis of security protocols. J. Comput. Secur. 6(1–2), 53–84 (1998)
Google Scholar
Hoare, C.A.R.: Communicating Sequential Processes. Prentice-Hall, Upper Saddle River (1985)
MATH Google Scholar
Ryan, P.Y.A., Schneider, S.A., Goldsmith, M., Lowe, G., Roscoe, A.W.: Modelling and Analysis of Security Protocols. Addison-Wesley-Longman, New York (2001)
Google Scholar
Donovan, B., Norris, P., Lowe, G.: Analyzing a library of security protocols using Casper and FDR. In: Proceedings of the Workshop on Formal Methods and Security Protocols (1999)
Google Scholar
Dolev, D., Yao, A.: On the security of public-key protocols. IEEE Trans. Inf. Theory 2(29), 198–208 (1983)
Article MathSciNet Google Scholar
Alshehri, A., Schneider, S.: Formally defining NFC M-coupon requirements, with a case study. In: International Conference for Internet Technology and Secured Transactions, ICITST 2013 (2013). doi:10.1109/ICITST.2013.6750161, http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6750161&tag=1

Download references

Acknowledgement

This research was supported by Ministry of Higher Education in Saudi Arabia. We thank the anonymous reviewers for their constructive comments.

Author information

Authors and Affiliations

Department of Computing, University of Surrey, Guildford, GU2 7XH, UK
Ali Alshehri & Steve Schneider

Authors

Ali Alshehri
View author publications
You can also search for this author in PubMed Google Scholar
Steve Schneider
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ali Alshehri .

Editor information

Editors and Affiliations

EURECOM, Biot, France
Aurélien Francillon
Cryptography Research Inc., San Francisco, California, USA
Pankaj Rohatgi

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Alshehri, A., Schneider, S. (2014). Formal Security Analysis and Improvement of a Hash-Based NFC M-Coupon Protocol. In: Francillon, A., Rohatgi, P. (eds) Smart Card Research and Advanced Applications. CARDIS 2013. Lecture Notes in Computer Science(), vol 8419. Springer, Cham. https://doi.org/10.1007/978-3-319-08302-5_11

Download citation

DOI: https://doi.org/10.1007/978-3-319-08302-5_11
Published: 26 June 2014
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-08301-8
Online ISBN: 978-3-319-08302-5
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics