Abstract
Near field communication (NFC) is a Radio Frequency (RF) technology that allows data to be exchanged between devices that are in close proximity. We formally analyse a hash based NFC mobile coupon protocol using formal methods (Casper/FDR2). We discover a few possible attacks which break the requirements of the protocol. We propose solutions to address these attacks based on two different threat models. In addition, we illustrate the modelling from the perspective of the underlying theory perspective, which is beyond the knowledge required for modelling using CasperFDR tool (black-box approach). Therefore, this paper is a facilitating case study for a “black-box” CasperFDR user to become a more powerful analyser.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
ISO/IEC: Information technology - telecommunications and information exchange between systems - near field communication - interface and protocol (NFCIP-1) (2004)
Finkenzeller, K.: RFID Handbuch: Fundamentals and Applications in Contact-less Smart Cards, Radio Frequency Identification and Near-Field Communication, 3rd edn. John Wiley and Sons, Ltd., New York (2010)
Haselsteiner, E., Breitfuß, K.: Security in near field communication (NFC). In: Proceedings of Workshop on RFID and Lightweight Crypto (RFIDSec06) (2006)
Mulliner, C.: Vulnerability analysis and attacks on NFC-enabled mobile phones. In: ARES, pp. 695–700 (2009)
Juniper Research: Mobile coupons – ecosystem analysis and marketing channel strategy 2011–2016. Technical report, Juniper Research (2011)
Clark, S.: Survey: discounts and coupons will drive adoption of mobile payments (2011). http://www.nfcworld.com/2011/06/23/38289/survey-discounts-and-coupons-will-drive-adoption-of-mobile-payments
Smart Card Alliance: Proximity mobile payments business scenarios: Research report on stakeholder perspective. Technical report, Smart Card Alliance (2008)
Brown, C.: The future is NFC says coupons.com exec (2011). http://www.nfcworld.com/2011/03/10/36399/the-future-is-nfc-says-coupons-com-exec/
Wolverton, T.: Disney battles coupon goof (2002). http://news.cnet.com/2100-1017-964831.html
Hsiang, H.C., Shih, W.K.: Secure mcoupons scheme using nfc. In: International Conference on Business and Information (2008)
Lowe, G.: An attack on the needham-schroeder public-key authentication protocol. Inf. Process. Lett. 56(3), 131–133 (1995)
Lowe, G.: Casper: a compiler for the analysis of security protocols. J. Comput. Secur. 6(1–2), 53–84 (1998)
Hoare, C.A.R.: Communicating Sequential Processes. Prentice-Hall, Upper Saddle River (1985)
Ryan, P.Y.A., Schneider, S.A., Goldsmith, M., Lowe, G., Roscoe, A.W.: Modelling and Analysis of Security Protocols. Addison-Wesley-Longman, New York (2001)
Donovan, B., Norris, P., Lowe, G.: Analyzing a library of security protocols using Casper and FDR. In: Proceedings of the Workshop on Formal Methods and Security Protocols (1999)
Dolev, D., Yao, A.: On the security of public-key protocols. IEEE Trans. Inf. Theory 2(29), 198–208 (1983)
Alshehri, A., Schneider, S.: Formally defining NFC M-coupon requirements, with a case study. In: International Conference for Internet Technology and Secured Transactions, ICITST 2013 (2013). doi:10.1109/ICITST.2013.6750161, http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6750161&tag=1
Acknowledgement
This research was supported by Ministry of Higher Education in Saudi Arabia. We thank the anonymous reviewers for their constructive comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Alshehri, A., Schneider, S. (2014). Formal Security Analysis and Improvement of a Hash-Based NFC M-Coupon Protocol. In: Francillon, A., Rohatgi, P. (eds) Smart Card Research and Advanced Applications. CARDIS 2013. Lecture Notes in Computer Science(), vol 8419. Springer, Cham. https://doi.org/10.1007/978-3-319-08302-5_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-08302-5_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-08301-8
Online ISBN: 978-3-319-08302-5
eBook Packages: Computer ScienceComputer Science (R0)