Security Protocol for NFC Enabled Mobile Devices Used in Financial Applications
The fostering of NFC in everyday tasks and with growth in applications involving contactless transactions based on NFC, there is a requirement from users and industry to address the security issues affecting mobile payments. The current NFC security standards are inadequate to address most of the security concerns such as privacy infringements, unauthorized access to financial data, theft of mobile data exchanged between terminal and mobile device. In this paper, we designed a NFC based security protocol for financial applications, which addresses security requirements holistically and provides local and remote mutual authentication, confidentiality, integrity and non-repudiation. After designing, we verified our protocol using Scyther and established that it protects against spoofing attack, man-in-the-middle attack, replay and skimming attacks. It ensures the secrecy of transaction data, privacy of the users and also ensures that only authenticated and authorized NFC device holder and PoS terminals are securely exchanging financial data to perform the transaction. Furthermore, we developed a prototype system using java technology to show that the solution is practical and works according to our verified and designed specification.
Wikipedia, “ http://en.wikipedia.org/wiki/Google_Wallet,” 2014.
H. Eun, et al., “Conditional privacy preserving security protocol for NFC applications,” IEEE Transactions on Consumer Electronics, vol. 59, no. 1, 2013, pp. 153-160.
S.C. Alliance, “The mobile payments and NFC landscape: A US perspective,” Smart Card Alliance, 2011, pp. 1-53.
Globalplatform, “http://www.globalplatform.org/mediaguideSE.asp.,” 2014.
O. Ghag and S. Hegde, “A comprehensive study of google wallet as an NFC application,” International Journal of Computer Applications, vol. 58, no. 16, 2012.
C. Li, et al., “A trusted virtual machine in an untrusted management environment,” IEEE Transactions on services computing, vol. 5, no. 4, 2012, pp. 472-483.
E. Husni, et al., “Efficient tag-to-tag Near Field Communication (NFC) protocol for secure mobile payment,” Proc. Instrumentation, Communications, Information Technology, and Biomedical Engineering (ICICI-BME), 2011 2nd International Conference on, IEEE, 2011, pp. 97-101.
U.B. Ceipidor, et al., “KerNeeS: A protocol for mutual authentication between NFC phones and POS terminals for secure payment transactions,” Proc. Information Security and Cryptology (ISCISC), 2012 9th International ISC Conference on, IEEE, 2012, pp. 115-120.
T. Ali and M.A. Awal, “Secure mobile communication in m-payment system using NFC technology,” Proc. Informatics, Electronics & Vision (ICIEV), 2012 International Conference on, IEEE, 2012, pp. 133-136.
C. Markantonakis and K. Rantos, “On the life cycle of the certification authority key pair in EMV’96,” Proceedings of Euromedia’99, 1999, pp. 125-130.
S.C. Alliance, “Card Payments Roadmap in the United States: How Will EMV Impact the Future Payments Infrastructure?,” Book Card Payments Roadmap in the United States: How Will EMV Impact the Future Payments Infrastructure?, Series Card Payments Roadmap in the United States: How Will EMV Impact the Future Payments Infrastructure? , ed., Editor ed.^eds., September, 2012, pp.
L. Mainetti, et al., “IDA-Pay: an innovative micro-payment system based on NFC technology for Android mobile devices,” Proc. Software, Telecommunications and Computer Networks (SoftCOM), 2012 20th International Conference on, IEEE, 2012, pp. 1-6.
P. Urien and S. Piramuthu, “LLCPS and SISO: A TLS-based framework with RFID for NFC P2P retail transaction processing,” Proc. RFID (RFID), 2013 IEEE International Conference on, IEEE, 2013, pp. 152-159.
N. Forum, “ http://members.nfc-forum.org/specs/spec_list/,” 2014.
B. Cha and J. Kim, “Design of NFC Based Micro-payment to Support MD Authentication and Privacy for Trade Safety in NFC Applications,” Proc. Complex, Intelligent, and Software Intensive Systems (CISIS), 2013 Seventh International Conference on, IEEE, 2013, pp. 710-713.
M. Pasquet, et al., “Secure payment with NFC mobile phone in the SmartTouch project,” Proc. Collaborative Technologies and Systems, 2008. CTS 2008. International Symposium on, IEEE, 2008, pp. 121-126.
S. tool, “www.cs.ox.ac.uk/people/cas.cremers/scyther/,” 2014.