Abstract
A protocol for NFC mobile authentication and transaction is proposed by W. Chen et al. This protocol is used for micropayments, where the Mobile Network Operator pays for its customers. The main advantage of this protocol is its compatibility with the existing GSM network. This paper analyses this protocol from security point of view; as this protocol is used for monetary transactions, it should be as secure as possible. This paper highlights a few security related issues in this protocol. The most serious of all is the authentication of a false Point of Sale terminal by simply replaying the old message. The user interaction with the system also needs improvement. At the end of this paper, we have addressed all the vulnerabilities and proposed an improved version of the existing protocol that caters for such weaknesses. We also added an additional layer of security by ‘PIN’ authentication in Chen’s Protocol.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Chen, W., Hancke, G.P., Mayes, K.E., Lien, Y., Chiu, J.H.: NFC mobile transactions and authentication based on GSM network. In: 2nd International Workshop on Near Field Communication, pp. 83–89. IEEE press (2010)
Mulliner, C.: Vulnerability analysis and attacks on NFC-enabled mobile phones. In: International Conference on Availability, Reliability and Security, pp. 695–700. IEEE press (2009)
Saeed, M.Q., Walter, C.D.: A record composition/decomposition attack on the NDEF signature record type definition. In: 6th International Conference for Internet Technology and Secured Transactions, pp. 283–287. IEEE press (2011)
Zhang, Q.: Mobile payment in mobile e-commerce. In: 7th World Congress on Intelligent Control and Automation, pp. 6650–6654. IEEE press (2008)
Alpár, G., Batina, L., Verdult, R.: Using NFC phones for proving credentials. In: Schmitt, J.B. (ed.) MMB & DFT 201. LNCS, vol. 7201, pp. 317–330. Springer, Heidelberg (2012)
Murdoch, S.J., Drimer, S., Anderson, R., Bond, M.: Chip and PIN is broken. In: IEEE Symposium on Security and Privacy, pp. 433–446. IEEE press (2010)
Kamau, M.: Orange money triples its customer numbers in Africa. http://www.standardmedia.co.ke/?id=2000047310&catid_=14&a=1.&articleID=2000047310
Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000). doi:10.1007/3-540-44448-3_41
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Pourghomi, P., Saeed, M.Q., Abi-Char, P.E. (2016). Secure Transaction Authentication Protocol. In: Bica, I., Reyhanitabar, R. (eds) Innovative Security Solutions for Information Technology and Communications. SECITC 2016. Lecture Notes in Computer Science(), vol 10006. Springer, Cham. https://doi.org/10.1007/978-3-319-47238-6_19
Download citation
DOI: https://doi.org/10.1007/978-3-319-47238-6_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-47237-9
Online ISBN: 978-3-319-47238-6
eBook Packages: Computer ScienceComputer Science (R0)