Secure Transaction Authentication Protocol

详细信息    查看全文

• 关键词：Near field communication ; Mobile transaction ; Secure protocol
• 刊名：Lecture Notes in Computer Science
• 出版年：2016
• 出版时间：2016
• 年：2016
• 卷：10006
• 期：1
• 页码：261-273
• 全文大小：1,982 KB
• 参考文献：1.Chen, W., Hancke, G.P., Mayes, K.E., Lien, Y., Chiu, J.H.: NFC mobile transactions and authentication based on GSM network. In: 2nd International Workshop on Near Field Communication, pp. 83–89. IEEE press (2010)
  2.Mulliner, C.: Vulnerability analysis and attacks on NFC-enabled mobile phones. In: International Conference on Availability, Reliability and Security, pp. 695–700. IEEE press (2009)
  3.Saeed, M.Q., Walter, C.D.: A record composition/decomposition attack on the NDEF signature record type definition. In: 6th International Conference for Internet Technology and Secured Transactions, pp. 283–287. IEEE press (2011)
  4.Zhang, Q.: Mobile payment in mobile e-commerce. In: 7th World Congress on Intelligent Control and Automation, pp. 6650–6654. IEEE press (2008)
  5.Alpár, G., Batina, L., Verdult, R.: Using NFC phones for proving credentials. In: Schmitt, J.B. (ed.) MMB & DFT 201. LNCS, vol. 7201, pp. 317–330. Springer, Heidelberg (2012)CrossRef
  6.Murdoch, S.J., Drimer, S., Anderson, R., Bond, M.: Chip and PIN is broken. In: IEEE Symposium on Security and Privacy, pp. 433–446. IEEE press (2010)
  7.Kamau, M.: Orange money triples its customer numbers in Africa. http://​www.​standardmedia.​co.​ke/​?​id=​2000047310&​catid_​=​14&​a=​1.​&​articleID=​2000047310
  8.Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000). doi:10.​1007/​3-540-44448-3_​41 CrossRef
  
• 作者单位：Pardis Pourghomi (15)
  Muhammad Qasim Saeed (16)
  Pierre E. Abi-Char (15)
  
  15. College of Engineering and Technology, The American University of the Middle East, P.O. Box: 220, Dasman, 15453, Kuwait
  16. Information Security Group, Royal Holloway University of London, Egham, UK
  
• 丛书名：Innovative Security Solutions for Information Technology and Communications
• ISBN：978-3-319-47238-6
• 刊物类别：Computer Science
• 刊物主题：Artificial Intelligence and Robotics
  Computer Communication Networks
  Software Engineering
  Data Encryption
  Database Management
  Computation by Abstract Devices
  Algorithm Analysis and Problem Complexity
  
• 出版者：Springer Berlin / Heidelberg
• ISSN：1611-3349
• 卷排序：10006

文摘

A protocol for NFC mobile authentication and transaction is proposed by W. Chen et al. This protocol is used for micropayments, where the Mobile Network Operator pays for its customers. The main advantage of this protocol is its compatibility with the existing GSM network. This paper analyses this protocol from security point of view; as this protocol is used for monetary transactions, it should be as secure as possible. This paper highlights a few security related issues in this protocol. The most serious of all is the authentication of a false Point of Sale terminal by simply replaying the old message. The user interaction with the system also needs improvement. At the end of this paper, we have addressed all the vulnerabilities and proposed an improved version of the existing protocol that caters for such weaknesses. We also added an additional layer of security by ‘PIN’ authentication in Chen’s Protocol.