Improvements to NFC Mobile Transaction and Authentication Protocol

A protocol for NFC mobile authentication and transaction is recently proposed by W. Chen et al. This protocol is used for micropayments, where the Mobile Network Operator (MNO) pays for its customers. The main advantage of this protocol is its compatibility with the existing GSM network. This paper suggests some improvements in this protocol from security point of view. As this protocol is used for monetary transactions, it should be as secure as possible. This paper presents an improved version of the existing protocol with a detailed analysis at the end. The user interaction with the system is improved making it more user friendly. An additional layer of security has been added by introducing PIN authentication by the user. Mutual authentication is improved by adding freshness by the mobile device in order to resist replay attack. We also add digital signatures with the transaction messages for data integrity and non-repudiation.

[1]  Lejla Batina,et al.  Using NFC Phones for Proving Credentials , 2012, MMB/DFT.

[2]  J.-H. Chiu,et al.  NFC Mobile Transactions and Authentication Based on GSM Network , 2010, 2010 Second International Workshop on Near Field Communication.

[3]  Qinghua Zhang Mobile payment in mobile e-commerce , 2008, 2008 7th World Congress on Intelligent Control and Automation.

[4]  Collin Mulliner,et al.  Vulnerability Analysis and Attacks on NFC-Enabled Mobile Phones , 2009, 2009 International Conference on Availability, Reliability and Security.

[5]  Chanathip Namprempre,et al.  Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm , 2000, Journal of Cryptology.

[6]  Tecnologia Subscriber Identity Module , 2011, Encyclopedia of Cryptography and Security.

[7]  Colin D. Walter,et al.  A Record Composition/Decomposition attack on the NDEF Signature Record Type Definition , 2011, 2011 International Conference for Internet Technology and Secured Transactions.