A secure end-to-end proximity NFC-based mobile payment protocol

A secure end-to-end proximity NFC-based mobile payment protocol

•We have developed an ECC-based NFC protocol. It is operated in read/write mode used for mobile payments and it is secure against tag cloning and tag impersonation attacks.•The developed model used lightweight cryptography of ECC based NFC for signature generation and verification using Elliptic Cur...

Full description

Saved in:
Bibliographic Details
Published in:Computer standards and interfaces Vol. 66; p. 103348
Main Authors: Bojjagani, Sriramulu, Sastry, V.N.
Format: Journal Article
Language:English
Published: Amsterdam Elsevier B.V 01-10-2019
Elsevier BV
Subjects:
AVISPA
BAN
Communication
Computer simulation
Cryptography
Curves
Customers
ECC
Mobile commerce
Near field communication
NFC
Peer-to-peer (P2P)
Protocol
Protocol (computers)
Proximity
Peer-to-peer (P2P)
AVISPA
NFC
Proximity
ECC
BAN
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:•We have developed an ECC-based NFC protocol. It is operated in read/write mode used for mobile payments and it is secure against tag cloning and tag impersonation attacks.•The developed model used lightweight cryptography of ECC based NFC for signature generation and verification using Elliptic Curve Integrated Encryption Scheme (ECIES).•The proposed protocol verified and validated with Burrows-Abadi-Needham (BAN) logic. We have simulated our proposed protocol with Automated Validation of Internet Security Protocols and Applications (AVISPA) tool and results of backends are shown in safe.•The proposed protocol verified and validated with advanced tools of Scyther and Tamarin and the results of our proposed protocol are free from attacks, and security goals are reached. Near Field Communication (NFC) is one of the fast-growing technologies related to proximity-based mobile payments. In this paper, a secure NFC-enabled payment model that can be used for peer-to-peer (P2P) payments and payer-to-merchant (P2M) payments is presented. This payment model uses elliptic curve cryptography (ECC) to encrypt customer data. The proposed protocol provides end-to-end secure communication between customer and merchant through the bank using a reader and writer application. In our proposed model, the primary objective is that the users enter the customer PIN and the amount in their own NFC devices and it is the responsibility of the acquiring bank to rechecked and validated the amount of the transaction on the merchant’s device. The proposed model is convenient to use as the customers simply need to enter information on their NFC phones and tap it onto the merchant’s NFC device. Further, the proposed approach is verified for its security features and validated for its correctness using formal methods of the theoretically proving by Burrows–Abadi–Needham (BAN) logic, and simulation by using automated validation of Internet security protocols (AVISPA), Scyther and Tamarin. Moreover, the proposed protocol provides more security attributes and incurs fewer communication costs and low computational overhead compared to existing NFC payment protocols used for real-world applications.
ISSN:0920-5489
1872-7018
DOI:10.1016/j.csi.2019.04.007