See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/322307090

Secure Authentication Protocol for NFC Mobile Payment Systems

Article · August 2017

CITATIONS READS
18 1,744

1 author:

Shadi Nashwan
Middle East University
40 PUBLICATIONS 416 CITATIONS

SEE PROFILE

All content following this page was uploaded by Shadi Nashwan on 09 January 2018.

The user has requested enhancement of the downloaded file.

256 IJCSNS International Journal of Computer Science and Network Security, VOL.17 No.8, August 2017

Secure Authentication Protocol for NFC Mobile Payment

Systems
Shadi Nashwan

Aljouf University, Computer Science and Information Department, SAKAK 42421, Saudi Arabia

Summary (POS)) must be less than 10 cm; (2) the frequency band is
Near Field Communication (NFC) is an attractive technology 13.56 MHz; (3) the speed range from 106 Kbps up to 424
which is used in several countries for contactless payment Kbps.
operations via mobiles. This technology is suffered from
increasing the security weaknesses. In the NFC mobile payment
systems, the payment operations are vulnerable to various attacks.
Therefore, the authentication protocol in the NFC technology has
the highest priority to develop such systems. This paper proposes
a new secure authentication protocol to provide strong security
features for the NFC mobile payment systems, called (SAP-NFC)
protocol. Compared with the recent NFC mobile payment
authentication protocols, the security analysis has illustrated that
the proposed SAP-NFC protocol can achieve highest level of
security by supporting the fully mutual authentication, the key
forward/backward secrecy, anonymity and untraceability features.
In addition to, the SAP-NFC protocol is secure against replay
attack, impersonate attack, tracking attack and desynchronization
attack.
Key words:
NFC, PSP, POS, TTP, RFID.
Fig. 1. The NFC mobile payment entities.

1. Introduction Fig.1 shows the main entities of the NFC mobile payment
systems that can be summarized as the following: (1) the
Mobile payment systems are becoming a key tool for Authentication Center (AuC) that contains the security
payment serving providers (PSPs) [4]. In growing information of all NFC mobiles and NFC POSs in the
countries, the mobile payment systems have been used as a system; (2) the mobile that is integrated with the NFC
means of expanding the marketing services to their local technology; (3) the POS that also must be integrated with
communities, which is estimated to be more than half of the NFC technology.
the world population [2], [3]. The investment on mobile
payment systems can grow up to 22.2% during the next In order to establish a secure communication due to no
year across the world, that will increase the revenue share credibility between the NFC devices, both of the NFC
of mobile money up to 9% in 2018 [4]. mobile and NFC POS have to register in the AuC as
trusted third party (TTP) using secure communication
The NFC technology is one of the most attractive channels [18], [25], and [27]. In general, to execute the
technology that is used in a wide range of mobile payment payment transactions, the NFC mobile payment system
systems to deliver the payment services for customers via executes the following steps [22], [23], and [24]: (1) the
their mobiles [2]. In these systems, the NFC mobile is NFC mobile user puts his/her phone near the NFC POS to
served as identification device or as a credit card [9], [10]. send the transaction request message; (2) the NFC POS
forwards the received request message to the AuC; (3) the
The NFC technology is a wireless communication
AuC verifies the NFC devices and sends the transaction
technology that has been developed from Radio Frequency
response message back to the NFC POS; (4) upon
Identification (RFID) technology [12], [15], and [16]. The
receiving the transaction response message, the NFC POS
NFC technology has the following attributes [17], [19],
authenticates NFC mobile, then NFC POS forwards the
and [26]: (1) the distance between communication NFC
response message to the NFC mobile; (6) the latter
devices (i.e., the NFC mobile and NFC Point of Sale

Manuscript received August 5, 2017

Manuscript revised August 20, 2017
IJCSNS International Journal of Computer Science and Network Security, VOL.17 No.8, August 2017 257

authenticates the NFC POS and executes the payment operations base on symmetric techniques six times; (2)
transaction with the NFC POS. performs the hash function nine times; (3) exchanges eight
authentication messages between the authentication entities.
The communication channels between the NFC devices in However, the proposed protocol includes a set of
NFC mobile payment systems are susceptible to numerous drawbacks: (1) the mutual authentication is satisfied
attacks such as; replay attack, impersonate attack, tracking partially; (2) the key forward/backward secrecy is not
attack and desynchronize attack [1], [8], and [11] . In this satisfied; (3) cannot achieve the NFC mobile anonymity
situation, the authentication service is considered an aspect; (4) connote defeat the tracking attack; (5) cannot
essential component to develop secure mobile payment defeat the desynchronization attack; (6) is not efficient in
protocol. In order to achieve high level of security, there term of the amounts of data that are transmitted among the
have been many research works on authentication NFC devices.
protocols for NFC mobile payment systems [5], [6], [14]
[20], and [21]. This paper proposes a secure authentication In 2017, Tung and Juang [28] design a secure and efficient
protocol for NFC mobile payment systems to defeat the mutual authentication scheme for NFC mobile Devices.
security threats during the transactions of payment, called The proposed scheme includes two phase: (1) the
SAP-NFC protocol. The proposed protocol can overcome registration phase that is performed between NFC mobile
the existing attacks; such as replay attack, impersonate and the authentication server; (2) the authentication phase
attack, tracking attack and desynchronize attack. that is performed between the NFC1, POS and
Furthermore, the SAP-protocol can achieve a set of authentication sever. In this protocol, the authentication
attractive security features such as fully mutual entities perform a set of authentication operations: (1)
authentication feature, the key forward/backward secrecy execute the hash function nine times; (2) exchange seven
feature, anonymity feature and untraceability features. authentication messages; (3) However, the proposed
protocol is lacked for some security aspects, which are
This paper is organized as follows: Section 2 introduces important for NFC mobile authentication protocols: (1) the
the related works. The SAP-NFC protocol is introduced in mutual authentication is satisfied partially; (2) the key
section 3 .The security analysis of the proposed protocols forward/backward secrecy is not satisfied; (3) cannot
are discussed in section 4. Finally, this paper will be achieve the NFC mobile anonymity and untraceability
concluded in section 5. aspects; (4) cannot prevent the tracking attack; (5) the
amounts of data that are transmitted among the NFC
devices relatively is not efficient.
2. Related Work
Recently, a lot of research works on the authentication
3. Proposed Work (SAP-NFC protocol)
protocol for NFC mobile payment systems have been
conducted. It is reasonable to suggest that majority This section demonstrates the assumptions, design
solutions to defeat security drawbacks of the NFC mobile requirements and the notation of the SAP-NFC protocol,
payment systems in the reported investigation are based on respectively. In addition to, the SAP-NFC protocol
asymmetric techniques [12], [13], [15], [20], and [21]. Due description during the registration phase and authentication
to the limited resources of NFC devices and the amount of phase is discussed, respectively.
data that can be transferred by NFC technology, the author
believes that symmetric techniques are more efficient to
solve these problems. Therefore, this section introduces the 3.1 Assumptions
summary about the recent protocols that are based on the
symmetric technique to solve such issue. The SAP-NFC protocol is performed based on a set of
assumptions: (1) the structure of SAP-NFC protocol
In 2015, Thammarat et al. [7] introduce a secure consists of two NFC devices and AuC as TTP to perform
lightweight protocol for NFC communications with mutual the registration and Identification processes during the
authentication based on limited-use of session key. The authentication session; (2) the NFC devices can register in
proposed protocol contains two main sub-parts: (1) the the AuC using secure communication channels during the
NFCAuthv1 is performed between the NFC device and registration phase; (3) the communication channels
authentication server; (2) the NFCAuthv2 is performed between the authentication entities during the
between the NFC device, POS, and authentication server. authentication phase are susceptible to various attacks; (4)
Moreover, the introduced protocol contains a set of the AuC can verify the identities of an NFC device by a set
authentication operations that can be summarized as the of the authentication messages; (5) the authentication
following: (1) executes the encryption/decryption
258 IJCSNS International Journal of Computer Science and Network Security, VOL.17 No.8, August 2017

parameters that are stored in the authentication entities can 3.4 Registration Phase
be accessed and updated using a secure access control
method; (6) the NFC mobile cannot perform any payment In the registration phase, each NFC device must sign itself
operations outside the range of NFC POS; (7) each NFC into the AuC as shown fig. 2. The communication channels
device has its own session key. are secured between the NFC devices and AuC during the
registration phase. The detail of the registration phase is
summarized as follows: (1) the NFC device sends the
3.2 Design Requirements registration request message which contains the NFC
device identity (IDNj) and the random number (Rj) that is
In order to resist the existing attacks: (1) the NFC devices
generated by the NFC device; (2) upon receiving the
can produce pseudo random numbers; (2) both of the AuC
registration request message, the AuC generates the initial
and NFC devices can update their secret key; (3) the AuC
secret key (Kj) of the NFC device using the KDF; (3) the
can save the new and old secret keys of the NFC devices in
AuC sends the confirmation message to the NFC device;
database; (4) the mutual authentication must be achieved
(4) when the confirmation message is received, the NFC
between all authentication entities; (4) the hash function is
device performs the KDF function to derive the Kj.
used to conceal the NFC devices identities; (5) the Key
derivation function (KDF) is used by the authentication
entities to derive a new session secret key.

3.3 Notation

Table 1: SAP-NFC Protocol notation.

Notation Description
IDNj NFC device with identity j
Kj initial secret key of NFC device j
KPnew New secret key of the NFC POS that is stored in AuC
KPold Old secret key of the NFC POS that is stored in AuC
KMnew New secret key of the mobile that is stored in AuC
KMold Old secret key of the mobile that is stored in AuC
KM Secret key of NFC mobile
KP Secret key of NFC POS
IDP Identity of NFC POS Fig. 2. The registration phase in SAP-NFC protocol
IDM Identity of NFC mobile
Rj Random number that is generated by NFC device j
HIDP Hash value that is generated by the NFC POS
R1,R3 Random numbers that are generated by NFC POS 3.5 Authentication Phase
HIDM Hash value that is generated by the NFC mobile
R2 Random number that is generated by the NFC mobile
M1 Hash value that is generated by the NFC mobile
XM7 Expected Hash value that is generated by the mobile
M2 Validation message that is generated by NFC mobile
M3 Hash value that is generated by the NFC POS
XM5 Expected Hash value that is generated by the POS
M4,M7 Validation message that is generated by NFC POS
M5,M6 Hash values that are generated by the AuC
XM1,XM3 Expected Hash values that are generated by the AuC
E( ) Encryption function
D( ) Decryption function
IDMX Encryption value of NFC mobile identity
IDPX Encryption value of NFC mobile identity
KDF Derivation function
H Hash function
X⊕Y X value is Xored with the Y value
X← Y X value is updated to the Y value
j Authentication session number
F1,F2 Flag values
Fig. 3. The authentication phase in SAP-NFC protocol
IJCSNS International Journal of Computer Science and Network Security, VOL.17 No.8, August 2017 259

Initially, the authentication entities have the following the flag value (F2) sets 1 and the KPnew is retrieved, else
data: (1) each NFC mobile includes the mobile identity if the IDP in the IDPold list then F2 sets 0 and KPold is
(IDM) and secret key (KM); (2) each NFC POS includes retrieved. In case there is no match value, the AuC
the POS identity (IDP) and its secret key (KR); (3) the terminates the session; (5) extracts the R3 as R3 =
AuC contains the secret data of all NFC devises in the IDP ⊕ M4; (6) computes expected hash value XM3 as
system such as the IDM and IDP. To manage the updating XM3 = (KPnew/KPnew || R1 || R3), in case the computed
process of the secret keys for all NFC devices in each XM3 value is not equal to M3 value that has been received,
authentication session (j), the AuC also contains the old the AuC terminates the session, else the NFC POS is
and new secret keys of NFC devices such (KPold, KPnew, verified.
KMold, KMnew). Through steps 3 and 6, both of the NFC mobile and NFC
Fig. 3 illustrates the steps of the authentication phase in the POS are authenticated by the AuC. In order to prepare the
SAP-NFC protocol. In order to start the payment authentication response message, the AuC performs the
transaction, the NFC POS sends the authentication request following steps: (7) computes the hash value (M5) as M5 =
message for NFC mobile. This message contains the H (R1 || R3 || IDM); (8) encrypts the IDM as IDMX
random number (R1) that has been generated by the NFC E(IDM)KPold/KPnew; (9) computes the hash value (M6)
POS. as M6 = H (R1 || R2 || IDP); (10) encrypts the IDP as IDPX
Upon receiving the authentication request message from = E(IDP)KMold/KMnew; (11) sends the authentication
the NFC POS, the NFC mobile performs the following response message which includes M5, M6, IDPX and
steps to identify itself to the AuC: (1) generates the random IDMX back to the NFC POS; (12) if F1 = 1, the AuC
number (R2); (2) calculates the hash value (HIDM) as updates the NFC mobile identity and their secret key as
HIDM = H (IDM || R1); (3) computes the hash value (M1) IDMnewj+1←H (IDMnewj || R2), IDMoldj+1← IDMnewj
as M1 = H (KM || R1 || R2); (4) computes the validation and KMnewj+1←KDF (KMj, R2), KMoldj+1 ← KMj,
message (M2) as M2 = IDM ⊕ R2; (5) sends the respectively; (13) if F2 = 1, the AuC updates the NFC POS
authentication challenge message back to the NFC POS identity and the secret key as IDPnewj+1←H (IDPj || R3),
which contains HIDM, M1 and M2. IDPoldj+1←IDPj and KPnewj+1←KDF (KPj,R3),
When the authentication challenge message is received, the KPoldj+1←KPj, respectively.
NFC POS performs the following steps to identify itself to When the NFC POS receives the authentication response
the AuC: (1) generates the random number (R3); (2) message, the NFC POS performs the following steps: (1)
calculates the hash value (HIDP) as HIDP = H (IDP || R1); decrypts IDMX as IDM = D (IDMX) KP; (2) computes
(3) computes the hash value (M3) as M3 = H (KP || R1 || the expected hash value (XM5) as XM5 = H (R1 || R3 ||
R3); (4) computes the validation message (M4) as M4 = IDM) to verify the AuC and NFC mobile. In case both
IDP ⊕ R3; (5) forwards the authentication challenge values, i.e., XM5 and M5 values are not equal then the
message back to the AuC which contains R1, HIDM, NFC POS terminates the authentication session else; (3)
HIDP, M1, M2, M3 and M4. computes the validation message (M7) as M7 = M6 ⊕ IDP;
Upon receiving the authentication challenge message from (4) forwards the authentication response message which
the NFC POS, the AuC computes the following steps to contains the M7 value and IDPX to the NFC mobile; (5)
verify NFC mobile: (1) for all the stored IDMs either in the updates both of the NFC POS identity and the secret key as
IDMnew or IDMold lists, the AuC computes H IDP←H (IDP || R3) and KP←KDF (KP, R3), respectively.
(IDMnew/IDMold || R1) until it finds a match value with Upon receiving the authentication response message, the
the received value of HIDM, if the IDM in the IDMnew NFC Mobile performs the following steps: (1) decrypts
list then the flag value (F1) sets 1 and the KMnew is IDPX as IDP = D (IDPX) KM; (2) computes the expected
retrieved, else if the IDM in the IDMold list then F1 sets 0 hash value (XM7) as XM7 = (H (R1 || R2 || IDP) ⊕ IDP) to
and KMold is retrieved. In case there is no match value, authenticate both of the NFC POS and AuC. In case both
the AuC terminates the session; (2) extracts the R2 as R2 = values, i.e., XM7 and M7 are not equal then the NFC
IDM ⊕ M2; (3) computes expected hash value XM1 as terminates the authentication session else; (3) updates both
XM1 = (KMnew/KMnew || R1 || R2), in case the computed of NFC mobile identity and the secret key as IDM←H
XM1 value is not equal to M1 value that has been received, (IDM || R2) and KM←KDF (KM, R2), respectively.
the AuC terminates the session, else the NFC mobile is
verified.
In the same context, the AuC computes the following steps 4. Security Analysis
to verify the NFC POS: (4) for all the stored IDPs either in
the IDPnew or IDPold lists, the AuC computes H In this section, the security analysis is conducted to
(IDPnew/IDPold || R1) until it finds a match value with the demonstrate that the SAP-NFC protocol can support
received value of HIDP, if the IDP in the IDPnew list then attractive security features with high security level during
260 IJCSNS International Journal of Computer Science and Network Security, VOL.17 No.8, August 2017

the mobile payment transactions. Moreover, this section generated by the NFC POS. In addition to, the KM and KP
illustrates how the SAP-NFC protocol can resist the are updated after each successful authentication session by
existing attacks. The security achievements of the SAP- the AuC and NFC devices using the KDF function.
NFC protocol have been compared with the security Therefore, if the validation messages and hash values are
achievements of the recent NFC mobile payment compromised by the attacker, the latter cannot guess the
authentication protocols in [7], [28]. session keys. In other words, deducing the session keys is
difficult problem computationally.
4.1 Mutual authentication 4.3 Anonymity and Untraceability
The SAP-NFC protocol supposes that all the The SAP-NFC protocol protects the IDM and IDP within
communication channels between the authentication the challenge and response messages either by the hash or
entities are susceptible to attack during the authentication encryption functions. Moreover, NFC devices identities are
phase. Therefore, the SAP-NFC protocol deploys a set of updated after each successful authentication session using
hash values and validation messages to achieve the mutual the hash function with fresh random numbers that are
authentication between all authentication entities. In order generated during the authentication phase. Thus, the SAP-
to authenticate the NFC mobile, the AuC checks whether NFC protocol can support anonymity and untraceability
the IDM in the NFC mobile identity Lists (i.e., IDMold features, only a legitimate AuC that has information related
and IDMnew Lists) or not. After that, the AuC verifies to the NFC devices can determine the identity and the
whether XM1 value is equal to the M1 value or not. location of the NFC devices during the payment
Subsequently, if the IDM is not in the IDM lists or XM1 is transactions.
not the same as M1, the NFC mobile will be considered is
not legitimate then the AuC terminates the authentication 4.4 Resistance to attacks
session.
The same process is performed by the AuC to authenticate Assume that the adversary can eavesdrop and obtain the
the NFC POS, the AuC checks whether the IDP in the authentication messages that are exchanged between the
NFC POS identity Lists (i.e., IDPold and IDPnew Lists) or NFC payment system entities. In the same time, assume the
not. After that, the AuC verifies whether XM3 value is adversary can reuse and retransmit these messages to
equal to the M3 value or not. Subsequently, if the IDP is impersonate the authentication entities.
not in the IDP lists or XM3 is not the same as M3, the In contrast, the SAP-NFC protocol provides many security
NFC POS will be considered is not legitimate then the features that can be summarized as the following: (1) all
AuC terminates the authentication session. authentication parameters are protected by hash functions;
The NFC POS verifies whether the XM5 value is equal to (2) an adversary cannot obtain the session keys or any
the M5 value or not. If XM5 is not the same as M5, the authentication parameters that are transmitted between the
AuC will be considered is not legitimate TTP then, the authentication entities; (3) both of IDM and IDP are
NFC POS terminates the authentication session. In the updated after each successful authentication session by the
same manner, the NFC mobile verifies whether the M7 AuC and the NFC devices; (4) the NFC devices identities
value is equal to the M7 value or not. If XM7 is not the (i.e., IDP and IDM) are concealed during the
same as M7, the AuC will be considered is not legitimate authentication phase; (5) the secret session keys (i.e., KP
TTP, then the NFC mobile terminates the authentication and KM) are renewed after each successful authentication;
session. Whereas both of NFC devices authenticates each (6) if the authentication session is not successful, the
other indirectly through the IDPX and IDMX. Therefore, existing identities and session keys of the NFC devices will
the SAP-NFC protocol can support fully mutual be used for next authentication session with fresh
authenticate feature between all authentication entities. authentication parameters such as the R1,R2 and R3;(7)
fully mutual authentication must be achieved between all
4.2 Key backward/forward secrecy (KFS/KBS) authentication entities; (8) the session keys cannot be
deduced by the adversary. Therefore, the SAP-NFC
An attacker cannot deduce the session keys during the protocol can defeat the following attacks:
authentication phase in the SAP-NFC protocol due to using
a set of one time functions. The KM is protected by the 4.4.1 Replay attack
hash function with the R2 that is generated by the NFC
mobile and is not transmitted as plain message between the In the SAP-NFC protocol, just a legitimate AuC that has
authentication entities. In the same manner, the KP is not information related to the NFC devices can authenticate
sent as plain text between authentication entities, it is both of the NFC mobile and NFC POS. The IDM and IDP
protected by the hash function with the R3 that is
IJCSNS International Journal of Computer Science and Network Security, VOL.17 No.8, August 2017 261

are protected during transmission via the hash function, the responses without knowledge of IDM, KM and R2. In the
IDM and IDP are updated after each successful same manner, the adversary cannot impersonate the NFC
authentication session by the AuC and the NFC devices, POS, adversary must be able to compute a valid challenge
the secret session keys also are renewed after each messages (i.e., R1, HIDP, M3 and M4) to the AuC, and
successful authentication by the AuC and the NFC devices. also must be able to compute a valid response messages
Therefore, only an authorized authentication entities can (i.e., R1, IDPX and M7) to NFC mobile. However, the
decrypt the NFC mobile’s or NFC POS’s reply. If the adversary cannot compute such challenge and response
adversary tries to reuse the authentication messages that messages without knowledge of IDP, KP and R3. Due to
have been eavesdropped from the previous authentication the adversary cannot compute the response (i.e., M5, M6,
sessions, the authentication entities in the SAP-NFC IDPX and IDMX) without knowledge of IDM, IDP, KM,
protocol can avoid the reusing of the same random KP, R2 and R3, the adversary also cannot impersonate the
numbers for next authentication sessions. Therefore, the AuC. Moreover, the current value of HIDM, HIDP, M1,
SAP-NFC can defeat replay attack. M2, M3, M4, M5, M6, m7, IDPX and IDMX are updating
continuously in each authentication session.
4.4.2 Tracking attack
4.5 Security Achievements
The SAP-NFC protocol achieves the Location privacy
feature. In the proposed protocol, the authentication Table 2 shows that the SE-H protocol achieves the highest
entities update their authentication parameters after each level of security among the other authentication protocols
successful authentication session, so the exchanged in [7], [28]. The notation (=), (₸) and (ǂ) denote that the
messages values are updating continuously. This means, security feature is fully satisfied, partially satisfied and is
the authentication entities responses are anonymous. not satisfied, respectively.
Suppose the authentication session is not successful, the
adversary will not be able to track the mobile location Table 2. Statues of Security Achievements of the authentication protocol
where the IDMX, IDPX, M1, M2, M3, M4, M5, M6 and Security features [7] [28] SAP-NFC
Mutual Authentication. ₸ ₸ =
M7 are not fixed due to the freshly random numbers that Anonymity and untraceability. ǂ ǂ =
are generated by the NFC devices. Thus, the SAP-NFC can Key backward/forward secrecy. ǂ ǂ =
defeat the tracking of the mobile holder location. Renew the session key periodically. ǂ ǂ =
Secure against replay attack. ₸ ₸ =
Secure against desynchronization attack. ǂ = =
4.4.3 Desynchronization attack
Secure against Impersonate attack. ₸ ₸ =
Secure against tracking attack. ǂ ǂ =
The SAP-NFC protocol can defeat the desynchronization
attack between the authentication entities. In despite of an
adversary can block the messages between the 5. Conclusions
authentication entities, the AuC can use the IDPold and
IDMold to identify NFC POS and NFC mobile, This paper proposes a new secure authentication protocol
respectively. Assume that the AuC is failed to authenticate to provide strong security features for the NFC mobile
the NFC mobile or the NFC POS. Subsequently, the NFC payment systems, called (SAP-NFC) protocol. Comparing
devices will not receive IDMX, IDPX, M5, M6 and M7. In with the recent mobile payment protocols that are based on
this case, the NFC devices will not update their identities symmetric cryptography, the SAP-NFC protocol can
and their secret session keys. Then the NFC mobile and achieve highest level of security by supporting the fully
NFC POS will still match the AuC values of (IDMold, mutual authentication, the KFS/KBS, anonymity and
KMold) and (IDPold, KPold), respectively. untraceability features. The fully mutual authentication
between all authentication entities is achieved based on a
4.4.4 Impersonate attack set of hash values and validation messages, the KFS/KBS
are satisfied by using the KDF functions to derive the new
The SAP-NFC protocol can defeat the impersonate attacks. secret keys of the NFC devices. The identities of the
In particular, the adversary cannot impersonate any of the authentication entities are completely concealed using the
authentication entities. In order to impersonate the NFC hash function whereas the identities and the secret keys of
mobile entity, the adversary must be able to compute a the NFC devices are renewed in each successful
valid response (i.e., HIDM, M1 and M2) to NFC POS authentication session. The security analysis demonstrates
request. However, the adversary cannot compute such that the SAP-NFC protocol can defeat the existing attacks
262 IJCSNS International Journal of Computer Science and Network Security, VOL.17 No.8, August 2017

such as replay attack, impersonate attack, tracking attack conference on mobile and secure services (MobiSecServ),
and desynchronization attack. FL, USA, pp. 1-7, 2016..
[15] N. El Madhoun, G. Pujolle, “Security enhancements in
References EMV protocol for NFC mobile payment”, Proceedings of
[1] A. Alshehri, S. Schneider, “Addressing NFC Mobile Relay the IEEE Trustcom/BigDataSE/ISPA, Tianjin, China, pp.
Attacks: NFC User Key Confirmation Protocols”, 1889 – 1895, 2016.
International Journal of RFID Security and Cryptography, [16] N. El Madhoun, F. Guenane, G. Pujolle,” A cloud-based
Vol. 3, No. 2, pp. 137-147, 2014. secure authentication protocol for contactless NFC
[2] A. Allyson, V. Lakshmi, A. Packialatha, “Mobile Devices payment”. Proceedings of the IEEE 4th international
using NFC in Payment Applications”, International Journal conference on cloud networking, Niagara Falls, Canada,
Of Innovative Research in Technology & Science, Vol. 3, pp.328-330, 2015.
No. 1, pp, 32-36, 2015. [17] N. Shrangare, S. Joshi, “Secure protocol implementation
[3] A. Chaia, A. Dalal, T. Goland, M. Gonzalez, J, Morduch, R. using near field communication”, International research
Schiff, “Half the World is Unbanked”, Financial Access journal of engineering and technology, Vol. 2, No. 3, pp.
Initiative Framing Note, 2009. www.financialaccess.org. 589-593, 2015.
[4] A. Khan, M. Gandhi, A. Jain, N. Kacholia, “Emerging [18] N. Singh, A. Maity, R. N, “Conditional privacy preserving
Markets Driving the Payments Transformation”, PWC security protocol for NFC applications”, International
network, 2016. www.pwc.com/emergingmarketspayments. journal of innovations in engineering research and
[5] A. Matos, D. Romao, P. Trezentos, “Secure Hotspot technology, Vol. 5, No. 2, pp. 1-11, 2015.
Authentication through a Near Field Communication Side- [19] O. Jensen, M. Gouda, L. Qiu, “A secure credit card protocol
Channel”, in Proc. IEEE 8th International Conference on over NFC”, Proceedings of the 17th International
Wireless and Mobile Computing, Networking and Conference on Distributed Computing and Networking,
Communications (WiMob), Spain, pp. 807 – 814, 2012. Singapore, Singapore, No. 32, 2016. ACM digital library.
[6] B. Seo, S. Lee, H. Kim, “Authenticated Key Agreement [20] P. Pourghomi, M. Saeed, G. Ghinea, “A secure cloud-based
Based On NFC for Mobile Payment”, International Journal NFC mobile payment protocol”, International journal of
of Computer and Communication Engineering, Vol. 5, No. advanced computer science and applications, Vol. 5, No. 10,
1, pp. 71-78, 2016. pp. 24-31, 2014.
[7] C. Thammarat, R. Chokngamwong, and C. [21] R Sivaranjani, R. Sujitha, D. Sindhu, T. Tharani, “Secure
Techapanupreeda, “A secure lightweight protocol for NFC and efficient authentication protocol using pseudonym”,
communications with mutual authentication based on Journal of chemical and pharmaceutical sciences, special
limited-use of session keys”, Proceedings of the IEEE issue 5: 2017.
International Conference on Information Networking, Siem [22] S. Nashwan, B. Alshammari, “Mutual chain authentication
reap, Cambodia, pp. 133-138, 2015. protocol for span transactions in Saudi Arabian banking”,
[8] F. Ota, M. Roland, M. Holzl, R. Mayrhofer, A. Manacero, International journal of computer and communication
“Protecting Touch: Authenticated App-To-Server Channels engineering, Vol. 3, No. 5, pp. 326-333, 2014.
for Mobile Devices Using NFC Tags”, Information, Vol. 8, [23] S. Sung, E. Kong, C. Youn,” Mobile payment based on
No. 3, pp. 1-18, 2017. transaction certificate using cloud self-proxy server”, ETRI
[9] J. Ahn, S. Lee, H. Kim, “NFC based privacy preserving user Journal, Vol. 39, No. 1, pp. 135-144, 2017.
authentication scheme in mobile office”, International [24] S. Yang, K. Yang, “Design and application of NFC-based
journal of computer and communication engineering, Vol. 5, identity and access management in cloud services”,
No. 1, pp. 61-70, 2016 International journal of computer, electrical, automation,
[10] J. Lee, “A system functions set-up through Near Field control and information engineering, Vol. 11, No. 4, pp.
Communication of a smartphone”, International journal of 408-416, 2017.
computer, electrical, automation, control and information [25] S. Zaidi, M. Shah, M. Kamran, Q. Javaid, S. Zhang, “A
engineering, Vol. 10, No. 5, pp. 841-838, 2016. survey on security for smartphone device”, International
[11] J. Ling, Y. Wang, W. Chen, “An improved privacy journal of advanced computer science and applications, Vol.
protection security protocol based on NFC”, International 7, No. 4, pp. 206-219, 2016.
journal of network security, Vol. 19, No. 1, pp.39-46, 2017. [26] V. Coskun, B. Ozdenizci, K Ok, “A Survey on Near Field
[12] M. Badra, R. Badra,” A lightweight security protocol for Communication (NFC) Technology”, Wireless personal
NFC-based mobile payments”, Proceedings of the 7th communications, Vol. 71, No. 3, pp. 2259-2294, 2013.
international conference on ambient systems, networks and [27] Y. Ma, “NFC communications-based mutual authentication
technologies Madrid, Spain, Procedia Computer Science 83, scheme for the internet of things”, International journal of
pp. 705 – 711, 2016. network security, Vol. 19, No. 4, pp.631-638, 2017.
[13] M. Rahman, H. Elmiligi, “Classification and analysis of [28] Y. Tung, W. Juang, “Secure and efficient mutual
security attacks in near field communication”, International authentication scheme for NFC mobile devices”, Journal of
Journal of Business & Cyber Security Vol. 1, No. 2, pp. 1- electronic science and technology, VOL. 15, NO. 3, pp, 1-6,
14, 2017. 2017.
[14] N. El Madhoun, F. Guenane, G. Pujolle, “An online security
protocol for NFC payment: formally analyzed by the scyther
tool”, Proceedings of the IEEE Second international
 IJCSNS International Journal of Computer Science and Network Security, VOL.17 No.8, August 2017 263

Shadi Nashwan received his B.Sc. degree

in Computer Science from Alazhar
University, Palestine, in 2001, and the
M.Sc. degree in Computer Science from
university of Jordan, Jordan, in 2003, and
the Ph.D. degree in Computer Science
from Anglia Ruskin University, UK, in
2009. Dr. Nashwan currently is assistant
professor in Computer science and
information department, Aljouf University,
Saudi Arabia. His research focuses on authentication protocol of
mobile network, mobility management, and wireless network
security. He has published several papers in the area of
authentication protocol, recovery techniques and mobility
management.

View publication stats