An Online Security Protocol for NFC Payment Formally Analyzed by The Scyther Tool

Nour El Madhoun 1 Fouad Amine Guenane 1 Guy Pujolle 1
1 Phare
LIP6 - Laboratoire d'Informatique de Paris 6
Abstract : Nowadays, NFC technology is integrated into bank cards, smartphones and sales point terminals in order to immediately execute payment transactions without any physical contact. EMV is the standard intended to secure both contact (traditional) and contactless-NFC payment operations. In fact, researchers in recent years have detected some security vulnerabilities in this protocol (EMV). Therefore, in this paper, we introduce the risks entailed by the vulnerabilities of EMV and particularly those at stake in the case of NFC payment. Hence, in order to overcome EMV weaknesses, we propose a new security protocol based on an online communication with a trusted entity. The proposal is destined to secure contactless-NFC payment transactions using NFC bank cards that are unconnected client payment devices (without Wi-Fi or 4G). A security verification tool called Scyther is used to analyze the correctness of the proposal.
Type de document :
Communication dans un congrès
The Second IEEE International Conference On Mobile And Secure Services, Feb 2016, Gainesville, Florida, United States
Liste complète des métadonnées

https://hal.archives-ouvertes.fr/hal-01276921
Contributeur : Nour El Madhoun <>
Soumis le : dimanche 21 février 2016 - 13:14:34
Dernière modification le : samedi 24 novembre 2018 - 01:43:41

Identifiants

  • HAL Id : hal-01276921, version 1

Collections

Citation

Nour El Madhoun, Fouad Amine Guenane, Guy Pujolle. An Online Security Protocol for NFC Payment Formally Analyzed by The Scyther Tool. The Second IEEE International Conference On Mobile And Secure Services, Feb 2016, Gainesville, Florida, United States. 〈hal-01276921〉

Partager

Métriques

Consultations de la notice

575