Figure 1 - available via license: Creative Commons Attribution 4.0 International
Content may be subject to copyright.
Source publication
Recently, due to the introduction of NFC (Near Field Communication), it has become possible to make easy electronic payments. Therefore, a secure communication method is necessary in these environments. NFC can be said to be relatively safe compared to other communication methods, because it carries out communications within 10 cm. However, it has...
Contexts in source publication
Context 1
... of TAG to Reader system. NFC carries out near communication within 10 cm at a band of 13.56 MHz. By adopting NFC on smartphones, we can make various electronic payments safe because of the short distance of communication. Moreover, this short distance between TAG and Reader implies the user ’s intention. However, in the NFC environment, security vulnerabilities have been found: illegal reproduction of TAG and acquisition of illegal information by a disguised reader. In order to solve these problems, a recent NFC forum presented the NFC Security Standard. NFC-SEC as NFC-related security standards have been published 2010 [7 – 9]. The standards present a way to perform key-agreement processes by using an elliptic curve algorithm [8]. This method is also a public key-based encryption algorithm. The NFC supports functions like “ TAG to Mobile ” , and “ Mobile to Mobile ” . With these functions, NFC can trade or transfer freely large amounts of data and content [10]. NFC provides more a convenient environment of finance payments for the user. Especially, the electronic wallet is highly activated. It must provide a safe communication in this environment [6]. However, important data can be easily exposed to a malicious user [10]. In earlier papers, to solve the above problems, they presented several methods to perform the authentication by using a public key based encryption. They also proposed solutions to perform the key agreement by using a secret key-based encryption scheme. However, their methods are not acceptable in the wireless environment, because their schemes require complex and time-consuming processing. Also, the other side of the user information can remain on the reader or other mobile devices in the process of communication. Thus, it is possible that user impersonation attacks can occur using this information. In this paper, in order to solve these problems, we present a method that performs a safety user authentication and key agreement using XOR operations and hash function algorithms. Especially, it is robust against user impersonation attack, because it performs the authentication while leaving no information on the other party’s mobile or reader. We describe some characteristics of NFC, the structural environment, and related studies in Section 2. Section 3 gives a description of our proposed method. The safety and efficiency analysis is given in Section 4. The conclusion is given in Section 5. The core technology used in this study is the authentication for safe financial payment using NFC. In this chapter, we examine the characteristics of the NFC and look into the various forms of the NFC financial payment methods. The NFC performs the communication at the 13.56 MHz frequency band for compatibility with the RFID [10]. NFC communication is shown in Figure 1. The NFC-equipped mobile devices can perform the communication with a trusted third party such as bank, market server and web server. This is also the same in case of the reader side. Especially, the core feature of the NFC is to be able to communicate from device to device, in other words, communicate between mobile devices [7]. The existing TAG has drawbacks that cannot be operated with high-performance encryption algorithms. However, NFC has the advantage that makes it possible to perform the communication without exposing important secrets of personal information including financial transaction data. There are many studies for supporting ...
Context 2
... including SET [11], iKP [1], Kungpisdan [2], NFC-SEC [8], Sekhar [12], Hasoo [13,14] and Sung [15] methods. However, their works are disadvantaged in that user s’ secret information is exposed at the other side of the node. As shown in Figure 1, users can obtain detailed information of the product through the TAG, and then, can complete payment through communication with relevant readers or mobile devices with payment. Thus, the NFC scheme is a convenient method as it can solve the difficulties of card and movement based payments in existing POS (Point of Sales) systems. The smart phone manufacturing companies such as SAMSUNG, LG, NOKIA, RIM, have released the smart phone equipped NFC technology [4]. These companies show the usefulness of NFC such as a smart poster, BIS (Bus Information System) that informs the arrival and operation time of buses, and the coupon for the purpose of promotion. Also, NFC can be used for payments in fast food restaurants, movie theaters, etc. Bouyges telecom in France is conducting a pilot project whereby urban railway fares in Paris can be paid out through the NFC [15,16]. However, the most remarkable usage of NFC is the wallet application [4]. It can replace everything in people’s wallet such as money, credit card, name card, and identification card. To let users pay with NFC, we should solve a security problem for the safe payment [3,4]. So, the NFC-SEC proposed security specifications in the NFC forum. NFC-SEC defined NFCIP-1 (Near Field Communication Interface and Protocol) as a standard. NFC-SEC specifies NFC SSE (Security Services and Protocol) and SCH (Secure Channel Service) [8]. NFC SSE is devised for the safe communication between the NFC devices. The key agreement algorithm which is used in the process can complete SCH by using ECSDVP-DH (Elliptic Curve Secret Value Derivation Primitive, Diffie-Hellman version) based on ECC (Elliptic Curve Cryptosystem) [8]. Because this method is based on ECC, it operates an encryption algorithm based on the public key. Therefore, both NFC nodes participating in the communication should generate a Private Key and Public Key through the ECC algorithm. The method might generate the designated hardware processor, which can operate the ECC code algorithm in USIM-NFC for the sub-miniature computing environment to guarantee an ...
Citations
... Developed economies are increasingly growing the currency's value and, in some cases, are predicted to become entirely cashless shortly (Fiedler et al., 2019;Rahadi et al., 2021;2022). Unfortunately, the development of digital payments not only brings benefits such as a greater expansion of financial services and boosted economic growth (Ozili, 2018;Slozko and Pelo, 2014;Tee and Ong, 2016), ease of transaction (Krueger, 2017), alternate for the scarcity of cash (Sivathanu, 2019); but also has drawbacks namely discrimination issue (Ozili, 2018), security problem (Jung, 2014), the incentive for corruption (Park, 2012), large computation and communication cost (Yang and Lin, 2016), rely on the technology applied (de Luna et al., 2019;Yaakop et al., 2021). Moreover, the implication of digital money on macroeconomic stability includes exchange rate stability, disturbance of money supply, and the possible cause of the financial crisis. ...
Digitalization has transformed the monetary system more radical for many
years. This study aims to investigate the effect of digital payments on
macroeconomic stability. Electronic money is used as a proxy for digital
payment. The macroeconomic stability is calibrated using exchange rate
volatility and inflation rate. This study uses monthly data ranging from
January 2009 to March 2020. Macroeconomic data were collected from the
Indonesian Central Bureau of Statistics and the Organisation for Economic
Co-operation and Development. Industry and market data from the Central
Bank of Indonesia (Statistic of Bank Indonesia) and the Indonesian Stock
Exchange (IDX). The data were analyzed using the Autoregressive
Distributed Lag (ARDL) to examine the long-run and short-run relationship
between the studied variables. This study found that digital payments affect
Indonesian macroeconomic stability. Electronic money as a proxy of
digitalization has a positive and significant relationship with exchange rate
volatility and inflation. Cross-border e-commerce might induce exchange rate
volatility due to its convenience as a one-stop shopping service and its lower
switching cost of currency. The driver of higher inflation is electronic money,
which increases people's spending, thus increasing the velocity of circulation
and total consumption.
... Recently, various researches have studied the NFC environment [15][16][17][18]. These studies considered the efficiency and security of electronic payment services. ...
... • Resistance to de-synchronization attack: We resolve the vulnerability of Chebyshev polynomials identified by Akgun. Additionally, we provide data integrity through the chaotic parallel cryptographic hash algorithm proposed by Xiao [16]. Accordingly, our approach is resistant to non-synchronization attacks that may subsequently occur. ...
The union of near-field communication (NFC) and mobile devices has led to significant changes in payment systems over recent years. Currently, NFC-based services are the leading form of mobile payment method. In particular, many companies that use electronic payment services are adopting NFC systems to replace credit cards. Additionally, the safety of communication has been enhanced by using standard techniques to activate NFC services. The properties of mobile NFC payments provide a business model for the Internet of Things (IoT) environment. However, electronic payment methods based on NFC are still vulnerable to various security threats. One example is the case of credit card data hacking under the KS X 6928 standard. In particular, the security level of the NFC payment method in passive mode is limited by the storage, power consumption, and computational capacity of the low-cost tags. Recently, chaotic encryption based on Chebyshev polynomials has been used to address certain security issues. Our proposed scheme is based on the Chebyshev chaotic map, unlike traditional encryption protocols that apply complex cryptography algorithms. Considering the tag limitations, the hash, XOR, and bitwise operations in the proposed scheme provide high-level security for payment environments. We propose a security-enhanced transaction scheme based on Chebyshev polynomials for mobile payment services in an IoT device environment considering the signature record-type definition and KS X 6928 standard.
... The motivation to implement authentication in NFC also inspired by the study done by Jung [30] that stated that with the combination of authentication feature in the NFC contributes a better protection for data management. Figure 6 illustrated Jung case diagram of solution. ...
... Case Diagram for Authentication in NFC[30]. ...
This study focus on the implementation of expiry date detection for medicine using RFID in the health care industry. The motivation for doing this research is the process of searching for the expired medicine is a time consuming and lack of security features included in current NFC implementation. Therefore, the objective of this research is to study the RFID technology used for detecting medicine expiry product and to develop a new system that integrated NFC with authentication feature. Moreover, the problem of current data management for medicine still using manual or barcode system that lead to inconsistency, easy duplication and human error. Here, the NFC is chosen, due to smaller distance of signal coverage, since less interference and the time spending for sniffing activity by the hacker can be reduced. The system is developed using C#, SQLite, Visual Studio, NFC Tag and NFC reader (ACR122U-A9). Experiments have shown that the proposed system has produced medicine expiry date system and only authorized person in charge can monitor the medicine. The impact of the proposed system produces safer, greener and easier environment for better medicine data management. The significance of this study gives a medicine expiry date detection system for health care. © 2018 International Journal of Advanced Computer Science and Applications.
... Jung. Jung [10] indicated that there is a risk for disguised attacks because user payment information remains on the tag reader. For low-cost NFC environments, Jung proposed an authentication mechanism that reduces the amount of computation through the use of the hash function and XOR operations. ...
... NFC payment services should be provided with user authentication, integrity, and confidentiality functions in order to exchange data with external devices [10]. In addition, we need to consider the operational efficiency and safety of existing methods for PCM-based NFC environments. ...
... Step 2. The user verifies using and stored in the memory of his/her device. The hash information is verified; then, the user updates the received information and proceeds to the current transaction: Jung [10] Abughazalah et al. [13] Sekhar and Sarvabhatla [12] Pourghomi et al. [11] Thammarat et al. [16] Proposed ...
In recent years, the incorporation of NFC (Near Field Communication) technology into mobile devices has led to changes in payment system environments. Currently, the NFC mobile payment service is leading the mobile payment market. In particular, most electronic payment services, such as those used by Google Inc. and Apple Inc., are adopting payment methods based on NFC to replace credit cards. In addition, related groups from the Republic of Korea have enhanced safety in communication by using standard techniques for activating NFC services. However, various security threats are still present in electronic payment methods that use NFC. In this paper, we propose a mutual authentication scheme based on a lattice for conditional anonymity in NFC-PCM (Near Field Communication-Passive Communication Mode) payment services environments.
... In conclusion, the approximate security lies in the range of 60 to 80 percent, which is comparatively low relative to the current research, which computed security results of 95 to 98 percent. Therefore, this study and others [25,[29][30][31][35][36][37][38][39][40]59,[91][92][93][94][95][96][97][98]101,102] conclude that security in any system should be significantly improved if a security mechanism can be a part of a system rather depending on an end-to-end approach. However, security developments are quite difficult to design and test inside of the protocol and the required depth knowledge of the protocol and other implementation details except security performance are more accurate and remarkable in these scenarios. ...
Information technology (IT) security has become a major concern due to the growing demand for information and massive development of client/server applications for various types of applications running on modern IT infrastructure. How has security been taken into account and which paradigms are necessary to minimize security issues while increasing efficiency, reducing the influence on transmissions, ensuring protocol independency and achieving substantial performance? We have found cryptography to be an absolute security mechanism for client/server architectures, and in this study, a new security design was developed with the MODBUS protocol, which is considered to offer phenomenal performance for future development and enhancement of real IT infrastructure. This study is also considered to be a complete development because security is tested in almost all ways of MODBUS communication. The computed measurements are evaluated to validate the overall development, and the results indicate a substantial improvement in security that is differentiated from conventional methods.
... Moreover, if an active device monitors the RF Field while sending the data, the attacker would be detected easily [231,232]. It is also stated in a study [236] that a relay attack is possible on communication and usage of nonce prevents MIM attacks. In order to prevent relay attacks, the temperature data of the temperature-enabled tags are used [237]. ...
... The study also analyses the protocol using Casper security analysis software. Some authors [236] propose a high-speed processing of authentication and key agreement for NFC payment, and also present a method to perform secure communication. In a further study, two authentication protocols that also ensure mutual authentication between two devices are proposed [241]. ...
Near Field Communication (NFC) is an emerging short-range wireless communication technology that offers great and varied promise in services such as payment, ticketing, gaming, crowd sourcing, voting, navigation, and many others. NFC technology enables the integration of services from a wide range of applications into one single smartphone. NFC technology has emerged recently, and consequently not much academic data are available yet, although the number of academic research studies carried out in the past two years has already surpassed the total number of the prior works combined. This paper presents the concept of NFC technology in a holistic approach from different perspectives, including hardware improvement and optimization, communication essentials and standards, applications, secure elements, privacy and security, usability analysis, and ecosystem and business issues. Further research opportunities in terms of the academic and business points of view are also explored and discussed at the end of each section. This comprehensive survey will be a valuable guide for researchers and academicians, as well as for business in the NFC technology and ecosystem.
EMV is the standard implemented to secure the communication, between a client’s payment device and a PoS, during a contact or NFC purchase transaction. It represents a set of security messages, exchanged between the transaction actors, guaranteeing several important security properties. Indeed, researchers in various studies, have analyzed the operation of this standard in order to verify its reliability: unfortunately, they have identified several security vulnerabilities that, today, represent major risks for our day to day safety. Consequently, in this thesis, we are interested in proposing new solutions that improve the reliability of this standard. In the first stage, we introduce an overview of the EMV security payment system and we survey its vulnerabilities identified in literature. In particular, there are two EMV security vulnerabilities that lead to dangerous risks threatening both clients and merchants: (1) the confidentiality of banking data is not guaranteed, (2) the authentication of the PoS is not ensured to the client’s device. Therefore, our interests move in the second stage to address these two weaknesses. We first review a selection of the related works that have been implemented to solve these vulnerabilities, and then, in order to obtain better results than the related works, we propose a new secure contact and NFC payment system that includes four innovative security mechanisms. Finally, in the third stage, we adapt our first security mechanism in the context of a new NFC payment architecture. This architecture is especially destined for small merchants, allowing them to take advantage of their NFC smartphones for use directly as NFC readers.
