Fully Authentication Services Scheme for NFC Mobile Payment Systems

IF 2 4区计算机科学 Q2 Computer Science

Intelligent Automation and Soft Computing Pub Date : 2022-01-01 DOI:10.32604/iasc.2022.022065

Munefah Alshammari, S. Nashwan

{"title":"Fully Authentication Services Scheme for NFC Mobile Payment Systems","authors":"Munefah Alshammari, S. Nashwan","doi":"10.32604/iasc.2022.022065","DOIUrl":null,"url":null,"abstract":"One commonly used wireless communication technology is Near-Field Communication (NFC). Smartphones that support this technology are used in contactless payment systems as identification devices to emulate credit cards. This technology has essentially focused on the quality of communication services and has somewhat disregarded security services. Communication messages between smartphones, the point of sale (POS), and service providers are susceptible to attack due to existing weaknesses, including that an adversary can access, block and modify the transmitted messages to achieve illegal goals. Therefore, there have been many research proposals in regards to authentication schemes for NFC communications in order to prevent various types of attacks. However, the proposed schemes remain inadequate to secure payment transactions in such systems. In this paper, we propose a fully authentication services scheme for NFC mobile payment systems in order to support a high security level. The proposed scheme has security services, such as a full authentication process, perfect forward secrecy, and simultaneous anonymity of the smartphone and POS. These security services have been validated using the BAN logic model and an automatic cryptographic protocol verifier (ProVerif) tool. A security analysis has clarified that the proposed scheme can prevent various types attacks. A comparison with recent authentication schemes demonstrates that the proposed scheme has an appropriate cost in different sides such as computation, communication and storage space. Therefore, the proposed scheme not only has appealing security features, but can also clearly be utilized in mobile payment systems.","PeriodicalId":50357,"journal":{"name":"Intelligent Automation and Soft Computing","volume":"69 1","pages":""},"PeriodicalIF":2.0000,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Intelligent Automation and Soft Computing","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.32604/iasc.2022.022065","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"Computer Science","Score":null,"Total":0}

引用次数: 1

Abstract

One commonly used wireless communication technology is Near-Field Communication (NFC). Smartphones that support this technology are used in contactless payment systems as identification devices to emulate credit cards. This technology has essentially focused on the quality of communication services and has somewhat disregarded security services. Communication messages between smartphones, the point of sale (POS), and service providers are susceptible to attack due to existing weaknesses, including that an adversary can access, block and modify the transmitted messages to achieve illegal goals. Therefore, there have been many research proposals in regards to authentication schemes for NFC communications in order to prevent various types of attacks. However, the proposed schemes remain inadequate to secure payment transactions in such systems. In this paper, we propose a fully authentication services scheme for NFC mobile payment systems in order to support a high security level. The proposed scheme has security services, such as a full authentication process, perfect forward secrecy, and simultaneous anonymity of the smartphone and POS. These security services have been validated using the BAN logic model and an automatic cryptographic protocol verifier (ProVerif) tool. A security analysis has clarified that the proposed scheme can prevent various types attacks. A comparison with recent authentication schemes demonstrates that the proposed scheme has an appropriate cost in different sides such as computation, communication and storage space. Therefore, the proposed scheme not only has appealing security features, but can also clearly be utilized in mobile payment systems.

查看原文本刊更多论文

NFC移动支付系统的完全认证服务方案

一种常用的无线通信技术是近场通信(NFC)。支持这种技术的智能手机被用于非接触式支付系统，作为模仿信用卡的识别设备。这种技术基本上集中在通信服务的质量上，而在某种程度上忽略了安全服务。由于现有的弱点，智能手机、销售点(POS)和服务提供商之间的通信消息容易受到攻击，包括攻击者可以访问、阻止和修改传输的消息以达到非法目的。因此，为了防止各种类型的攻击，关于NFC通信的认证方案已经有了很多研究建议。然而，拟议的计划仍然不足以确保这些系统中的支付交易。在本文中，我们提出了一个完整的NFC移动支付系统认证服务方案，以支持高安全级别。该方案具有完整的身份验证过程、完美的前向保密以及智能手机和POS机的同时匿名等安全服务，这些安全服务已使用BAN逻辑模型和自动加密协议验证器(ProVerif)工具进行了验证。安全分析表明，该方案能够有效防止各种类型的攻击。与现有认证方案的比较表明，该方案在计算、通信和存储空间等方面都具有合理的成本。因此，所提出的方案不仅具有吸引人的安全特性，而且可以明显地用于移动支付系统。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Intelligent Automation and Soft Computing 工程技术-计算机：人工智能

CiteScore

3.50

自引率

10.00%

发文量

429

审稿时长

10.8 months

期刊介绍： An International Journal seeks to provide a common forum for the dissemination of accurate results about the world of intelligent automation, artificial intelligence, computer science, control, intelligent data science, modeling and systems engineering. It is intended that the articles published in the journal will encompass both the short and the long term effects of soft computing and other related fields such as robotics, control, computer, vision, speech recognition, pattern recognition, data mining, big data, data analytics, machine intelligence, cyber security and deep learning. It further hopes it will address the existing and emerging relationships between automation, systems engineering, system of systems engineering and soft computing. The journal will publish original and survey papers on artificial intelligence, intelligent automation and computer engineering with an emphasis on current and potential applications of soft computing. It will have a broad interest in all engineering disciplines, computer science, and related technological fields such as medicine, biology operations research, technology management, agriculture and information technology.