Attacks and Solutions of an Authenticated Key Agreement Protocol Based on NFC for Mobile Payment

World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering Pub Date : 2017-01-01 DOI:10.17706/ijcce.2017.6.3.173-180

Chien‐Ming Chen, W. Fang, King-Hang Wang, Tsu-Yang Wu

{"title":"Attacks and Solutions of an Authenticated Key Agreement Protocol Based on NFC for Mobile Payment","authors":"Chien‐Ming Chen, W. Fang, King-Hang Wang, Tsu-Yang Wu","doi":"10.17706/ijcce.2017.6.3.173-180","DOIUrl":null,"url":null,"abstract":"The popularization of the word “Fin-tech” thanks to many non-technical individuals being amazed by the unconventional way of payments, such as mobile payment over NFC. Undoubtedly speaking security/privacy is considered as the most important factor when a new Fin-tech is introduced; at least psychologically, it is. Recently Seo et al. presented an authenticated key agreement protocol for mobile payment over NFC. The protocol intended to provide secure pairing over untrusted devices with client's anonymity and forward secrecy. Unfortunately, in this paper we found that their protocol is indeed very insecure when an attacker has different levels of network controls. We presented the man-in-the-middle attacks and the replay attacks against this protocol. Under these attacks the attackers can successfully impersonate an anonymous client or can tap the communication between two legitimate clients without being detected by anyone. Then we suggested some improvements, with adequate analysis, to avoid these problems.","PeriodicalId":23787,"journal":{"name":"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.17706/ijcce.2017.6.3.173-180","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

The popularization of the word “Fin-tech” thanks to many non-technical individuals being amazed by the unconventional way of payments, such as mobile payment over NFC. Undoubtedly speaking security/privacy is considered as the most important factor when a new Fin-tech is introduced; at least psychologically, it is. Recently Seo et al. presented an authenticated key agreement protocol for mobile payment over NFC. The protocol intended to provide secure pairing over untrusted devices with client's anonymity and forward secrecy. Unfortunately, in this paper we found that their protocol is indeed very insecure when an attacker has different levels of network controls. We presented the man-in-the-middle attacks and the replay attacks against this protocol. Under these attacks the attackers can successfully impersonate an anonymous client or can tap the communication between two legitimate clients without being detected by anyone. Then we suggested some improvements, with adequate analysis, to avoid these problems.

查看原文本刊更多论文

一种基于NFC的移动支付认证密钥协议的攻击及解决方案

“金融科技”一词的普及得益于许多非技术人士对非常规支付方式的惊叹，比如通过近场通信(NFC)进行的移动支付。毫无疑问，在引入新的金融技术时，安全/隐私被认为是最重要的因素;至少在心理上是这样的。最近Seo等人提出了一种NFC移动支付的认证密钥协议。该协议旨在为不受信任的设备提供安全的配对，并具有客户端的匿名性和前向保密性。不幸的是，在本文中我们发现，当攻击者拥有不同级别的网络控制时，他们的协议确实非常不安全。我们介绍了针对该协议的中间人攻击和重放攻击。在这些攻击中，攻击者可以成功地冒充一个匿名客户端，或者利用两个合法客户端之间的通信而不被任何人发现。然后我们提出了一些改进建议，并进行了充分的分析，以避免这些问题。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering

自引率

0.00%

发文量