Weixi Gu,Zheng Yang,Longfei Shangguan,Xiaoyu Ji,Yiyang Zhao

DOI: https://doi.org/10.1109/trustcom.2014.34

2014-01-01

Abstract:Near field authentication is of great importance for a range of applications, and has attracted many research efforts in the past decades. Several approaches have been developed and demonstrated their feasibility. The state-of-art works, however, still have much room to improve their automation and usability. First, user assistance is required in most existing approaches, which will be easily observed and imitated by attackers. Second, the authentications of several works heavily depend on special hardware, e.g., Server or high resolution screen, which greatly restricts their application scenarios. In this paper, we present a near field authentication system Tooth that needs little human assistance and is compatible with most smart phones. ToAuth is based on the key insight that the acceleration traces are similar for a pair of smart phones when they are contacting physically and vibrating. The random vibration patterns are sufficiently uncertain to provide high entropy to generate a pair of cryptographic keys yet are inimitable for a third party who does not get in touch with the vibration source. ToAuth leverages the keys to make authentication for smart phones. We implement ToAuth on Android platform and evaluate its performance under various scenarios. Extensive experiments demonstrate ToAuth could achieve around 90% success rate in stable environment, and prevent attacks depended on vibration noise.

Jie Xu,Kaiping Xue,Qingyou Yang,Peilin Hong

DOI: https://doi.org/10.1109/TCE.2018.2811260

2018-01-01

IEEE Transactions on Consumer Electronics

Abstract:Nowadays, near field communication (NFC) has been widely used in electronic payment, ticketing, and many other areas. NFC security standard requires the use of public key infrastructure (PKI) to implement mutual authentication and session keys negotiation in order to ensure communication security. In traditional PKI-based schemes, every user uses a fixed public/private key pair to implement authen...

Reham Abdellatif Abouhogail

DOI: https://doi.org/10.17762/ijcnis.v11i2.4142

2022-04-17

International Journal of Communication Networks and Information Security (IJCNIS)

Abstract:As mobile applications grow, securing these applications become an important factor for their success. Especially, when these applications are related to financial transactions. Nowadays, mobile payment that is based on NFC technology is considered one of these important topics. In this paper, we propose A New Secure and Lightweight Authentication Protocol for NFC mobile Payment (NSLA) protocol. NSLA protocol presents a new method to update the users’ identities and the valid session keys, which preserves the privacy and ensures the integrity of the system. The presented performance analysis shows that NSLA protocol satisfies low computation overhead. Moreover, the security analysis proves that NSLA protocol has an immunity against replay attack, brute force attack, denial of service attack, and others types of attacks.

Chalee Thammarat

DOI: https://doi.org/10.3390/sym12101649

2020-10-09

Symmetry

Abstract:The standard protocol of near field communication (NFC) has concentrated primarily on the speed of communication while ignoring security properties. Message between an NFC-enabled smartphone and a point of sale are exchanged over the air (OTA), which is a message considered an authentication request for payment, billing, ticketing, loyalty services, identification or access control. An attacker who has an antenna can intercept or manipulate the exchanged messages to take advantage of these. In order to solve this problem, many researchers have suggested authentication methods for NFC communications. However, these remain inadequate transaction security and fairness. In this paper, we will propose a technique that ensures mutual authentication, security properties, and strong fairness. Mutual authentication is a security property that prevents replay attacks and man-in-the-middle attacks. Both fair exchange and transaction security are also significant issues in electronic transactions with regards to creating trust among the parties participating in the transaction. The suggested protocol deploys a secure offline session key generation technique to increase transaction security and, importantly, make our protocol lightweight while maintaining the fairness property. Our analysis suggests that our protocol is more effective than others regarding transaction security, fairness, and lightweight protocol. The proposed protocol checks robustness and soundness using Burrows, Abadi and Needham (BAN) logic, the Scyther tool, and automated validation of internet security protocols and applications (AVISPA) that provide formal proofs for security protocols. Furthermore, our protocol can resolve disputes in case one party misbehaves.

Jianqing Fu,Chunming Wu,XiaoPing Chen,Rong Fan

DOI: https://doi.org/10.1109/iccet.2010.5485559

2010-01-01

Abstract:Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased. Nevertheless, some of these systems present problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies to achieve privacy authentication can be grouped into tree-based and synchronization approaches. But all of the tree-based designs are not suitable to large scale RFID systems, and most of the synchronization designs have security flaws. So in this paper, we propose a scalable pseudo random RFID private mutual authentication protocol (SPRA) to archive both scalable and security. The analysis results show that SPRA effectively enhances the security protection for RFID private authentication, and has the authentication efficiency of O(1).

Shaik Shakeel Ahamad

DOI: https://doi.org/10.1109/access.2021.3139065

IF: 3.9

2022-01-01

IEEE Access

Abstract:The unprecedented growth of mobile applications promoted the usage of these mobile applications for payments. The current research works in mobile payments and commerce are prone to reverse-engineering attacks and lacked transport layer protection, so these research works do not ensure security. Therefore, such attacks on Mobile Payment Applications (MPA) will be successful, which leads to severe financial loss. To address these issues, we propose a secure framework incorporating a defense-in-depth approach for Near Field Communication (NFC) based mobile payment frameworks. Our defense-in-depth approach has three levels, i.e., Defense at hardware, mobile application, and communication level. We have proposed a NFC based Secure Protocol for Mobile Transaction (NSPMT) protocol and successfully verified a mobile payment protocol with BAN (Burrows, Abadi, and Needham) logic and Scyther tool, and our proposed protocol overcome multi-protocol attack, RAM (Random Access Memory) scrapping attack, DOS (Denial Of Service), DDOS (Distributed Denial Of Service), and Phlashing attacks. Our proposed mobile Payment system overcomes the known mobile application vulnerabilities, including Heartbleed and ROBOT (Return Of Bleichenbacher’s Oracle Threat). Our proposed protocol ensures all the security properties and the energy and communication cost and computational cost are far less than the existing works in the literature. Finally, we have successfully implemented our protocol using kotlin language in Android Studio, with two Mobile Payment Applications (MPA) and POS Payment Application (PPA), Elliptic Curve Digital Signature Algorithm (ECDSA) is used and Advanced Encryption Standard (AES) with GCM (Galois/Counter Mode) mode is used for encryption and decryption of Customer Payment Data at MPA and PPA.

computer science, information systems,telecommunications,engineering, electrical & electronic

Imran Memon,Ibrar Hussain,Rizwan Akhtar,Gencai Chen

DOI: https://doi.org/10.1007/s11277-015-2699-1

IF: 2.017

2015-01-01

Wireless Personal Communications

Abstract:Past few years, the mobile technology and location based services have experienced a great increment in number of its users. The privacy issues related to these services are becoming main concerns because of the leakage of users' private information and contents. To prevent revelation of private information, many researchers have proposed several secure and authentication schemes which apply various technologies to provide integral security properties, such as symmetric encryption, digital signature, timestamp, etc. Unfortunately, some of these schemes still exhibit security and efficiency issues. In this research paper, we proposed an efficient and secure anonymous communication for location based service using asymmetric cryptography scheme over the wireless system was attempted missing some system detail. We also proposed the prevent user private information and secure communication by asymmetric cryptography scheme. We solved the wireless communication problem in A3 algorithm such as eavesdropping and this problem solved by asymmetric cryptography scheme because of its robustness against this type of attack by providing mutual authentication make the system more secure. Finally, performance and cost analysis show our scheme is more suitable for low-power and resource limited wireless system and thus availability for real implementation. According to our security analysis and performance, we can prove that our proposed asymmetric cryptography scheme is able to improve wireless communication system security and enhance efficiency in comparison to previous schemes.

Forough Sadat Mirkarimzade Tafti,Shahriar Mohammadi,Mehdi Babagoli

DOI: https://doi.org/10.1016/j.jisa.2021.102997

IF: 4.96

2021-11-01

Journal of Information Security and Applications

Abstract:Mobile payments have received a lot of attention because they are available at any time and place. One of the various payment methods is Near Field Communication (NFC) mobile payment. As a result of potential problems that may arise using mobile payments such as fraud and information theft, the security of mobile payment protocols is pivotal. One of the critical stages in mobile payment security is the mutual authentication between the user and the Mobile Network Operator (MNO). Global System for Mobile (GSM) proposed a protocol to mutual authentication using symmetric key cryptographic method. In this paper, we have introduced a new protocol for NFC mobile payment, which improves the GSM authentication protocol due to the existence of symmetric cryptographic security threats, and uses an asymmetric encryption method to mutual authentication. Also, this protocol reduces the number of required key-pairs for authentication. Furthermore, our proposed protocol, increases resistance to attacks such as replay attack, DOS, eavesdropping attacks, repudiation, man in the middle attack and de-synchronization. Because mobile devices have limited resources and processing power, our proposed protocol reduces the signalling overhead and processing load of the client-side as much as possible.

computer science, information systems

Jianqing Fu,Jian Chen,Rong Fan,XiaoPing Chen,Lingdi Ping

DOI: https://doi.org/10.1109/wcse.2009.731

2009-01-01

Abstract:With the widespread use of mobile devices, authentication and privacy of identification become important issues. We analyzed the security flaws and shortcomings of a delegation-based authentication protocol which was proposed by Caimu Tang, et al., and provided an improved protocol. We use elliptic-curve cryptography and hash chain to ensure the safety of system in our scheme. The research results reveal that the improved protocol can not only corrects the security flaws but also improve the efficiency of key management and reduce the computational load.

He-Jun Lu,Dui Liu

DOI: https://doi.org/10.1371/journal.pone.0256367

IF: 3.7

2021-08-16

PLoS ONE

Abstract:Aimed at the security authentication problem between Near Field Communication (NFC) devices, this paper uses the technology of asymmetric encryption algorithm, symmetric encryption algorithm, hash function, timestamp and survival period to improve the confidentiality, performance and security of the protocol. The symmetric encryption algorithm encrypts the transmission content, while the asymmetric encryption algorithm encrypts the shared key. The whole authentication process is secure, and the key distribution is secure. The improved NFC device authentication protocol can effectively resist the brute force attack, man-in-the-middle attack and replay attack in the authentication process, it can reduce the number of message transmission in the authentication process, improve the transmission efficiency, enhance the confidentiality, integrity, non-repudiation and improve the security of NFC device authentication.

multidisciplinary sciences

Fengyin Li,Xinying Yu,Yang Cui,Siqi Yu,Yuhong Sun,Yilei Wang,Huiyu Zhou

DOI: https://doi.org/10.1016/j.comcom.2022.01.019

IF: 5.047

2022-01-01

Computer Communications

Abstract:Wireless Sensor Networks (WSNs) play an indispensable role in the application of smart homes, smart healthcare, and precision agriculture. However, WSNs confront privacy risks that hinder its practical applications. The leakage of privacy is one of the key factors to restrict the development of WSNs. Hence, in this paper, we propose an Anonymous Authentication and Key Agreement protocol (AAKA) to accomplish identity authentication and privacy protection. Based on the dynamic sequence number, the shared secret value, and the dynamic random number, the AAKA protocol implements a two-way authentication and keys negotiation among users, gateway, and sensors, which achieves the secure access control of legitimate users to WSNs and ensures the confidential transmission of data over the public channel. We perform the security proof with BAN logic for security evaluation. The performance analysis demonstrates that compared with other WSNs authentication schemes, the AAKA protocol obtained better security features, smaller storage, and more efficient communication. Therefore, it is more suitable for applications in smart living.

Behrooz Khadem,Amin Masoumi,M. S. Farash

DOI: https://doi.org/10.48550/arXiv.2010.08769

2020-10-17

Abstract:Wireless Body Sensor Network (WBSN) is a developing technology with constraints in energy consumption, coverage radius, communication reliability. Also, communications between nodes contain very sensitive personal information in which sometimes due to the presence of hostile environments, there are a wide range of security risks. As such, designing authenticated key agreement (AKA) protocols is an important challenge in these networks. Recently, Li et al. proposed a lightweight scheme using the hash and XOR functions which is much more efficient compared with similar schemes based on elliptic curve. However, the investigations revealed that the claim concerning the unlinkability between the sessions of a sensor node is NOT true. The present paper considers the security issues of the scheme proposed by Li et al. and some of its new extensions in order to propose a new AKA scheme with anonymity and unlinkability of the sensor node sessions. The results of theoretical analysis compared with similar schemes indicate that the proposed scheme reduces average energy consumption and average computation time by 61 percent while reduces the average communication cost by 41 percent. Further, it has been shown by formal and informal analysis that, Besides the two anonymity and unlinkability features, the other main features of the security in the proposed scheme are comparable and similar to the recent similar schemes.

Cryptography and Security

Samaneh Layeghian Javan,Abbas Ghaemi Bafghi

DOI: https://doi.org/10.1007/s10660-014-9151-6

2014-09-19

Electronic Commerce Research

Abstract:Regarding the development of mobile technology, it seems essential to have a payment protocol which provides the required security features along with an acceptable efficiency in mobile environment. This article introduces an anonymous payment protocol based on secure wireless payment protocol (SWPP). Contrary to SWPP, this protocol manages to provide anonymity and privacy of the customer. This protocol uses a blindly signed pseudo digital certificate and anonymous bank account in order to protect the customer’s identity. The proposed protocol was simulated, and then its security and efficiency features were compared to those of other protocols. The comparison proves that this protocol covers all security features required by a secure payment system. Moreover, it is more efficient than other protocols.

management,business

Seung-Su Yang,Young-Hwan Jang,Min-Hyung Park,Seok-Cheon Park,Hyung-Joon Kim

DOI: https://doi.org/10.1007/s11277-021-08139-2

IF: 2.017

2021-02-09

Wireless Personal Communications

Abstract:NFC (Near Field Communication) is widely used in day-to-day applications such as in credit cards and smartphones. thus, RFID (Radio Frequency Identification) is being replaced by NFC in many applications. However, the access control system operates on RFID. The existing RFID-based access control systems provide only passive communication, and the authentication process is fragile and vulnerable to malicious hacking because the user information is stored by the reader. Therefore, in this study, we designed and implemented an access control system that uses the NFC-based active authentication technique. To evaluate the system implemented in this study, we performed comparison analysis with the existing NFC security authentication protocols based on whether they provided mutual authentication and whether they could respond to major security threats. The evaluation results showed that the proposed protocol normally supported mutual authentication functions between NFC devices, and ensured secure wireless communications by tackling major security threats that might occur in NFC security authentication protocols.

telecommunications

Pardis Pourghomi,Muhammad Qasim saeed,Gheorghita Ghinea

DOI: https://doi.org/10.48550/arXiv.1312.2828

2013-12-10

Cryptography and Security

Abstract:Near Field Communication (NFC) technology is based on a short range radio communication channel which enables users to exchange data between devices. With NFC technology, mobile services establish a contactless transaction system to make the payment methods easier for people. Although NFC mobile services have great potential for growth, they have raised several issues which have concerned the researches and prevented the adoption of this technology within societies. Reorganizing and describing what is required for the success of this technology have motivated us to extend the current NFC ecosystem models to accelerate the development of this business area. In this paper, we introduce a new NFC payment application, which is based on our previous NFC Cloud Wallet model to demonstrate a reliable structure of NFC ecosystem. We also describe the step by step execution of the proposed protocol in order to carefully analyse the payment application and our main focus will be on the Mobile Network Operator (MNO) as the main player within the ecosystem.

Ben Niu,Xiaoyan Zhu,Hui Li

DOI: https://doi.org/10.1109/WCNC.2013.6554848

2013-01-01

Abstract:Existing work on RFID authentication problems always make assumptions that 1) hash function can be fully used in designing RFID protocols; 2) channels between readers and the server are always secure. However, the first assumption is not suitable for EPC Class-1 Gen-2 tags, which has been challenged in many research work, while the second one cannot be adopted in mobile RFID applications where the wireless channels between readers and the server are always insecure. In this paper, we propose a new ultralightweight authentication protocol for mobile RFID systems. We only use bitwise XOR, and special constructed pseudo-random number generators (RNGs) to achieve our aims in insecure mobile RFID environment. Security analysis shows that our protocol can provide several privacy properties and avoid suffering from kinds of attacks, including tag anonymity, tag location privacy, reader privacy, forward secrecy, and mutual authentication, replay attack, desynchronization attack etc. We implement our protocol and compare authentication delays with several existing work, the results indicate us that our protocol significantly improves the efficiency. © 2013 IEEE.

Kai Bu,Junze Bao,Minyu Weng,Jia Liu,Bin Xiao,Xuan Liu,Shigeng Zhang

DOI: https://doi.org/10.1016/j.adhoc.2015.06.006

IF: 4.816

2016-01-01

Ad Hoc Networks

Abstract:Radio-Frequency Identification (RFID) technology has fostered many object monitoring applications. Along with this trend, a corresponding important problem is to verify the intactness of a set of objects using that of their attached tags. Existing solutions necessitate the knowledge of tag identifiers (IDs), sharing the intuition that verifying whether any tag is absent comes after knowing which tags are supposed to be present. Such solutions, however, can hardly live up to the recent vision of anonymous RFID systems that isolate tag IDs from protocols design for privacy concern. In this paper, we take the first leap toward verifying intactness of anonymous RFID systems. We first identify three critical solution requirements—deterministic verification, anonymity preservation, and scalability—for applications tolerating no absence. Without tag IDs as a priori, we propose a series of crypto-free, lightweight protocols that satisfy the requirements. The proposed protocols explore tag-cardinality difference or leverage Direct-Sequence Spread Spectrum enabled RFID. We validate their performance in terms of accuracy, privacy, and scalability through both analytical and simulation results. To cater for applications that tolerate losing some tagged objects, we further explore probabilistic intactness verification to trade tiny accuracy for boosted efficiency.

Junghyun Nam,Kim-Kwang Raymond Choo,Sangchul Han,Moonseong Kim,Juryon Paik,Dongho Won

DOI: https://doi.org/10.1371/journal.pone.0116709

2015-09-23

Abstract:A smart-card-based user authentication scheme for wireless sensor networks (hereafter referred to as a SCA-WSN scheme) is designed to ensure that only users who possess both a smart card and the corresponding password are allowed to gain access to sensor data and their transmissions. Despite many research efforts in recent years, it remains a challenging task to design an efficient SCA-WSN scheme that achieves user anonymity. The majority of published SCA-WSN schemes use only lightweight cryptographic techniques (rather than public-key cryptographic techniques) for the sake of efficiency, and have been demonstrated to suffer from the inability to provide user anonymity. Some schemes employ elliptic curve cryptography for better security but require sensors with strict resource constraints to perform computationally expensive scalar-point multiplications; despite the increased computational requirements, these schemes do not provide user anonymity. In this paper, we present a new SCA-WSN scheme that not only achieves user anonymity but also is efficient in terms of the computation loads for sensors. Our scheme employs elliptic curve cryptography but restricts its use only to anonymous user-to-gateway authentication, thereby allowing sensors to perform only lightweight cryptographic operations. Our scheme also enjoys provable security in a formal model extended from the widely accepted Bellare-Pointcheval-Rogaway (2000) model to capture the user anonymity property and various SCA-WSN specific attacks (e.g., stolen smart card attacks, node capture attacks, privileged insider attacks, and stolen verifier attacks).

Cryptography and Security

Manmeet Mahinderjit Singh,Ku Aina Afiqah Ku Adzman,Rohail Hassan

DOI: https://doi.org/10.14419/ijet.v7i4.31.23385

2018-12-09

Abstract:Nowadays; the adoption of Internet of things (IoT) technologies and applications in everyday is rising. IoT technology such as Near Field Communication (NFC) is vastly adopted due to its short range frequencies, making it a good candidate for token based security access control applications such as door systems and attendance systems. However, due to the miniature size of NFC tags; its clear text contents and unprotected communication channel between tag-reader-database; NFC technology is prone to security attacks such as the man in the middle; denial of services (DOS) and etc. These attacks lead to leakage of user critical data which could impact any organization adopting NFC applications and technologies. In this paper; NFC vulnerability, causing both security and privacy attacks studies in depth. By focusing on attacks such as DOS and data corruptions; existing risk assessment models are evaluated using Analytical Hierarchy Process (AHP) approach. Best practice in mitigating these attacks is presented as well. A case study on an existing NFC access control application is then used to demonstrate the effectiveness of best practice solutions proposed.  Â

Mei Sun,Yuyan Guo,Dongbing Zhang,MingMing Jiang

DOI: https://doi.org/10.1155/2021/5526412

IF: 2.3

2021-05-04

Complexity

Abstract:Vehicular ad hoc network (VANET) is a multihop mobile wireless communication network that can realize many vehicle-related applications through multitop communication. In the open wireless communication environment, security and privacy protection are important contents of VANET research. The most basic method of VANET privacy protection is anonymous authentication. Even through, there are many existing schemes to provide anonymous authentication for VANETs. Many existing schemes suffer from high computational cost by using bilinear pairing operation or need the assistance of the trust authorities (TAs) during the authentication process or rely on an ideal tamper-proof device (TPD), which requires very strong security assumption. In this study, an anonymous authentication and key negotiation scheme by using private key and group key is proposed, which is based on pseudonym using the nonsingular elliptic curve. In this scheme, there is no third party trust center to participate in the authentication, there is no need to query the database, and there is no need of the local database to save the identity information of many vehicles, which reduce the storage space and the authentication time compared with other schemes. The proposed scheme only needs realistic TPDs. In the proposed scheme, TPDs do not need to preinstall the system key as many other schemes do; hence, the failure of a single TPD does not affect the security of the entire system. The security of the scheme is proved under the random oracle model. Compared with the related schemes using bilinear pairings, the computational cost and communication cost of the proposed scheme are reduced by 82% and 50%, respectively.

mathematics, interdisciplinary applications,multidisciplinary sciences