POS Terminal Authentication Protocol to Protect EMV Contactless Payment Cards

The original EMV protocol was designed to operate in a situation where the card holder removes their card from their wallet and insert the card into a Point of Sale (POS) terminal. The protocol operates predominantly in plaintext which was not a problem because the attackers needed to tamper with the POS to gain access to the information on the card. The introduction of contactless EMV cards exposes the mainly plaintext EMV protocol to a wireless interface. This allows attackers to use an off-the-shelf NFC reader to access the card without the cardholders knowledge and potentially whilst the card is still in their wallet. Research has demonstrated that contactless EMV cards are vulnerable to various attacks carried out using off-the- shelf equipment which is both cheap and easy to obtain. The proposed solution addresses these issues by having the card request that any NFC reader, attempting to initiate communication, must authenticate itself as a genuine bank issued POS. The POS does this using a Bank issued private key to sign a nonce provided by the card

Attacks On Near Field Communication Devices

For some years, Near Field Communication (NFC) has been a popularly known technology characterized by its short-distance wireless communication, mainly used in providing different agreeable services such as payment with mobile phones in stores, Electronic Identification, Transportation Electronic Ticketing, Patient Monitoring, and Healthcare. The ability to quickly connect devices offers a level of secure communication. That notwithstanding, looking deeply at NFC and its security level, identifying threats leading to attacks that can alter the user’s confidentiality and data privacy becomes obvious. This paper summarizes some of these attacks, emphasizing four main attack vectors, bringing out a taxonomy of these attack vectors on NFC, and presenting security issues alongside privacy threats within the application environment

Mobile transactions over NFC and GSM

Dynamic relationships between Near Field Communication (NFC) ecosystem players in a monetary transaction make them partners in a way that they sometimes require to share access permission to applications that are running in the service environment. One of the technologies that can be used to ensure secure NFC transactions is cloud computing. This offers a wider range of advantages than the use of only a Secure Element (SE) in an NFC enabled mobile phone. In this paper, we propose a protocol for NFC mobile payments over NFC using Global System for Mobile Communications (GSM) authentication. In our protocol, the SE in the mobile device is used for customer authentication whereas the customer's banking credentials are stored in a cloud under the control of the Mobile Network Operator (MNO). The proposed protocol eliminates the requirement for a shared secret between the Point of Sale (PoS) and the MNO before execution of the protocol, a mandatory requirement in the earlier version of this protocol. This elimination makes the protocol more practicable and user friendly. A detailed analysis of the protocol discusses multiple attack scenarios

Formal security analysis of NFC M-coupon protocols using Casper/FDR

Near field communication (NFC) is a standard-based, radio frequency (RF), wireless communication technology that allows data to be exchanged between devices that are less than 20 cm apart. NFC security protocols require formal security analysis before massive adoptions, in order to check whether these protocols meet its requirements and goals. In this paper we formally analyse NFC-based mobile coupon protocols using formal methods (Casper/FDR). We find an attack against the advanced protocol, and then we provide a solution that addresses the vulnerability formally

Seminar Future Internet WS2012

Near Field Communication (NFC) is an emerging close range, low bandwidth, induction based communication standard. It is already and will be more broadly integrated tightly with modern smartphones, devices and operating systems. Payment services, setup of high-bandwidth connections, information sharing and identity verification become possible by just touching two NFC devices together. This paper tries to give an overview over how NFC technology works, what some of its current and potential applications are and which risks and exploits come along with its simplicity

Preventing Man-in-the-Middle Attacks in Near Field Communication by Out-of-Band Key Exchange

Near Field Communication (NFC) is an RFID based proximity communication technology. The extensive use of NFC technology for popular and sensitive applications such as financial transactions and content sharing necessitates the implementation of secure transmission standards for data exchange. NFC-SEC is one such set of cryptographic standards that extends NFC to provide better security. However, NFC is still susceptible to Man-in-the-Middle (MITM) attacks due to the lack of device authentication, which in turn allows for masquerading and other attacks. Inclusion of a certification authority has commonly been proposed to resolve this issue at the cost of significant additional communication overhead. In this thesis, we first demonstrate a practical MITM attack on an NFC-SEC communication session. We then present NonceCrypt, a light-weight countermeasure against this class of attacks. NonceCrypt addresses the vulnerability of NFC-SEC by an added step of authentication over a secure out-of-band communication channel. We implement NonceCrypt on an Arduino platform and evaluate its implementation cost and runtime overhead in a set of experiments. Results indicate that the increase memory and time overhead for this scheme are negligible. It avoids involving any additional entities in the communication and is based on a flexible implementation scheme that can be used for both smartphones and contactless cards

Mobile applications approaches using near field communication support

Nowadays, the society is constantly evolving technologically and new products and technologies appears every day. These technologies allow the well-being of societies and their populations. Mobile gadgets evolution, mainly the smartphones, has always been at the forefront, everyday new devices appear and with them, more recent technologies. These technologies provide a better quality of life of everybody who uses them. People need to have at their disposal a whole array of new features that make their life increasingly more easily. The use of gadgets to simplify the day-to-day is growing and for this people use all disposal types of devices, such as computers, laptops, file servers, smartphones, tablets, and among of others. With the need to use all these devices a problem appears, the data synchronization and a way to simplify the usage of smartphones. What is the advantage of having so much technology available if we need to concern about the interoperability between all devices? There are some solutions to overcome these problems, but most often the advantage brought by these technologies has associated some setup configurations and time is money. Near field communication (NFC) appeared in 2004 but only now has gained the market dominance and visibility, everybody wants to have a NFC based solution, like Google, Apple, Microsoft and other IT giants. NFC is the best solution to overcome some problems like, file synchronization, content sharing, pairing devices, and launch applications without user interaction. NFC arises as a technology that was forgotten, but it has everything to win in every global solutions and markets. In this dissertation two based solutions are presented, an application to transfer money using NFC and an application launcher. Both solutions are an innovation in market because there are nothing like these. A prototype of each application was build and tested. NFC Launcher is already in Android Market. NFC Launcher and Credit Transfer were built, evaluated and are ready for use