The aim of this paper is to propose a solution for a potential vulnerability in mobile proximity payment. The mobile proximity payment is the evolution of the card payment whose reference standard is EMV (Europay, MasterCard and VISA). A mobile proximity payment transaction is performed via radio waves so there is the possibility to intercept the communication with the point-of-sale and also to activate the payer device, in a range of 10 cm. The EMV protocol assumes that within a range of 10 cm card fraud is hard to perform, moreover IC card capable point of sale are considered safe a priori, while the card must authenticate itself. This allows a leak of card information. In this paper we describe a possible solution to this problem, adding a safe level to the EMV protocol in the case of mobile proximity payment transactions. Our solution is a Needham-Schroeder based protocol, that guarantees authentication and confidentiality between the entities involved in the payment.
KerNeeS: a protocol for mutual authentication between NFC phones and POS terminals for secure payment transactions / BIADER CEIPIDOR, Ugo; MEDAGLIA, CARLO MARIA; MARINO, ANTONELLA; SPOSATO, SERENA; MORONI, ALICE. - STAMPA. - (2012), pp. 115-120. (Intervento presentato al convegno 9th International ISC Conference on Information Security and Cryptology, ISCISC 2012 tenutosi a Tabriz; Iran nel 2012) [10.1109/ISCISC.2012.6408203].
KerNeeS: a protocol for mutual authentication between NFC phones and POS terminals for secure payment transactions
MORONI, ALICE
2012
Abstract
The aim of this paper is to propose a solution for a potential vulnerability in mobile proximity payment. The mobile proximity payment is the evolution of the card payment whose reference standard is EMV (Europay, MasterCard and VISA). A mobile proximity payment transaction is performed via radio waves so there is the possibility to intercept the communication with the point-of-sale and also to activate the payer device, in a range of 10 cm. The EMV protocol assumes that within a range of 10 cm card fraud is hard to perform, moreover IC card capable point of sale are considered safe a priori, while the card must authenticate itself. This allows a leak of card information. In this paper we describe a possible solution to this problem, adding a safe level to the EMV protocol in the case of mobile proximity payment transactions. Our solution is a Needham-Schroeder based protocol, that guarantees authentication and confidentiality between the entities involved in the payment.| File | Dimensione | Formato | |
|---|---|---|---|
|
Ceipidor_KerNeeS_2012.pdf
solo gestori archivio
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
307.88 kB
Formato
Adobe PDF
|
307.88 kB | Adobe PDF | Contatta l'autore |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
