NFC (Near Field Communication) is a radio frequency wireless communication technology for less distance (less than 10cm). It operates at a frequency of 13.56 MHz recently, it has been used for electronic payment between an Automated Teller Machine (ATM) and a Smartphone. It can be menaced by attacks which stole personal data like the user password, the user bank account number ant its amount. So, it must be protected and secured. In this paper, we present a cloud secured password, a simple secured authentication protocol, a simple proposed hash function and a simple test of intrusion to secure the NFC payment between an ATM and a Smartphone against eleven attacks. The analysis of our solution proves that it defends against eleven attacks; it is cost-effectiveness in terms of hardware, cost of calculation, storage space and cost of communication. The proposed technique of password and the protocol use simple cryptography operations, a simple hash function and simple operators.
We recently proposed the Dynamic Array PIN protocol (DAP), which is a novel approach for user authentication on Automated Teller Machines. DAP replaces bank cards with smartphones that support Near Field Communication (NFC) and allows a user to enter his PIN code in a secure way. We showed that DAP is resistant to 13 different attacks and is therefore better and more cost effective than several other solutions from the literature. However, after carrying a deeper analysis we found that DAP is vulnerable to a complex attack that might lead to unauthorized transactions on ATMs if the user smartphone and his PIN code are both stolen. In this paper we expose how the user PIN code can be discretely discovered using multiple eavesdropping videos or camera records. We also propose several fixes for this vulnerability.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.