An ultra-lightweight RFID authentication scheme for mobile commerce

Fan, Kai; Ge, Nan; Gong, Yanyun; Li, Hui; Su, Ruidan; Yang, Yintang

doi:10.1007/s12083-016-0443-6

Cited by 40 publications

(26 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Generally, MFA applications could be divided into three market-related groups: (i) commercial applications [49,50], i.e., account login, e-commerce, ATM, physical access control, etc. ; (ii) governmental applications [51,52], i.e., identity documents, government ID, passport, driver's license, social security, border control, etc.…”

Section: Mul�-factor Authen�ca�onmentioning

confidence: 99%

Multi-Factor Authentication: A Survey

et al. 2018

View full text Add to dashboard Cite

Today, digitalization decisively penetrates all the sides of the modern society. One of the key enablers to maintain this process secure is authentication. It covers many different areas of a hyper-connected world, including online payments, communications, access right management, etc. This work sheds light on the evolution of authentication systems towards Multi-Factor Authentication (MFA) starting from Single-Factor Authentication (SFA) and through Two-Factor Authentication (2FA). Particularly, MFA is expected to be utilized for human-to-everything interactions by enabling fast, user-friendly, and reliable authentication when accessing a service. This paper surveys the already available and emerging sensors (factor providers) that allow for authenticating a user with the system directly or by involving the cloud. The corresponding challenges from the user as well as the service provider perspective are also reviewed. The MFA system based on reversed Lagrange polynomial within Shamir's Secret Sharing (SSS) scheme is further proposed to enable more flexible authentication. This solution covers the cases of authenticating the user even if some of the factors are mismatched or absent. Our framework allows for qualifying the missing factors by authenticating the user without disclosing sensitive biometric data to the verification entity. Finally, a vision of the future trends in MFA is discussed.

show abstract

Section: Mul�-factor Authen�ca�onmentioning

confidence: 99%

Multi-Factor Authentication: A Survey

et al. 2018

View full text Add to dashboard Cite

show abstract

“…Customers can buy anything they wish in supermarkets like Wal-Mart via QR code payment [8] . In addition, people can also use their phones to perform many of their daily activities, such as buying a film ticket, purchasing a cup of coffee online, or paying an automobile court fine [9] . As such, the mobile-payment process has become a very important part of e-commerce, and has developed into a convenient and relatively reliable technology.…”

Section: Related Workmentioning

confidence: 99%

Secure Authentication Protocol for Mobile Payment

Fan

Jiang

et al. 2018

Tsinghua Sci. Technol.

Self Cite

View full text Add to dashboard Cite

With the increasing popularity of fintech, i.e., financial technology, the e-commerce market has grown rapidly in the past decade, such that mobile devices enjoy unprecedented popularity and are playing an everincreasing role in e-commerce. This is especially true of mobile payments, which are attracting increasing attention.However, the occurrence of many traditional financial mishaps has exposed the challenges inherent in online authentication technology that is based on traditional modes of realizing the healthy and stable development of mobile payment. In addition, this technology ensures user account security and privacy. In this paper, we propose a Secure Mutual Authentication Protocol (SMAP) based on the Universal 2nd Factor (U2F) protocol for mobile payment. To guarantee reliable service, we use an asymmetric cryptosystem for achieving mutual authentication between the server and client, which can resist fake servers and forged terminals. Compared to the modes currently used, the proposed protocol strengthens the security of user account information as well as individual privacy throughout the mobile-payment transaction process. Practical application has proven the security and convenience of the proposed protocol.

show abstract

“…Our contribution: The contribution of this paper is summarized as follows: •At first, we analyze the security of the Fan et al 's authentication protocol •In order to enhance the security of Fan et al 's protocol, we remedy the vulnerabilities found in their scheme. •We formally and informally analyze the security of our proposed protocol, and show that our scheme is secure against various known attacks including the attacks found in Fan et al 's scheme. •Our scheme is shown to be as efficient as Fan et al 's scheme and can be used for low‐cost RFID systems in m‐commerce. …”

Section: Introductionmentioning

confidence: 98%

“…Recently, an ultra‐lightweight RFID authentication protocol has been proposed by Fan et al with the claim of being fit for m‐commerce . In this protocol, the authors employed simple operations such as bitwise XOR (⊕) and addition modulo 2 L ( + ) and also shift operation (called R R method), they also claimed that their protocol is secure and efficient enough.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Security analysis of an ultra‐lightweight RFID authentication protocol for m‐commerce

Aghili,

Mala

2018

Int J Communication

View full text Add to dashboard Cite

Nowadays, many people perform their commercial activities, such as electronic payment and electronic banking, through their mobile phones.Mobile commerce (m-commerce) refers to manipulating electronic commerce (e-commerce) by using mobile devices and wireless networks. Radio-frequency identification (RFID) is a technology which can be employed to complete payment functions on m-commerce. As an RFID subsystem is applied in m-commerce and supply chains, the related security concerns are very important. Recently, Fan et al. have proposed an ultra-lightweight RFID authentication scheme for m-commerce (ULRAS) and claimed that their protocol is efficient enough and provides a high level of security. In this paper, we show that their protocol is vulnerable to secret disclosure and reader impersonation attacks. Finally, we improve it to a protocol that is resistant to the attacks presented in this paper and the other known attacks in the context of RFID authentication. We further analyze the security of the improved protocol through the Burrows-Abadi-Needham logic (BAN-logic). Moreover, our proposed improvement does not impose any additional workload on the RFID tag. KEYWORDS impersonation, mobile commerce, secret disclosure, RFID, ultra-lightweight Int J Commun Syst. 2019;32:e3837. wileyonlinelibrary.com/journal/dac How to cite this article: Aghili SF, Mala H. Security analysis of an ultra-lightweight RFID authentication protocol for m-commerce. Int J Commun Syst. 2019;32:e3837. https://doi.

show abstract

An ultra-lightweight RFID authentication scheme for mobile commerce

Cited by 40 publications

References 16 publications

Multi-Factor Authentication: A Survey

Multi-Factor Authentication: A Survey

Secure Authentication Protocol for Mobile Payment

Security analysis of an ultra‐lightweight RFID authentication protocol for m‐commerce

Contact Info

Product

Resources

About