Instant Secure Mobile Payment Scheme

Obaid, Mahmoud; Bayram, Zeki; Saleh, Murad

doi:10.1109/access.2019.2913430

Cited by 8 publications

(2 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…[23] proposes a protocol for mobile payments based on NFC by making use of SE. [24] proposes a new communication network that connects banks with its client's mobile phones. It claims that it ensures security without compromising efficiency.…”

Section: Background and Preliminariesmentioning

confidence: 99%

“…[26][27][28][29][30][31] protocols cannot withstand stolen smart card attack, parallel session attack, physically stolen device attack and unauthorized key computation attacks. [4][5][6], [23][24] and [26][27][28][29][30][31] protocols do not ensure communication and application security. Except [23], no work has implemented its proposed protocol in real-time.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A Novel NFC-Based Secure Protocol for Merchant Transactions

Ahamad

2022

IEEE Access

View full text Add to dashboard Cite

The unprecedented growth of mobile applications promoted the usage of these mobile applications for payments. The current research works in mobile payments and commerce are prone to reverse-engineering attacks and lacked transport layer protection, so these research works do not ensure security. Therefore, such attacks on Mobile Payment Applications (MPA) will be successful, which leads to severe financial loss. To address these issues, we propose a secure framework incorporating a defense-in-depth approach for Near Field Communication (NFC) based mobile payment frameworks. Our defense-in-depth approach has three levels, i.e., Defense at hardware, mobile application, and communication level. We have proposed a NFC based Secure Protocol for Mobile Transaction (NSPMT) protocol and successfully verified a mobile payment protocol with BAN (Burrows, Abadi, and Needham) logic and Scyther tool, and our proposed protocol overcome multi-protocol attack, RAM (Random Access Memory) scrapping attack, DOS (Denial Of Service), DDOS (Distributed Denial Of Service), and Phlashing attacks. Our proposed mobile Payment system overcomes the known mobile application vulnerabilities, including Heartbleed and ROBOT (Return Of Bleichenbacher's Oracle Threat). We also show that our proposed protocol's energy consumption, communication cost, and computation cost are far less than the existing works in this realm. Our proposed protocol ensures all the security properties. Finally, we have successfully implemented our protocol using Kotlin language in Android Studio, with two MPA's and POS Payment Application (PPA), Elliptic Curve Digital Signature Algorithm (ECDSA) is used in generating and verifying digital signatures and Advanced Encryption Standard (AES) with GCM (Galois/Counter Mode) mode is used for encryption and decryption of Customer Payment Data at MPA and PPA.

show abstract

Section: Background and Preliminariesmentioning

confidence: 99%