logo EDITE Nour EL MADHOUN
Identité
Nour EL MADHOUN
État académique
Thèse en cours...
Sujet: Towards a More Secure EMV Payment System: Proposal of New Security Protocols and a New NFC Payment Architecture
Direction de thèse:
Laboratoire:
Voisinage
Ellipse bleue: doctorant, ellipse jaune: docteur, rectangle vert: permanent, rectangle jaune: HDR. Trait vert: encadrant de thèse, trait bleu: directeur de thèse, pointillé: jury d'évaluation à mi-parcours ou jury de thèse.
Productions scientifiques
oai:hal.archives-ouvertes.fr:hal-01215880
AN INNOVATIVE CLOUD-BASED RFID TRACEABILITY ARCHITECTURE AND SERVICE
International audience
Today, several sectors are demanding the track of their objects to improve the efficiency and reliability of the system. RFID technology enables an automatic identification of objects attached to RFID tags via radio waves and allows reading or writing data without physical contact between an RFID reader and a tag. The main engine of RFID development is the need for traceability in order to ensure the authenticity of objects, avoid counterfeiting and track all objects events. So, RFID technology adds intelligence to the process of identification and traceability and it is the best choice to create tracking systems. Our work aims to provide a secure RFID track and trace architecture which can be implemented in many areas and to design an RFID multi-frequency HF/UHF reader able to interact with HF or UHF tags. Moreover, to ensure and complete the historization of all sector events, we propose to enrich our traceability system with enforceable proofs through an electronic safe Cloud-based platform in a secure manner. The integration of RFID technology with a Cloud platform allows to link RFID objects to the Internet. Consequently, this network of networks represents the concept of the Internet of Things which is the key enabler for our traceability system. The present article is a report of our current research effort and our future work planned.
The 5th International Conference On Network of the Future The 5th International Conference On Network of the Future https://hal.archives-ouvertes.fr/hal-01215880 The 5th International Conference On Network of the Future, Dec 2014, Paris, France. pp.1-5ARRAY(0x7f5470aab300) 2014-12
oai:hal.archives-ouvertes.fr:hal-01340315
Security Enhancements in EMV Protocol for NFC Mobile Payment
International audience
Today, by integrating Near Field Communication (NFC) technology in smartphones, bank cards and payment terminals, a purchase transaction can be executed immediately without any physical contact, without entering a PIN code or a signature. Europay Mastercard Visa (EMV) is the standard dedicated for securing contactless-NFC payment transactions. However, it does not ensure two main security proprieties: (1) the authentication of the payment terminal to the client’s payment device, (2) the confidentiality of personal banking data. In this paper, we first of all detail EMV standard and its security vulnerabilities. Then, we propose a solution that enhances the EMV protocol by adding a new security layer aiming to solve EMV weaknesses. We formally check the correctness of the proposal using a security verification tool called Scyther.
The 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-16) https://hal.archives-ouvertes.fr/hal-01340315 The 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-16), Aug 2016, Tianjin, ChinaARRAY(0x7f5470ac8e38) 2016-08-23
oai:hal.archives-ouvertes.fr:hal-01247236
A Cloud-Based Secure Authentication Protocol for Contactless-NFC Payment
International audience
Nowadays, NFC technology is used in contactless payment applications by offering the NFC payment functionality in credit/debit cards, smartphones and payment terminals. Thus, an NFC payment transaction is executed in a simple and practical way. EMV is the security protocol for both contact and contactless payment systems. However, during an EMV payment transaction, this standard does not ensure two main security constraints between a customer payment device and a payment terminal: (1) mutual authentication, (2) confidentiality of sensitive banking data exchanged. These weaknesses represent a major risk in the case of NFC payment because the transaction is performed using NFC radio waves in an open environment. The risk is reduced in the case of contact payment because the transaction is executed in a closed environment by inserting the card into the terminal. In this paper, we propose a new security protocol for NFC payment transactions based on a Cloud infrastructure. We verify the correctness of this proposal using Scyther tool that provides formal proofs for security protocols.
Cloud Networking (CloudNet), 2015 IEEE 4th International Conference on IEEE 4th International Conference on Cloud Networking https://hal.archives-ouvertes.fr/hal-01247236 IEEE 4th International Conference on Cloud Networking, Oct 2015, Niagara Falls, Canada. Cloud Networking (CloudNet), 2015 IEEE 4th International Conference on pp.328-330, 2015, <10.1109/CloudNet.2015.7335332>ARRAY(0x7f5470a829e8) 2015-10-05
oai:hal.archives-ouvertes.fr:hal-01276921
An Online Security Protocol for NFC Payment Formally Analyzed by The Scyther Tool
International audience
Nowadays, NFC technology is integrated into bank cards, smartphones and sales point terminals in order to immediately execute payment transactions without any physical contact. EMV is the standard intended to secure both contact (traditional) and contactless-NFC payment operations. In fact, researchers in recent years have detected some security vulnerabilities in this protocol (EMV). Therefore, in this paper, we introduce the risks entailed by the vulnerabilities of EMV and particularly those at stake in the case of NFC payment. Hence, in order to overcome EMV weaknesses, we propose a new security protocol based on an online communication with a trusted entity. The proposal is destined to secure contactless-NFC payment transactions using NFC bank cards that are unconnected client payment devices (without Wi-Fi or 4G). A security verification tool called Scyther is used to analyze the correctness of the proposal.
The Second Conference On Mobile And Secure Services https://hal.archives-ouvertes.fr/hal-01276921 The Second Conference On Mobile And Secure Services, Feb 2016, Gainesville, Florida, United StatesARRAY(0x7f5470a7ffd0) 2016-02-26
oai:hal.archives-ouvertes.fr:hal-01415979
A Secure Cloud-Based NFC Payment Architecture for Small Traders
International audience
Nowadays, Near Field Communication (NFC) technology is being experimented for payment systems to perform purchase transactions without physical contact, without entering a PIN code or a signature. An NFC purchase transaction is mainly executed between a client's payment device (NFC bank card or NFC smartphone) and a merchant's payment device. The latter may be either an NFC point of sale machine for big traders (in a department store for example), or a simple NFC payment terminal attached to the outside of a smartphone for small traders. In this paper, we propose a new secure cloud-based NFC payment architecture for small traders: which allows them to benefit from their smartphones integrating NFC technology for use directly as NFC merchant payment devices, without needing to buy an external NFC payment terminal. In addition, the proposal introduces a new protocol aiming to secure NFC payment transactions.
3rd Smart Cloud Networks & Systems Conference 2016 (SCNS 2016) http://hal.upmc.fr/hal-01415979 3rd Smart Cloud Networks & Systems Conference 2016 (SCNS 2016), Dec 2016, Dubai, United Arab EmiratesARRAY(0x7f5470ac5248) 2016-12-19
oai:hal.archives-ouvertes.fr:hal-01596562
Magic Always Comes with a Price: Utility Versus Security for Bank Cards
International audience
1st Cyber Security in Networking International Conference https://hal.archives-ouvertes.fr/hal-01596562 1st Cyber Security in Networking International Conference , Oct 2017, Rio de Janeiro BrazilARRAY(0x7f5470a9f2c8) 2017-10-18
Soutenance
Thèse: Towards a more secure EMV payment system: new security protocols and a new NFC payment architecture
Soutenance:
Rapporteurs: Marc PASQUET    Khaldoun AL AGHA