Nowadays, NFC technology is used in contactless payment applications by offering the NFC payment functionality in credit/debit cards, smartphones and payment terminals. Thus, an NFC payment transaction is executed in a simple and practical way. EMV is the security protocol for both contact and contactless payment systems. However, during an EMV payment transaction, this standard does not ensure two main security constraints between a customer payment device and a payment terminal: (1) mutual authentication, (2) confidentiality of sensitive banking data exchanged. These weaknesses represent a major risk in the case of NFC payment because the transaction is performed using NFC radio waves in an open environment. The risk is reduced in the case of contact payment because the transaction is executed in a closed environment by inserting the card into the terminal. In this paper, we propose a new security protocol for NFC payment transactions based on a Cloud infrastructure. We verify the correctness of this proposal using Scyther tool that provides formal proofs for security protocols.
Cloud Networking (CloudNet), 2015 IEEE 4th International Conference on IEEE 4th International Conference on Cloud Networking https://hal.archives-ouvertes.fr/hal-01247236 IEEE 4th International Conference on Cloud Networking, Oct 2015, Niagara Falls, Canada. Cloud Networking (CloudNet), 2015 IEEE 4th International Conference on pp.328-330, 2015, <10.1109/CloudNet.2015.7335332>ARRAY(0x7f03ff192a40) 2015-10-05