Chien‐Ming Chen, W. Fang, King-Hang Wang, Tsu-Yang Wu
{"title":"一种基于NFC的移动支付认证密钥协议的攻击及解决方案","authors":"Chien‐Ming Chen, W. Fang, King-Hang Wang, Tsu-Yang Wu","doi":"10.17706/ijcce.2017.6.3.173-180","DOIUrl":null,"url":null,"abstract":"The popularization of the word “Fin-tech” thanks to many non-technical individuals being amazed by the unconventional way of payments, such as mobile payment over NFC. Undoubtedly speaking security/privacy is considered as the most important factor when a new Fin-tech is introduced; at least psychologically, it is. Recently Seo et al. presented an authenticated key agreement protocol for mobile payment over NFC. The protocol intended to provide secure pairing over untrusted devices with client's anonymity and forward secrecy. Unfortunately, in this paper we found that their protocol is indeed very insecure when an attacker has different levels of network controls. We presented the man-in-the-middle attacks and the replay attacks against this protocol. Under these attacks the attackers can successfully impersonate an anonymous client or can tap the communication between two legitimate clients without being detected by anyone. Then we suggested some improvements, with adequate analysis, to avoid these problems.","PeriodicalId":23787,"journal":{"name":"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Attacks and Solutions of an Authenticated Key Agreement Protocol Based on NFC for Mobile Payment\",\"authors\":\"Chien‐Ming Chen, W. Fang, King-Hang Wang, Tsu-Yang Wu\",\"doi\":\"10.17706/ijcce.2017.6.3.173-180\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The popularization of the word “Fin-tech” thanks to many non-technical individuals being amazed by the unconventional way of payments, such as mobile payment over NFC. Undoubtedly speaking security/privacy is considered as the most important factor when a new Fin-tech is introduced; at least psychologically, it is. Recently Seo et al. presented an authenticated key agreement protocol for mobile payment over NFC. The protocol intended to provide secure pairing over untrusted devices with client's anonymity and forward secrecy. Unfortunately, in this paper we found that their protocol is indeed very insecure when an attacker has different levels of network controls. We presented the man-in-the-middle attacks and the replay attacks against this protocol. Under these attacks the attackers can successfully impersonate an anonymous client or can tap the communication between two legitimate clients without being detected by anyone. Then we suggested some improvements, with adequate analysis, to avoid these problems.\",\"PeriodicalId\":23787,\"journal\":{\"name\":\"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.17706/ijcce.2017.6.3.173-180\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.17706/ijcce.2017.6.3.173-180","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Attacks and Solutions of an Authenticated Key Agreement Protocol Based on NFC for Mobile Payment
The popularization of the word “Fin-tech” thanks to many non-technical individuals being amazed by the unconventional way of payments, such as mobile payment over NFC. Undoubtedly speaking security/privacy is considered as the most important factor when a new Fin-tech is introduced; at least psychologically, it is. Recently Seo et al. presented an authenticated key agreement protocol for mobile payment over NFC. The protocol intended to provide secure pairing over untrusted devices with client's anonymity and forward secrecy. Unfortunately, in this paper we found that their protocol is indeed very insecure when an attacker has different levels of network controls. We presented the man-in-the-middle attacks and the replay attacks against this protocol. Under these attacks the attackers can successfully impersonate an anonymous client or can tap the communication between two legitimate clients without being detected by anyone. Then we suggested some improvements, with adequate analysis, to avoid these problems.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
