國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
8
Chapter 1 Introduction
Following the rapid developments in wireless online and mobile communications, and the corresponding universality of smart phones and tablets. The mobile commerce (commerce) [2] [11] has also become increasingly popular in recent years. Users of M-commerce [25] simply used the above devices, which are able to connect to the Internet through wireless networks, to participate in commercial activities such as online shopping, online auctions, and online payments.
The M-commerce is not only for the benefit of users, merchants can also benefit from it. For the users, the M-commerce is convenient, offers simplicity of operation and
personalization to users during their daily lives, whereas for merchants, it can offer useful information about consumers’ shopping habits such as the types of goods, buying intervals, and the average amount of consumption. This enables merchants to analyze these data to speculate about the hobbies and preferences of individual users, and recommend goods that user would maybe have an interest in next time. In addition, it is helpful for merchants to increase user satisfication.
In M-commerce, how to generate a payment system that can replace traditional
payment methods such as cash, credit card, ATM, and micropayments with a smartcard is an important key point. In this regard, many scholars proposed online payment schemes [12]
[20] [25] [26] [32] [38]. The goals of which include the simplification of the operational
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
9
steps on the application, and increased convenience of the payment process. Besides, the most important aim is to use these schemes to make payments instead of traditional ones.
Toorani et al. [38] proposed a secure short message service payment protocol, it allowed users to pay their bills by using the short message service (SMS), because SMS is a built-in service in every cellphone even if it is a smart phone. During the transaction process, the consumer enters his cellphone number, then merchant will send the amount of money indicated in the SMS to the consumer. But the money is not paid to merchant, it is added to the monthly mobile bill. This means that consumers neither need to use cash nor a credit card at that time. However, the weakness of this method is a replay-attack and forged SMS messages.
Molloy et al. [16] proposed a virtual credit card scheme. The concept of it is that it produces virtual credit card numbers to execute the transactions instead of requiring real credit card numbers. They considered the risks of losing the real credit card numbers too large to deliver these numbers during the transaction process. Besides, there are too many occasions to use the credit card in people’s daily lives, and this raises the probability of losing of credit card numbers. Based on the above reason, they generate virtual credit numbers instead of the real ones. In addition, they not only allow user to generate many different virtual credit card numbers but also provide options that enable the user to use a specific virtual credit card for a specific purpose or even use it as a one-time virtual credit card.
Martinez-Pelaez et al. [26] proposed a micropayment protocol. It is based on the anonymous electronic cash to provide anonymity and unlinkability for customers. The
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
10
electronic cash, which is used in the transaction of the protocol, may be in different values and denominations. Through the electronic cash and a specific private key signed by a bank, the bank could save the relation between the value of electronic cash and the corresponding public key. The advantage of the protocol is to avoid repeated consuming and forged attacks. The customers could use the anonymous certificate to authenticate their identities without revealing personal information through the WTLS protocol, and the bank owns customers’ billing information.
Kungpisdan et al. [23] proposed a secure account-based online payment protocol. The protocol adopted a symmetric-key cryptogram which involved less computation during the existing payment protocol. It also satisfied symmetric-key-based payment protocols such as SET and IKP.
Liao [42] proposed a cross-domain anonymous online payment scheme. It allowed users to consume from different merchants in mobile communication and used electronic cash which supported a divided selection technique to provide anonymity to users. Because users execute the transaction process into the mobile-domain and don’t need to store electronic cash on the users’ side, the telecommunication provider holds the distribution right of electronic cash such that the feasibility in the environment is raised. The authentication and the tracing of payment steps are achieved offline. Although only the telecommunication provider knows the user’s payment records, the merchant can link the payment to the user by the analysis of transaction records.
Besides, following an increasing percentage of generalization of an NFC-enabled
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
11
cellphone, scholars [6] [13] [34] proposed the combination of an NFC-enabled cellphone and credit card. The NFC-chip is in card simulation mode to simulate the credit card. Besides, the top three in the 3C field, i.e., Microsoft [27], Apple [1] and Google Inc. [10] also proposed the virtual credit card-enabled cellphone scheme to replace the traditional chip credit card.
Users only needed to use an NFC-enabled cellphone, which stored a virtual credit card, to achieve the transaction instead of physical chip credit cards.
For such a new technique, scholars researched the security of the virtual credit card in an NFC-enabled cellphone in the way of enhancement and analysis [17] [24] [28] [33], they tried to combine a credit card that complies with the EMV standard and a NFC-enabled cellphone to achieve security and convenience.
Urien and Piramuthu [33] proposed that they consider the user’s NFC-enabled
cellphone to be an unworthy trust hardware device, including the built-in storage and installed application. Therefore, they proposed the cloud security element which provides security services instead of the built-in security element in NFC-enabled cellphones. Moreover, it can execute the EMV credit card protocol normally. The concept is very close to the Host Card Emulation [14] technique.
Pasquet et al. [28] proposed an infrastructure, which is used to test the security of the credit card in the NFC-enabled cellphone, and it tried to use several testing tools to test the existing security risks. For example : The protection of the user’s personal information, the protection of important transaction data, the forging attack to the transaction, the security of the application which is used to execute the transaction, and a tamper-proof hardware scheme.
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
12
Pailles et al. [17] paid attention to the protection of private data in users’ accounts. If the private data is stolen, attackers can use it to carry out malicious attacks such as a replay attack, a collusion attack between the client and merchant in which attackers forged the credit card to execute a fake transaction. Thus, they proposed that they separate the authenticated message into two parts. One is authenticated by the merchant, and the other is authenticated by the bank. Besides, the consumer’s identity is authenticated by the bank, rather than by the merchant because it doesn’t know the identity.
Mainetti et al. [24] proposed a message exchanging scheme which used the peer to peer method to exchange the message between the NFC-enabled cellphone and the point of sale (PoS) terminal, not the normal usage, i.e., card emulation mode of the NFC-enabled cellphone. The advantage of this scheme is that the customer can store the transaction confirmation messages that are customized by merchant. The scheme is already implemented in NFC-enabled cellphones running the Android operation system.
Many scholars proposed methods to achieve a payment protocol instead of traditional ones, but there exists other issue. Whether the payment method is traditional or not, the user’s identity has to be transported to authenticate by a receiver. The more transactions the user carries out, the more the chances an attacker can eavesdrop it from message. Users’ ID and other personal information which is eavesdropped can be used to forge a transaction.
Therefore, the anonymity of a user’s identity is also an important issue.
In our protocol, users use the virtual account to communicate with the bank and trusted
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
13
third party during transmission to achieve the anonymity. Although users can alter the virtual transaction account optionally, merchant or others cannot trace user by a virtual transaction account such that the unlinkability is complete. In the transmission, the message is encrypted by the session key which is owned by the user and bank or the user and a trusted third party. Besides, the encrypted message contains the signature to ensure non-repudiation.
Moreover, integrity is ensured by the message which is encrypted by a session key that is generated from a Diffie-Hellman key exchange and the hash value. Finally, the session key is generated by both sides separately, so the key owner should only be a participant in the communication. Even if the attacker eavesdrops the parameters during the transmission, the attacker cannot compute the session key because of the difficulty of the discrete logarithm such that confidentiality is achieved.
In chapter 2, we will introduce the background knowledge of NFC and EMV standard.
In chapter 3, we will describe a NFC-based anonymous mobile payment protocol which is proposed by Luo et al. in 2014. In chapter 4, we describe our new NFC-based anonymous mobile payment protocol. In chapter 5, we will describe the security analysis. In chapter 6, we make a conclusion, and the reference is listed in chapter 7.
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
14