Table of Contents Author Guidelines Submit a Manuscript
The Scientific World Journal
Volume 2014 (2014), Article ID 864571, 19 pages
http://dx.doi.org/10.1155/2014/864571
Research Article

Security Enhanced EMV-Based Mobile Payment Protocol

Department of Information & Computer Engineering, Chung Yuan Christian University, 200 Chung Pei Road, Chung Li, Taoyuan County 32023, Taiwan

Received 15 May 2014; Accepted 8 August 2014; Published 15 September 2014

Academic Editor: Jiguo Li

Copyright © 2014 Ming-Hour Yang. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. PayPass—ISO/IEC 14443 Implementation Specification Version 1.1, 2006.
  2. Visa Contactless Payment Specification (VCPS) Version 2.1, 2009.
  3. F. D. Garcia, G. de Koning Gans, R. Muijrers et al., “Dismantling MIFARE classic,” in Proceedings of the Computer Security (ESORICS '08), vol. 5283 of Lecture Notes in Computer Science, pp. 97–114.
  4. K. Nohl, D. Evans, S. Starbug, and H. Plötz, “Reverse-engineering a cryptographic RFID tag,” in Proceedings of the 17th conference on USENIX Security symposium, vol. 1, pp. 185–193, San Jose, Calif, USA, August 2008.
  5. J. Ekberg and S. Bugiel, “Trust in a small package,” in ACM Workshop on Scalable Trusted Computing, vol. 13, pp. 9–18, Chicago, Ill, USA, 2009. View at Google Scholar
  6. J. Winter, “Trusted computing building blocks for embedded linux-based ARM trustzone platforms,” in Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing (STC '08), pp. 21–30, Alexandra, Ala, USA, October 2008. View at Publisher · View at Google Scholar · View at Scopus
  7. M. Nauman, S. Khan, X. Zhang, and J. Seifert, “Beyond kernel-level integrity measurement: enabling remote attestation for the android platform,” in Proceedings of the International Conference on Trust and Trustworthy Computing, pp. 1–15, Berlin, Germany, June 2010.
  8. Google Corp., Google Wallet, http://www.google.com/wallet/.
  9. Microsoft corp. Trusted Platform Module Virtual Smart Card Management Protocol Specification, 2013, http://msdn.microsoft.com/en-us/library/ hh880895( prot.20).aspx.
  10. T. Ali and M. A. Awal, “Secure mobile communication in m-payment system using NFC technology,” in Proceedings of the International Conference on Informatics, Electronics & Vision (ICIEV ’12), pp. 133–136, Dhaka, Bangladesh, May 2012. View at Publisher · View at Google Scholar · View at Scopus
  11. W. D. Chen, G. P. Hancke, K. E. Mayes, Y. Lien, and J.-H. Chiu, “NFC mobile transactions and authentication based on GSM network,” in Proceeding of the 2nd International Workshop on Near Field Communication (NFC ’10), pp. 83–89, Monaco, April 2010. View at Publisher · View at Google Scholar · View at Scopus
  12. W. D. Chen, G. P. Hancke, K. E. Mayes, Y. Lien, and J.-H. Chiu, “Using 3G network components to enable NFC mobile transactions and authentication,” in Proceedings of the IEEE International Conference on Progress in Informatics and Computing (PIC ’10), vol. 1, pp. 441–448, Shanghai, China, December 2010. View at Publisher · View at Google Scholar · View at Scopus
  13. W.-D. Chen, K. E. Mayes, Y.-H. Lien, and J.-H. Chiu, “NFC mobile payment with citizen digital certificate,” in Proceedings of the 2nd International Conference on Next Generation Information Technology (ICNIT '11), pp. 120–126, Gyeongju, Korea, June 2011. View at Scopus
  14. E. H. Husni, N. Basjaruddin, T. Purboyo, S. Purwantoro, and H. Ubaya, “Efficient tag-to-tag Near Field Communication (NFC) protocol for secure mobile payment,” in International Conference on Instrumentation, Communication, Information Technology and Biomedical Engineering (ICICI-BME '11), pp. 97–101, Bandung, India, November 2011. View at Publisher · View at Google Scholar · View at Scopus
  15. L. Mainetti, L. Patrono, and R. Vergallo, “IDA-Pay: an innovative micro-payment system based on NFC technology for Android mobile devices,” in Proceedings of the 20th International Conference on Software, Telecommunications and Computer Networks (SoftCOM '12), pp. 1–6, Split, Croatia, September 2012. View at Scopus
  16. Mastercard, “PayPass Magstripe Technical Specifications,” Version 3.3, 2007.
  17. EMVCo, EMV—Integrated Circuit Card Specifications for Payment Systems, Version 4.3, EMVCo, 2011.
  18. M. Pasquet, J. Reynaud, and C. Rosenberger, “Secure payment with NFC mobile phone in the smart touch project,” in Proceedings of the International Symposium on Collaborative Technologies and Systems (CTS '08), pp. 121–126, May 2008. View at Publisher · View at Google Scholar · View at Scopus
  19. J. D. Ruiter and E. Poll, “Formal analysis of the EMV protocol suite,” in Proceedings of the Theory of Security and Applications, pp. 113–129, Saarbrücken, Germany, April 2011.
  20. WatchData SIMpass, 2014, http://www.watchdata.com.cn/SIMpass/index.htm.
  21. M. Levi, P. Bissell, and T. Richardson, “The prevention of CHEQUE and credit card fraud,” Crime Prevention Unit Paper 26, Home Office, London, UK, 1991. View at Google Scholar
  22. E. O. Blass, A. Kurmus, R. Molva, and T. Strufe, “PSP: private and secure payment with RFID,” in Proceedings of the 8th ACM Workshop on Privacy in the Electronic Society (WPES '09), pp. 51–60, Chicago, Ill, USA, November 2009. View at Publisher · View at Google Scholar · View at Scopus
  23. R. K. Balan, N. Ramasubbu, K. Prakobphol, N. Christin, and J. Hong, “mFerio: The design and evaluation of a peer-to-peer mobile payment system,” in Proceedings of the 7th ACM International Conference on Mobile Systems, Applications, and Services (MobiSys '09), pp. 291–304, Kraków, Poland, June 2009. View at Publisher · View at Google Scholar · View at Scopus
  24. X. Hou and C. H. Tan, “Fair traceable off-line electronic cash in wallets with observers,” in Proceedings of the 6th International Conference on Advanced Communication Technology, pp. 595–599, Phoenix Park, South Korea, February 2004. View at Scopus
  25. G. V. Damme, K. M. Wouters, H. Karahan, and B. Preneel, “Offline NFC payments with electronic vouchers,” in Proceedings of the Workshop on Networking, Systems, and Applications for Mobile Handhelds, pp. 25–30, Barcelona, Spain, August 2009.
  26. J. Neefs, F. Schrooyen, J. Doggen, and K. Renckens, “Paper ticketing vs. electronic ticketing based on off-line system “Tapango”,” in Proceedings of the 2nd International Workshop on Near Field Communication (NFC '10), pp. 3–8, Monaco, Italy, April 2010. View at Publisher · View at Google Scholar · View at Scopus
  27. M. Bond, O. Choudary, and S. J. Murdoch, “Chip and Skim: cloning EMV cards with the pre-play attack,” in Proceedings of the IEEE Symposium on Security and Privacy, pp. 18–21, San Jose, Calif, USA, May 2014.
  28. M. Blaze, J. Ioannidis, and A. D. Keromytis, “Offline micropayments without trusted hardware,” in Proceedings of the 5th International Conference on Financial Cryptography (FC '01), pp. 21–40, 2001.
  29. L. Rivest and A. Shamir, “Pay word and MicroMint: two simple micropayment schemes,” in Proceedings of the International Workshop on Security Protocols, pp. 69–87, Cambridge, UK, April 1996.
  30. L.-M. Fan and J.-X. Liao, “Discrete micropayment protocol based on master-slave payword chain,” Journal of China Universities of Posts and Telecommunications, vol. 14, no. 1, pp. 58–84, 2007. View at Publisher · View at Google Scholar · View at Scopus
  31. C.-I. Fan, Y.-K. Liang, and C.-N. Wu, “An anonymous fair offline micropayment scheme,” in Proceedings of the International Conference on Information Society, pp. 377–381, June 2011. View at Scopus
  32. F. Liu, “Secure Micropayment Mechanism for Universal Mobile Internet Service,” 2014, http://ntur.lib.ntu.edu.tw/handle/246246/54231.
  33. S. J. Murdoch, S. Drimer, R. Anderson, and M. Bond, “Chip and PIN is broken,” in Proceedings of the IEEE Symposium on Security and Privacy (SP ’10), pp. 433–446, Oakland, Calif, USA, May 2010. View at Publisher · View at Google Scholar · View at Scopus
  34. M.-H. Liu, Y. Xin, Y.-X. Yang, and X.-X. Niu, “Security mechanism research of EMV2000,” in Proceedings of the IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology (Workshops '07), pp. 307–310, Silicon Valley, Calif, USA, November 2007. View at Publisher · View at Google Scholar · View at Scopus
  35. G. P. Hancke, “Practical eavesdropping and skimming attacks on high-frequency RFID tokens,” in Proceedings of the Workshop on RFID Security, pp. 259–288, Istanbul, Turkey, June 2010.
  36. E. Haselsteiner and K. Breitfuß, “Security in Near Field Communication (NFC) strengths and weaknesses,” in Proceedings of the Workshop on RFID Security, pp. 12–14, Graz, Austria, July 2006.
  37. T. S. Heydt-Benjamin, D. V. Bailey, K. Fu, A. Juels, and T. O'Hare, “Vulnerabilities in first-generation RFID-enabled credit cards,” in Proceedings of 11th International Conference on Financial Cryptography and Data Security, pp. 2–14, Lowlands, Trinidad and Tobago, 2007.
  38. M. Hutter and R. Toegl, “A trusted platform module for near field communication,” in Proceedings of the 5th International Conference on Systems and Networks Communications (ICSNC '10), pp. 136–141, Nice, France, August 2010. View at Publisher · View at Google Scholar · View at Scopus
  39. J. Ekberg and M. Kylanpa, Mobile Trusted Module (MTM)—An Introduction, NRC-TR-2007-015, Nokia Research Center, Helsinki, Finland, 2007.
  40. M. Reveilhac and M. Pasquet, “Promising secure element alternatives for NFC technology,” in Proceeding of the 1st International Workshop on Near Field Communication (NFC '09), pp. 75–80, Hagenberg, Austria, February 2009. View at Publisher · View at Google Scholar · View at Scopus
  41. S. Balfe and K. G. Paterson, “E-EMV: emulating EMV for internet payments with trusted computing technologies,” in Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, pp. 81–92, New York, NY, USA, October 2008. View at Publisher · View at Google Scholar · View at Scopus
  42. Q. Li, X. Zhang, J.-P. Seifert, and H. Zhong, “Secure mobile payment via trusted computing,” in Proceedings of the 3rd Asia-Pacific Trusted Infrastructure Technologies Conference (APTC '08), pp. 98–112, Hubei, China, October 2008. View at Publisher · View at Google Scholar · View at Scopus
  43. Trusted Computing Group, Mobile Trusted Module Specification, Version 1.0, Revision 7.02, TCG Mobile Phone Work Group, 2010.
  44. Microsoft MSDN, “TPM and BitLocker Drive Encryption,” 2014, http://msdn.microsoft.com/en-us/library/windows/hardware/dn653315(v=vs.85).aspx.
  45. Internet Engineering Task Force, The Transport Layer Security (TLS) Protocol, Version 1.2, Internet Engineering Task Force, Fremont, Calif, USA, 2008.
  46. H. Kim, N. Agrawal, and C. Ungureanu, “Revisiting storage for smartphones,” ACM Transactions on Storage, vol. 8, no. 4, article 14, 2012. View at Publisher · View at Google Scholar · View at Scopus
  47. Ingenico corp. iSC Touch 480 Product Specifications Sheet, 2014, http://ingenico.us/wp-content/uploads/2013/05/iSC-Touch-480-Group-Jan2012.pdf.
  48. NXP corp. ISO/IEC 14443 Higher Bit Rates with Micore , MC124011, Rev. 01.01—10 May 2006.
  49. EMVCo, EMV Contactless Specifications for Payment Systems—Book A: Architecture and General Requirements, Version 2.1, EMVCo, 2011.