Volume 6 Number 3(Jul. 2017)
Home > Archive > 2017 > Volume 6 Number 3(Jul. 2017) >
IJCCE 2017 Vol.6(3): 173-180 ISSN: 2010-3743
DOI: 10.17706/IJCCE.2017.6.3.173-180

Attacks and Solutions of an Authenticated Key Agreement Protocol Based on NFC for Mobile Payment

Chienming Chen, Weicheng Fang, Kinghang Wang, Tsuyang Wu
Abstract—The popularization of the word “Fin-tech” thanks to many non-technical individuals being amazed by the unconventional way of payments, such as mobile payment over NFC. Undoubtedly speaking security/privacy is considered as the most important factor when a new Fin-tech is introduced; at least psychologically, it is. Recently Seo et al. presented an authenticated key agreement protocol for mobile payment over NFC. The protocol intended to provide secure pairing over untrusted devices with client's anonymity and forward secrecy. Unfortunately, in this paper we found that their protocol is indeed very insecure when an attacker has different levels of network controls. We presented the man-in-the-middle attacks and the replay attacks against this protocol. Under these attacks the attackers can successfully impersonate an anonymous client or can tap the communication between two legitimate clients without being detected by anyone. Then we suggested some improvements, with adequate analysis, to avoid these problems.

Index Terms—Key words: Authenticated key agreement, near field communication, security.

Chienming Chen and Weicheng Fang are with Harbin Institute of Technology Shenzhen Graduate School, Shenzhen, China. Kinghang Wang is with Hong Kong University of Science and Technology, Hong Kong, China. Tsuyang Wu is with Fujian Provincial Key Laboratory of Big Data Mining and Applications, Fujian University of Technology, Fuzhou, China; National Demonstration Center for Experimental Electronic Information and Electrical Technology Education, Fujian University of Technology, Fuzhou, China.

Cite:Chienming Chen, Weicheng Fang, Kinghang Wang, Tsuyang Wu, "Attacks and Solutions of an Authenticated Key Agreement Protocol Based on NFC for Mobile Payment," International Journal of Computer and Communication Engineering vol. 6, no. 3, pp. 173-180, 2017.

General Information

ISSN: 2010-3743
Frequency: Quarterly
Editor-in-Chief: Dr. Maode Ma
Abstracting/ Indexing: EI (INSPEC, IET), Google Scholar, Crossref, Engineering & Technology Digital Library, ProQuest, and Electronic Journals Library
E-mail: ijcce@iap.org
  • Nov 07, 2017 News!

    IJCCE Vol. 5, No. 5 has been indexed by EI (Inspec) Inspec, created by the Institution of Engineering and Tech.!   [Click]

  • Mar 31, 2016 News!

    IJCCE Vol. 4, No. 5 has been indexed by EI (Inspec) Inspec, created by the Institution of Engineering and Tech.!   [Click]

  • Jun 28, 2017 News!

    IJCCE Vol. 5, No. 4 has been indexed by EI (Inspec) Inspec, created by the Institution of Engineering and Tech.!   [Click]

  • Jun 28, 2017 News!

    IJCCE Vol. 5, No. 3 has been indexed by EI (Inspec) Inspec, created by the Institution of Engineering and Tech.!   [Click]

  • Jun 28, 2017 News!

    IJCCE Vol. 5, No. 2 has been indexed by EI (Inspec) Inspec, created by the Institution of Engineering and Tech.!   [Click]

  • Read more>>