Privacy-Preserving NFC-Based Authentication Protocol for Mobile Payment System

Abstract

One of the fastest-growing mobile services accessible today is mobile payments. For the safety of this service, the Near Field Communication (NFC) technology is used. However, NFC standard protocol has prioritized transmission rate over authentication feature due to the proximity of communicated devices. Unfortunately, an adversary can exploit this vulnerability with an antenna that can eavesdrop or alter the exchanged messages between NFC-enabled devices. Many researchers have proposed authentication methods for NFC connections to mitigate this challenge. However, the security and privacy of payment transactions remain insufficient. We offer a privacy-preserving, anonymity-based, safe, and efficient authentication protocol to protect users from tracking and replay attacks to guarantee secure transactions. To improve transaction security and, more importantly, to make our protocol lightweight while ensuring privacy, the proposed protocol employs a secure offline session key generation mechanism. Formal security verification is performed to assess the proposed protocol's security strength. When comparing the performance of current protocols, the suggested protocol outperforms the others.