Abstract
The unprecedented growth of mobile applications promoted the usage of these mobile applications for payments. The current research works in mobile payments and commerce are prone to reverse-engineering attacks and lacked transport layer protection, so these research works do not ensure security. Therefore, such attacks on Mobile Payment Applications (MPA) will be successful, which leads to severe financial loss. To address these issues, we propose a secure framework incorporating a defense-in-depth approach for Near Field Communication (NFC) based mobile payment frameworks. Our defense-in-depth approach has three levels, i.e., Defense at hardware, mobile application, and communication level. We have proposed a NFC based Secure Protocol for Mobile Transaction (NSPMT) protocol and successfully verified a mobile payment protocol with BAN (Burrows, Abadi, and Needham) logic and Scyther tool, and our proposed protocol overcome multi-protocol attack, RAM (Random Access Memory) scrapping attack, DOS (Denial Of Service), DDOS (Distributed Denial Of Service), and Phlashing attacks. Our proposed mobile Payment system overcomes the known mobile application vulnerabilities, including Heartbleed and ROBOT (Return Of Bleichenbacher’s Oracle Threat). Our proposed protocol ensures all the security properties and the energy and communication cost and computational cost are far less than the existing works in the literature. Finally, we have successfully implemented our protocol using kotlin language in Android Studio, with two Mobile Payment Applications (MPA) and POS Payment Application (PPA), Elliptic Curve Digital Signature Algorithm (ECDSA) is used and Advanced Encryption Standard (AES) with GCM (Galois/Counter Mode) mode is used for encryption and decryption of Customer Payment Data at MPA and PPA.
Highlights
T The unprecedented growth of smartphones promoted mobile payment services based on mobile applications as consumers are adopting cashless payments
The main contributions of this paper can be summarized as follows: a) We propose a Near Field Communication (NFC) based Secure Protocol for Mobile Transaction (NSPMT) incorporating a defense-in-depth approach at three levels, i.e., Defense at hardware, mobile application, and at communication levels
Customer’s anonymity is ensured by Traceable anonymous certificate (TAC), Mobile Payment Applications (MPA) is in the UICC of the smartphone, MPA shares a symmetric key between the Bank (B) and the Customer (C), Payment Application (PPA) shares a symmetric key between the Bank (B) and the POS
Summary
T The unprecedented growth of smartphones promoted mobile payment services based on mobile applications as consumers are adopting cashless payments. Security and privacy of mobile transactions is the major hindrance to wide-spread adoption of these services Such vulnerabilities in MPA will hinder the adoption of mobile payments. The main contributions of this paper can be summarized as follows: a) We propose a NFC based Secure Protocol for Mobile Transaction (NSPMT) incorporating a defense-in-depth approach at three levels, i.e., Defense at hardware, mobile application, and at communication levels. C) MPA in our proposed payment framework overcomes the Heartbleed and ROBOT mobile application vulnerabilities.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
