A secure NFC mobile payment protocol based on biometrics with formal verification

Abstract

In this paper, we propose a secure NFC mobile payment protocol based on biometrics SNMPBs using wireless public key infrastructure WPKI and universal integrated circuit card UICC. Electronic signatures generated in this protocol are considered qualified signatures as they are generated in UICC which is tamper resistant device. A procedure for the personalisation of mobile payment application on the UICC by the issuer/bank is proposed. Our SNMPB resolves disputes efficiently among stakeholders by collecting evidence using transaction counters, transaction log, forensics mode and cryptographic audit log techniques. SNMPB ensures end-to-end security i.e., from mobile payments application in UICC to the bank server thereby achieving confidentiality, authentication, integrity and non-repudiation properties, prevents double spending and over spending. Our proposed SNMPB protocol withstands replay, man in the middle MITM, impersonation and multi-protocol attacks as SNMPB is formally verified successfully using BAN logic and Scyther tool.