Title: A secure NFC mobile payment protocol based on biometrics with formal verification

Authors: Shaik Shakeel Ahamad; Ibrahim Al-Shourbaji; Samaher Al-Janabi

Addresses: College of Computer and Information Sciences, Majmaah University, Al Majmaah, Kingdom of Saudi Arabia ' Computer Network Department, Computer Science and Information System College, Jazan University, Jazan, Kingdom of Saudi Arabia ' Department of Information Networks, Faculty of Information Technology (IT), University of Babylon, Babylon 00964, Iraq

Abstract: In this paper, we propose a secure NFC mobile payment protocol based on biometrics (SNMPBs) using wireless public key infrastructure (WPKI) and universal integrated circuit card (UICC). Electronic signatures generated in this protocol are considered qualified signatures as they are generated in UICC which is tamper resistant device. A procedure for the personalisation of mobile payment application (on the UICC) (by the issuer/bank) is proposed. Our SNMPB resolves disputes efficiently among stakeholders by collecting evidence using transaction counters, transaction log, forensics mode and cryptographic audit log techniques. SNMPB ensures end-to-end security (i.e., from mobile payments application in UICC to the bank server) thereby achieving confidentiality, authentication, integrity and non-repudiation properties, prevents double spending and over spending. Our proposed SNMPB protocol withstands replay, man in the middle (MITM), impersonation and multi-protocol attacks as SNMPB is formally verified successfully using BAN logic and Scyther tool.

Keywords: secure payments; payment security; near-field communication; NFC mobile payments; m-payment protocols; biometrics; wireless public key infrastructure; WPKI; universal integrated circuit card; UICC; BAN logic; Scyther tool; man in the middle; MITM; multi-protocol attacks; electronic signatures; cryptography; confidentiality; authentication; integrity; non-repudiation; double spending; over spending; formal verification.

DOI: 10.1504/IJITST.2016.078579

International Journal of Internet Technology and Secured Transactions, 2016 Vol.6 No.2, pp.103 - 132

Available online: 23 Aug 2016 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article