The standard protocol of near field communication (NFC) has concentrated primarily on the speed of communication while ignoring security properties. Message between an NFC-enabled smartphone and a point of sale are exchanged over the air (OTA), which is a message considered an authentication request for payment, billing, ticketing, loyalty services, identification or access control. An attacker who has an antenna can intercept or manipulate the exchanged messages to take advantage of these. In order to solve this problem, many researchers have suggested authentication methods for NFC communications. However, these remain inadequate transaction security and fairness. In this paper, we will propose a technique that ensures mutual authentication, security properties, and strong fairness. Mutual authentication is a security property that prevents replay attacks and man-in-the-middle attacks. Both fair exchange and transaction security are also significant issues in electronic transactions with regards to creating trust among the parties participating in the transaction. The suggested protocol deploys a secure offline session key generation technique to increase transaction security and, importantly, make our protocol lightweight while maintaining the fairness property. Our analysis suggests that our protocol is more effective than others regarding transaction security, fairness, and lightweight protocol. The proposed protocol checks robustness and soundness using Burrows, Abadi and Needham (BAN) logic, the Scyther tool, and automated validation of internet security protocols and applications (AVISPA) that provide formal proofs for security protocols. Furthermore, our protocol can resolve disputes in case one party misbehaves.
The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications
