Research Article
BibTex RIS Cite

Security and Privacy Based NFC Wallet Design

Year 2021, Issue: 28, 246 - 250, 30.11.2021
https://doi.org/10.31590/ejosat.995411

Abstract

With the Covid-19 pandemic, contactless and remote payment options have started to be used more widely. NFC technology is also used for contactless payment. In this study, it is aimed to create a payment system using NFC. The design of the payment system used a portable NFC, an Android phone with version 4.4 or higher, an NFC card, Firebase database from Google, and tokenization. We can define tokenization as generating a random string of text with your credit card number. First of all, the developed application must be downloaded and installed on the phone. With this application, the phone will act as a POS machine. Users can use the phone as a POS and make transactions using it. In this system, only a random text string will be visible in an unauthorized access to the database. In this way, security and confidentiality are provided in the system.

Thanks

We would like to thank Dokuz Eylül University Computer Engineering Department for their support.

References

  • Haselsteiner, E., & Breitfuß, K. (2006, July). Security in near field communication (NFC). In Workshop on RFID security (Vol. 517, No. 517, p. 517).
  • Michael, S. (2018). Google is combining Android Pay and Google Wallet under one brand: Google Pay. PCWorld. https://www.pcworld.com/article/3246290/google-pay.html
  • Fisher, M., & Guha, R. (2016). Mobile communication device near field communication (NFC) transactions. U.S. Patent No. 9,378,493. Washington, DC: U.S. Patent and Trademark Office.
  • Griffin, K., & Stone, C. B. (2017). Two step near field communication transactions. U.S. Patent No. 9,558,485. Washington, DC: U.S. Patent and Trademark Office.
  • Khan, M. (2017). Methods, systems, and computer readable media for facilitating in-store or near-store ordering and payment of goods and services through a single-tap of a near field communication (NFC) device. U.S. Patent No. 9,536,243. Washington, DC: U.S. Patent and Trademark Office.
  • Smith, D. W., Skaf, R., & Pautler, J. (2017). Processing near field communications between active/passive devices and a control system. U.S. Patent No. 9,793,962. Washington, DC: U.S. Patent and Trademark Office.
  • Park, J., Luk, K., Connolly, M., Malekzadeh, S., Skovron, J., Baer, M., ... & Aroner, J. (2016). Sharing of information common to two mobile device users over a near-field communication (NFC) link. U.S. Patent No. 9,264,104. Washington, DC: U.S. Patent and Trademark Office.
  • Cho, K., Hyung, A., Choi, H., & Jeon, Y. (2017). Mobile terminal and method of performing NFC payment using the mobile terminal. U.S. Patent No. 9,697,515. Washington, DC: U.S. Patent and Trademark Office.
  • Cronin, J., & Cronin, S. M. (2019). Securing nfc-based payment. U.S. Patent Application No. 16/271,677.
  • Çepik, H., Aydın, Ö., & Dalkılıç, G. (2021). Security Vulnerability Assessment of Google Home Connection with an Internet of Things Device. In Multidisciplinary Digital Publishing Institute Proceedings (Vol. 74, No. 1, p. 1).
  • Wang, Y., Hahn, C., & Sutrave, K. (2016, February). Mobile payment security, threats, and challenges. In 2016 second international conference on mobile and secure services (MobiSecServ) (pp. 1-5). IEEE.4.
  • Cabuk, U. C., Aydin, Ö., & Dalkiliç, G. (2017). A random number generator for lightweight authentication protocols: xorshiftR+. Turkish Journal of Electrical Engineering & Computer Sciences, 25(6), 4818-4828.
  • Xiao, L., Wan, X., Lu, X., Zhang, Y., & Wu, D. (2018). IoT security techniques based on machine learning: How do IoT devices use AI to enhance security?. IEEE Signal Processing Magazine, 35(5), 41-49.
  • Liu, Z., Ma, J., Weng, J., Huang, F., Wu, Y., Wei, L., & Li, Y. (2021). LPPTE: A lightweight privacy-preserving trust evaluation scheme for facilitating distributed data fusion in cooperative vehicular safety applications. Information Fusion, 73, 144-156.
  • Wang, Z., Lin, Y., Zhuo, Z., Gu, J., & Yang, T. (2021). GNFCVulFinder: NDEF Vulnerability Discovering for NFC-Enabled Smart Mobile Devices Based on Fuzzing. Security and Communication Networks, 2021.
  • Yakut, S., Şeker, Ö., Batur, E., & Dalkılıç, G. (2019, October). Blockchain platform for Internet of Things. In 2019 Innovations in Intelligent Systems and Applications Conference (ASYU) (pp. 1-6). IEEE.
  • Li, S., Zhao, S., Min, G., Qi, L., & Liu, G. (2021). Lightweight privacy-preserving scheme using homomorphic encryption in industrial Internet of Things. IEEE Internet of Things Journal.
  • Lu, H. J., & Liu, D. (2021). An improved NFC device authentication protocol. Plos one, 16(8), e0256367.
  • Aydin, Ö., Dalkiliç, G., & Kösemen, C. (2020). A novel grouping proof authentication protocol for lightweight devices: GPAPXR+. Turkish Journal of Electrical Engineering & Computer Sciences, 28(5), 3036-3051.
  • Vishwakarma, P. P., Tripathy, A. K., & Vemuru, S. (2021). Cryptanalysis of Near Field Communication Based Authentication Protocol for Mobile Payment System. Wireless Personal Communications, 1-21.
  • Hagos, T. (2018). Android studio. In Learn Android Studio 3 (pp. 5-17). Apress, Berkeley, CA.
  • Cloud, A. E. C. (2011). Amazon web services. Retrieved November, 9(2011), 2011.
  • Huysman, M. (2013). Everything announced at the Google I/O 2013 keynote in one handy list. TNW-The Financial Times. https://thenextweb.com/news/everything-announced-at-the-google-io-2013-keynote-in-one-handy-list

Güvenlik ve Mahremiyet Tabanlı NFC Tasarımı

Year 2021, Issue: 28, 246 - 250, 30.11.2021
https://doi.org/10.31590/ejosat.995411

Abstract

Covid-19 pandemisi ile birlikte temassız ve uzaktan ödeme seçenekleri daha yaygın olarak kullanılmaya başlamıştır. NFC teknolojisi de temassız ödeme için kullanılmaktadır. Bu çalışmada NFC kullanarak bir ödeme sistemi oluşturmak amaçlanmıştır. Ödeme sisteminin tasarımında taşınabilir bir NFC, 4.4 veya üzeri sürüme sahip bir Android telefon, NFC kartı, Google tarafından sunulan Firebase veritabanı ve simgeleştirme kullanılmıştır. Simgeleştirmeyi, kredi kartı numaranızla rastgele bir metin dizisi oluşturmak olarak tanımlayabiliriz. Öncelikle geliştirilen uygulamanın telefona indirilerek kurulması gerekmektedir. Bu uygulama ile telefon bir POS makinesi görevi görecektir. Kullanıcılar telefonu POS olarak kullanabilir ve bunu kullanarak işlem yapabilir. Bu sistemde, veritabanına izinsiz bir erişimde yalnızca rastgele bir metin dizisi görülebilecektir. Bu şekilde sistemde güvenlik ve gizlilik sağlanmaktadır.

References

  • Haselsteiner, E., & Breitfuß, K. (2006, July). Security in near field communication (NFC). In Workshop on RFID security (Vol. 517, No. 517, p. 517).
  • Michael, S. (2018). Google is combining Android Pay and Google Wallet under one brand: Google Pay. PCWorld. https://www.pcworld.com/article/3246290/google-pay.html
  • Fisher, M., & Guha, R. (2016). Mobile communication device near field communication (NFC) transactions. U.S. Patent No. 9,378,493. Washington, DC: U.S. Patent and Trademark Office.
  • Griffin, K., & Stone, C. B. (2017). Two step near field communication transactions. U.S. Patent No. 9,558,485. Washington, DC: U.S. Patent and Trademark Office.
  • Khan, M. (2017). Methods, systems, and computer readable media for facilitating in-store or near-store ordering and payment of goods and services through a single-tap of a near field communication (NFC) device. U.S. Patent No. 9,536,243. Washington, DC: U.S. Patent and Trademark Office.
  • Smith, D. W., Skaf, R., & Pautler, J. (2017). Processing near field communications between active/passive devices and a control system. U.S. Patent No. 9,793,962. Washington, DC: U.S. Patent and Trademark Office.
  • Park, J., Luk, K., Connolly, M., Malekzadeh, S., Skovron, J., Baer, M., ... & Aroner, J. (2016). Sharing of information common to two mobile device users over a near-field communication (NFC) link. U.S. Patent No. 9,264,104. Washington, DC: U.S. Patent and Trademark Office.
  • Cho, K., Hyung, A., Choi, H., & Jeon, Y. (2017). Mobile terminal and method of performing NFC payment using the mobile terminal. U.S. Patent No. 9,697,515. Washington, DC: U.S. Patent and Trademark Office.
  • Cronin, J., & Cronin, S. M. (2019). Securing nfc-based payment. U.S. Patent Application No. 16/271,677.
  • Çepik, H., Aydın, Ö., & Dalkılıç, G. (2021). Security Vulnerability Assessment of Google Home Connection with an Internet of Things Device. In Multidisciplinary Digital Publishing Institute Proceedings (Vol. 74, No. 1, p. 1).
  • Wang, Y., Hahn, C., & Sutrave, K. (2016, February). Mobile payment security, threats, and challenges. In 2016 second international conference on mobile and secure services (MobiSecServ) (pp. 1-5). IEEE.4.
  • Cabuk, U. C., Aydin, Ö., & Dalkiliç, G. (2017). A random number generator for lightweight authentication protocols: xorshiftR+. Turkish Journal of Electrical Engineering & Computer Sciences, 25(6), 4818-4828.
  • Xiao, L., Wan, X., Lu, X., Zhang, Y., & Wu, D. (2018). IoT security techniques based on machine learning: How do IoT devices use AI to enhance security?. IEEE Signal Processing Magazine, 35(5), 41-49.
  • Liu, Z., Ma, J., Weng, J., Huang, F., Wu, Y., Wei, L., & Li, Y. (2021). LPPTE: A lightweight privacy-preserving trust evaluation scheme for facilitating distributed data fusion in cooperative vehicular safety applications. Information Fusion, 73, 144-156.
  • Wang, Z., Lin, Y., Zhuo, Z., Gu, J., & Yang, T. (2021). GNFCVulFinder: NDEF Vulnerability Discovering for NFC-Enabled Smart Mobile Devices Based on Fuzzing. Security and Communication Networks, 2021.
  • Yakut, S., Şeker, Ö., Batur, E., & Dalkılıç, G. (2019, October). Blockchain platform for Internet of Things. In 2019 Innovations in Intelligent Systems and Applications Conference (ASYU) (pp. 1-6). IEEE.
  • Li, S., Zhao, S., Min, G., Qi, L., & Liu, G. (2021). Lightweight privacy-preserving scheme using homomorphic encryption in industrial Internet of Things. IEEE Internet of Things Journal.
  • Lu, H. J., & Liu, D. (2021). An improved NFC device authentication protocol. Plos one, 16(8), e0256367.
  • Aydin, Ö., Dalkiliç, G., & Kösemen, C. (2020). A novel grouping proof authentication protocol for lightweight devices: GPAPXR+. Turkish Journal of Electrical Engineering & Computer Sciences, 28(5), 3036-3051.
  • Vishwakarma, P. P., Tripathy, A. K., & Vemuru, S. (2021). Cryptanalysis of Near Field Communication Based Authentication Protocol for Mobile Payment System. Wireless Personal Communications, 1-21.
  • Hagos, T. (2018). Android studio. In Learn Android Studio 3 (pp. 5-17). Apress, Berkeley, CA.
  • Cloud, A. E. C. (2011). Amazon web services. Retrieved November, 9(2011), 2011.
  • Huysman, M. (2013). Everything announced at the Google I/O 2013 keynote in one handy list. TNW-The Financial Times. https://thenextweb.com/news/everything-announced-at-the-google-io-2013-keynote-in-one-handy-list
There are 23 citations in total.

Details

Primary Language English
Subjects Engineering
Journal Section Articles
Authors

Faruk Özkan 0000-0001-6665-2691

Ömer Aydın 0000-0002-7137-4881

Publication Date November 30, 2021
Published in Issue Year 2021 Issue: 28

Cite

APA Özkan, F., & Aydın, Ö. (2021). Security and Privacy Based NFC Wallet Design. Avrupa Bilim Ve Teknoloji Dergisi(28), 246-250. https://doi.org/10.31590/ejosat.995411