Design and Development of an Advanced Authentication Protocol for Mobile Applications using NFC Technology

: In this paper, we proposed a new Authentication Protocol for Mobile Applications using NFC technology (AP for MAN). The proposed protocol minimizes the required time to complete the authentication process between the shared entities with a high level of privacy. According to the main security measures, the proposed protocol is evaluated. The current paper presents a new idea for preventing denial of service attack and preserves the limited mobile device capability. The proposed protocol is checked using BAN logic and established that it has no redundancy, the mutual authentication property between the shared parties is verified. The implementation of the proposed protocol shows that it works as designed and it is practical.


Introduction
Near Field Communication (NFC) is a wireless technology that operates in a short range of about ten centimeters for communication. NFC is based on the technology of Radio Frequency Identification (RFID) (Timalsina et al., 2012). For communication, an NFC initiator or transmitter device starts to generate a radio frequency at a frequency of 13.56 MHz. NFC receiver can receive the sent message if it exists in close proximity. NFC feature is a small chipset embedded in wireless devices such as PS (Point of Sale), mobile phones, cards posters and many other wireless devices (Timalsina et al., 2012).
Moreover, NFC can operate in three modes, the first mode is a Card emulation mode. In this mode, NFC acts as an RFID tag embedded in a portable device, the second mode is a Reader/Writer mode. In this mode, a mobile device with NFC acts as an NFC reader and writer similar to RFID tags and the last mode is Peer-topeer (P2P) mode. In this mode, two NFC technologies can communicate directly between two NFC phones or NFC can exchange data directly by touching each other (Thammarat et al., 2015).
NFC is a bidirectional and a proximity coupling technology that based on standard ISO14443 of the smart card (Ukalkar, 2017). The physical and data link layer for NFC modes are based on standard ISO18092, but applications, device architecture and related topics standards are still discussed by the NFC-Forum (Ukalkar 2017).
These days, many smartphones as well, as mobile devices, have embedded NFC to enable data transfers between devices to speed communication in a short-range (Ukalkar, 2017). Moreover, it is widely used as a wireless communication media in a mobile payment system (Ukalkar, 2017). This means that a consumer can purchase goods from a seller easily and conveniently way by using his mobile device. By using this payment, the customer has been allowed to transfer money to the merchant using the mobile device (Ukalkar, 2017). In addition, it can be used on transportation tokens/tickets in addition to access badges or keys to restricted locations (Thammarat and Kurutach, 2019;El Madhoun et al., 2016).
Furthermore, NFC increases the capability of mobile phones and it is predicted to have the potential to do more functions. However, there are many serious concerns in different factor as privacy, the satisfaction of the user, speed of data transfer, the usability of functions, etc. Moreover, the NFC feature is replacing various popular devices communication technologies such as RFID tags (Timalsina et al., 2012). Therefore, it is very important to measure and evaluate the performance of the NFC technology security protocol and where it stands. In this paper, we proposed a new and lightweight authentication protocol using NFC technology and analyzing its performance compared with other authentication protocols in terms of various factors.
Also, due to the rapid development of short-range wireless communication technology, there is an increasing demand to design secure and efficient mobile applications (Levy et al., 2015). Thus, security is a prerequisite for NFC applications. Moreover, NFC technology transmission capacity is limited as its operating frequency is 13.56 MHz and its transmission speed starting from 106 Kbps up to 424 Kbps cm (Odelu et al., 2016). As a result, authentication protocol should ensure high security in addition to low computation and communication time (Levy et al., 2015).
During the last years, there are many types of research presented for authentication protocols that are based on NFC. However, most of these proposed NFC protocols have some weaknesses in information security and fairness. And as a result, these protocols face a problem with many attacks (Ukalkar, 2017). In addition, the missed of fairness prevents the trust among all NFC system parties and without trust, no NFC applications are to be used that lead to a failure of the mobile NFC proposed system (Ukalkar, 2017).
In this paper, a new authentication protocol (AP for MAN) allowing to overcome weaknesses of existing corresponding protocols. The proposed protocol depends on online communication with an authentication Application Server (AS) that considered a representative of the confidence and security of issuing and acquiring data from other systems. Moreover, it depends on two devices support NFC application. So The proposed protocol has three main entities as shown in Fig. 1, the main component of driver entity is the application server that handles all authentication and registration processes, second and third entities are NFC mobile device and Point-of-Sale (PS), finally, all the data processed will be stored in a database. The main security target for these types of protocols is to satisfy the mutual authentication between these three mentioned shared parties.
The main contribution of this paper is: First the proposed protocol is free from the most security drawbacks that other similar protocols suffer from. Second, comparing with other comparable authentication protocols, the proposed one satisfies low processing time, because it's based on Keyed Hash Message Authentication Code (HMAC) function. The HMAC function verifies the integrity and authenticity. Therefore, the mobile device doesn't need to run heavy processing functions to be authenticated making the proposed protocol more practical. Third, the proposed protocol uses pseudonyms instead of the real identity of the users to preserve their privacy. These pseudonyms are updated periodically for more privacy preservation. Moreover, the mobile device in the (AP for MAN) has a great immunity against denial of service attack which preserves its limited resources. This paper is organized as follows the following section reviews the related work, the proposed protocol is described in Section3. The proposed protocol is evaluated in Section4. Section 5 presents performance analysis compared with other similar protocols. Implementation for (AP for MAN) is presented in Section 6. Finally, Section 7 concludes the paper.

Related Work
Number of efficient and secured protocols are proposed for payment system using NFC application (Thammarat and Kurutach, 2019;Badra and Badra, 2019;Ahamad et al., 2013;Tung and Juang, 2017;Al-Fayoumi and Nashwan, 2018;Nashwan, 2017;(Thammarat et al., 2015;Ceipidor et al., 2012;Kungpisdan and Metheekul, 2009;Ahamad et al., 2012;Bojjagani and Sastry, 2019). As proposed by (Thammarat et al., 2015), Thammarat et al. proposed two protocols, NFCAuthv1 and NFCAuthv2. NFCAuthv1 is the authentication protocol between an M mobile device and the AS server. NFCAuthv2 is the authentication protocol between M mobile device, PS device and the AS server. In the NFCAuthv1 protocol, each mobile user needs to install an application. Then, M makes registration through a secure channel. After the registration process, the AS server and the M mobile can create a set of session keys, SKN-ASj, where j = 1, …, m, as mentioned in (Kungpisdan and Metheekul, 2009). This method for session key generation is used to prevent sending the session keys over the internet. However, it may cause a data desynchronization attack. These proposed protocols use six messages. Another protocol called SAP-NFC protocol proposed in (Nashwan, 2017) and its performance analysis is presented in (Al-Fayoumi and Nashwan, 2018). The SAP-NFC protocol's structure consists of the AS server and two NFC devices. In SAP-NFC protocol, some assumptions are required like: Both of the AS and the NFC devices can generate their session keys using Key Derivation Function (KDF). To solve the problem of the data desynchronization attack, the AS saves the new and the old session keys of the NFC devices in its database. The AS updates the identity of the NFC user for each authentication and saves only the new and the old one as mentioned. Hence, it may not satisfy the non-repudiation problem. The authentication phase needs five messages. Another protocol is presented by Tung and Juang (2017), which is called "Secure and Efficient Mutual Authentication Scheme for NFC Mobile Devices". In this protocol, the system is divided into three entities, two NFC devices and one AS server. It's divided into two NFC wireless media PS M NFC PS NFC mobile AS Database phases, the registration phase and authentication phase. After the registration phase, the NFC device will have its required session key. This session key has a limited lifetime as mentioned. However, the method of updating the session key is not mentioned. Thus, this protocol satisfies forward and backward secrecy. Its computation overhead is better than other because it uses the only number of MAC functions. However, it lacks privacy property. The storing of old identities is not mentioned in this protocol. Therefore, it can't satisfy the nonrepudiation property. Tung and Juang's proposed protocol needs five messages in the authentication phase. Furthermore, one of the recent research in NFC mobile payment systems is proposed in (Ali et al., 2017), in this research, a proposed payment system was presented using NFC technology, in this system a web application was developed using java programming language and for data storage a database was used. A mobile system was developed using android software development technology that installed in both customer mobile and point of sale NFC reader. The registration and authentication phases of the proposed system totally depend on mobile identification and serial number that hashed to create a system identifier and registration data for both POS and mobile (Ali et al., 2017).

The Proposed Protocol
In this section, we propose a new authentication protocol for NFC mobile payment communications to resolve the previous problems and to resist the weak points of existing protocols. The proposed (AP for MAN) protocol consists of two phases, namely, registration phase and authentication phase as shown in Fig. 2 and 3 respectively. Table 1 presents the used notations in our scheme.

Registration of the NFC Mobile Device
Through a secure communication channel, the NFC mobile device (Mi) performs the registration procedures with the Authentication Server (AS) as follows:

A. 2 Registration of the Point of Sale
The Point of Sale (PSj) performs similar sequences of operations for registration, under a secure channel. As follows:

B. Authentication Phase
After the registration phase, each one of the NFC mobile Mi and the PSj has the required data to start the authentication operation as follows. The

Security Analysis
In this section, the security analysis is presented, the analysis is based on the main security measures. Furthermore, the security features of the proposed protocol have been compared with other similar NFC mobile payment authentication protocols.

Mutual Authentication
The ( KK for the following steps. After that, the AS calculates VPS or VM to verify the received ones. If the received pseudonym is not in the list or the calculated verification function doesn't equal the received values then the AS will consider the NFC mobile or the point of sale is not legitimate and the AS terminates the authentication session. The PSj verifies if the received APS value equals the calculated value. If they are not equal, the AS will be considered not legitimate and the PSj terminates the session. In the same way, The Mi mobile checks whether the calculated AM equals the received AM. If they are not equal, then the Mi terminates the session and the AS will be considered not legitimate. Note that the PSj device and the Mi device authenticate each other indirectly by the AS. So we can say that the proposed protocol accomplishes the mutual authentication between the three entities.

Data Integrity
Data integrity property is satisfied by using MAC functions, which are generated by the users' own keys.

Privacy
The privacy property or preserving the anonymity of the users are very essential property. Especially, according to the payment application. The proposed protocol ensures that the adversary can't trace the users. The user's real identity like:

Immunity against Attacks
In this section, we assume that the adversary can obtain and retransmit the mutual authentication messages. Then, we will make an analysis for the important types of attacks to test the possibility of occurrence of them.

Man in the Middle Attack
The proposed protocol satisfies the mutual authentication between the involved entities. Therefore, the adversary can't impersonate the legal users.

Replay Attack
The adversary can't impersonate the legal users and open a session with them by replaying the messages because he doesn't know the legal keys with the corresponding pseudonyms. So the proposed protocol is secure against the replay attack.

Denial of Service Attack
The proposed protocol presents a fast method to check the authorization. The mobile user starts the authentication phase by calculating a simple hash function and comparison as declared in the previous section. The result of this comparison determines whether the mobile will continue in the authentication process or not. Therefore, the required time to neglect the fault messages is minimized. So the proposed protocol has a great immunity against denial of service attack which preserves its limited resources.

Desynchronization Attack
The proposed protocol doesn't use time synchronization. Therefore, it's free from the data desynchronization attack.

Forward and Backward Secrecy of the Key
Forward and backward secrecy of the user's key means that the attacker can detect the session keys (Nashwan, 2017) and therefore, he can know all the mutual messages either old messages (to penetrate the backward secrecy) or forward messages (to penetrate the forward secrecy) between the legal partners. In the proposed protocol, the user's session keys are sent through a secure channel. Moreover, the user's session keys expire after a valid life time. After the expiration period, the users contact the server to take a new session key. Hence, the new keys are independent on the previous keys. Therefore, penetration of the forward or backward secrecy is improbable.

Non-repudiation
The proposed protocol satisfies the nonrepudiation property, which means that the mobile user can't deny that he performed this operation. Because the AS server stores the previous identity of each user for a certain time period. This time period is determined according to the database storage and what suits the provisions and legislation.

Formal Analysis
In this subsection, a formal analysis using BAN logic (Burrows et al., 1990) is presented. BAN logic is a logical analysis method for authentication protocols. Using BAN logic gives the ability to determine the unnecessary functions in the protocol. Moreover, it gives the required trust between the shared parties by proving the mutual authentication property. Before making our analysis using BAN logic, the important notations and logical rules which are used in BAN logic will be presented.
Notations (Burrows et al., 1990) P X P believes X. P ⊳ X P sees X. P|X P once said X. P  X P has jurisdiction over X.

#(X)
The formula X is fresh.

{X}K
The formula X is encrypted under the key K.

R2:
. This rule is called the synthetic rule.
7. R7: This is called the belief rule.
The proposed protocol will be transformed into the following formulas. MSG #1 will be neglected, because it's consisted of plaintext.
To prove that the mutual authentication between the shared parties is satisfied we have to prove:  First: For certain data X, ASPSX and ASX; where; AS is the Authentication Server and PS is the Point of Sale.  Second: For certain data Y, ASMY and ASY; where M is the mobile user: Using Equation (6) and R1, we obtain: Using Equation (7) From Equations (10 and 11), we prove that AS authenticates PS.
Using Equation (6) and R4, we obtain: Using Equation (12) From Equations (30 and 31), we prove that PS authenticates AS. From the previous analysis and the properties of BAN logic, we prove that the mutual authentication property between the three entities AS, PS and M is verified. Moreover, our proposed protocol is free from redundancy.

Performance Analysis
In the proposed protocol, the mutual authentication property is satisfied by four MAC functions. No public or symmetric encryption operations are required. No excessive processing operations are required from the mobile user side, which considered suitable for its limited capability. In this section, we select a number of recent and lightweight computations NFC authentication protocols for comparison, that is described in Section 2 (Tung and Juang, 2017;Al-Fayoumi and Nashwan, 2018). The performance comparison is according to the following important parameters: Computation overhead, Computation cost (ms), the number of required messages through the authentication phase, M. The comparison is performed for the authentication phase only. The processing time for updating the session key after each period is ignored. The computation time for different cryptographic operations listed in Table 2 is used in our comparison to calculate the computation cost.
According to the results that are appeared in Table 3, we can notice that NLA protocol has an intermediate result between the other compared protocols.

Simulation and Protocol Evaluation
The proposed protocol was developed using the Java Software Development Kit (SDK) and mobile virtual machine simulator in additional to the Java Application Programming Interface (API) to verify and evaluate the proposed protocol (Coskun et al., 2013). The implementation was simulated on a local host. The language used to write the protocol is a Java tool which is a platform-independent tool (Cheon, 2019). Fig4 shows the used component and The development environment consists of two Integrated Development Environment (IDE): One platform-specific IDE and one for developing NFC mobile proposed protocol. Thus, a combination of many tools is used for multiplatform application development.
A Custom application was configured in the development environment by composing platformspecific IDEs and tools as shown in Fig. 4. The proposed prototype consists of two developed applications as shown in details in Fig. 4, the first application is an android application that developed using android studio tool and this application will be installed into customer mobile application, the second application was developed using Java technologies that developed using java IDE tool , this program will be installed at system servers to generate needed keys as per proposed protocol, the proposed system was developed based on java pre-define library and used to develop NFC based applications.
We performed a small case study to evaluate the proposed protocol, as the proposed protocol totally depends on the hash function for all its variables, so we used NFC Message-Digest Algorithm 5 (MD5) API to develop the proposed hashing mechanism (Kasgar et al., 2013). Table 4 shows the protocol variables for the test scenario as per the abbreviations that presented in Table 1.
The proposed protocol was implemented and evaluated using the most recent Java API taking into consideration the time consumption for each part of the code to enhance the authentication process time. The implementation and evaluation of the proposed protocol show the efficiency of the protocol.

Conclusion
In this paper, a new authentication protocol for mobile payment is proposed. The proposed protocol has some important features as it uses a pseudonym to preserve privacy. It's simple and has low computation time comparing to similar authentication protocols. The proposed protocol depends on a number of HMAC functions that are used to preserve the integrity and minimize the time of authenticity. Moreover, using the HMAC function making our protocol more appropriate for the limited mobile device capability. Because the HMAC function is more light in its computation processing with respect to other cryptographic algorithms, which are used in the other comparable authentication protocols. The proposed protocol presents a new idea to minimize the possibility of happening a denial of service attack, which consumes the mobile resources by simple check at the beginning of the protocol. A comparison between the proposed protocol and the similar NFC authentication protocol is presented, which proves that the proposed protocol satisfies low authentication time. The proposed protocol is analyzed and tested using the BAN logic tool, which proves that the required security parameters are satisfied as the mutual authentication between the three shared entities. Furthermore, the proposed protocol is implemented using the Java tool which proves that it works as required.