Abstract
This paper presents an implementation of software applications and an infrastructure for payments using NFC compatible Android smartphones. This prototype is suited for, but not limited to, payments in a public transport system. The importance of security in communication plays a significant role, especially when sensitive information and personal data are sent. Therefore, the authors analyze vulnerabilities during throughout communication in order to prevent and detect information leakage points. Each app has specific roles and handles encryption to guarantee security during data transmission. On the other hand, Apache server runs in a secure mode that executes some measures as Unicode coding, limits upload memory, decrease waiting time for connection to prevent attacks. With this in mind, the system has been evaluated to measure its performance and gauge how secure it is. Man in the middle and brute force attacks were run as a result of previous research works that analyzed among different threats in NFC communication and concluded these vulnerabilities could affect its security environment. This paper describes a methodology to implement this system efficiently, covering all security requirements throughout communication between users and the platform to guarantee data protection and gives the results of test vulnerabilities that prove the system resistance.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Minihold R (2011) Near Field Communication (NFC) technology and measurements white paper. In: Rohde&Schwarz
20minutos. https://www.20minutos.es/noticia/2565576/0/valencia-primera-ciudad-europa/tecnologia-nfc/transporte-publico. Accessed 12 June 2018
Nombela JJ (2013) Pagar con el movil NFC, p 19
Instituto Nacional de Tecnologías de la Comunicación (INTECO) (2013) La tecnología NFC: Aplicaciones y gestión de seguridad, pp 1–21. http://observatorio.inteco.es
Android Developer. https://developer.android.com/guide/topics/connectivity/nfc/hce. Accessed 12 June 2018
Roland M (2012) Software card emulation in NFC-enabled mobile phones: great advantage or security nightmare? In: Fourth international workshop on security and privacy in spontaneous interaction and mobile phone use
Alliance SC (2014) A smart card alliance mobile & NFC council white paper host card emulation (HCE) 101, August 2014. http://www.smartcardalliance.org/wp-content/uploads/HCE-101-WP-FINAL-081114-clean.pdf
Lee Y, Kim E, Jung M (2013) A NFC based authentication method for defence of the man in the middle attack. In: 3rd international conference on computer, p 5. http://psrcentre.org/images/extraimages/113113.pdf
Haselsteiner E, Breitfus K (2006) Security in Near Field Communication (NFC) strengths and weaknesses. In: Semiconductors, vol 11, no 71, p 71. ISSN 00010782. https://doi.org/10.1145/358438.349303. http://books.google.com/books?hl=en&lr=&id=iHwsuHUFq0EC&oi=fnd&pg=PA71&dq=Security+in+Near+Field+Communication+(+NFC+)+Strengths+and+Weaknesses&ots=we-RvNBror&sig=-ZTxz9uRt0pPWkOCQczpa5yNy9Y
Reaves B, Scaife N, Bates A, Traynor P, Butler KRB (2015) Mo(bile) Money, Mo(bile) problems: analysis of branchless banking applications in the developing world. In: 24th USENIX security symposium (USENIX security 15), pp 17–32. ISSN 2471-2566. https://doi.org/10.1145/3092368. https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/reaves
Anaya KB, Ordoñez ML, Donado SA, Freddy L, Sanabria M (2012) Criptografía simétrica. Análisis del algoritmo criptográfico TDES y sus vulnerabilidades, pp 3–5
Sandoval Acosta SRS (2014) La criptografía. repositorio.unapiquitos.edu.pe/handle/UNAP/4622
Johnson D (2012) Password hashing. campus.murraystate.edu/academic/faculty/wlyle/540/2012/DJohnson.docx
Guataquira NM (2017) Seguridad para iot, una solución para la gestión de eventos de seguridad en arquitecturas de internet de las cosas. https://repositorio.escuelaing.edu.co/bitstream/001/693/6/Moreno%20Guataquira%2c%20Nicolas%20-%202017.pdf
Labaca R (2014) La matemática de las claves: ¿numérica o alfanumérica?. Consulta 5 junio 2018. https://www.welivesecurity.com/la-es/2014/06/13/matematica-claves-numerica-alfanumerica/
BBC Mundo (2015) La supercomputadora más poderosa del mundo con la que EE.UU. quiere superar a China. Consulta 5 junio 2018. http://www.bbc.com/mundo/noticias/2015/07/150731_tecnologia_eeuu_supercomputador_mas_poderoso_autorizo_obama_lv
Statista “The Statistics portal”. https://www.statista.com/statistics/716053/most-popular-smartphone-operating-systems-in-us/. Accessed 24 Aug 2018
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Veloz-Cherrez, D., Suárez, J. (2019). NFC-Based Payment System Using Smartphones for Public Transport Service. In: Botto-Tobar, M., Barba-Maggi, L., González-Huerta, J., Villacrés-Cevallos, P., S. Gómez, O., Uvidia-Fassler, M. (eds) Information and Communication Technologies of Ecuador (TIC.EC). TICEC 2018. Advances in Intelligent Systems and Computing, vol 884. Springer, Cham. https://doi.org/10.1007/978-3-030-02828-2_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-02828-2_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02827-5
Online ISBN: 978-3-030-02828-2
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)