KerNeeS: A protocol for mutual authentication between NFC phones and POS terminals for secure payment transactions

The aim of this paper is to propose a solution for a potential vulnerability in mobile proximity payment. The mobile proximity payment is the evolution of the card payment whose reference standard is EMV (Europay, MasterCard and VISA). A mobile proximity payment transaction is performed via radio waves so there is the possibility to intercept the communication with the point-of-sale and also to activate the payer device, in a range of 10 cm. The EMV protocol assumes that within a range of 10 cm card fraud is hard to perform, moreover IC card capable point of sale are considered safe a priori, while the card must authenticate itself. This allows a leak of card information. In this paper we describe a possible solution to this problem, adding a safe level to the EMV protocol in the case of mobile proximity payment transactions. Our solution is a Needham-Schroeder based protocol, that guarantees authentication and confidentiality between the entities involved in the payment.