NFC mobile coupon protocols : developing, formal security modelling and analysis, and addressing relay attack

Near Field Communication (NFC) is a Radio Frequency (RF) technology that allows data to be exchanged between devices that are in close proximity. An NFC-based mobile coupon (M-coupon) is a coupon that is retrieved by the user from a source such as a newspaper or a smart poster and redeemed afterwards. The NFC-based mobile coupon (M-coupon) is a cryptographically secured electronic message with some value stored at user’s mobile. The M-coupon requires secure issuing and cashing (redeeming). Uncontrolled copies of the M-coupons would cause losses for a company and damage its reputation. The main goal of this thesis is to enhance the security of NFC mobile coupon protocols. In order to address the NFC M-coupon threats, there are specific and general security requirements. For the specific NFC M-coupon requirements, a number of protocols have been proposed in the literature. We perform a formal security analysis of NFC M-coupon protocols, using formal methods (CasperFDR), in an effort to check the the security of these protocols and whether they address their requirements. We develop a general framework of capturing the NFC M-coupon requirements and apply it to four existing protocols in the literature, and two new protocols that we have developed. The general security requirement that affects all NFC protocols is the issue of relay attacks. A relay attack happens when an intruder extends the distance between two NFC devices while both devices are under the impression they are close to each other. We propose three NFC User Key Confirmation Protocols (UKC) to address the NFC relay attack. The UKC protocols are a collaboration between the cryptographic protocols, the user and the NFC mobile in an effort to prove the proximity. We formally verify the three protocols using CasperFDR.