PhD graduated
Team : Phare
Departure date : 08/31/2018

Supervision : Guy PUJOLLE

Towards More Secure Contact and NFC Payment Transactions: New Security Mechanisms and Extension for Small Merchants

EMV is the standard implemented to secure the communication, between a client’s payment device and a PoS, during a contact or NFC purchase transaction. It represents a set of security messages, exchanged between the transaction actors, guaranteeing several important security properties. Indeed, researchers in various studies, have analyzed the operation of this standard in order to verify its reliability: unfortunately, they have identified several security vulnerabilities that, today, represent major risks for our day to day safety. Consequently, in this thesis, we are interested in proposing new solutions that improve the reliability of this standard. In the first stage, we introduce an overview of the EMV security payment system and we survey its vulnerabilities identified in literature. In particular, there are two EMV security vulnerabilities that lead to dangerous risks threatening both clients and merchants: (1) the confidentiality of banking data is not guaranteed, (2) the authentication of the PoS is not ensured to the client’s device. Therefore, our interests move in the second stage to address these two weaknesses. We first review a selection of the related works that have been implemented to solve these vulnerabilities, and then, in order to obtain better results than the related works, we propose a new secure contact and NFC payment system that includes four innovative security mechanisms. Finally, in the third stage, we adapt our first security mechanism in the context of a new NFC payment architecture. This architecture is especially destined for small merchants, allowing them to take advantage of their NFC smartphones for use directly as NFC readers.

Defence : 07/09/2018

Jury members :

Khaldoun AL AGHA, Professeur,Université Paris Sud,Orsay [Rapporteur]
Marc PASQUET, Professeur, Ecole d'Ingénieurs(ENSICAEN),Caen [Rapporteur]
Guy PUJOLLE , Professeur, Sorbonne Université
Xavier AGINA, Expert Cybersecurity, Orange Labs,Châtillon
Marcelo DIAS DE AMORIM, Directeur de recherche CNRS, Sorbonne Université,
Michele NOGUEIRA, Maître de conférence HDR,FUniversité fédérale du Paraná, Curitiba
Pascal URIEN, Professeur, Télécom ParisTech,
Sylvie GERBAIX, Associate Professor, Université d'Aix-Marseille III

Departure date : 08/31/2018

2014-2023 Publications

Mentions légales
Site map