Thesis Overview and Findings

This thesis was ordered in seven chapters. This section briefly reviews the past first six chapters:

Pardis Pourghomi 138 Chapter 1 described the introduction of this thesis that mainly explored the motivations for directing this research. The discussion focused on the current issues concerning the standardization of NFC payments, most of which originate due to stakeholders not disclosing their intention in the beginning. Thus a top - down standardization with a holistic overview is not possible. This emphasised the major challenges in standardization, primarily the synchronization with other consortia as well as different views of NFC-Forum members. The standardization of NFC goes hand-in-hand with the applications and services. Therefore, many different institutions with different core-competences are involved. The major problem is that there is no central institution coordinating the standardization approaches. Consequently, the aim of this research was to explore the problems with existing NFC transaction ecosystem models, design three novel transaction authentication protocols based on our proposed transaction architectures, and to carry out detailed security analysis of the proposed protocols. Subsequently, the objectives of this research were clarified and described as the stages to achieve the aim of this thesis.

Chapter 2 delivered an overview of e-payment with its associated processes. A number of approaches concerning managing the mobile wallet technology and NFC transaction services were examined and security and manageability were identified as the main challenges that have delayed the adoption of NFC payment services. A comprehensive overview of the literature revealed that the level of security and manageability differ based on the model that stakeholders select in order to provide their payment services, which provides an opportunity to conduct the research presented in this thesis.

Chapter 3 highlighted the approach used while conducting this research. Thereafter, Design Science Research (DSR) was theoretically described and justified as an appropriate methodology for this research. Subsequently, the conducted research in this thesis was described in accordance to the DSR research cycles. Four iterations were identified and presented to accomplish the development of the selection model: (1) Library Research, (2)

Initial Design Requirements (Ecosystem/Model design), (3) Protocol Design, (4) Security Analysis and Validation.

Chapter 4 proposed a transaction protocol that provides a secure and trusted communication channel to the communication parties. The proposed protocol was based on the NFC Cloud

Pardis Pourghomi 139 Wallet model where there is a direct link between the merchant’s POS and the MNO (via a shared secret) for secure cloud-based NFC transactions. The operations performed by the vendor's reader, an NFC enabled phone and the cloud provider are provided and such operations are maybe possible by the current state of the technology, as most of these measures are already implemented to support other mechanisms. We considered the detailed execution of the protocol and showed our protocol performs securelyin the cloud-based NFC transaction architecture. The main advantage of this chapter was to demonstrate another way of payment for all those people who do not have bank accounts. This way of making payments eases the process of purchasing for users as they only have to top up with their MNO without having to follow all the banking procedures.

Chapter 5 discussed the NFC ecosystem scenario where cloud computing plays a major role in the payment architecture and the MNO and merchant’s POS are have no direct communication. Therefore, the merchant’s POS and the MNO communicate through the NFC phone (the merchant trusts MNO). We introduced a different insight which proposed a new integrated framework based on trusted integrations of cloud-based NFC transaction players, namely the MNO, the NFC phone user and the merchant. We considered a cloud-based approach for managing sensitive data to ensure the security of NFC transactions over the use of a SE within the cloud environment in addition to considering the role of SE within the NFC phone architecture. We then proposed a secure transaction protocol based on the above scenario and developed a detailed security analysis of the protocol in order to validate its security and reliability. The proposed protocol was based on the NFC Cloud Wallet model, the first proposed protocol (chapter 4), and Chen’s protocol (Chen et al., 2010) for secure cloud-based NFC transactions. We considered a cloud-based approach for managing sensitive data to ensure the security of NFC transactions over the use of a SE within the cloud environment as well as considering the role of the SE within the NFC phone architecture. Chapter 6 provided an alternative protocol similar to the scenario used to design the protocol which is proposed in chapter five. The main difference of this protocol with the previous one is that this protocol enables the merchant to authenticate with multiple MNOs. This capability is provided through the introduction of a new entity called a BS that is considered as an un- trusted party during the execution of our proposed protocol. The structure, execution and generally design of this protocol are modified since the MNO and merchant must

Pardis Pourghomi 140 communicate through a BS. Furthermore, a detailed security analysis of this protocol is provided to examine the strength of our protocol against different attacks.