Supervision : Guy PUJOLLE

Towards More Secure Contact and NFC Payment Transactions: New Security Mechanisms and Extension for Small Merchants

EMV is the standard implemented to secure the communication, between a client’s payment device and a PoS, during a contact or NFC purchase transaction. It represents a set of security messages, exchanged between the transaction actors, guaranteeing several important security properties. Indeed, researchers in various studies, have analyzed the operation of this standard in order to verify its reliability: unfortunately, they have identified several security vulnerabilities that, today, represent major risks for our day to day safety. Consequently, in this thesis, we are interested in proposing new solutions that improve the reliability of this standard. In the first stage, we introduce an overview of the EMV security payment system and we survey its vulnerabilities identified in literature. In particular, there are two EMV security vulnerabilities that lead to dangerous risks threatening both clients and merchants: (1) the confidentiality of banking data is not guaranteed, (2) the authentication of the PoS is not ensured to the client’s device. Therefore, our interests move in the second stage to address these two weaknesses. We first review a selection of the related works that have been implemented to solve these vulnerabilities, and then, in order to obtain better results than the related works, we propose a new secure contact and NFC payment system that includes four innovative security mechanisms. Finally, in the third stage, we adapt our first security mechanism in the context of a new NFC payment architecture. This architecture is especially destined for small merchants, allowing them to take advantage of their NFC smartphones for use directly as NFC readers.

2014-2024 Publications

• 2024
  • E. Ahmadieh, N. El Madhoun : “Comparative E-Voting Security Evaluation: Multi-Modal Authentication Approaches”, THE SIXTH INTERNATIONAL CONFERENCE ON BLOCKCHAIN COMPUTING AND APPLICATIONS (BCCA 2024), Dubai, United Arab Emirates (2024)
  • D. Mesbah, N. El Madhoun, Kh. Al Agha, H. Chalouati : “Beyond the Code: Unraveling the Applicability of Graph Neural Networks in Smell Detection”, Advances in Network-Based Information Systems, vol. 224, Lecture Notes on Data Engineering and Communications Technologies, Asan, Korea, Republic of, pp. 148–-161, (Springer Nature Switzerland), (ISBN: 978-3-031-72325-4) (2024)
  • T. Bilot, N. El Madhoun, Kh. Al Agha, A. Zouaoui : “Few Edges Are Enough: Few-Shot Network Attack Detection with Graph Neural Networks”, Advances in Information and Computer Security, vol. 14977, Kyoto, Japan, pp. 257–-276, (Springer Nature Singapore), (ISBN: 978-981-97-7737-2) (2024)
  • H. Kazem, N. El Madhoun, S. Bouzefrane, P. Conord : “Security Challenges and Countermeasures in Blockchain’s Peer-to-Peer Architecture”, Information Security Theory and Practice. 14^th IFIP WG 11.2 International Conference, WISTP 2024, Paris, France, February 29 – March 1, 2024, Proceedings, vol. 14625, Lecture Notes in Computer Science, Paris, France, pp. 111-127, (Springer Nature Switzerland), (ISBN: 978-303160390-7) (2024)
  • N. El Madhoun, B. Hammi, S. El Jaouhari, D. Mesbah, E. Ahmadieh : “Addressing security challenges in copyright management applications : the blockchain perspective”, AINA 2024 : Barolli, L. (eds) Advanced Information Networking and Applications, vol. 204, Lecture Notes on Data Engineering and Communications Technologies, Kitakyushu, Japan, pp. 169-182, (Springer Nature Switzerland), (ISBN: 978-3-031-57942-4) (2024)
• 2023
  • Sh. Kaushik, N. El Madhoun : “Analysis of Blockchain Security: Classic attacks, Cybercrime and Penetration Testing”, MobiSecServ 2023 (The Eighth International Conference On Mobile And Secure Services), Miami, United States (2023)
  • E. Ahmadieh, N. El Madhoun : “Artwork NFTs for Online Trading and Transaction Cancellation”, THE SECOND WORKSHOP ON NFT IN BLOCKCHAIN: PLATFORM AND APPLICATIONS (NFTBC2023)/THE FIFTH INTERNATIONAL CONFERENCE ON BLOCKCHAIN COMPUTING AND APPLICATIONS (BCCA 2023), Kuwait City, Kuwait (2023)
  • T. Bilot, N. El Madhoun, Kh. Al Agha, A. Zouaoui : “A Benchmark of Graph Augmentations for Contrastive Learning-Based Network Attack Detection with Graph Neural Networks”, The 7^th Cyber Security in Networking Conference CSNet 2023, Montreal, Canada (2023)
• 2022
  • A. Benabdallah, A. Audras, L. Coudert, N. El Madhoun, M. Badra : “Analysis of Blockchain Solutions for E-Voting: A Systematic Literature Review”, IEEE Access, vol. 10, pp. 70746-70759, (IEEE) (2022)
  • N. El Madhoun, E. Bertin, M. Badra, G. Pujolle : “New Security Protocols for Offline Point-of-Sale Machines”, The 36^th International Conference on Advanced Information Networking and Applications (AINA 2022), vol. 450, Lecture Notes in Networks and Systems, Sydney, Australia, pp. 446-467, (Springer, Cham), (ISBN: 978-3-030-99586-7) (2022)
• 2021
  • D. Al‑Mohtar, A. Ramzi Daou, N. El Madhoun, R. Maallawi : “A Secure Blockchain-Based Architecture for the COVID-19 Data Network”, 2021 5^th Cyber Security in Networking Conference, Abu Dhabi, United Arab Emirates (2021)
  • N. El Madhoun, E. Bertin, M. Badra, G. Pujolle : “Towards more secure EMV purchase transactions”, Annals of Telecommunications - annales des télécommunications, vol. 76 (3-4), pp. 203-222, (Springer) (2021)
• 2020
  • N. El Madhoun, E. Bertin, M. Badra, G. Pujolle : “Towards More Secure EMV Purchase Transactions: A New Security Protocol Formally Analyzed by the Scyther Tool”, Annals of Telecommunications - annales des télécommunications, (Springer) (2020)
• 2019
  • N. El Madhoun, E. Bertin, G. Pujolle : “The EMV Payment System: Is It Reliable?”, The 3^rd IEEE Cyber Security in Networking International Conference (CSNet 2019), Quito, Ecuador (2019)
• 2018
  • N. El Madhoun : “Towards More Secure Contact and NFC Payment Transactions: New Security Mechanisms and Extension for Small Merchants”, thesis, phd defence 07/09/2018, supervision Pujolle, Guy (2018)
  • N. El Madhoun, E. Bertin, G. Pujolle : “For Small Merchants: A Secure Smartphone-Based Architecture to Process and Accept NFC Payments”, 2018 17^th IEEE International Conference On Trust, Security And Privacy In Computing And Communications / 12^th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), New York, United States, pp. 403-411, (IEEE) (2018)
  • N. El Madhoun, E. Bertin, G. Pujolle : “An Overview of the EMV Protocol and Its Security Vulnerabilities”, The Fourth IEEE International Conference On Mobile And Secure Services (MobiSecServ 2018), Miami Beach, FL, United States (2018)
• 2017
  • N. El Madhoun, E. Bertin : “Magic Always Comes with a Price: Utility Versus Security for Bank Cards”, 1^st IEEE Cyber Security in Networking International Conference, Rio de Janeiro, Brazil (2017)
• 2016
  • N. El Madhoun, G. Pujolle : “A Secure Cloud-Based NFC Payment Architecture for Small Traders”, 3^rd Smart Cloud Networks & Systems Conference 2016 (SCNS 2016), Dubai, United Arab Emirates, pp. 1-6 (2016)
  • N. El Madhoun, G. Pujolle : “Security Enhancements in EMV Protocol for NFC Mobile Payment”, The 15^th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-16), Tianjin, China (2016)
  • N. El Madhoun, F. Guenane, G. Pujolle : “An Online Security Protocol for NFC Payment Formally Analyzed by The Scyther Tool”, The Second IEEE International Conference On Mobile And Secure Services, Gainesville, Florida, United States (2016)
• 2015
  • N. El Madhoun, F. Guenane, G. Pujolle : “A Cloud-Based Secure Authentication Protocol for Contactless-NFC Payment”, Cloud Networking (CloudNet), 2015 IEEE 4^th International Conference on, Niagara Falls, Canada, pp. 328-330 (2015)
• 2014
  • N. El Madhoun, F. Guenane, G. Pujolle : “AN INNOVATIVE CLOUD-BASED RFID TRACEABILITY ARCHITECTURE AND SERVICE”, The 5^th International Conference On Network of the Future, Paris, France, pp. 1-5 (2014)