Author: Eric Voskuil 2015-02-24 11:28:27
Published on: 2015-02-24T11:28:27+00:00
The discussion focuses on the security concerns surrounding NFC and Bluetooth payment transactions. The use of a public key or public key fingerprint for NFC and Bluetooth is suggested. However, reusing the public key can lead to spoofing and seller impersonation. It also introduces forward secrecy problems. To solve this issue, an ephemeral key is recommended as a solution that can seed the public resource name. Proximity identification is essential for non-repudiation.When it comes to identifying the parties involved, a self-signed certificate is not useful in case of a compromised channel. If the merchant cannot rely on proximity, some other means of identifying the payer would be required. It is proposed that a new "resource" could be given with each tap to filter abuse. A unique public key over NFC is suggested to be better than a unique session key.The conversation also discusses the potential security risks involved in using public certificates versus session keys for NFC payments. With a public cert tap, an attacker can capture selected payment requests without invading the space of the NFC terminal and impersonate the payer from a safe distance. However, this problem can be resolved by sending a unique public key on each NFC tap, requiring the attacker to monitor the NFC communication. The level of difficulty in compromising transactions is similar with both approaches, but impersonating the payer is easier with a public cert tap as it just requires software. A more sophisticated attacker can also set up a more powerful BT service on the same MAC address to capture and relay traffic. In sum, relying on a public cert makes the communication less private under the same physical set of constraints.
Updated on: 2023-06-09T17:50:47.313516+00:00