Security analysis of Hsiang m-coupon protocol

Yildirim K., Dalkilic G., DURU N.

JOURNAL OF THE FACULTY OF ENGINEERING AND ARCHITECTURE OF GAZI UNIVERSITY, vol.34, no.4, pp.1705-1724, 2019 (SCI-Expanded) identifier identifier


Nowadays with technological development mobile devices equipped with new technologies and became part of our lives. For instance, a novel issue used on mobile devices: m-coupon. One of the important things that m-coupon usage needs to be widespread is ensuring of user security. M-coupon scheme can't be secured just using cryptographic algorithms. Although cryptographic algorithms are essential parts of the protocol, security cannot be guaranteed by using cryptographic algorithms alone. Additionally security analysis of the protocol must be done thoroughly. In this context, Hsiang's NFC based m-coupon scheme has been analyzed by using Game Theory and automated security protocol validation tool Scyther. Four players have been identified for Game Theory; an attacker added as a player to the protocol's natural players. In simulation, a communication is established between coupon provider, customer and cashier, and packages are sent. Attacker, by listening the established communication, examined whether he can unpack the packages he obtained or can manipulate the system. As a result, some vulnerabilities have been found at issuing phase with the simulation and Scyther security analysis tool. By using these vulnerabilities, some attacks have been illustrated to the scheme and then solutions are offered to these vulnerabilities.