Diseño e implementación de un prototipo para pago de servicio de transporte público en estaciones a través de un teléfono inteligente con tecnología NFC.

Abstract

The aim of this certification work was to design and implement a payment platform for public transport services using smartphones with NFC support. The structural design that NFC technology possesses and the communication protocol frames were analyzed for the creation of both desktop and mobile applications that operate on Android compatible smartphones, the same ones that were developed in Java. In the same manner, a database was created in MySQL, hosted in a server, where all user data, history and transactions made in the platform for control and administration of the system will be saved. Regarding the payment system, the integrity and confidentiality of the communication was evaluated in terms of the protection of the personal information of the users and the transactions they perform. To protect communication, encryption techniques were implemented with 3DES and SHA-1, user sessions, application pairing to avoid data interceptions, and also took advantage of the proximity feature of NFC which provides physical security when establishing a communication. "Man in the middle" attacks were carried out to determine the impact an attacker would have if he succeeded in violating the system. The results of these tests were satisfactory, concluding that the integrity and confidentiality of the data is protected and that the effort to try to decrypt them by brute force would take even hundreds of years if you use an average computer, whereas if you use a cluster of computers or a supercomputer decreases the time being the most critical case 7.7 seconds if 3DES is implemented only, significantly improving with SHA-1. It is recommended after these evaluations that network segmentations be made, and private networks be established for communications with the server to further hinder any attack attempt.