International Journal of Internet, Broadcasting and Communication

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

Per-transaction Shared Key Scheme to Improve Security on Smart Payment System

  • Ahmad, Fawad (School of Information, Communications and Electronics Engineering, The Catholic University of Korea) ;
  • Jung, Younchan (School of Information, Communications and Electronics Engineering, The Catholic University of Korea)
  • Received : 2015.11.12
  • Accepted : 2015.12.21
  • Published : 2016.02.29
Download PDF
⟨ Previous Next ⟩

Abstract

Several authentication methods have been developed to make use of tokens in the mobile networks and smart payment systems. Token used in smart payment system is genearated in place of Primary Account Number. The use of token in each payment transaction is advantageous because the token authentication prevents enemy from intercepting credit card number over the network. Existing token authentication methods work together with the cryptogram, which is computed using the shared key that is provisioned by the token service provider. Long lifetime and repeated use of shared key cause potential brawback related to its vulnerability against the brute-force attack. This paper proposes a per-transaction shared key mechanism, where the per-transaction key is agreed between the mobile device and token service provider for each smart payment transaction. From server viewpoint, per-transaction key list is easy to handle because the per-transaction key has short lifetime below a couple of seconds and the server does not need to maintain the state for the mobile device. We analyze the optimum size of the per-transaction shared key which satisfy the requirements for transaction latency and security strength for secure payment transactions.

Keywords

References

  1. Bodhani, "New ways to pay [communications near field]," Engineering Technology, vol.8, no.7, pp.32-35, August 2013. https://doi.org/10.1049/et.2013.0716
  2. F. Corella and K. Lewison, "Interpreting the emv tokenisation specification," white paper, 2014.
  3. W. Chen, G. Hancke, K. Mayes, Y. Lien, and J.H. Chiu, "Using 3g network components to enable nfc mobile transactions and authentication," Progress in Informatics and Computing (PIC), 2010 IEEE International Conference on, pp.441-448, Dec 2010.
  4. S. Sung, C. Youn, E. Kong, and J. Ryou, "User authentication using mobile phones for mobile payment," Information Networking (ICOIN), 2015 International Conference on, pp.51-56, Jan 2015.
  5. P. Tanvi, G. Sonal, and S. Kumar, "Token based authentication using mobile phone," Communication Systems and Network Technologies (CSNT), 2011 International Conference on, pp.85-88, June 2011.
  6. Tang, D.A. Naumann, and S. Wetzel, "Analysis of authentication and key establishment in inter-generational mobile telephony," High Performance Computing and Communications & 2013 IEEE International Conference on Embedded and Ubiquitous Computing (HPCC EUC), 2013 IEEE 10th International Conference on, pp.1605-1614, IEEE, 2013.
  7. Zhang, R. Zhang, X. Niu, Y. Yang, and Z. Zhang, "A new authentication and key agreement protocol of 3g based on diffie-hellman algorithm," Computer Engineering and Technology (ICCET), 2010 2nd International Conference on, pp.V2-110-V2-113, April 2010.
  8. K.A. Alezabi, F. Hashim, S.J. Hashim, and B.M. Ali, "An efficient authentication and key agreement protocol for 4g (lte) networks," Region 10 Symposium, 2014 IEEE, pp.502-507, April 2014.
  9. M. Purkhiabani and A. Salahi, "Enhanced authentication and key agreement procedure of next generation evolved mobile networks," Communication Software and Networks (ICCSN), 2011 IEEE 3rd International Conference on, pp.557-563, May 2011.
  10. M. Purkhiabani and A. Salahi, "Enhanced authentication and key agreement procedure of next generation 3gpp mobile networks," International Journal of Information and Electronics Engineering, vol.2, no.1, pp.69-77, 2012.
  11. "Apple pay security and privacy overview," 2015. https://support.apple.com/en-us/HT203027.
  12. Ortiz-Yepes, "A critical review of the emv payment tokenization specification," Computer Fraud & Security, vol.2014, no.10, pp.5-12, 2014. https://doi.org/10.1016/S1361-3723(14)70539-1
  13. L. Francis, G. Hancke, K. Mayes, and K. Markantonakis, "Potential misuse of nfc enabled mobile phones with embedded security elements as contactless attack platforms," Internet Technology and Secured Transactions, 2009. ICITST 2009. International Conference for, pp.1-8, Nov 2009.
  14. Kirk Lennon, "How Apple pay really works and why you should begin using it immediately". http://www.kirklennon.com/a/applepay.html.
  15. Y. Jung, E. Festijo, and J.W. Atwood, "Securing rtp packets using per-packet key exchange for real-time multimedia," ETRI Journal, vol.35, no.4, pp.726-729, 2013. https://doi.org/10.4218/etrij.13.0212.0549
  16. W. Stallings, Network security essentials: applications and standards, Pearson Education India, 2007.