Security Analysis of Mobile Payment Systems

Kumar, Atul (2015) Security Analysis of Mobile Payment Systems.

[img]
Preview
PDF
10MB
Abstract:Mobile payments have evolved from mobile banking to contactless payment which uses radio communication technology. NFC has enabled mobile devices to emulate contactless cards either by using hardware-based Secure Element (SE) or software-based i.e. Host Card Emulation (HCE). We provide a detailed comparison between the different forms of SE. We provide an analysis of HCE and a security mechanism implemented in Android 4.4 and above, which turns o�ff the NFC controller and application controller when the device display screen is disabled, to prevent device skimming. We present a flaw in the design of the implementation of this security mechanism and provide a proof-of-concept for the same. In addition, we present di�fferent attack vectors like man-in-the-middle attack and denial-of-service attack for HCE-based applications. We also provide an analysis of the Vodafone NFC SIM card payment solution and describe di�fferent components involved. We also present diff�erent attack vectors like spoofi�ng and relay attack on the Vodafone NFC SIM card payment solution. We also propose two countermeasures for relay attacks which are based on challenge response protocol.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:http://purl.utwente.nl/essays/67737
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page