T' C' Yeh and S' C' Tsai - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

T' C' Yeh and S' C' Tsai

Description:

IEICE Transactions on Communications, vol.E89-B, no.9, pp. 2608-2611, 2006 ... users to perform fraudulent activities such as eavesdropping and impersonation ... – PowerPoint PPT presentation

Number of Views:44
Avg rating:3.0/5.0
Slides: 20
Provided by: hue7
Category:

less

Transcript and Presenter's Notes

Title: T' C' Yeh and S' C' Tsai


1
Securing Mobile Commerce Transactions
IEICE Transactions on Communications,
vol.E89-B, no.9, pp. 2608-2611, 2006
  • T. C. Yeh and S. C. Tsai

Presented by Huei-Ru Tseng
2
Securing Mobile Commerce Transactions
IEICE Transactions on Communications,
vol.E89-B, no.9, pp. 2608-2611, 2006
  • T. C. Yeh and S. C. Tsai

Presented by Huei-Ru Tseng
3
Outline
1
Introduction
2
The mobile commerce model
3
Lam et al.s Lightweight security mechanism
4
The Proposed Scheme
5
Security Analysis
4
Introduction (1/2)
  • Electronic transactions conducted over the mobile
    platform are gaining popularity
  • Security over the mobile platform is more
    critical due to the open nature of wireless
    networks
  • It is much easier for malicious users to
    perform fraudulent activities such as
    eavesdropping and impersonation

5
Introduction (2/2)
  • Security is more difficult to implement on a
    mobile platform because of the
    resource limitation of mobile handheld devices
  • It is important to have some lightweight
    security mechanisms suitable for mobile
    handheld devices

6
Related Work
  • Lam et al. proposed a lightweight security
    mechanism that achieved end-to-end security
    between the mobile device and the mobile
    commerce provider
  • Its security builds on the assumption that the
    mobile device can confirm every mobile
    commerce providers public key before each
    transaction

7
Secure Mobile Commerce Architecture
Mobile Commerce Provider
End User
Mobile Client
WAP Gateway
Web Server
Wireless Protocol Gateway
Mobile Commerce Application
WTLS
TLS
End-to-end Security
8
The Contribution
  • The authors propose an enhanced
    lightweight security mechanism to lessen the
    computation overhead on mobile devices
  • The proposed scheme has the following
    features
  • Mutual authentication
  • End-to-end security
  • Reduced memory requirement on the mobile devices
  • Higher efficiency

9
Notations
10
Lam et al.s Security Mechanism
Wireless Protocol Gateway
WAP Gateway
Mobile Client
1
2
3
11
Security Processing at Wireless Protocol Gateway
Password Database
End User Device
Wireless Protocol Gateway
Trusted Connection
3. Send verification data to TR hardware
Tamper-resistant Hardware
4. Decrypt user entered PIN 5. Compute H(PIN) 6.
Compare H(PIN) and H(password) 7. Send
verification result to gateway
12
The Security Issues
  • Verification of the wireless gateways
    public key
  • The protocol assumes that the user has the
    wireless protocol gateways public key in advance
  • However, users could hardly verify the validity
    of the public keys by themselves
  • Over-loaded mobile client
  • The protocol consumes lots of memory spaces and
    computation costs

13
The Proposed Scheme
Wireless Protocol Gateway
WAP Gateway
Mobile Client
1
1
2
3
14
Security Analysis (1/3)
  • Mutual authentication
  • The mobile client authenticates itself to the
    mobile commerce provider by PIN
  • The mobile commerce provider authenticates itself
    to the mobile client by the ability to decrypt Rb
    with its private key
  • End-to-end security
  • The session key establishes end-to-end security
    between the mobile client and the mobile
    commerce provider

15
Security Analysis (2/3)
  • Increased security
  • The WAP gateway verifies the mobile commerce
    providers public key
  • The storage problems of public keys on the mobile
    client are avoided
  • Reduced memory requirement on the mobile
    devices
  • The mobile client doesnt need to keep the
    providers public key

16
Security Analysis (3/3)
  • Higher efficiency
  • Only one public key encryption and one random
    number generation are needed on the mobile
    client

17
The Security Issues
  • Once a password database is
    compromised, all the user PVD (password
    verification data) fall in the hands of
    attackers
  • If an attacker colludes with the WAP
    gateway, the session key could be derived by the
    attacker

attack
18
The Attack Scenario
Wireless Protocol Gateway
BAD WAP Gateway
Mobile Client
1
Since the attacker have H(PIN), he can easily
derive Ra
1
2
The attacker can decrypt this ciphertext to get Rb
3
19
Conclusion
  • Mobile commerce requires robust and lightweight
    security mechanisms
  • The authors revise the lightweight mobile
    commerce security mechanism proposed by Lam et
    al.
  • The proposed scheme is more suitable for
    security-sensitive mobile environment
  • However, the scheme is suffers from
    several attacks
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "T' C' Yeh and S' C' Tsai" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!