Title :
A security mechanism to increase confidence in m-transactions
Author :
Pequegnot, David ; Cart-Lamy, Laurent ; Thomas, Aurélien ; Tigeon, Thibault ; Iguchi-Cartigny, Julien ; Lanet, Jean-Louis
Author_Institution :
Secure Smart Devices - XLIM Labs., Univ. of Limoges, Limoges, France
Abstract :
Currently, NFC phones are coming in the handheld market, providing facilities to perform m-transactions. Obviously, this type of operation requires special security precautions. Indeed, a malicious code could intercept and hijack the system, even if there is a smart card. For example, the amount of the payment displayed in the terminal can be hijacked by an attacker to fool the user, or user´s credential can be stolen thanks to a keylogger (and thus malicious codes can perform unwanted m-transactions automatically). This paper describes a security mechanism based on a graphical Turing test to prevent m-transactions submission by malwares. Firstly it introduces current m-transactions solutions. Then it explains the security mechanism that we propose to tackle the problem of untrusted handheld devices. It also underlines a proof of concept we implemented, to test its feasibility on a SIM card. Finally, it gives information on performances corresponding to the implementation that we made.
Keywords :
mobile computing; security of data; smart cards; transaction processing; NFC phones; SIM card; graphical Turing test; handheld market; keylogger; m-transactions; malicious code; security mechanism; security precautions; smart card; Java; Mobile communication; Mobile handsets; Performance evaluation; Security; Semantics; Smart cards; Java Card; banking; cellular phones; information security; m-transactions;
Conference_Titel :
Risk and Security of Internet and Systems (CRiSIS), 2011 6th International Conference on
Conference_Location :
Timisoara
Print_ISBN :
978-1-4577-1890-8
Electronic_ISBN :
978-1-4577-1889-2
DOI :
10.1109/CRiSIS.2011.6061836
