Security Technology in Wireless Payment

Preface

The development of wireless networks and the increasing number of mobile terminals have greatly promoted the development of wireless payments. Wireless payment refers to the use of mobile phones and other handheld devices to conduct trade through wireless networks. E-commerce based on mobile communications is becoming more and more popular because of its convenience and flexibility. However, wireless payment has not yet been widely popularized. One of the factors is the security of wireless payment. The limited processing power of wireless payment networks and handheld systems and the current complexity-based security computing also restrict the rapid development of mobile e-commerce. Wireless payment forms such as smart cards based on mobile terminals include various value-added services such as location-based applications, mobile transaction services, mobile entertainment, mobile multimedia, and mobile information on demand.

Process and framework of wireless payment

Users access the e-commerce platform constructed by e-commerce providers through handheld terminals, and then the security of the service is guaranteed by the user's ISP. Banks and trusted third parties can participate in this, thereby ensuring the rights and interests of both parties to the transaction and future arbitration disputes. Based on this solution, trade can also be conducted between free users (shown by the dotted line). Wireless payment can use micropayments, wireless electronic wallets, and wireless electronic cash. Wireless electronic wallets and wireless electronic cash are the digitization of the currency we use in daily life, and users need to reserve a certain amount of cash in advance before they can be used.

Security in wireless payment

Security in wireless payment should ensure that the legitimate rights and interests of both parties to the transaction are not infringed by illegal intruders. Generally, it mainly involves the following aspects:

(1) Confidentiality of data:

prevent legal or private data from being obtained by illegal users, usually achieved by encryption, so as to ensure that only the two parties to the transaction can know the content of the transaction during the transaction.

(2) Integrity:

ensure that the other party to the transaction or illegal intruders cannot modify the content of the transaction.

(3) Availability:

the authorized person (both parties to the transaction) can use the information and information system services at any time and safely. Availability is a security behavior to ensure transactions after a large-scale denial of service attack occurs.

(4) Authentication:

the two parties to the transaction can be trusted, that is, to ensure mutual identity authentication between services to prevent fraud.

(5) Authorization security:

ensure the use of wireless (wired) networks and computing resources during the transaction.

(6) Non-repudiation:

ensure the correctness of the transaction behavior, and the two parties to the transaction cannot deny the occurrence of the transaction behavior.

Possible attacks on wireless payment

(1) Eavesdropping:

Eavesdropping is the simplest form of obtaining non-encrypted network information. This method can also be applied to wireless networks. By using an antenna with a specified direction function, the wireless network interface can be concentrated to receive signals in a certain direction, which can easily monitor the local area network.

(2) Viruses:

Viruses can not only affect the network, but can even affect handheld terminals. Although the mobile phone viruses found in China do not cause substantial payment damage to mobile phones, as mobile phone functions improve, this problem may become more obvious. At the same time, worms and bombs can cause fundamental damage to wireless networks.

(3) Deception and Trojans:

Deception can hide the source of information or defraud legitimate users. Improved replay attacks and man-in-the-middle attacks can be used in wireless payments to deceive customers and obtain users' privacy and confidential information. Trojans and other service programs directly or indirectly deceive users' trust and reside in memory, often leaving backdoors in the system to record and track sensitive information of both parties to the transaction.

(4) Password attacks and protocol security:

Overly simple passwords and imperfect protocols can also provide convenience for illegal intruders, and the vulnerability of the system may also lead to system crashes. (5) Denial of Service (DoS): DoS is an attack that causes a wireless network or payment system to lose its service functions and resource capabilities. Unless a wireless payment system is established separately, wireless payment is more susceptible to various forms of DoS attacks in the network because the impact of DoS on voice communication is much greater than that on network services.

Security measures for wireless payment

Network-based security behavior - wireless networks and payment systems in network communication, the network threats they face can be addressed through security measures such as firewalls. However, considering the characteristics of the wireless payment system itself, in addition to the key security technologies we usually use, we should also focus on the following aspects:

(1) Prevent eavesdropping

The best way to prevent eavesdropping is to encrypt all possible places and turn off the broadcast function of network identity identification. As far as current technology is concerned, it is impossible to prevent eavesdropping in essence, but it is possible to protect the security of confidential information (if the encryption is not deciphered) and prohibit unauthorized users from accessing the network.

(2) Prevent data loss

Data loss means that it is necessary to retransmit the data, which is very likely to cause retransmission attacks and man-in-the-middle attacks, leading to fraud. (3) Audit trails

With the permission or help of a trusted third party, wireless network and payment system activities should be tracked and recorded, and these activities can be linked to specific user accounts or activity initiators. Audit trails can not only ensure that authorized users use and only use the correct authorization, but also provide a basis for future investigations and evidence collection and data recovery under certain conditions.

(4) MAC filtering

MAC filtering is a simple and practical network security mechanism suitable for small networks that can reduce attack threats. When using this mechanism, you should consider recording and monitoring MAC filtering to prevent fraudulent behavior such as changing MAC addresses.

Prospects and challenges of wireless payment

Wireless electronic currency is quietly entering our lives. Due to the time-saving, convenient and fast characteristics of wireless payment itself, it will inevitably have a broader prospect. According to statistics from relevant departments, there are currently 120 million mobile phone users in China. According to IE3[3] conservatively estimated that by 2005, there will be 300 million users around the world using mobile phones to make simple trade payments.

Of course, as wireless payment enters our daily lives, we also face some challenges. Wireless payment transactions are usually implemented based on smart cards in mobile terminals. From the current technical point of view, smart cards are microprocessors with limited processing power. To achieve security in this environment, not only will the investment in the payment system be increased, but it will also significantly increase user costs. It is still unknown whether users are willing to bear this cost. Secondly, security also requires consideration of issues such as user anonymity, that is, users may not want to expose their identities and sensitive information. In addition, there is the issue of standards for secure transmission between mobile phones and the Internet. Finally, user fees in wireless payments should be reduced and the wireless payment market should be vigorously developed.