Skip to main content
placeholder image

A Secure and Authenticated Mobile Payment Protocol Against Off-site Attack Strategy

Journal Article


Abstract


  • Mobile payment system has been expected to provide more efficient and convenient payment methods. However, compared to traditional payments, the issues of mobile payment related to the security of electronic accounts and payment apps present serious challenges. In this paper, we find the potential security risks by analyzing the commonly used tokenized mobile payment method and put forward the corresponding off-site attack strategy. In this scenario, the attackers are not only limited to malicious third parties but also can be illegal merchants. To address the off-site attack, especially the potential attackers who may be malicious merchants, we also propose SALP, a secure and authenticated payment protocol. We conduct case studies to demonstrate that the SALP can effectively prevent the off-site payment attack without a trusted hardware environment. In particular, we finally argue that SALP does not bring additional system overhead without degrading the convenience of mobile payment.

Publication Date


  • 2021

Citation


  • Fang, L., Li, M., Liu, Z., Lin, C., Ji, S., Zhou, A., . . . Ge, C. (2021). A Secure and Authenticated Mobile Payment Protocol Against Off-site Attack Strategy. IEEE Transactions on Dependable and Secure Computing. doi:10.1109/TDSC.2021.3102099

Scopus Eid


  • 2-s2.0-85112644426

Web Of Science Accession Number


Abstract


  • Mobile payment system has been expected to provide more efficient and convenient payment methods. However, compared to traditional payments, the issues of mobile payment related to the security of electronic accounts and payment apps present serious challenges. In this paper, we find the potential security risks by analyzing the commonly used tokenized mobile payment method and put forward the corresponding off-site attack strategy. In this scenario, the attackers are not only limited to malicious third parties but also can be illegal merchants. To address the off-site attack, especially the potential attackers who may be malicious merchants, we also propose SALP, a secure and authenticated payment protocol. We conduct case studies to demonstrate that the SALP can effectively prevent the off-site payment attack without a trusted hardware environment. In particular, we finally argue that SALP does not bring additional system overhead without degrading the convenience of mobile payment.

Publication Date


  • 2021

Citation


  • Fang, L., Li, M., Liu, Z., Lin, C., Ji, S., Zhou, A., . . . Ge, C. (2021). A Secure and Authenticated Mobile Payment Protocol Against Off-site Attack Strategy. IEEE Transactions on Dependable and Secure Computing. doi:10.1109/TDSC.2021.3102099

Scopus Eid


  • 2-s2.0-85112644426

Web Of Science Accession Number