Mobile payment with customer controlled connection – Can it be constructed to be safe enough?

The mobile commerce has given birth to many mobile payment systems and this thesis covers the security of a theoretical system where the communication is handled by the customer. There are many technologies that can be used when implementing such a system, each with different strengths and weaknesses. The system designed in this project was constructed for micropayments in vending machines that has no connection to the vendor except for the connection supplied by the customer…

Contents

1 INTRODUCTION
1.1 ABBREVIATIONS
2 BACKGROUND
2.1 DEFINITION
2.2 SIMILAR SYSTEMS
2.3 DESIGN CONSIDERATIONS
2.4 TRUST
3 PROBLEM DEFINITION
3.1 MOTIVATION FOR THE PROJECTMETHODOLOGY
4.1 QUESTIONS
4.2 VALIDITY
5 GENERAL SYSTEM DESCRIPTION
6 SECURITY ASPECTS
7 THREAT ANALYSIS
7.1 METHOD
7.2 ANALYSIS
7.2.1 Assets
7.2.2 Environmental threats
7.2.3 Deliberate Human Threats
7.2.4 Unintentional Human Threats
8 TECHNOLOGIES
8.1 PAYMENT METHODS
8.2 COMMUNICATION METHODS
8.3 TRANSFER METHODS
8.4 TRANSFER DATA
8.5 SECURITY ASPECTS
8.6 MAINTENANCE
9 SYSTEM CHOICE
9.1 ANALYSED SYSTEM
9.2 REFERENCE SYSTEM
10 COMPARATIVE THREAT ANALYSIS
10.1 INTRODUCTION
10.1.1 Scales
10.1.2 Goals
10.2 COMPARED SYSTEMS
10.3 ATTACK TREES
10.3.1 Aquire item(s)
10.3.2 Small scale privacy attack
10.3.3 Large scale privacy attack
10.3.4 Sabotage of a machine
10.3.5 Sabotage of transaction server
10.3.6 Sabotage the service for a single customer
10.3.7 Sabotage the supply service
210.4 ATTACK TREE COMPARISON
11 DISCUSSION
11.1 AUTHENTICATION
11.2 AUTHORIZATION
11.3 AVAILABILITY
11.4 CONFIDENTIALITY
11.5 INTEGRITY
11.6 NON-REPUDIATION
11.7 PRIVACY
11.8 RELIABILITY
11.9 ADVANTAGES OF CONSTRUCTED SYSTEM
11.10 DISADVANTAGES OF CONSTRUCTED SYSTEM
11.11 EFFECTS OF COMBINING THE TWO SYSTEMS
11.12 SUMMARY
12 CONCLUSION
13 FURTHER WORK
14 REFERENCES

Author: Samuel Ivarsson

Source: Blekinge Institute of Technology

Download URL 2: Visit Now

Leave a Comment