Survey of Security Research in Mobile Payment System

doi:10.3969/j.issn.1671-1122.2017.02.001

Abstract

Abstract:

With the development of Internet, especially communication technology, smart phones and Web2.0, the increasing popularity of mobile E-commerce appears. However, the natures of multiple network interfaces in smart mobile devices and design flaws of mobile payment protocols and mechanisms make security issues become more serious. The mobile payment system network architecture which comprises contactless layer, control layer, network layer, and application layer is analyzed. And the basic process of mobile payment is put forward. And then, the existing network system security issues of each layer are analyzed, including contactless layer security, control layer security, network layer security, and application layer security. The mobile payment protocols and their improvements are analyzed and summarized. The security assessment methods are also analyzed, compared and summarized. Moreover, A new secure mobile payment system network architecture is given. Finally, the summary of the existing security research is processed,And the future research direction is put forward.

Key words: mobile payment, E-Commerce, security assessment, wireless network

CLC Number:

TP309

Yonglei LIU, Zhigang JIN, Tianying GAO. Survey of Security Research in Mobile Payment System[J]. Netinfo Security, 2017, 17(2): 1-5.

Figures/Tables 3

References 21

[1]	MOHBEY K K,THAKUR G S.Interesting User Behaviour Prediction in Mobile E-commerce Environment Using Constraints[J]. IETE Technical Review, 2015, 32(1):16-28.
[2]	TOMI D,JIE G,JAN O.A Critical Review of Mobile Payment Research[J].Electronic Commerce Research and Applications, 2015, 14:265-284.
[3]	JESUS T I, SHERALI Z.Secure Mobile Payment Systems[J].IT Professional, 2014, 16(3):36-43.
[4]	戈泉月,车力军. 基于多因素认证的网络安全支付模式研究[J].信息网络安全,2015(12):48-53.
[5]	张玉清,王志强,刘奇旭,等.近场通信技术的安全研究进展与发展趋势[J].计算机学报,2016,39(6):1190-1207.
[6]	李晴,叶阿勇,许力. 公众环境下无线接入的安全问题研究[J].信息网络安全,2016(4):69-75.
[7]	Trusted Computing Group. Mobile Trusted Module 2.0 Use Cases[EB/OL]. .
[8]	VEDAT C,BUSRA O,KEREM O.A Survey on Near Field Communication (NFC) Technology[J].Wireless Personal Communications, 2013, 71(3):2259-2294.
[9]	卿斯汉. Android安全研究进展[J].软件学报,2016,27(1):45-71.
[10]	JONATHAN Z.Identifying back Doors, Attack Points, and Surveillance Mechanisms in iOS Devices[J].Digital Investigation, 2014, 11(1):3-19.
[11]	刘永磊. 基于体系结构的无线局域网安全弱点研究[D].天津:天津大学,2014.
[12]	李东臻,严承华,罗旬. 基于CPK的无线Mesh网络节点双向认证方案研究[J].信息网络安全,2016(8):32-38.
[13]	ELBOUABIDI I,ZARAI F,OBAIDAT M S,et al.An Efficient Design and Validation Technique for Secure Handover Between 3GPP LTE and WLANs Systems[J]. Journal of Systems and Software,2014, 91(1):163-173.
[14]	许艳萍,马兆丰,王中华,等.Android智能终端安全综述[J].通信学报,2016,37(6):169-184.
[15]	肖茵茵,苏开乐,马震远,等.实例化空间逻辑下的SET支付协议验证及改进[J].华中科技大学学报(自然科学版),2013,41(7):97-102.
[16]	林宏刚,胡勇.WAP 环境下移动支付协议公平性分析[J].四川大学学报(工程科学版),2013,45(3):91-97.
[17]	王红新,杨德礼,姜楠,等.一种终端认证简化的在线移动支付模式与协议[J].计算机研究与发展,2013,50(2):291-301.
[18]	ERIC K W,CAO Z J,WU T Y,et al.MAPMP: A Mutual Authentication Protocol for Mobile Payment[J].Journal of Information Hiding and Multimedia Signal Processing,2015, 6(4):697-707.
[19]	JESUS T I,SHERALI Z.Design, Implementation,Performance Analysis of A Secure Payment Protocol in A Payment Gateway Centric Model[J].Computing,2014,96(7):587-611.
[20]	ZHANG Y J,DENG X Y,WEI D J,et al.Assessment of E-Commerce Security Using AHP and Evidential Reasoning[J].Expert Systems with Applications,2012,39(3):3611-3623.
[21]	XIN L,TING L.E-commerce System Security Assessment Based on Bayesian Network Algorithm Research[J]. TELKOMNIKA,2013, 11(1):338-344.