P. 1
Mobile Payment

Mobile Payment

|Views: 183|Likes:
Published by ArvinNundloll

More info:

Published by: ArvinNundloll on Aug 18, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

09/14/2012

pdf

text

original

One of the motivations for the project was to check if using the constructed system as a
backup system would reduce the threat to the communication line. Using the reference
system as a primary method for payment and the constructed system as a backup method
would help limit this threat as the customers can chose to use their own connections instead
if the main communication line has failed for any reason. However, some of the threats are
not helped when combining the systems and the result can be summarized in regards to the
eight security aspects.

When it comes to authentication, combining the two systems gives only negative results as it
is now easy to gain information about specific accounts by either monitoring their mobile
device or by monitor one of their used machines. Instead of having one way of attacking
specific accounts, the attacker can now use two methods for greater success. Authorization is
not affected. Availability is the greatest gain from combining the two methods as the
customers now has two seperate methods for performing the purchase and it is highly
unlikely that both would fail at the same time. The confidentiality aspect of the combined
system has the same limitation as using the two systems as separate, the limitations are still
the same and no combined effect can be found.

Integrity can use the combined methods to verify the correctness of each message but it
might be more work than it is worth. One large benifit of the combined system is that the
non-repudiation aspect can be controlled very efficiently, using the reference system to
verify all successful payments, even those done by the constructed system when the
reference system has not been available. Sadly, privacy has the same issues as
authentication, it just opens up for attacks on both systems and makes it easier for the

53

attacker. Reliability is only affected in a positive way, keeping the system more available
and more precise than either of the two systems used seperatly.

So to summarize, using the two system as a combined system would result positivly in
regards to service issues, it is more available to the customer and the machines can be
controlled in a better way. However, the system is also more easily attacked, allowing for
both the attack methods of the two systems to attack authentication and privacy.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->