Journal of the Korea Society of Computer and Information (한국컴퓨터정보학회논문지)

Korean Society of Computer Information (한국컴퓨터정보학회)
권호 표지
DOI QR코드

DOI QR Code

Design and Implementation of the Authentication System for In-app Billing in Mobile Environments

  • Seok, Ho-Jun (Dept. of Information & Communication Engineering, Andong National University) ;
  • Kim, Seog-Gyu (Dept. of Information & Communication Engineering, Andong National University)
  • Received : 2016.01.22
  • Accepted : 2016.02.19
  • Published : 2016.02.29
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, we propose the authentication server system that prevent hacking in In-app billing applications. And we also propose the methods to verify electronic receipt for the payment of internal app payments and to check the integrity of the applications. Then we designed the payment metabolic system that checks between products-offer list and paid subscription if payment system is hacked with new hacking technologies different from existing ones. And then we implemented proposed authentication system and experimented with about 10,000 average internal application payments per an hour. It shows that proposed system has defensive techniques that counter attacks against in-app billing but it takes more than 0.8916 seconds than no-certification system that is considered as relatively short time.

Keywords

References

  1. Ho-Jun Seok, Sung-Min Hwang, Seog-Gyu Kim. "An Authentication Sever System for In-App Purchase". Proceedings of KSCI Conference 2015, July 2015.
  2. Wonnam Lee. "A Study on the Android Vulnerability of Rooting/App Integrity Verification Module". Dec. 2014.
  3. Yuxue Piao, Jin-hyuk Jung, Jeong Hyun Yi. "Structural and Functional Analyses of ProGuard Obfuscation Tool". The Journal of Korea Information and Communication Society, Vol.38B No.08, August 2013.
  4. Google. "In-app Billing Security and Design". http://developer.android.com/google/play/billing/billing_best_ practices.html
  5. Google. "In-app billing Version3 API". http://developer.android.com/google/play/billing/api.html
  6. Jordan Kahn. "Apple's in-app purchasing process circumvented by Russian hacker". http://9to5mac.com/2012/07/13/apples-in-app-purchasing-process-circumvented-by-russian-hacker/
  7. Mulliner Collin, William Robertson, and Engin Kirda. "Virtual Swindle:an automated attack against in-app billingon android", Proceedings of the 9th ACM symposium on Information computer and communications security, June 2014.
  8. Jinsun Hong. "Mobile Game Hacking". http://www.inven.co.kr/webzine/news/?news=128022
  9. Crossdotcom. "Lucky Patcher". http://www.kgezzang.tk/173