International Journal of Computer Science & Network Security

국제컴퓨터통신보호논문지학회 (International Journal of Computer Science & Network Security)
권호 표지
DOI QR코드

DOI QR Code

Smart and Secure Point of Sale Framework with Threat Modeling and Formal Verification

  • Mona faraj Nasser alwahabi (Department of Information Technology, College of Computer and Information Sciences Majmaah University) ;
  • Shaik Shakeel Ahamad (Department of Information Technology, College of Computer and Information Sciences Majmaah University)
  • 투고 : 2024.06.05
  • 발행 : 2024.06.30
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

Existing PoS (Point of Sale) based payment frameworks are vulnerable as the Payment Application's integrity in the smart phone and PoS are compromised, vulnerable to reverse engineering attacks. In addition to these existing PoS (Point of Sale) based payment frameworks do not perform point-to-point encryption and do not ensure communication security. We propose a Smart and Secure PoS (SSPoS) Framework which overcomes these attacks. Our proposed SSPoS framework ensures point-to-point encryption (P2PE), Application hardening and Application wrapping. SSPoS framework overcomes repackaging attacks. SSPoS framework has very less communication and computation cost. SSPoS framework also addresses Heartbleed vulnerability. SSPoS protocol is successfully verified using Burrows-Abadi-Needham (BAN) logic, so it ensures all the security properties. SSPoS is threat modeled and implemented successfully.

키워드

참고문헌

  1. https://www.globenewswire.com/news-release/2022/09/21/2519914/0/en/The-global-POS-Security-market-size-is-expected-to-grow-from-an-estimated-value-of-USD-4-0-billion-in-2022-to-USD-6-1-billion-by-2027-at-a-Compound-Annual-Growth-Rate-CAGR-of-8-6.html
  2. https://www.businesswire.com/news/home/20230123005388/en/Cybersecurity-Market---Global-Forecast-to-2027-Opportunities-Emerging-in-Increasing-Use-of-AI-ML-And-Blockchain-Technologies-for-Cyber-Defense---ResearchAndMarkets.com 
  3. https://thecyberexpress-com.cdn.ampproject.org/c/s/thecyberexpress.com/cyber-attack-on-uae-banking-sector-adcb-nbf/amp/ 
  4. Lu H-J, Liu D (2021) An improved NFC device authentication protocol. PLoS ONE 16(8): e0256367. https://doi.org/10.1371/journal.pone.0256367 
  5. Brij B. Gupta and Shaifali Narayan, "A Key-Based Mutual Authentication Framework for Mobile Contactless Payment System Using Authentication Server". Journal of Organizational and End User Computing, Volume 33(2), March-April 2021 
  6. Forough Sadat Mirkarimzade Tafti, Shahriar Mohammadi, Mehdi Babagoli, "A new NFC mobile payment protocol using improved GSM based authentication," Journal of Information Security and Applications, vol. 62, pp. 1-10, Nov. 2021 
  7. M. Alshammari and S. Nashwan, "Fully authentication services scheme for nfc mobile payment systems," Intelligent Automation & Soft Computing, vol. 32, no.1, pp. 401-428, 2022. 
  8. S. Muhammad, Z. Furqan, and R. K. Guha, "Understanding the intruder through attacks on cryptographic protocols," in Proc. Annual Southeast Conference, Melbourne, Florida, USA, vol. 2006, pp. 667-672. 
  9. M. Abadi, M. Burrows, C. Kaufman, and B. Lampson, "Authentication and delegation with smart-cards," Sci. Comput. Program., vol. 21, no. 2, pp. 93-113, Oct. 1993.
  10. M. Burrows, M. Abadi, and R. Needham, "A logic of Authentication," ACM Trans. Comput. Syst., vol. 8, no. 1, pp. 18-36, Jan. 1990. 
  11. [5] J.-H. Yang, Y.-F. Chang, and Y.-H. Chen, ''An efficient authenticated encryption scheme based on ECC and its application for electronic pay-ment,'' Inf. Technol. Control, vol. 42, no. 4, pp. 315-324, Dec. 2013. 
  12. M. H. Ibrahim, S. Kumari, A. K. Das, and V. Odelu, ''Jamming resis-tant non-interactive anonymous and unlinkable authentication scheme for mobile satellite networks,'' Secur. Commun. Netw., vol. 9, no. 18, pp. 5563-5580, Dec. 2016.