Advertisement

Enhancing E-commerce Security Using GSM Authentication

  • Vorapranee Khu-smith
  • Chris J. Mitchell
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2738)

Abstract

Today, e-commerce transactions are typically protected using SSL/TLS\@. However, there are risks in such use of SSL/TLS, notably threats arising from the fact that information is stored in clear at the end point of the communication link and the lack of user authentication. Although SSL/TLS does offer the latter, it is optional and usually omitted since users typically do not have the necessary asymmetric key pair. In this paper, we propose a payment protocol in which user authentication is provided using GSM ‘subscriber identity authentication’. In the protocol, a consumer is required to possess a GSM mobile station registered under a subscriber name corresponding to that on his/her debit/credit card. The cardholder identity is combined with the GSM subscriber identity in such a way that without a mobile station, in particular the SIM, and the corresponding debit/credit card, an unscrupulous user will find it difficult to make a fraudulent payment at the expense of the legitimate cardholder. This is achieved in such a way that no management overhead is imposed on the user.

Keywords

E-commerce transactions security payment protocol GSM security 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    3GPP. Technical Specification Group Terminals; USIM Applicaiton Toolkit (USAT) version 5.1.0. Third Generation Partnership Project (June 2002)Google Scholar
  2. 2.
    Claessens, J., Preneel, B., Vandewalle, J.: Combining World Wide Web and wireless security. In: De Decker, B., Piessens, F., Smits, J., Van Herreweghen, E. (eds.) Advances in Network and Distributed Systems Security, Proceedings of IFIP TC11 WG11.4 First Annual Working Conference on Network Security, Boston, pp. 153–171. Kluwer Academic Publishers, Dordrecht (2001)Google Scholar
  3. 3.
    ETSI. Digital cellular telecommunications system (Phase 2+); Security aspects (GSM 02.09 version 8.0.1). European Telecommunications Standards Institution (ETSI) (June 2001)Google Scholar
  4. 4.
    ETSI. Digital cellular telecommunications system (Phase 2+); Security related network functions (GSM 03.20 version 8.1.0). European Telecommunications Standards Institution (ETSI) (July 2001)Google Scholar
  5. 5.
    Visa. 3-D Secure Protocol Specification: core functions version 1.0.1. Visa International Service Association (November 2001)Google Scholar
  6. 6.
    Visa. 3-D Secure Protocol Specification: extension for mobile Internet devices version 1.0.1. Visa International Service Association (November 2001)Google Scholar
  7. 7.
    Visa. 3-D Secure Protocol Specification: system overview version 1.0.3. Visa International Service Association (December 2001)Google Scholar
  8. 8.
    Walker, M., Wright, T.: Security. In: Hillebrand, F. (ed.) GSM and UMTS: The Creation of Global Mobile Communication, pp. 385–406. John Wiley & Sons Ltd., Chichester (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Vorapranee Khu-smith
    • 1
  • Chris J. Mitchell
    • 1
  1. 1.Information Security GroupRoyal Holloway, University of LondonEgham, SurreyUnited Kingdom

Personalised recommendations