Enhancing e-commerce security using GSM authentication

Vorapranee Khu-smith and Chris J. Mitchell

(2002)

Vorapranee Khu-smith and Chris J. Mitchell (2002) Enhancing e-commerce security using GSM authentication.

Our Full Text Deposits

Full text access: Open

Full Text - 113.77 KB

Links to Copies of this Item Held Elsewhere

Mathematics Departmental Web Page

Abstract

Today, e-commerce transactions are typically protected using SSL/TLS. However, there are risks in such use of SSL/TLS, notably threats arising from the fact that information is stored in clear at the end point of the communication link and the lack of user authentication. Although SSL/TLS does offer the latter, it is optional and usually omitted since users typically do not have the necessary asymmetric key pair. In this paper, we propose a payment protocol in which user authentication is provided using GSM `subscriber identity authentication'. In the protocol, a consumer is required to possess a GSM mobile station registered under a subscriber name corresponding to that on his/her debit/credit card. The cardholder identity is combined with the GSM subscriber identity in such a way that without a mobile station, in particular the SIM, and the corresponding debit/credit card, an unscrupulous user will find it difficult to make a fraudulent payment at the expense of the legitimate cardholder. This is achieved in such a way that no management overhead is imposed on the user.

Information about this Version

This is a Published version
This version's date is: 11/12/2002
This item is peer reviewed

Link to this Version

https://repository.royalholloway.ac.uk/items/14770de2-aade-975c-f97b-0cf91031021b/1/

Item Type	Monograph (Technical Report)
Title	Enhancing e-commerce security using GSM authentication
Authors	Khu-smith, Vorapranee Mitchell, Chris J.
Departments	Faculty of Science\Mathematics

Deposited by () on 15-Jul-2010 in Royal Holloway Research Online.Last modified on 10-Dec-2010

Notes

References

[1] 3GPP. Technical Speci¯cation Group Terminals; USIM Applicaiton
Toolkit (USAT) version 5.1.0. Third Generation Partnership Project,
June 2002.

[2] J. Claessens, B. Preneel, and J. Vandewalle. Combining World Wide
Web and wireless security. In B. De Decker, F. Piessens, J. Smits, and
E. Van Herreweghen, editors, Advances in Network and Distributed Sys-
tems Security, Proceedings of IFIP TC11 WG11.4 First Annual Working
Conference on Network Security, pages 153{171, Boston, 2001. Kluwer
Academic Publishers.

[3] ETSI. Digital cellular telecommunications system (Phase 2+); Security
aspects (GSM 02.09 version 8.0.1). European Telecommunications Stan-
dards Institution (ETSI), June 2001.

[4] ETSI. Digital cellular telecommunications system (Phase 2+); Security
related network functions (GSM 03.20 version 8.1.0). European Telecom-
munications Standards Institution (ETSI), July 2001.

[5] E. Rescorla. SSL and TLS. Addison Wesley, Reading Massachusetts,
2001.

[6] Visa. 3-D Secure Protocol Speci¯cation: core functions version 1.0.1.
Visa International Service Association, November 2001.

[7] Visa. 3-D Secure Protocol Speci¯cation: extension for mobile Internet
devices version 1.0.1. Visa International Service Association, November
2001.

[8] Visa. 3-D Secure Protocol Speci¯cation: system overview version 1.0.3.
Visa International Service Association, December 2001.

[9] M. Walker and T. Wright. Security. In F. Hillebrand, editor, GSM and
UMTS: The Creation of Global Mobile Communication, pages 385{406.
John Wiley & Sons Ltd., 2002.

Details

Owner: Unknown user
Collection: Royal Holloway Research Online
Version: 1 (show all)
Status: Live