Vorapranee Khu-smith and Chris J. Mitchell (2002) Enhancing e-commerce security using GSM authentication.
Full text access: Open
Today, e-commerce transactions are typically protected using SSL/TLS. However, there are risks in such use of SSL/TLS, notably threats arising from the fact that information is stored in clear at the end point of the communication link and the lack of user authentication. Although SSL/TLS does offer the latter, it is optional and usually omitted since users typically do not have the necessary asymmetric key pair. In this paper, we propose a payment protocol in which user authentication is provided using GSM `subscriber identity authentication'. In the protocol, a consumer is required to possess a GSM mobile station registered under a subscriber name corresponding to that on his/her debit/credit card. The cardholder identity is combined with the GSM subscriber identity in such a way that without a mobile station, in particular the SIM, and the corresponding debit/credit card, an unscrupulous user will find it difficult to make a fraudulent payment at the expense of the legitimate cardholder. This is achieved in such a way that no management overhead is imposed on the user.
This is a Published version This version's date is: 11/12/2002 This item is peer reviewed
https://repository.royalholloway.ac.uk/items/14770de2-aade-975c-f97b-0cf91031021b/1/
Deposited by () on 15-Jul-2010 in Royal Holloway Research Online.Last modified on 10-Dec-2010
[1] 3GPP. Technical Speci¯cation Group Terminals; USIM ApplicaitonToolkit (USAT) version 5.1.0. Third Generation Partnership Project,June 2002.
[2] J. Claessens, B. Preneel, and J. Vandewalle. Combining World WideWeb and wireless security. In B. De Decker, F. Piessens, J. Smits, andE. Van Herreweghen, editors, Advances in Network and Distributed Sys-tems Security, Proceedings of IFIP TC11 WG11.4 First Annual WorkingConference on Network Security, pages 153{171, Boston, 2001. KluwerAcademic Publishers.
[3] ETSI. Digital cellular telecommunications system (Phase 2+); Securityaspects (GSM 02.09 version 8.0.1). European Telecommunications Stan-dards Institution (ETSI), June 2001.
[4] ETSI. Digital cellular telecommunications system (Phase 2+); Securityrelated network functions (GSM 03.20 version 8.1.0). European Telecom-munications Standards Institution (ETSI), July 2001.
[5] E. Rescorla. SSL and TLS. Addison Wesley, Reading Massachusetts,2001.
[6] Visa. 3-D Secure Protocol Speci¯cation: core functions version 1.0.1.Visa International Service Association, November 2001.
[7] Visa. 3-D Secure Protocol Speci¯cation: extension for mobile Internetdevices version 1.0.1. Visa International Service Association, November2001.
[8] Visa. 3-D Secure Protocol Speci¯cation: system overview version 1.0.3.Visa International Service Association, December 2001.
[9] M. Walker and T. Wright. Security. In F. Hillebrand, editor, GSM andUMTS: The Creation of Global Mobile Communication, pages 385{406.John Wiley & Sons Ltd., 2002.