Securing USSD in mobile financial transactions: a practical proposal for m-finance
Autor(a) principal: | |
---|---|
Data de Publicação: | 2011 |
Tipo de documento: | Dissertação |
Idioma: | eng |
Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
Texto Completo: | http://hdl.handle.net/10451/8707 |
Resumo: | Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2011 |
id |
RCAP_7441e3ac96b056829b6ada748948ac91 |
---|---|
oai_identifier_str |
oai:repositorio.ul.pt:10451/8707 |
network_acronym_str |
RCAP |
network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository_id_str |
7160 |
spelling |
Securing USSD in mobile financial transactions: a practical proposal for m-financeUSSDSSL/TLSm-financeConfidentialityAuthenticityTeses de mestrado - 2011Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2011This work analyses an existing mobile-finance scheme at Portuguese PT Inovação, targeting users that do not have a bank account, and using the USSD communication channel to process financial transactions between three parties: the User, an Agent that represents, or acts on behalf of, an institution, but not necessarily a bank or a financial one, and the Financial Transaction Manager (FTM) that manages the Agent network, the Users and the transactions made. We start by analyzing USSD communications: by itself it is not a secure communications channel, but it is available at every GSM device, allows for instant messaging services and is inter-operable, i.e. is not telecom dependent. Besides, it can run on commodity mobile phones, and requires practically no software download. From the user point of view, it resembles a normal text message and requires no special communications contract with the telecom operator other than the one that allows for sending text messages. It presents some security issues, namely, no authentication, no confidentiality, no integrity. We demonstrate that these issues can be solved through the use of end-to-end secure protocols on top of USSD in addition to other security mechanisms. PT Inovação’s m-finance scheme already implements a set of operations and financial transactions. We analyze the system’s threat model and we propose a solution that will protect a specific communication path, namely, between the Agent and the FTM. We suggest the implementation of SSL/TLS over USSD, a lightweight version that we call USSL/UTLS. We demonstrate that it is feasible to implement such security mechanism on a USSD communication channel, and that it provides end-to-end security over the network communication path, at least if the devices present some processing capabilities. We propose some possible implementation paths, and conduct a brief performance analysis.Hong, JasonPasin, Marcelo, 1967-Repositório da Universidade de LisboaCravo, Paula Margarida Mendonça da Silva2013-07-01T14:38:07Z20112011-01-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10451/8707enginfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-11-08T15:52:36Zoai:repositorio.ul.pt:10451/8707Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T21:33:07.044899Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
dc.title.none.fl_str_mv |
Securing USSD in mobile financial transactions: a practical proposal for m-finance |
title |
Securing USSD in mobile financial transactions: a practical proposal for m-finance |
spellingShingle |
Securing USSD in mobile financial transactions: a practical proposal for m-finance Cravo, Paula Margarida Mendonça da Silva USSD SSL/TLS m-finance Confidentiality Authenticity Teses de mestrado - 2011 |
title_short |
Securing USSD in mobile financial transactions: a practical proposal for m-finance |
title_full |
Securing USSD in mobile financial transactions: a practical proposal for m-finance |
title_fullStr |
Securing USSD in mobile financial transactions: a practical proposal for m-finance |
title_full_unstemmed |
Securing USSD in mobile financial transactions: a practical proposal for m-finance |
title_sort |
Securing USSD in mobile financial transactions: a practical proposal for m-finance |
author |
Cravo, Paula Margarida Mendonça da Silva |
author_facet |
Cravo, Paula Margarida Mendonça da Silva |
author_role |
author |
dc.contributor.none.fl_str_mv |
Hong, Jason Pasin, Marcelo, 1967- Repositório da Universidade de Lisboa |
dc.contributor.author.fl_str_mv |
Cravo, Paula Margarida Mendonça da Silva |
dc.subject.por.fl_str_mv |
USSD SSL/TLS m-finance Confidentiality Authenticity Teses de mestrado - 2011 |
topic |
USSD SSL/TLS m-finance Confidentiality Authenticity Teses de mestrado - 2011 |
description |
Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2011 |
publishDate |
2011 |
dc.date.none.fl_str_mv |
2011 2011-01-01T00:00:00Z 2013-07-01T14:38:07Z |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
format |
masterThesis |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10451/8707 |
url |
http://hdl.handle.net/10451/8707 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
instacron_str |
RCAAP |
institution |
RCAAP |
reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
repository.mail.fl_str_mv |
|
_version_ |
1799134224506159104 |