移动支付体系的安全风险分析与研究
发布时间:2018-07-16 23:03
【摘要】:随着移动智能终端的不断普及和网上银行业务的快速发展,移动支 付交易越来越多,支付形式也在不断变化,终端用户对移动支付的依赖 性逐渐增强。同时,移动支付活动的安全问题也随之出现,终端的硬件 和软件威胁、无线网络和移动支付处理平台的安全性也成了用户关注的 问题。本文以提高和改善移动支付系统安全性作为主要研究方向,旨在 找到相应的安全策略,进而搭建一个安全的移动支付平台。本文主要从多个角度对移动支付体系的安全风险进行详细的分析 和研究,并提出一系列的安全性策略。论文所做的主要工作是相关背景 技术知识的调研,包括基于SMS、WAP、NFC的支付方式和移动支付 的关键安全技术。将整个移动支付体系分为三个层次:应用层、交易层 和支付处理层,具体地分析了各层的功能;接着从移动终端、无线网络 和支付过程三个部分来分析移动支付体系的安全性。针对移动终端的安 全,分成硬件安全和应用软件两方面,分析可能造成交易信息泄露或者 用户银行账户信息泄露等一系列威胁;无线网络部分主要针对当WAP 和WIFI的安全技术漏洞进行分析,包括信息传输过程的保密性、身份 认证性和访问控制等,并给出应对策略;还对已有的电子支付协议SET 进行了改进建议,提出了基于ECC的新协议用于移动支付环境中,最 后对新协议的安全性和性能进行了评估。理论分析证明ECC比RSA的 效率高很多,同时新协议在签名、证书验证、非对称和对称加密次数上 较SET协议也明显减少,这样当前移动终端和网络能力完全可以支撑该 协议,保证安全有效的移动支付过程。
[Abstract]:With the popularity of mobile intelligent terminals and the rapid development of Internet banking, mobile branches
Paying more and more transactions, changing the form of payment, and end-users' dependence on mobile payment.
The problem of security in mobile payment activities also arises.
And software threats, the security of wireless network and mobile payment processing platform has also become the concern of users.
The purpose of this paper is to improve and improve the security of mobile payment system as the main research direction.
In this paper, the security risk of mobile payment system is analyzed in detail from several angles.
And research, and put forward a series of security strategies. The main work of the paper is related background.
Research on technology knowledge, including payment methods based on SMS, WAP and NFC, and mobile payment.
The key technology of security is to divide the whole mobile payment system into three levels: application level and transaction level.
And the payment processing layer, specifically analyzing the functions of each layer; and then from the mobile terminal, the wireless network.
And the payment process three parts to analyze the security of the mobile payment system.
The whole analysis is divided into two aspects: hardware security and application software. Analysis may cause transaction information leakage or
User bank account information leakage and other threats; the wireless network part is mainly targeted at WAP.
And WIFI security technology vulnerability analysis, including the confidentiality of information transmission process, identity
Authentication and access control are also given, and the existing electronic payment protocol SET is also presented.
Suggestions for improvement are put forward, and a new protocol based on ECC for mobile payment environment is proposed.
The security and performance of the new protocol are evaluated. Theoretical analysis proves that ECC is better than RSA.
The efficiency of the new protocol is much higher than that of the new protocol.
The SET protocol is also significantly reduced, so that the current mobile terminals and network capabilities can fully support this.
The protocol ensures a safe and effective mobile payment process.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2127955
[Abstract]:With the popularity of mobile intelligent terminals and the rapid development of Internet banking, mobile branches
Paying more and more transactions, changing the form of payment, and end-users' dependence on mobile payment.
The problem of security in mobile payment activities also arises.
And software threats, the security of wireless network and mobile payment processing platform has also become the concern of users.
The purpose of this paper is to improve and improve the security of mobile payment system as the main research direction.
In this paper, the security risk of mobile payment system is analyzed in detail from several angles.
And research, and put forward a series of security strategies. The main work of the paper is related background.
Research on technology knowledge, including payment methods based on SMS, WAP and NFC, and mobile payment.
The key technology of security is to divide the whole mobile payment system into three levels: application level and transaction level.
And the payment processing layer, specifically analyzing the functions of each layer; and then from the mobile terminal, the wireless network.
And the payment process three parts to analyze the security of the mobile payment system.
The whole analysis is divided into two aspects: hardware security and application software. Analysis may cause transaction information leakage or
User bank account information leakage and other threats; the wireless network part is mainly targeted at WAP.
And WIFI security technology vulnerability analysis, including the confidentiality of information transmission process, identity
Authentication and access control are also given, and the existing electronic payment protocol SET is also presented.
Suggestions for improvement are put forward, and a new protocol based on ECC for mobile payment environment is proposed.
The security and performance of the new protocol are evaluated. Theoretical analysis proves that ECC is better than RSA.
The efficiency of the new protocol is much higher than that of the new protocol.
The SET protocol is also significantly reduced, so that the current mobile terminals and network capabilities can fully support this.
The protocol ensures a safe and effective mobile payment process.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前6条
1 张险峰,秦志光,刘锦德;椭圆曲线加密系统的性能分析[J];电子科技大学学报;2001年02期
2 刘磊;;安全技术在移动支付中的应用[J];硅谷;2012年16期
3 洪琳,李展;数字签名、数字信封和数字证书[J];计算机应用;2000年02期
4 李北金;张力;;基于WAP的电子支付的安全性研究[J];微计算机信息;2008年06期
5 王曼珠,何文才,杨亚涛,魏占祯;无线局域网IEEE802.11的安全缺陷分析[J];微电子学与计算机;2005年07期
6 许罗德;;推动移动支付业务融合发展[J];中国金融;2013年01期
,本文编号:2127955
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2127955.html