Utilize este identificador para referenciar este registo: http://hdl.handle.net/10451/13935
Título: Securing ussd in mobile financial transactions
Outros títulos: (A practical proposal for M-Finance
Autor: Cravo, Paula Margarida Mendonça da Silva
Orientador: Pasin, Marcelo
Hong, Jason
Palavras-chave: m-finance
Data de Defesa: Dez-2011
Resumo: This work analyses an existing mobile-finance scheme at Portuguese PT Inovação, targeting users that do not have a bank account, and using the USSD communication channel to process financial transactions between three parties: the User, an Agent that represents, or acts on behalf of, an institution, but not necessarily a bank or a financial one, and the Financial Transaction Manager (FTM) that manages the Agent network, the Users and the transactions made. We start by analyzing USSD communications: by itself it is not a secure communications channel, but it is available at every GSM device, allows for instant messaging services and is inter-operable, i.e. is not telecom dependent. Besides, it can run on commodity mobile phones, and requires practically no software download. From the user point of view, it resembles a normal text message and requires no special communications contract with the telecom operator other than the one that allows for sending text messages. It presents some security issues, namely, no authentication, no confidentiality, no integrity. We demonstrate that these issues can be solved through the use of end-to-end secure protocols on top of USSD in addition to other security mechanisms. xv PT Inovação’s m-finance scheme already implements a set of operations and financial transactions. We analyze the system’s threat model and we propose a solution that will protect a specific communication path, namely, between the Agent and the FTM. We suggest the implementation of SSL/TLS over USSD, a lightweight version that we call USSL/UTLS. We demonstrate that it is feasible to implement such security mechanism on a USSD communication channel, and that it provides end-to-end security over the network communication path, at least if the devices present some processing capabilities. We propose some possible implementation paths, and conduct a brief performance analysis.
URI: http://hdl.handle.net/10451/13935
Aparece nas colecções:FC-DI - Master Thesis (dissertation)

Ficheiros deste registo:
Ficheiro Descrição TamanhoFormato 
PCravoThesis_Final_FCUL.pdf1,16 MBAdobe PDFVer/Abrir    Acesso Restrito. Solicitar cópia ao autor!

FacebookTwitterDeliciousLinkedInDiggGoogle BookmarksMySpace
Formato BibTex MendeleyEndnote 

Todos os registos no repositório estão protegidos por leis de copyright, com todos os direitos reservados.