The Secure Communication Protocol Model Of Mobile Network Payment

Mobile network payment is a key part of mobile e-commerce system and itsadvantages such as no time and space limitations, convenient, time-saving win it amassive group of potential users. Besides, the popularization of mobile devices alsoprovide opportunity for its expansion. Based on statistical data in2014, the growthrate of users that use mobile network payment has exceeded60%in the first halfyear. However, such factors as technical limitations of terminal devices and threatsof network environment, especially the open wireless network environment makes itdifficult to guarantee the mobile network payment security whose four elementsincluding integrity, confidentiality, authentication and non-repudiation have not beenwell implemented.By employing security protocols under the framework of security technologysystem for mobile network payment, the present study built up a securecommunication protocol model, met requirements of secure communication inheterogeneous network environment, and put forward protocols that are moresuitable for mobile network payment based on existing network protocols, fromperspectives such as application layer protocol, network layer protocol and keyagreement protocol.Mobile network payment in a narrow sense is to pay with mobile networkterminal devices such as smart phones, POS machines etc., but it actually means thewhole payment process including opening, triggering, confirming and receivingpayment operated on mobile devices by multi-parties or by one party. MobileInternet payment is an important network application of machine to machinetechnology. The traditional e-commerce is usually conducted on multi-user machines,tasks can be anonymously completed, and messages are translated by analog signal.By contrast, although the mobile network payment is originated from thee-commerce, it is usually communicated by P2P. And due to its wireless network basis, mobile network payment is mostly authenticated by plaintext transmission andsensor nodes with compromises, and its transmission signals are digital, whichhighlights such problems as device power consumption, limited storage space, keymanagement constraints, security goal, inquiry, threats and attacks.In order to improve the protocol security, public key cryptography wasemployed in the present study. In the public key cryptography, public keys provideusers with service of sending encrypted data and verifying digital signature. Thesecurity and authentication of verified key agreement protocols are guaranteed bysecurity attributes including known-key security, unknown key-share attack, forwardsecrecy, unknown key-share security, key compromise, resistance key replicationattack, temporary key compromise security, key non-control key compromisesecurity. The high efficiency of the scheme can be achieved by reducing computationoverhead and visits.Group key agreement protocol in distributed network is an important researchissue of key agreement protocols. The present study proposed a improved scheme ofgroup key agreement protocol based on dynamic password technology by an attackto an online dictionary by a group key agreement protocol and identifiedvulnerabilities.In the public key cryptography, the third authentication party PKG met abottleneck. From previous discussion of key agreement, it is clear that public keycan be identified while private key whose some part consists of the entity itself, theother part of the private key generation center PKG that is responsible for thegeneration of both master keys and private keys and at the same time responsible forsecurity. DNS is the starting point of Internet trust services so it is a method toprevent the passwords of PKG center from being stolen to prevent the DNSinformation being deceived or tampered in the midway. However, because of thesimple design of DNS protocols which transmit through UDP user data protocols,DNS deception has become a huge impact to the world Internet at present. Althoughnew versions are constantly introduced, the problem still lies in the authenticationmechanism with public and private key. The main work and contributions of the present study are summarized asfollows:First, the present study summarized the four kinds of authenticationmechanisms of mobile network payment, including two-way authentication, insideauthentication, re-authentication and roaming authentication, and then carried onsimulation experiments, hoping to build up a integrate and secure lightweightauthentication system. Two-way authentication is the foundation of the other three,which make mobile devices and the center system trust each other; Insideauthentication is aimed at preventing the attacker from obtaining the privacy via;re-authentication can be seen as a verification for users’ re-establish to improveefficiency; and the roaming authentication is used to show users’ identity to outsideagents when they enter outside Internet. Then, the present study simulated on thesefour authentications with two parties A and B. In the two-way authenticationsimulation, B and the center system authenticated each other and the former wouldget service from the latter. If A could not eavesdrop the transmission of informationbetween B and the center system, A could not get B’s permission to enjoy the service.In the inside authentication simulation, B shared a key with the center system andhad the access. If A wanted to use B’s center system, it should have B’s key. Then,based on coverage scope of the access point at which B just moved out from thepresent association, kinds of authentication could be decided. If B did not move intoother points, re-authentication simulation was conducted; if B moved into otherpoints, roaming authentication was conducted when A could eavesdrop all theinformation transmitted by B, from both home agents and foreign agents but A couldnot obtain the key shared among B, home agents and foreign agents and therefore Acould not obtain B’s access to the network. This work provides basis for futureresearches.Second, the present study proposed a new scheme of key replication attack.Based on the analysis of the attack and security of IDAK3-P1, the three-partyauthenticated key agreement protocol, the present study showed that whenconducting a Reveal query, an attacker could establish key agreement by using opponent’s session key and the identity-based three-party authenticated keyagreement protocol did not possess the alleged firm security attributes such ascontaining key identity authentication and key control and did have security flaws towhich the present study put forward solutions. It was found that though thethree-party authenticated key agreement protocol was stable, we could enable it tobetter resist such attacks after finding out its security flaws and amending them.Third, the present study proposed an improved dynamic password schemebased on group key agreement against dictionary attack and analysis the security. Byusing multiple password test in a session, the present study found out loopholes inthe protocol and put forward improved protocols. In the random oracle and theideal-cipher model, the present study analyzed and verified the security of improvedprotocols based on simulation experiments of seven models. It was shown that thedynamic password technique was better than the traditional static password, with theformer being able to guarantee the data security of mobile network payment andbeing flexible and easy to use. So it was a more suitable security policy for mobilenetwork payment.Fourth, the present study proposed an effect scheme to againstman-in-the-middle (MITM) spoofing attack based on improved DNS protocols andprotect PKG center well.The present study employed the method of the Naive Biasclassifier.First extracted the DNS feature samples and classified the DNS responsepackets into right packets and forged packets in terms of characteristics, and then ona macro level, built up three kinds of defense technology, namely,1factor (thenumber of response segments or authority segments or additional segments inadditional information),2factor (the number of responses segments and authoritysegments) and3factor (the number of response segments, authority segments andadditional segments). Their performances were compared and3factor was pickedout as optimal whose average identified rate of NB defense technology was99.7875%, two percentage points higher than ANN’s average acceptance rate of97.7125%, and identifying almost all spoofing without affecting normalcommunication. As the analysis, the high identification rate mainly comes from the appropriate structure of3factors, in addition, Bias classifier itself can make full useof field knowledge and sample data information, effectively avoid the localextremum problem of this feature over fitting and training, as well as useful.In conclusion, the present study built a secure communication protocol modelof mobile network payment based on the authentication protocol simulation ofmobile payment network, analysis of two kinds of key agreement protocol andresearch of PKG center security access based on improved DNS protocol. Thismodel proposed methods of improved protocol and analyzed the protocol ssecurityperformance. With high reliability, feasibility and low ambiguity, this model canbetter guard mobile network payment.