Systematic Literature Review : Security Challenges of Mobile Banking and Payments System

Md. Shoriful Islam 보안공학연구지원센터 2014 International Journal of u- and e- Service, Scienc Vol.7 No.6

Mobile banking is more easily and fast banking today, but its challenges to payments security system. Many organization or financial institutions are now incorporating mobile banking and financial services as a key component of their growth strategy, and use of the mobile phone to conduct banking and financial services tasks continues to rise among early adopters. Large number of security challenge of mobile banking and payment system have been proposed in to the current research issues, our goal is to gain insight into the current status of mobile banking and payment system security challenge research issues published to date, conducted a systematic literature review mobile banking security challenges that have been claimed between January 2008 to December 2012.this paper presents the result of the systematic review, 10 publication and 20 were selected as primary studies, from which a large number of challenges were elicited. By applying qualitative data analysis methods to extracted data from the review. However among the majority of consumers, security threats are most commonly listed as the primary reason for not trying mobile banking. This review will attempt to technically address these largely unfounded consumer security fears while helping to lay a roadmap for financial institutions successful implementation of mobile banking technology. A clear and emerging new channel in the space of banking and payments is mobile. A key challenge with gaining user adoption of mobile banking and payments is the customer’s lack of confidence in security of the services. Understanding the mobile banking and payments market and ecosystem is critical in addressing the security challenges. There are new security risks introduced with mobile banking and payments that must be identified and mitigated.

Mobile Computing: Wireless Networking Security Issues

Javed Ahmad Shaheen 보안공학연구지원센터 2016 International Journal of Grid and Distributed Comp Vol.9 No.10

Mobile wireless has detonated in popularity just of its simplicity, revolution in communication and Mobile computing has become very famous now days in reward of the services offered during the mobile communication and. Mobile computing has become the reality not the luxury. Mobile wireless market is increasing by leaps and bounds as Cell phones, mobile computing and communication devices have become very trendy because of their ease and portability. However, the use of such devices in this platform is accompanied by new security risks that must be recognized and addressed to protect the physical devices, the communication medium, and the information used. Security is key issue that needs to be considered. For this security protocols are proposed for different applications like Wireless Application Protocol, 802.11a etc. Most of them are based on the public and private key cryptography. The challenge for mobile network is in providing very large footprint of mobile services with high speed and security. In this paper, we have discussed security issues arising due to wireless networking of mobile computing in distributed systems. We discussed the operational model of mobile computing environment, and try to demonstrate proposed solutions. We also discuss security problems and mechanisms that can be applied one of three main components of mobile computing. The goal of paper is to point out some of the limitations, characteristics, applications and issues on security of mobile computing.

Meeting Real Challenges in Eliciting Security Attributes for Mobile Application Development

( Noorrezam Yusop ),( Massila Kamalrudin ),( Mokhtar Mohd Yusof ),( Safiah Sidek ) 한국인터넷정보학회 2016 인터넷정보학회논문지 Vol.17 No.5

There has been a rapid growth in the development of mobile application resulting from its wide usage for online transaction, data storage and exchange of information. However, an important issue that has been overlooked is the lack of emphasis on the security issues at the early stage of the development. In fact, security issues have been kept until the later stage of the implementation of mobile apps. Requirements engineers frequently ignore and incorrectly elicit security-related requirements at the early stage of mobile application development. This scenario has led to the failure of developing secure and safe mobile application based on the needs of the users. As such, this paper intends to provide further understanding of the real challenges in extracting security attributes for mobile application faced by novice requirements engineers. For this purpose, two experiments on eliciting security attributes requirements of textual requirements scenario were conducted. The performance related to the correctness and time taken to elicit the security attributes were measured and recorded. It was found that the process of eliciting correct security attributes for mobile application requires effort, knowledge and skills. The findings indicate that an automated tool for correct elicitation security attributes requirement could help to overcome the challenges in eliciting security attributes requirements, especially among novice requirements engineers.

Mobile IP 및 AAA 프로토콜 기반으로 신속성과 안전성을 고려한 듀얼세션키 핸드오프 방식연구

최유미 ( Yumi Choi ),이형민 ( Hyung-min Lee ),추현승 ( Hyunseung Choo ) 한국인터넷정보학회 2005 인터넷정보학회논문지 Vol.6 No.3

이동 단말기의 활용이 급증하고 그 성능이 주목할 만한 수준으로 발전하면서 Mobile IP의 사용이 증가되고, 또한 보안성 강화를 목적으로 하는 이동 노드의 인증방식 연구와 데이터의 보안·전송 연구가 이루어지고 있다. 현재 이동 무선 네트워크 IP를 위한 이동성 자원의 표준인 Mobile IP는 이동 노드의 접속에 관해서 효율적인 사용자 인증이 취약하다. 즉, Mobile IP는 이동성을 보장하지만 보안성을 지원하지 않는다. 본 논문에서는 네트워크 구성원들의 상호 인증 및 보안 서비스를 위해서 인증(Authentication), 권한부여(Authorization) 및 과금(Accounting)을 지원하는 AAA 프로토콜에 기반하여 Mobile IP의 보안성을 유지하고 빠른 핸드오프를 수행하는 새로운 보안 핸드오프 방식을 제안한다. 제안된 방식은 AAA 프로토콜을 동작하는 세션 키 목록을 리스트로 유지하는 방법으로 AAAH 서버(Home AAA Server)에서 MN을 인증하는데 필요한 기존의 세션 키와 새로운 세션 키를 리스트로 유지함으로써 재인증 받는 문제점을 해결하고자 한다. 이로써, 이동 노드의 보안성을 유지하면서 핸드오프 수행시간을 충분히 보장한다. 분석적 모델링결과에 의하면 제안하는 방식은 기본적인 Mobile IP와 AAA 프로토콜의 결합방식과 비교하여 핸드오프 시간을 고려하는 핸드오프 실패율에 있어서 60%정도의 성능향상을 보인다. The Mobile IP has evolved from providing mobility support for portable computers to support wireless handheld devices with high mobility patterns. The Mobile IP secures mobility, but does not guarantee security. In this paper, the Mobile IP has been adapted to allow AAA protocol that supports authentication, authorization and accounting for authentication and collection of accounting information of network usage by mobile nodes. For this goal, we propose a new security handoff mechanism to intensify the Mobile IP security and to achieve fast handoff. In the proposed mechanism, we provide enough handoff achievement time to maintain the security of mobile nodes. According to the analysis of modeling result, the proposed mechanism compared the basic Mobile IP along with AAA protocol is up to about 60% better in terms of normalized surcharge for the handoff failure rate that considers handoff time.

Conceptual Framework for Mobile Device Product Line Security based on Internet of Thing

Regin Joy Conejar,Haeng-Kon Kim 보안공학연구지원센터 2016 International Journal of Hybrid Information Techno Vol.9 No.7

Numerous technology devices have been propelled to explore the prospects of mobile devices. There is a growing demand to transform the existing PC-based software systems to mobile device platforms since mobile devices are low-cost compared for a PC, and their affordance, usability, and user-friendliness are such that they can theoretically counterpart or even replace traditional computer technology and mobile devices perform well using a lesser amount of memory than PC-based systems. Mobile device product lines are promising approaches for deriving and delivering custom-made applications to devices. In this paper, a conceptual framework for the mobile device product line is designed to create a strategic concept on how the mobile device delivers its application towards its users. It is designed to construct an interaction within the mobile application to its user devices. Mobile Device Product Line Security is a new concept, which appears with the Internet of Things (IoT) application in industry. This technology applied in production systems provides many benefits like better transparency or real-time information. This approach proposes a conceptual framework for IoT application in Production Systems Security. The aim of this framework is helping enterprises to identify the main elements to apply IoT in Mobile Device Product Line Security Systems.

정보통신환경 변화와 기계경비시스템 적용방안

정태황(Tae-Hwang Chung) 한국민간경비학회 2005 한국민간경비학회보 Vol.6 No.-

  일부 국가기관의 경비업무를 제외한 대부분의 중요시설의 경비업무는 민간경비업자에 의해 실행되고 있으며, 경비업무의 효율성을 위하여 경비기기를 사용한 경비시스템의 도입이 증가하고 있다. 최근의 테러로 인한 주변의 보안환경변화와 일반인의 보안의식 변화는 경비업무의 전문성과 효율성, 그리고 첨단경비시스템을 요구하는 현상들로 이어져 경비업무체계 향상을 위한 좋은 기회이기도 한다.<BR>  시설경비를 위하여 무단 침업상황을 감지하고 그 상황을 경보하는 침입감지 시스템과 취약지역 감시를 위한 CCTV시스템 그리고 중요시설의 출입을 통제하는 시스템의 적용이 일반적이다. 경비시스템을 구성하는 경비기기의 대부분은 전자나 통신장비로, 정보통신환경의 변화는 경비시스템의 변화에 영향을 주게 된다. 초고속 광통신망을 이용한 유선인터넷이나 무선랜 또는 W-CDMA를 이용한 무선인터넷, 상용화를 앞두고 있는 휴대인터넷 서비스의 상용화 등은 우리나라가 인터넷 강국으로 면모를 잘 보여주는 것이다. 특히 무선인터넷망 서비스의 빠른 변화와 휴대용 단말기의 진화는 유비쿼터스환경을 제공하여 보다 편리하고 효율적인 모바일통신서비스의 제공을 가능하게 할 것이며, RFID시스템의 기술발달과 상용화, 생체인식시스템의 발달 등은 유비쿼터스적 경비시스템 구성을 가능하게 할 것이다.<BR>  RFID시스템의 인식과 추적 기능은 생체인식시스템과 같이 출입통제시스템에 적용되어 보다 편리하고 효율적인 경비시스템을 제공할 수 있을 것이다. 그리고 네트워크 CCTV시스템의 발달은 기존의 CCTV시스템에 비해 운용 효율성을 강화시키고 이동성을 제공함으로써 장소에 크게 구애받지 않고 원하는 장소의 영상을 감시할 수 있게 함으로써 기계경비시스템의 활용범위를 보다 광범위하게 할 수 있을 것이다.   Security for national and private facilities is carried out by private security company. For more effective security, electronic security system is required and the application category of electronic security system is increasing. Special security system and efficient security activity are required acording to the change of security environment and people"s understanding about security.<BR>  Generally electronic security system contains intrusion detection system, CCTV system, access control and integrated security system for the facility security. Electronic security system is mostly consist of electronic and communication part, so electronic security system could be affected by the change of communication environment. As internet service by the high speed optical fiber and wireless internet service by W-CDMA or wireless LAN, especially WIBRO internet service are activated, the mobile communication could be applied for various kinds of system.<BR>  Lately we can easily contact the "Ubiquitous", that people contact Net-work at anyplace. Ubiquitous could be put to practical use by mobile communication technology and the development of wireless internet technology make possible of mobile communication system.<BR>  Due to this environment change, application of Ubiquitous security system is possible very soon. For the advanced electronic security system, it should have correspondence with the change of communication environment. Several information technology could be applied for advanced security system, such as mobile electronic security system, RFID system, biometric system and Net-work CCTV system. RFID system could be applied for access control, using it"s recognition and tracking funtion. Users can conduct surveillance anywhere they want with Net-work CCTV system, that make CCTV more effective.<BR>  But for the practical use of mobile security system, we should take consideration of protecting of personal privacy and outflow of information by net-work.

A Study on the Mobile Application Security Threats and Vulnerability Analysis Cases

Kim, Hee Wan The Institute of Internet 2020 International Journal of Internet, Broadcasting an Vol.12 No.4

Security threats are increasing with interest due to the mass spread of smart devices, and vulnerabilities in developed applications are being exposed while mobile malicious codes are spreading. The government and companies provide various applications for the public, and for reliability and security of applications, security checks are required during application development. In this paper, among the security threats that can occur in the mobile service environment, we set up the vulnerability analysis items to respond to security threats when developing Android-based applications. Based on the set analysis items, vulnerability analysis was performed by examining three applications of public institutions and private companies currently operating as mobile applications. As a result of application security checks used by three public institutions and companies, authority management and open module stability management were well managed. However, it was confirmed that many security vulnerabilities were found in input value verification, outside transmit data management, and data management. It is believed that it will contribute to improving the safety of mobile applications through the case of vulnerability analysis for Android application security.

모바일 결제 앱에서의 보안과 신뢰 : 개인의 성향과 보안 신호를 중심으로

김민경,최보름 한국콘텐츠학회 2019 한국콘텐츠학회논문지 Vol.19 No.5

The mobile payment app market has been expanding recently. However, the usage rate of mobile payment apps is not meeting service providers' expectations due to concerns about security and privacy. This study investigated how personal predisposition and how the security signals of the payment app affect users' perceived privacy and security risks, and how these factors ultimately affect the trust of mobile payment apps. The results showed that privacy concerns increase the risk of perceived personal information leaks and reduce perceived mobile system security, while familiarity, perceived reputation, and assurance seal reduce the risk of perceived personal information leaks and increase perceived mobile system security. Finally, it revealed that the reduced risk of perceived personal information leaks and the increased security of mobile systems had a positive impact on the reliability of mobile payment apps. 최근 모바일 결제 앱 시장이 점차 확대되고 있으나 보안과 프라이버시에 대한 염려로 인하여 모바일 결제 앱 사용률이 서비스 제공자들의 기대에 미치지 못하고 있다. 본 연구는 모바일 결제 앱을 사용하는 개인의 성향과 결제 앱 자체의 보안 신호가 사용자들의 인지된 개인정보 유출 위험과 보안 위험에 어떠한 영향을 주며, 이러한 요인들이 최종적으로 어떻게 모바일 결제 앱의 신뢰에 영향을 주는지 설문을 통하여 살펴보았다. 그 결과, 프라이버시 염려도는 인지된 개인정보 유출 위험을 증가시키고 모바일 시스템 보안 정도를 감소시키는 반면, 친숙도, 인지된 명성, 보안 마크는 인지된 개인정보 유출 위험을 감소시키고 모바일 시스템 보안 정도를 증가시키는 것으로 나타났다. 마지막으로 인지된 개인정보 유출 위험의 감소와 모바일 시스템 보안의 증가가 모바일 결제 앱의 신뢰도에 긍정적 영향을 미친다는 점을 밝혔다.

보안관점에서 모바일 간편결제서비스의 지속적이용의도에 미치는 영향요인에 관한 연구

조진호,하귀용 경남대학교 산업경영연구소 2019 지역산업연구 Vol.42 No.4

The purpose of this study is to investigate the effect of service quality(accuracy, reliability,privacy, security) and corporate trust on perceived security perceptions of customers using mobileeasy payment on customer satisfaction and continuous use intention. We analyzed the sample dataof 133 people who have used the mobile easy payment at least once a week for the empiricalanalysis by structural equation model. The results of the analysis are as follows. First, the privacy and security of mobile payment service quality factors had a positiveinfluence on the intention of continuous use, and the influence was in the order of privacy andsecurity. Second, reliability, privacy, security, and corporate trust had a positive effect on customersatisfaction, and the influences were in the order of corporate trust, privacy, security, and reliability. Third, customer satisfaction has a positive effect on the intention of continuous use. Fourth,customer satisfaction did not play a mediating role in the relationship between privacy, security, andthe intention of continuous use. Finally, there was not moderate effect of security according to useexperience(concern or stress) on customer satisfaction. The results of this study confirm the relationship between customer satisfaction and theintention of continuous use service quality of mobile easy payment service and trust of serviceprovider from the viewpoint of security. We confirmed the importance of personal information protection and security service system ofmobile easy payment and establishment of trust of service providing companies. Therefore, thegovernment, related organizations, and practitioners of corporate will be able to refer to usefulresearch results in establishing a strategy suitable for Korean mobile easy payment market. 본 연구는 모바일 간편결제서비스를 이용하는 고객이 지각하는 보안관점의 서비스품질과 서비스 제공 기업의 신뢰가 고객 만족과 지속적인 이용의도에 미치는 영향 관계를 분석했다. 분석대상은 간편결제를 주 1회 이상 이용 고객 133명이며, 분석은 구조방정식 모형을 이용했다. 분석결과를 살펴보면, 첫째 간편결제 서비스품질 요인 중 보안성(privacy)과 보안(security)은지속적인 이용의도에 정(+)의 영향을 미쳤으며, 보안성과 보안 순으로 영향력을 보였다. 둘째, 신뢰성, 보안성, 보안과 기업의 신뢰는 고객 만족에 정(+)의 영향을 미쳤으며, 기업의 신뢰, 보안성,보안, 신뢰성 순으로 영향력을 보였다. 셋째, 고객만족은 지속적인 이용의도에 정(+)의 영향을 미쳤다. 넷째, 보안성과 보안은 지속적인 이용의도의 관계에서 고객만족의 매개 효과와 고객만족에 대한 사용자경험(고민 또는 스트레스)에 따른 보안의 조절효과는 나타나지 않았다. 본 연구는 보안관점에서 서비스품질과 기업의 신뢰에 대한 고객 만족과 지속적인 이용의도간의 영향 관계의 규명을 통해 간편결제의 개인정보 보호, 보안서비스 제도와 기업의 신뢰 구축의 중요성을 확인했다. 따라서 정부나 관련 기관과 기업의 실무자에게 모바일 간편결제 시장에적합한 전략 모델 수립에 유용한 연구결과를 제공할 수 있다.

셀룰러이동통신시스템의 인증 기능 설계 및 구현

권수근,최성구 경주대학교 정보전자기술연구소 2003 情報電子技術論叢 Vol.2 No.-

Security-related issues in mobile communications are increasing. The security requirements of mobile communications for the mobile users include authentication of the mobile user, the data confidentiality, the data confidentiality and the location privacy of mobile user. These services require security features compatible with the wireline networks. However, wireless networks have many restrictions compare to wireline networks such as the limited computational capability of mobile equipment and limited resource(bandwidth) between a mobile user and a fixed network. So, security features for IMT-2000 are designed to meet the limited capacity. In this paper, we analyze the required security features and mechanism, and design network access security feature effective for IMT-2000 Systems. The design includes security functions allocation to each system. Finally, discuss the computational power of each system based on allocated functions to it.