【作者】 刘文琦；

【导师】 顾宏；

【作者基本信息】 大连理工大学 ， 控制理论与控制工程， 2008， 博士

【摘要】 随着移动用户迅猛增加和移动技术不断改善,移动商务得到了快速发展并呈现出前所未有的发展机遇。但目前移动商务仍以小额交易为主,交易额也仅占总电子交易额很小部分。制约移动商务发展的因素是复杂的,但从当前移动商务系统平台的角度看,无线网络的带宽、移动终端的计算能力和移动支付系统的安全性是亟待解决的主要问题。本文以提高和改善移动支付系统安全性作为主要研究方向,旨在改善移动商务系统性能、推动移动商务的实施,具有重要的理论意义和应用价值。本文通过对移动支付系统国内外研究现状综述,发现围绕移动支付系统安全性存在的主要问题有:目前移动支付系统的系统架构存在较大的安全隐患;对于移动支付协议的分析,还没有一种形式化分析方法可以确保完全有效地分析所有的安全属性,许多形式化分析方法不能有效分析支付协议可追究性和公平性;满足公平性的支付协议对实施移动商务交易有着重要意义,但是目前许多支付协议难以兼顾公平性和可实施性要求。为了解决上述问题,本文在移动支付模型、系统架构、支付协议的形式化分析和满足公平性的支付协议等四个方面开展了研究。移动支付系统模型方面,通过分析移动支付系统组成和系统属性,定义了移动支付系统的一般化模型,该模型将移动支付系统的基础设施归类为操作语义,安全性、系统目标、系统交易性能等系统各种属性归类于基本属性。为了衡量系统的安全性和可实施性,给出模型的运算规则与性能评价方法;最后,实现了模型操作语义的Petri网描述。针对现有基于代理服务器系统架构和基于移动代理系统架构存在的安全隐患,本文提出一种改进的基于门限代理机制的移动支付系统架构。该架构不仅保留了原系统架构的优点,同时由于客户对代理服务器采取部分信任;且在商家服务器上须若干个移动代理配合才能实施交易,每个移动代理仅携带敏感信息的子信息,恶意商家攻击移动代理而获取或篡改敏感信息的难度成倍增加,因此该架构可以同时解决上述两种系统架构所存在的安全隐患。针对所提的基于门限代理机制的系统架构,设计了一个基于椭圆曲线的门限代理签名方案,安全性和性能分析证明方案满足设计需要。针对目前许多形式化分析方法不能有效分析支付协议可追究性和公平性的问题,本文提出一种基于CPN(有色Petri网)的支付协议形式化分析方法。该方法不仅可以对支付协议的机密性、完整性、认证性和可追究性等进行分析,而且通过向CPN模型引入时间元素,实现了对支付协议公平性的有效地分析,为协议的设计检验提供了一种新的手段。该方法对KSL协议安全性的分析结果表明该协议不满足可追究性及公平性,发现了其他形式化方法未能发现的协议漏洞,验证了该方法的有效性。针对目前移动支付协议难以兼顾公平性和可实施性的问题,本文在深入分析基于身份的签密体制和可同时生效签名体制的基础上,提出一种新的基于身份的同时生效签密体制,并给出其形式化定义和安全模型。这种体制将签密与完美同时生效签名有机地结合起来,既能保证协议执行过程中双方处于平等地位,体现公平性,又能保证传递信息的机密性和认证性,具有更好的安全性和可实施性。同时,利用双线性对构建了一个具体的基于身份同时生效签密方案,采用随机预言模型证明在BDH问题和Co-CDH问题是困难的假设下,所提方案是安全的;设计了一个基于该签密方案的移动支付协议,分析表明了该协议满足安全性的要求。更多还原

【Abstract】 With rapid increasing of the mobile customers and continual improvement of the mobile technology, mobile commerce gets fast development and is faced with unprecedented development opportunities. However, micro-payment transaction is the major transaction in mobile commerce, and the turnover of the mobile commerce also forms a little share in that of the electronic commerce. The restrictive factors of the mobile commerce development are complicated. From the present mobile commerce system platform perspective, the width of the wireless network, the computing capability of mobile device, and the security of mobile payment system are the urgent problems to be solved. With the research on improving the mobile payment system security, the thesis aims at improving the performance of mobile commerce system and promoting the implementation of mobile commerce which has important theoretical and practical significance.Based on the review of the research status of mobile payment system, the thesis finds some main problems of the mobile payment system security, for example, there are some hiding dangers existing in the present mobile payment system frameworks; no formal analysis approach can be used to ensure effectiveness of security analysis for all payment protocols, and many approaches cannot be used to analyze the accountability and fairness of the payment protocol; fairness is an important security requirement for mobile commerce transaction, however, many payment protocols cannot satisfy the fairness requirement and the practicability at the same time. For solving the above problems, the research is carried out from the following four aspects, including mobile payment model, the mobile payment system framework, the payment protocol analysis and fair payment protocol design.In the aspect of the mobile payment system model, the component elements and the basic properties are analyzed firstly. Then the general model of the mobile payment system is defined, in which the mobile payment system infrastructure is involved in the operational semantic, and some properties, such as security, system goals, and transaction performance, are involved in the properties. In order to evaluate the security and the feasibility of implementation of the mobile payment system, the operational rules and the performance evaluation methods are presented. At last, the description methods to the operational semantic of the mobile payment system model based on Petri nets are introduced.Aiming at the hiding dangers in the proxy-based mobile payment system framework and agent-based mobile payment system framework, the thesis proposes an improved framework based on threshold proxy mechanism which integrates the advantages of both the proxy-based framework and the agent-based framework. In the improved framework, the clients partially trust the proxy server, and there must be more than t agents work together to carry out the payment transaction in the merchant server, the difficulty of hostile merchant attacking the mobile agent to eavesdrop or tamper the secret information is increased for the hostile merchant should attack all the t agents, so the hiding dangers in the above two frameworks can be avoided. And a threshold proxy signature scheme based on elliptic curves is proposed to satisfy the secure requirements in the improved framework, security analysis and performance analysis can prove the scheme is suitable for the proposed framework.Aiming at the formal analysis of the accountability and fairness in the payment protocol, the thesis proposes a formal analysis approach based on CPN (Coloured Petri Nets). The approach can not only analyze confidentiality, integrity, authentication, accountability of the payment protocol, and with the characteristic that the time element can be added to the CPN model, the proposed approach can also be used to analyze fairness effectively. Using the proposed approach to analyze KSL protocol, we find that KSL protocol does not satisfy the accountability and fairness requirement. The proposed approach detects the leak in the protocol that cannot be detected by other formal analysis approaches. The result shows the effectiveness of the proposed approach.Aiming at the problem that fairness requirement and practicability of the payment protocol, the thesis proposes a new mobile payment protocol based on identity-based concurrent signcryption scheme. By using identity-based signcryption and perfect concurrent signature as reference, a new notion of identity-based concurrent signcryption is proposed, the formal definition of concurrent signcryption and the security model is introduced. The identity-based concurrent signcryption can ensure the fairness between the entities, and also satisfy the confidentiality and authentication requirements. An identity-based concurrent signcryption scheme using bilinear pairings is proposed. The proposed scheme is proved to be secure in random oracle model, assuming the bilinear Diffie-Hellman problem and computational Co-Diffie-Hellman problem are hard. Based on the proposed identity-based concurrent signcryption scheme, a mobile payment protocol is designed, the analyzing result shows it is secure.更多还原