Call for Paper

CAE solicits original research papers for the October 2021 Edition. Last date of manuscript submission is September 30, 2021.

Read More

Security Research of a Social Payment App and Suggested Improvement

Swapna Khandekar, Jingyuan Liang, Abdul Razaque, Fathi Amsaad, Musbah Abdulgader. Published in Security.

Communications on Applied Electronics
Year of Publication: 2016
Publisher: Foundation of Computer Science (FCS), NY, USA
Authors: Swapna Khandekar, Jingyuan Liang, Abdul Razaque, Fathi Amsaad, Musbah Abdulgader
10.5120/cae2016652059

Swapna Khandekar, Jingyuan Liang, Abdul Razaque, Fathi Amsaad and Musbah Abdulgader. Article: Security Research of a Social Payment App and Suggested Improvement. Communications on Applied Electronics 4(5):14-21, February 2016. Published by Foundation of Computer Science (FCS), NY, USA. BibTeX

@article{key:article,
	author = {Swapna Khandekar and Jingyuan Liang and Abdul Razaque and Fathi Amsaad and Musbah Abdulgader},
	title = {Article: Security Research of a Social Payment App and Suggested Improvement},
	journal = {Communications on Applied Electronics},
	year = {2016},
	volume = {4},
	number = {5},
	pages = {14-21},
	month = {February},
	note = {Published by Foundation of Computer Science (FCS), NY, USA}
}

Abstract

Electronic commerce has become integral part of business operation and individual person’s life. It is easy, fast and reliable way of money transfer. However with new technology security related issues have increased drastically. In this research, study of a payment application “Square Cash” has been done from different aspects like checking security related issues and suggestions have been given for improvement.

To measure performance of used payment procedure in square cash, one should understand flaws in depth in payment application. This research analyzes the security related issues of application “Square Cash” and highlights flaws in existing application. Author has used different methods to inspect this application which includes doing reverse engineering, observing and finding risks related to social engineering attacks. Also they have proposed secured payment protocol using self-certified key generation method. Introduction of this cryptographic system will keep transactions more reliable and secured. This research provides developers guidelines to build secure and usable online payment applications. This will result in a better payment application which will gain customers trust and will increase e-commerce business.

References

  1. C. Kim, K. Changsu, T. Wang, S. Namchul, and K. Ki-Soo, “An empirical study of customers’ perceptions of security and trust in e-payment systems,” Electron. Commer. Res. Appl., vol. 9, no. 1, pp. 84–95, 2010.
  2. Razaque, Abdul, and Khaled Elleithy. "Detection of Attacks for Restoring Privacy of Users to Improve Mobile Collaborative Learning (MCL) Over Heterogeneous Network." Networked Digital Technologies. Springer Berlin Heidelberg, 2012. 201-216.
  3. M. Niranjanamurthy and D. Chahar, “The study of e-commerce security issues and solutions,” International Journal of Advanced Research in Computer and Communication Engineering, vol. 2, no. 7, 2013.
  4. Razaque, Abdul, and Khaled Elleithy. "Interactive Prototypes to Foster Pedagogical Activities for Mobile Collaborative Learning Environment (MCLE)." International Journal of Interactive Mobile Technologies (iJIM) 6.1 (2012): 16-24.
  5. A. K. Jain and S. Devendra, “Addressing Security and Privacy Risks in Mobile Applications,” IT Prof., vol. 14, no. 5, pp. 28–33, 2012.
  6. “有关 XcodeGhost 的问题和解答,” Apple (中国). [Online].Available:http://www.apple.com/cn/xcodeghost/
  7. A. K. Ghosh and T. M. Swaminatha, “Software security and privacy risks in mobile e-commerce,” Commun. ACM, vol. 44, no. 2, pp. 51–57, 2001.
  8. R. A. Botha, S. M. Furnell, and N. L. Clarke, “From desktop to mobile: Examining the security experience,” Comput. Secur., vol. 28, no. 3–4, pp. 130–137, 2009.
  9. P. S. Maan and M. Sharma, “Social Engineering: A Partial Technical Attack,” International Journal of Computer Science, vol. 9, no. 2, 2012.
  10. B. Kraft, E. Mannes, and J. Moldow, “Security Research of a Social Payment App.” 2014.
  11. Razaque, Abdul, and Khaled Elleithy. "Multi-frame Signature-cum Anomaly-based Intrusion Detection Systems (MSAIDS) to Protect Privacy of Users over Mobile Collaborative Learning (MCL)." arXiv preprint arXiv:1210.2030 (2012).
  12. K. Sahadevaiah, S. Kuncha, and P. R. P.V.G.D., “Impact of Security Attacks on a New Security Protocol for Mobile Ad Hoc Networks,” Network Protocols and Algorithms, vol. 3, no. 4, 2011.
  13. W. Li, L. Wenmin, W. Qiaoyan, S. Qi, and J. Zhengping, “An efficient and secure mobile payment protocol for restricted connectivity scenarios in vehicular ad hoc network,” Comput. Commun., vol. 35, no. 2, pp. 188–195, 2012.
  14. V. Rastogi, Y. Chen, and X. Jiang, “Droidchameleon: evaluating android anti-malware against transformation attacks,” Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security, pp. 329–334, 2013.
  15. pxb, “pxb1988/dex2jar,” GitHub. [Online]. Available: https://github.com/pxb1988/dex2jar. [Accessed: 13-Oct-2015].
  16. E. Dupuy, “Java Decompiler.” [Online]. Available: http://jd.benow.ca/. [Accessed: 13-Oct-2015].
  17. D. Low and L. Douglas, “Protecting Java code via code obfuscation,” Crossroads, vol. 4, no. 3, pp. 21–23, 1998.
  18. “How does Square Cash work technically? - Quora.” [Online]. Available: https://www.quora.com/How-does-Square-Cash-work-technically. [Accessed: 15-Oct-2015].
  19. E. Rescorla, SSL and TLS: Designing and Building Secure Systems. Addison-Wesley Professional, 2001.
  20. F. Callegati, C. Franco, C. Walter, and R. Marco, “Man-in-the-Middle Attack to the HTTPS Protocol,” IEEE Security & Privacy Magazine, vol. 7, no. 1, pp. 78–81, 2009.
  21. Praetorian, “Man-in-the-Middle TLS Protocol Downgrade Attack,” Praetorian. [Online]. Available: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack. [Accessed: 16-Oct-2015].
  22. “Dnsmasq - network services for small networks.” [Online].Available:http://www.thekelleys.org.uk/dnsmasq/doc.html. [Accessed: 15-Oct-2015].
  23. Documentation Group, “Welcome! - The Apache HTTP Server Project.” [Online]. Available: https://httpd.apache.org/. [Accessed: 15-Oct-2015].
  24. “Security Tips | Android Developers.” [Online]. Available: http://developer.android.com/training/articles/security-tips.html. [Accessed: 16-Oct-2015].
  25. A. Shabtai, Y. Fledel, U. Kanonov, Y. Elovici, S. Dolev, and C. Glezer, “Google Android: A Comprehensive Security Assessment,” IEEE Secur. Priv., no. 2, 2010.
  26. “Checking Device Compatibility with SafetyNet | Android Developers.” [Online]. Available: https://developer.android.com/training/safetynet/index.html. [Accessed: 16-Oct-2015].
  27. M. Bezuidenhout, B. Monique, M. Francois, and H. S. Venter, “Social engineering attack detection model: SEADM,” in 2010 Information Security for South Africa, 2010.
  28. Isaac, Jesus Tellez, Jose Sierra Camara, Sherali Zeadally, and Joaquin Torres Marquez. "A secure vehicle-to-roadside communication payment protocol in vehicular ad hoc networks." Computer Communications 31, no. 10(2008):2478-2484.

Keywords

Square Cash, Cryptography, Key Generation, Payment Gateway, Encryption.