SECURE REGISTRATION OF ATM CARDS ON SMARTPHONES BASED ON A SECURE MOBILE PAYMENT ARCHITECTURE CONSISTING OF THE SIM CARD AND TRUSTZONE TECHNOLOGY

Abstract:

Growing processing power of smartphones, the simplicity and speed of communications via these devices, and their important functions (e.g. mobile banking and payment) have made them prime targets of cyber-attacks. It is obvious that software solutions are unable to provide sufficient security for smartphones. The most appropriate Secure Elements (SE) of smartphones employed in this study to propose a security architecture for installing and operating a mobile payment system on these devices. This architecture utilizes the SIM card as the basic SE for its notable features, including resistance to interference (even hardware interference). It also benefits from a Trusted Execution Environment (TEE), based on the TrustZone technology, to develop a secure User Interface (UI) for the SIM card. Furthermore, the same architecture is employed to propose a secure protocol for registering ATM cards on smartphones. The protocol was developed by HLPSL (High-Level Protocol Specification Language) and then analyzed by the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool for security evaluation.

Keywords:

Mobile Payment, Trusted Execution Environment, Secure Element, SIM Card, TrustZone