Phu Dung Le

Lightweight Mobile Credit-Card Payment Protocol

Recently, making Internet credit-card payment is widely accepted. Several payment protocols have been proposed to secure the credit-card payment on fixed networks. However, these protocols do not apply well to wireless networks due to the limitations of wireless devices and wireless networks themselves. In this paper, we propose a simple and powerful credit-card payment protocol for wireless networks. We implement a secure cryptographic technique that works well under this protocol. We show that our proposed protocol is more suitable for applying to wireless networks than SET and iKP in that client’s computation is reduced. The protocol also satisfies all security properties provided by both SET and iKP. Moreover, it offers the ability to resolve disputes and recover from failures which are normally occurred in wireless environment. Furthermore, client’s credit-card information is not required to be sent in the protocol. It results in the security enhancement of the system.

A limited-used key generation scheme for internet transactions

Traditionally, the security of symmetric-key based systems heavily relies on the security of shared keys. In this paper, we present a new session key generation technique for internet transactions that eliminates the need of storing long-term shared key which makes the system insecure against key compromise during transactions. The generation of each set of session keys is based on randomly chosen preference keys. The higher number the transactions have been performed, the less chance the system is being compromised. We show that the proposed technique is secure against various kinds of attacks. Finally, the proposed technique can be applied to any kind of internet applications that deploy shared secrets. We demonstrate the practical usefulness of our technique by applying it to credit-card payment systems. The results show that our technique enhance their security considerably.

Dynamic Key Cryptography and Applications

In modern security models, cryptography plays a fundamental role in protecting data integrity and confidentiality in information systems. However, cryptography itself is subject to cryptanalysis attacks. To reduce the cryptanalysis attack risk, a dynamic key theory is presented and analyzed in this paper. Because these dynamic keys are one-time used symmetric cryptographic keys, they can significantly improve the security of cryptographic systems. The dynamic key theory generation scheme and key update mechanism are formally analyzed to demonstrate balance between security and performance. The theory can be applied to enhance the security and performance of cryptographic systems, especially those used in wireless networks communication. Two case studies using the proposed dynamic key theory are also described and analyzed to illustrate the power of the theory.

Security Analysis for Internet Banking Models

Internet banking fraud can be performed internally by genuine staff or externally by customers or suppliers. This paper presents a security analysis of the proposed Internet banking model compared with that of the current existing models used in fraudulent Internet payments detection and prevention. Several modern models in preventing and detecting fraud are evolving and being applied to many banking systems. However, they have no effective detection mechanism to identify legitimate users and trace their unlawful activities. Also they are not secure enough to prevent fraudulent users from performing fraudulent transactions over the Internet. The proposed model facilitates Internet banking fraud detection and prevention (FDP) by applying two new secure mechanisms, dynamic key generation (DKG) and group key (GK).

Information Security Threats Classification Pyramid

Threat classification is extremely important for organizations, as it is an important step towards implementation of information security. Most of the existing threat classifications listed threats in static ways without linking threats to information system areas. The aim of this paper is to design a methodology that can classify deliberate threats in a dynamic way to represent each threat in different areas of the information system. This technique is based on the following factors: the attackers prior knowledge (i. e. the knowledge hold by the source of the threat) about the system, loss of security information and the criticality of the area that might be affected by that threat.

Accountability logic for mobile payment protocols

Accountability is one of the most important security properties of electronic commerce (e-commerce) protocols. It can be used to resolve disputes among involved parties. Several formal logics were proposed to analyze this property. However, they lack of reasoning about the accountability of symmetric cryptography which is necessary for analyzing mobile payment protocols. In this paper, we propose an extension of existing accountability logics which is capable to deal with both symmetric and asymmetric cryptographic messages. Moreover, we show that our logic is general in that partys requirements for payment transactions which are considered as goals of a payment protocol can be formalized by our logic.

Hybrid Group Key Management Scheme for Secure Wireless Multicast

Along with the dramatic development of wireless network technologies and portable devices, wireless group applications are rapidly innovated to provide online services via wireless broadband networks. This development has led to a prime concern for providing clients with a secure and efficient key management system for group services such as multimedia conferencing, stock quoting and so on. In this paper we propose a new hybrid group key management approach which is suitable for the cellular wireless environment. This new approach has a two-level structure where the group users are sub-divided into clusters, hence reducing the rekeying cost in the key updating. We demonstrate that our proposed approach can achieve better efficiency when compared to the conventional Logical Key Hierarchy scheme.

A wavelet and Canny based image comparison

A robust and reliable image comparison method enables many computer vision applications such as wireless surveillance systems, fingerprint and face recognition. In this paper, we propose an image comparison method that can indicate reliably the similarity and difference between two images. It is constructed by combining an image quality measure and a simple Canny based image comparison metric. Our experiment results show that it is tolerant to random noise, structured noise and invariant to the affine transformation.

Dynamic Keys Based Sensitive Information System

Protecting sensitive information systems from security threats such as unauthorised access, information eavesdropping and information interfering, is significant. Most of the natural approaches employ strong authentication or cryptography systems to protect critical data. But those approaches do not stress on the potential amount of risks associated with sensitive information, especially the vulnerability from compromising of long term cryptographic keys and the lack of fine gained access control. Therefore, in this paper, a dynamic key theory based secure sensitive information system is proposed, which integrates dynamic keys with raw data to protect sensitive information; and the system also uses the keys to secure communication and enhance access control. A formal analysis is provided to verify the security of the proposed work. It shows that the proposed system guarantees critical information data security and access control flexibility. In addition, by using two sets of dynamic keys, fraud detection and prevention is achieved in the proposed system.

Formal Verification of a Secure Mobile Banking Protocol

Current mobile banking protocols simply are not as well guarded as their Internet counterparts during the transactions between a mobile device and a financial institution. Recently, many mobile banking protocols using public-key cryptography have been proposed. However, they are designed to provide a basic protection for traditional flow of payment data as they only rely on basic identification and verification mechanisms, which is vulnerable to attack and increase the user’s risk. In this paper we propose a new secure mobile banking protocol that provides strong authentication mechanisms. These mechanisms rely on highly usable advanced multifactor authentication technologies i.e. (biometrics and smart cards). The proposed mobile banking protocol not only achieves a completely secure protection for the involved parties and their financial transactions but also minimizes the computational operations and the communication passes between them. An analysis and a proof of the proposed protocol security properties will be provided within this paper.