小額付款為電信業者預設開通功能,也就是使用者不須特別提出申請,就可以直接開通使用。小額付款的美意主要是為了取代小額的現金交易,增加民眾的便利性,但卻被詐騙集團利用,成為新興的詐騙手法。有網路罪犯疑似利用惡意app誘導用戶下載,等用戶下載安裝後,網路罪犯便開始擷取用戶的手機資訊,甚至攔截「小額付款」的通知簡訊,讓手機用戶在收到次期帳單後才發現莫名被消費。本篇論文將針對利用手機APP後門攔截簡訊刷小額付款提出改善方法,利用基於身份的加密系統(Identity-Based Encryption)將簡訊加密,使用者收到簡訊時,必須使用向電信公司所申請的「簡訊解密」APP才能解密讀取簡訊,這可有效解決攔截簡訊之問題,即使攻擊者攔截到簡訊,也會因為沒有解密金鑰而無法順利讀取簡訊。另外,解密金鑰利用通行碼(password)加密,所以亦不用擔心金鑰外洩之問題。由效能分析得知,將簡訊加密, 對送信方與收信方而言,其通訊成本(communication cost)與計算成本(computation cost)並不會產生太大之影響。此研究不僅可以解決攔截簡訊刷小額付款問題,其餘的重要資料的傳輸,例如:傳送用戶密碼、傳送用戶個人資料、傳送用戶金融帳戶資訊等,只要將簡訊加密,這些資料即使被攻擊者惡意攔截,也無法輕易讀取簡訊內容。 / Micropayment is the default available function opened by the telecom operators, that is, users can directly use it without making an application specially. The micropayment is mainly to replace cash transaction involving a small sum of money, so as to bring more convenience to users. However, it may be utilized by frauds, which becomes a new scam means. Some cyber-criminals are suspected to induce users to download malicious APPs. After the users download and install them, the cyber-criminals will start to retrieve users’ mobile phone information, even intercept notification SMS sent from micropayment. Consequently, until the mobile phone users receive the bill in the next term do they find the unknown payments. This paper will put forward a method to prevent intercepting the micropayment notification SMS by using the malicious APP installed on the mobile phone. It encrypts the SMS by Identity-based Public Key Cryptosystem. After the users receive the SMS, they must decrypt to read the message by using the “SMS Decryption” APP applied from the telecom company. In this way, it can effectively solve the problem of SMS interception. The attackers cannot successfully read the content without the decryption key even if they intercept the text messages. In addition, the decryption key is encrypted by password, thus users do not need to worry about the information leakage. The performance analysis shows that encrypting the text messages will not have a big effect on communication cost and computation cost of senders and receivers. This research cannot only solve the problem of swiping micropayment by SMS interception, but also protect the transmission of other important data.
| Identifer | oai:union.ndltd.org:CHENGCHI/G0099971013 |
| Creators | 林宜盈, Lin,Yi Ying |
| Publisher | 國立政治大學 |
| Source Sets | National Chengchi University Libraries |
| Language | 中文 |
| Detected Language | English |
| Type | text |
| Rights | Copyright © nccu library on behalf of the copyright holders |
Page generated in 0.0133 seconds