picking up my tab: understanding and mitigating ... · picking up my tab: understanding and...
TRANSCRIPT
PickingUpMyTab:UnderstandingandMitigatingSynchronizedTokenLiftingandSpendinginMobilePayment
-- Xiaolong Bai1*,ZheZhou23*,XiaoFeng Wang3,ZhouLi4,Xianghang Mi3,NanZhang3,Tongxin Li5,Shi-MinHu1,Kehuan Zhang2
1TsinghuaUniversity, 2TheChineseUniversityofHongKong3IndianaUniversityBloomington,4IEEEMember,5PeikingUniversity
*AlphabeticallyOrderedAuthors
MobilePayment– AConvenientLifeStyle
• Mobilepaymentiseverywhere.• Over5TrillionUSDollarTransactions.
2/29
OfflineMobilePayment
• AMobilePaymentMethodWithoutNetwork.• Mobilephonedoesnotneednetwork.• POSmachinemustbeconnected.
• Advantages.• Shortdelay.• Avoidpoornetworkconnectioninsiderooms.
• Simpletouse.• Noneedtoenterpassword• SimpleapproachaphonetoPOS.
3/29
OfflineMobilePaymentWorkingFlow
• Hashvalueinsidetoken.• Securitybasedonthesynchronizedsecretkey.
Secret
Time
User ID
Hash
APP POS Server
User ID DB
Time
Secret
Hash
Compare
Token
Ac/Rj
4/29
SecurityGuarantees
• Throughhashing,atokenisbondedto• Thetimewhenbeinggenerated.• TheuserID.• Itcannotbeforged withoutthesynchronizedsecret.
• Tokensarehardtosniff.• Tokentransportationisdesignedtobedistancebonded.
• Evenifatokenissniffed.• Atoken,oncereceivedbytheprovider,isinvalidatedimmediately.• Atokenisonlyvalidinashortperiodoftime.
5/29
Assumption:PassiveAdversaries
• Passiveattackersarealreadydefended,becausetokens,oncesniffed,arealsoreceivedbytheprovider,isinvalidatedimmediately.
6/29
AttacksagainstOfflinePayment
• STLSAttacks.• SynchronizedTokenLiftingandSpending.
• Steps• Acquirealivetoken.• Preventitfrombeinglegallyused.• Spenditatanotherplace,beforeitexpires.
• Targets
8/29
KnownAttacksagainstSamsung
• PreviouspapersniffingandreplayingSamsungpaytokens.• Assumption:Passiveattackers.
• Legaltransactionisnotinterrupted.• Thesniffedtokenisnotalive.• Usersarestillenoughsecure.
10/29
STLSAttackagainstSamsungPay
3inches
2meters
• Assumption:ActiveAttackers.• StandingclosetothePOS,canjamthenetwork.
11/29
STLSAttacks– QRPay
• An extremely popularpaymentmethod.• PaymentMode• B2Smode:AphonescansQRcodeonapapertopay.• B2Lmode:AphonepresentsQRcodeunderPOSscannertopay.
18/29
AdversaryModel– QRPay
• Payer’sphoneisinfectedwithattacker’smalware.• Themalwarehasthefrontcameraprivilege.• Forsniffing.
• Themalwarecandisplayafloatingwindow.• Topreventtokensfrombeinglegallyused.
19/29
PreventLegalScanning
• Amalwareadrawawhiteblock.• Topreventthecodefromlegallyrecognized.• Positioningmarkiscriticalfordecoding.• POSmachinecannolongerdecodetheQRcode.
• ThesniffedQRcodetokeniskeptalive.• Attackersspendthetokenduringtheperiod.
21/29
P2PModeAttacks
• WhatifyouuseiPhoneinsteadofAndroidPhone?• iPhonedoesnotsupportbackgroundfrontcameraphotoshooting.
• Whatifyourphoneisnotinfected?• P2Pmode:AphonescansQRcodeonanotherphonetopay.• TheQRcodecanalsobeusedinB2Lmodetopaytothemerchants.
22/29
P2PModeAttackAdversaryModel
• Thevictim(payee)isnotinfected.• Thepayerisinfectedwithattacker’smalware.
• HasanexactlysameUIwithlegalpaymentapp.• WillbeusedtosnifftheQRcodetoken.
• ThevictimhasturnedontheBluetooth.• Canbeexploitedbyattackertokeepthetokenalive.
23/29
STLSAttacks– Alipay’s Action
• Alipay ceasedP2PtransferthroughQRcodeinthisFeb.• FacetofacemoneytransfermovedtoprintedQRcode.• UsersgetanexclusiveQRcodeforreceivingmoneyafterapplication.
26/29
POSAUTH,restricttheuseofsniffedtokens
• Livetokencanbespentatanywhere,withtheupperboundamount.• Sniffedtokencannotbespentremotely,oncebondedtothePOSID.
POSID POSIDPOSID
27/29
Q&A
• Offlinepaymentschemesonlyconsideredpassiveattackers.• Activeattackerscankeepthesniffedtokenalivebyinterruptingthetransaction.• Attackerscanspendthetokenbeforeitexpires.
29/29
SecurityVulnerabilities
• Atokenisbondto• Thetimewhenbeinggenerated.• TheuserID.• Butnot aspecifictransaction(Amount,MerchantID,etc.).
• Alivetokencanbespentbytheattacker,oncesniffed.• Atanywhere.• Withtheupperboundamount.
30/29