一种基于TPM的手机第三方安全移动支付协议

A novel third-party in-APP mobile payment protocol based on trusted platform module

为解决in-APP第三方支付中密钥泄漏、信息显示不全、商家APP缺乏预信任等问题,采用着色Petri网(CPN)模型对现有的订单篡改、通知假冒、订单替换、非授权查询4种攻击进行建模分析,并通过推导不安全状态的可达性验证in-APP第三方支付系统存在的安全漏洞。提出了基于可信平台模块(TPM)的新的支付协议模型,该模型利用TPM生成安全私钥用于改进数字签名和防止用户和商家APP串谋攻击等方面。安全性分析表明,相较于原协议,新的安全模型引入随机数抵御重放攻击,通过TPM安全芯片生成公私钥对,抵御因密钥泄漏引发的订单篡改与替换、通知假冒和非授权查询4种网络攻击,并通过协议中的额外安全性补偿机制解决了串谋攻击和订单信息显示不全等问题。

To solve the problems of key leakage,incomplete display of order information and lack of pre-trust of merchant APP in in-APP third-party payment,a new secure payment model for in-APP third-party payment is proposed.In view of the existing attacks of order tampering,notification forging,order substituting and unauthorized querying,the mobile payment protocol is analyzed by color Petri net(CPN) model,and the accessibility of the unsafe state is proved.Therefore the security vulnerabilities of in-APP third-party payment are verified.A new payment protocol model and improvement strategy based on trusted platform module(TPM) are proposed.The model uses TPM to generate the secure private key for improving digital signature and preventing colluding attack between user and merchant APP.Security analysis shows that compared with the original protocol,the new security model introduces nonce to resist replay attack,generates public and private key pairs through the PPM security chip,and prevents four kinds of network attacks of order tampering and substituting,notification forging and unauthorized querying which are brought by key leakage.The new security model also solves the problems of colluding attack and incomplete display of order information through the additional security compensation mechanism in the protocol.