Scribd
Upload
50 views25 pages

Protecting The Future of Mobile Payments!: Jonathan Leblanc ! Twitter: @jcleblanc ! Book: Http://Bit - Ly/Iddatasecurity!

This document discusses various techniques for securing mobile payments, including: - Device fingerprinting and identifying users through attributes like the device, OS, and installed apps - Encrypting communications using public/private key pairs to ensure data privacy and authenticity - Tokenizing sensitive data like credit cards to allow payments without exposing full account details - Preparing, encrypting, signing, decrypting and verifying messages between senders and receivers to securely transmit information The overall goal is to protect mobile transactions and users' financial information through authentication, access control, and encrypting data in transit and at rest.

Uploaded by

April Ubay Alibayan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
50 views25 pages

Protecting The Future of Mobile Payments!: Jonathan Leblanc ! Twitter: @jcleblanc ! Book: Http://Bit - Ly/Iddatasecurity!

This document discusses various techniques for securing mobile payments, including: - Device fingerprinting and identifying users through attributes like the device, OS, and installed apps - Encrypting communications using public/private key pairs to ensure data privacy and authenticity - Tokenizing sensitive data like credit cards to allow payments without exposing full account details - Preparing, encrypting, signing, decrypting and verifying messages between senders and receivers to securely transmit information The overall goal is to protect mobile transactions and users' financial information through authentication, access control, and encrypting data in transit and at rest.

Uploaded by

April Ubay Alibayan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 25

Protecting the Future

of Mobile Payments!

Jonathan LeBlanc !
Twitter: @jcleblanc !
Book: http://bit.ly/iddatasecurity!
Trust Zones & Account Security!
Building Shortcuts!
Browser Fingerprinting!
https://panopticlick.eff.org/!
Using Location Data!
Phone Identification?!
Device Fingerprinting!
Retrieving Build Information for Android Device !

//-------------!
//Build Info: http://developer.android.com/reference/android/os/Build.html!
//-------------!
!
System.getProperty("os.version"); //os version!
android.os.Build.DEVICE //device!
android.os.Build.MODEL //model!
android.os.Build.VERSION.SDK_INT //sdk version of the framework!
android.os.Build.SERIAL //hardware serial number, if available!
Getting Paired Devices?!
Get all Bluetooth Paired Devices: Android!

//fetch all bonded bluetooth devices!


Set<BluetoothDevice> pairedDevices = mBluetoothAdapter.getBondedDevices();!
!
//if devices found, fetch name and MAC address for each!
if (pairedDevices.size() > 0){!
for (BluetoothDevice device : pairedDevices){!
//Device Name - device.getName()!
//Device MAC address - device.getAddress()!
}!
}!
Hardware Prototyping!
Asynchronous Cryptography:
Securing an Insecure Channel!
Multi-User Environment!
Generating Public / Private Keys!

//create private key in private.key!


openssl genrsa -out private.key 2048!
!
//create public key in public.pem!
openssl rsa -in private.key -outform PEM -pubout -out public.pem!
Package Instantiation and Directory Creation!

var fs = require('fs');!
var path = require('path');!
var ursa = require('ursa');!
var mkdirp = require('mkdirp');!
!
//make direction and generate private / public keys for sender / receiver!
var rootpath = './keys';!
makekeys(rootpath, 'sender');!
makekeys(rootpath, 'receiver');!
Key and Directory Creation!

function makekeys(rootpath, subpath){!


try {!
mkdirp.sync(path.join(rootpath, subpath));!
} catch (err) {!
console.error(err);!
}!
!
var key = ursa.generatePrivateKey(); !
var privatepem = key.toPrivatePem();!
var publicpem = key.toPublicPem()!
!
try {!
fs.writeFileSync(path.join(rootpath, subpath, 'private.pem'), privatepem, 'ascii');!
fs.writeFileSync(path.join(rootpath, subpath, 'public.pem'), publicpem, 'ascii');!
} catch (err) {!
console.error(err);!
}!
}!
Preparing Message, Encrypting, and Signing!

//generate required keys!


var senderprivkey = ursa.createPrivateKey(!
fs.readFileSync(path.join(rootpath, 'sender', 'private.pem')));!
var recipientpubkey = ursa.createPublicKey(!
fs.readFileSync(path.join(rootpath, 'receiver', 'public.pem')));!
!
//prepare JSON message to send!
var msg = { 'user':'Nikola Tesla',!
'address':'W 40th St, New York, NY 10018',!
'state':'active' };!
!
msg = JSON.stringify(msg);!
!
//encrypt with recipient public key, and sign with sender private key!
var encrypted = recipientpubkey.encrypt(msg, 'utf8', 'base64');!
var signed = senderprivkey.hashAndSign('sha256', encrypted, 'utf8', 'base64');!
Decrypting, and Verifying Message!
//generate required keys!
var senderpubkey = ursa.createPublicKey(!
fs.readFileSync(path.join(rootpath, 'sender', 'public.pem')));!
var recipientprivkey = ursa.createPrivateKey(!
fs.readFileSync(path.join(rootpath, 'receiver', 'private.pem')));!
!
//verify message with sender private key!
bufferedmsg = new Buffer(encrypted);!
if (!senderpubkey.hashAndVerify('sha256', bufferedmsg, signed, 'base64')){!
throw new Error("invalid signature");!
} else {!
//decrypt message with recipient private key!
var decryptedmsg = recipientprivkey.decrypt(encrypted, 'base64', 'utf8');!
!
//--------!
//message verified and decrypted !
//--------!
}!
!
Card Tokenization!
Credit Card Tokenization!

Credit Card Information!


7e29c5c48f44755598dec3549155
Address Information!
ad66f1af4671091353be4c4d7694
Card Holder Name! d71dc866  
...!
Mobile Payments Landscape!
Thank You!!
!
Slides: http://slideshare.net/jcleblanc!

Jonathan LeBlanc !
Twitter: @jcleblanc !
Book: http://bit.ly/iddatasecurity!

You might also like