Security Evaluation of Apple Pay at Point-of-Sale Terminals

被引:6
作者
Margraf, Marian [1 ]
Lange, Steffen [2 ]
Otterbein, Florian [1 ]
机构
[1] Free Univ Berlin, Takustr 9, D-14195 Berlin, Germany
[2] Univ Appl Sci Darmstadt, Haardtring 100, D-64295 Darmstadt, Germany
来源
2016 10TH INTERNATIONAL CONFERENCE ON NEXT GENERATION MOBILE APPLICATIONS, SECURITY AND TECHNOLOGIES (NGMAST) | 2016年
关键词
Apple Pay; Mobile Payment; Security Evaluation; Secure Element; Credit Card;
D O I
10.1109/NGMAST.2016.28
中图分类号
TM [电工技术]; TN [电子技术、通信技术];
学科分类号
0808 ; 0809 ;
摘要
Apple introduced its mobile payment service "Apple Pay" in 2014. It allows customers to pay contactless at point-of-sale (POS) terminals and online. In this paper we will describe the components needed for Apple Pay and evaluate the security of Apple Pay for transactions at POS terminals. We will show that relay attacks cannot be avoided, in general. However, particular security features of Apple Pay prevent that relay attacks can be practically exploited. Our security analysis demonstrates that the security level of Apple Pay is comparable with the security level of payments with traditional credit cards. In contrast to the mobile payment service Google Wallet, no serious security vulnerabilities exist.
引用
收藏
页码:115 / 120
页数:6
相关论文
共 12 条
[1]  
[Anonymous], 2014, 27000 ISOIEC
[2]  
Apple, 2014, IOS SEC
[3]  
Apple, 2014, IOD DEV LIB PASSKIT
[4]  
Ducklin P., NEW IOS MALWARE FUNK
[5]  
Francis L., 2011, Cryptology and Information Security Series, P618
[6]  
GlobalWebIndex, HAB SIE INN LETZT MO
[7]  
heise Security, ZAHL HOM DEP WAR MON
[8]  
Hoog A., 2011, FORENSICS MOBILE SEC
[9]  
Roland M., 2013, 7 USENIX WORKSH OENS
[10]  
Roland M., 2013, TECHNICAL REPORT
12