Date of Award
5-12-2024
Degree Type
Dissertation
Degree Name
Doctor of Philosophy (PhD)
Department
Electrical Engineering and Computer Science
Advisor(s)
Wenliang Du
Subject Categories
Computer Engineering | Engineering
Abstract
In this work we have developed multiple solutions for financial transactions that can be coordinated to provide high level of security and data integrity, while providing all services with minimum changes in infrastructures, and maximum flexibility. The solutions are novel in many aspects and the generalization is a clear feature. The TrustZone hardware is an important component to ensure high security and protection. The system can function smoothly on any type of operating systems and works with any platform of services in the market. The tested case study is built on the Android system and the ARM TrustZone hardware. This particularly does not mean it is the best option. Under other operating systems the design can work equally efficiently or better. Types of transactions can include using peripheral devices like cameras, GPS, or NFS that can work in connection with mobiles or standard systems. QR code payment are fully served including merchant or buyer modes with static or dynamics payments. Credit card options are also fully served. The offline generation of virtual credit card systems plays a major role in providing uniqueness, high security, and maximum flexibility to serve all platforms. In the development and testing, we have fully experimented with four component solutions. The first covers using peripheral devices, the second provides decoding capacity within the TrustZone and eliminating the need for decoding by external servers. the Virtual Credit Card (VCC) offline dynamic generation of numbers provides maximum flexibility in offering secure payment and eliminating middleman services. Finally, the addition of encoding in the TrustZone generates secure QR codes covering the buyer presented option. The VCC offline dynamic generation one way hash encryption and decoding ensures to get secure information. Only the user and the bank parties can reconstruct and confirm the true authenticity and accuracy of the communication. Moreover, the use of UTC time to narrow the window of validity of the credit card number closes known gaps for the conduct of unauthorized transactions. With such conjunction, we developed a framework design to build a scalable commercial and industrial applications that can use the current infrastructure, while getting the best of all services. An important requirement is to have a cooperating TrustZone hardware provider and a banking system willing to implement the system. The framework can be applied smoothly to serve different operating systems and payment services. To get an alternative, the framework can be served even more efficiently and securely if we construct a TrustZone compatible standalone TrustProvider SOC. Such system can remove the requirement of having a side to cooperate with. In fact, it provides more flexibility, because there is no need to work with certain manufacturers. The system is in design and development as an ongoing work. Such system is still TrustZone based, and all components are managed by a Trusted Execution Environment (TEE). Meanwhile, it can also provide the TrustZone service using the mobile phones albeit with less security in terms of communication.
Access
Open Access
Recommended Citation
Salman, Ammar Salman, "A TrustZone-based Framework to Secure Mobile Financial Transactions and Provide End-to-End Protection for QR-code Payments and Credit Card Information" (2024). Dissertations - ALL. 1971.
https://surface.syr.edu/etd/1971