MagSnoop: Listening to Sounds Induced by Magnetic Field Fluctuations to Infer Mobile Payment Tokens
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Choi, M. | - |
dc.contributor.author | Oh, S. | - |
dc.contributor.author | Kim, I. | - |
dc.contributor.author | Kim, H. | - |
dc.date.accessioned | 2023-03-08T06:53:15Z | - |
dc.date.available | 2023-03-08T06:53:15Z | - |
dc.date.issued | 2022-06 | - |
dc.identifier.issn | 0000-0000 | - |
dc.identifier.uri | https://scholarworks.bwise.kr/cau/handle/2019.sw.cau/61284 | - |
dc.description.abstract | Samsung Pay, one of the most representative mobile payment services, allows mobile users to make payment transactions almost anywhere using only their smartphone. This is thanks to MST (Magnetic Secure Transmission) that supports communication between smartphones and payment terminals for magnetic cards by transferring payment tokens via magnetic waves. Several attack methods have targeted this new technology by eavesdropping on magnetic fields to intercept the tokens, but with the use of dedicated hardware. This paper raises new security concerns for mobile payment users in a different, yet more effective way; by introducing MagSnoop, a novel framework that infers payment tokens from listening to MST sounds generated during the activation of MST payment transactions. More specifically, we first explore the principle, causing the generation of MST sounds, and the fundamental characteristics of these sounds. We then use these observations to infer payment tokens with a high degree of accuracy, robustness, applicability, and data efficiency. Our experiments with a prototype of MagSnoop demonstrate that it can support high accuracy in token inference (more than 77.8%). In addition, MagSnoop can maintain a reasonable level of accuracy regardless of the payment environments (e.g., 69.2% with a noise level of 50 dBA) and even in the real world (an inference success rate of 68.0% with 15 real-world users). © 2022 ACM. | - |
dc.format.extent | 13 | - |
dc.language | 영어 | - |
dc.language.iso | ENG | - |
dc.publisher | Association for Computing Machinery, Inc | - |
dc.title | MagSnoop: Listening to Sounds Induced by Magnetic Field Fluctuations to Infer Mobile Payment Tokens | - |
dc.type | Article | - |
dc.identifier.doi | 10.1145/3498361.3538937 | - |
dc.identifier.bibliographicCitation | MobiSys 2022 - Proceedings of the 2022 20th Annual International Conference on Mobile Systems, Applications and Services, pp 409 - 421 | - |
dc.description.isOpenAccess | N | - |
dc.identifier.scopusid | 2-s2.0-85134053978 | - |
dc.citation.endPage | 421 | - |
dc.citation.startPage | 409 | - |
dc.citation.title | MobiSys 2022 - Proceedings of the 2022 20th Annual International Conference on Mobile Systems, Applications and Services | - |
dc.type.docType | Conference Paper | - |
dc.subject.keywordAuthor | acoustic side channel attacks | - |
dc.subject.keywordAuthor | magnetic secure transmission | - |
dc.subject.keywordAuthor | mobile payment token inference | - |
dc.subject.keywordAuthor | mobile security | - |
dc.description.journalRegisteredClass | scopus | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
84, Heukseok-ro, Dongjak-gu, Seoul, Republic of Korea (06974)02-820-6194
COPYRIGHT 2019 Chung-Ang University All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.