DOI QR코드

DOI QR Code

Design and Implementation of the Authentication System for In-app Billing in Mobile Environments

Seok, Ho-Jun;Kim, Seog-Gyu

  • 투고 : 2016.01.22
  • 심사 : 2016.02.19
  • 발행 : 2016.02.29

초록

In this paper, we propose the authentication server system that prevent hacking in In-app billing applications. And we also propose the methods to verify electronic receipt for the payment of internal app payments and to check the integrity of the applications. Then we designed the payment metabolic system that checks between products-offer list and paid subscription if payment system is hacked with new hacking technologies different from existing ones. And then we implemented proposed authentication system and experimented with about 10,000 average internal application payments per an hour. It shows that proposed system has defensive techniques that counter attacks against in-app billing but it takes more than 0.8916 seconds than no-certification system that is considered as relatively short time.

키워드

In-app billing;authentication system;mobile application;prevent hacking

참고문헌

  1. Ho-Jun Seok, Sung-Min Hwang, Seog-Gyu Kim. "An Authentication Sever System for In-App Purchase". Proceedings of KSCI Conference 2015, July 2015.
  2. Wonnam Lee. "A Study on the Android Vulnerability of Rooting/App Integrity Verification Module". Dec. 2014.
  3. Yuxue Piao, Jin-hyuk Jung, Jeong Hyun Yi. "Structural and Functional Analyses of ProGuard Obfuscation Tool". The Journal of Korea Information and Communication Society, Vol.38B No.08, August 2013.
  4. Google. "In-app Billing Security and Design". http://developer.android.com/google/play/billing/billing_best_ practices.html
  5. Google. "In-app billing Version3 API". http://developer.android.com/google/play/billing/api.html
  6. Jordan Kahn. "Apple's in-app purchasing process circumvented by Russian hacker". http://9to5mac.com/2012/07/13/apples-in-app-purchasing-process-circumvented-by-russian-hacker/
  7. Mulliner Collin, William Robertson, and Engin Kirda. "Virtual Swindle:an automated attack against in-app billingon android", Proceedings of the 9th ACM symposium on Information computer and communications security, June 2014.
  8. Jinsun Hong. "Mobile Game Hacking". http://www.inven.co.kr/webzine/news/?news=128022
  9. Crossdotcom. "Lucky Patcher". http://www.kgezzang.tk/173

과제정보

연구 과제 주관 기관 : Andong National University