Securing USSD in Mobile Financial Transactions (A Practical Proposal for m-Finance)
This work analyses an existing mobile-finance scheme at Portuguese PT Inovação, targeting users that do not have a bank account, and using the USSD communication channel to process financial transactions between three parties: the User, an Agent that represents, or acts on behalf of, an institution, but not necessarily a bank or a financial one, and the Financial Transaction Manager (FTM) that manages the Agent network, the Users and the transactions made. We start by analyzing USSD communications: by itself it is not a secure communications channel, but it is available at every GSM device, allows for instant messaging services and is inter-operable, i.e. is not telecom dependent. Besides, it can run on commodity mobile phones, and requires practically no software download. From the user point of view, it resembles a normal text message and requires no special communications contract with the telecom operator other than the one that allows for sending text messages. It presents some security issues, namely, no authentication, no confidentiality, no integrity. We demonstrate that these issues can be solved through the use of end-to-end secure protocols on top of USSD in addition to other security mechanisms. PT Inovação’s m-finance scheme already implements a set of operations and financial transactions. We analyze the system’s threat model and we propose a solution that will protect a specific communication path, namely, between the Agent and the FTM. We suggest the implementation of SSL/TLS over USSD, a lightweight version that we call USSL/UTLS. We demonstrate that it is feasible to implement such security mechanism on a USSD communication channel, and that it provides end-to-end security over the network communication path, at least if the devices present some processing capabilities. We propose some possible implementation paths, and conduct a brief performance analysis.