Location Authentication based on Wireless Access Point Information to Prevent Wormhole Attack in Samsung Pay

摘要

This paper proposes a location authentication method to prevent wormhole payment attack in Samsung Pay. The primary feature of this method is comparing wireless Access Point (AP) information collected by the current Samsung Pay user and a wireless AP model (WM) that was created from wireless AP information (WI) sent by previous Samsung Pay users. To create the WM, an autoencoder is used. Unlike the existing location authentication techniques that use WI, our method does not require additional hardware, modification of the Point of Sale (POS) software, or any pre-requisite information such as the location coordinates of the POS. We show that the proposed location authentication technique exhibits the minimum Equal Error Rate (EER) of 2.4% in real payment environments.