关键词: 移动支付, 远程证明协议, 用户属性, 形式化分析, SPIN模型检测

Abstract: Remote attestation is one of the effective methods to solve the problem of mobile payment security. To analyze remote attestation protocol based on trusted computing, it finds that the user platform configuration information privacy, user authentication and certification of remote verifier have vulnerabilities, SPIN model checking tool is applied formal analysis to the protocol by using the model checking method, and detects the destructive attack vulnerability.To improve the protocol for these holes, the paper puts forward a method based on user attributes to add salt to Hash, using user attributes to ensure the safe transmission of the protocol. Finally, it uses the SPIN to test the improved protocol, proves the validity and security of the improved protocol, and blocks the attacks.

Key words: mobile payment, remote attestation protocol, user attributes, formal analysis, SPIN model checking