A lightweight two-gateway based payment protocol ensuring accountability and unlinkable anonymity with dynamic identity

A robust payment protocol is proposed to make payment using two cards of different banks.The protocol is lightweight so that it could be utilized in portable devices.The protocol has been analysed for accountability, untraceability and unlinkability properties using the formal method strand space model with the automated tool CPSA.Comparative analysis of the protocol for security features and number of cryptographic operations with state-of-the-art reveals that the proposed protocol outperforms the existing schemes. Display Omitted In the current scenario, mobile web payment provides a standard platform to the Internet users for online digital goods shopping. Though the majority of online transactions use single gateway, there is a need for multi-gateway, due to insufficient balance in a customers account in a specific bank. There are a few payment protocols which support a transaction using multiple cards, but they too have some limitations like cards should be of the same bank and the process should be based on independent transactions. This paper proposes an efficient payment protocol that is used for making online transactions via two gateways for purchasing digital goods to overcome the above mentioned limitations. The proposed protocol is simulated using the automated tool Cryptographic Protocol Shape Analyzer (CPSA) and it satisfies accountability, anonymity and atomicity properties. Formal proof of correctness is provided using the strand space model. The protocol is then compared with the state-of-the-art protocols in terms of different security features and computational overhead. Results show that our protocol achieves better performance than other protocols.

[1]  José María Sierra,et al.  A Secure Payment Protocol for Restricted Connectivity Scenarios in M-Commerce , 2007, EC-Web.

[3]  Ming-Hour Yang,et al.  An Unlinkable Anonymous Payment Scheme based on near field communication , 2016, Comput. Electr. Eng..

[4]  Ruhul Amin,et al.  A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks , 2016, Ad Hoc Networks.

[5]  Debiao He,et al.  A new dynamic identity-based authentication protocol for multi-server environment using elliptic curve cryptography , 2012, Secur. Commun. Networks.

[6]  Shehzad Ashraf Chaudhry Comment on 'Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications' , 2015, IET Commun..

[7]  Joshua D. Guttman,et al.  Strand spaces: why is a security protocol correct? , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[8]  Debiao He,et al.  Cryptanalysis of a Dynamic ID-Based Remote User Authentication Scheme with Access Control for Multi-Server Environments , 2013, IEICE Trans. Inf. Syst..

[9]  Hafiz Farooq Ahmad,et al.  A lightweight message authentication scheme for Smart Grid communications in power sector , 2016, Comput. Electr. Eng..

[10]  Muhammad Khurram Khan,et al.  Fingerprint Biometric-based Self-Authentication and Deniable Authentication Schemes for the Electronic World , 2009 .

[11]  Leau Yu Beng,et al.  A lightweight and private mobile payment protocol by using mobile network operator , 2008, 2008 International Conference on Computer and Communication Engineering.

[12]  Hugo Krawczyk,et al.  Design, implementation, and deployment of the iKP secure electronic payment system , 2000, IEEE Journal on Selected Areas in Communications.

[13]  Venkatasamy Sureshkumar,et al.  Analysis of Accountability Property in Payment Systems Using Strand Space Model , 2015, SSCC.

[14]  Wanlei Zhou,et al.  Secure RFID Tag Ownership Transfer Based on Quadratic Residues , 2013, IEEE Transactions on Information Forensics and Security.

[15]  Lu Zhang,et al.  Formal analysis of anonymity based on strand space model , 2008, 2008 First IEEE International Conference on Ubi-Media Computing.

[16]  Venkatasamy Sureshkumar,et al.  Analysis of Electronic Voting Protocol Using Strand Space Model , 2014, SNDS.

[17]  Jen-Ho Yang,et al.  A mobile payment mechanism with anonymity for cloud computing , 2016, J. Syst. Softw..

[18]  Muhammad Khurram Khan,et al.  A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security , 2017, Int. J. Commun. Syst..

[19]  Xiong Li,et al.  Cryptanalysis and Enhancement of Anonymity Preserving Remote User Mutual Authentication and Session Key Agreement Scheme for E-Health Care Systems , 2015, Journal of Medical Systems.

[20]  Sherali Zeadally,et al.  An Anonymous Secure Payment Protocol in a Payment Gateway Centric Model , 2012, ANT/MobiWIS.

[21]  Bala Srinivasan,et al.  A secure account-based mobile payment protocol , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[22]  Debiao He,et al.  Anonymous two-factor authentication for consumer roaming service in global mobility networks , 2013, IEEE Transactions on Consumer Electronics.