A Lightweight Architecture for Secure Two-Party Mobile Payment

The evolution of wireless networks and mobile devices has resulted in increased concerns about performance and security of mobile payment systems. In this paper we propose SA2pMP, a lightweight secured architecture for two-party mobile payments. SA2pMP employs a lightweightcryptography scheme that combines public key and symmetric key cryptography systems (ECDSA and AES), as well as a multi-factor authentication mechanism. These are coupled with a transaction log strategy to satisfy the properties of confidentiality, authentication, integrity and nonrepudiation. We simulate SA2pMP in a context of money transfer banking transaction, on three different emulators:Sun Java Wireless Toolkit 2.5.2 for CLDC emulator, Sony Ericsson SDK 2.5.0.3 Z800 emulator, and Nokia S60 3rd Edition emulator. We also compare SA2pMP to some existing mobile payment platforms. The result of simulation and comparison proves that SA2pMP is a lightweight secured mechanism that is feasible and suitable for two-party mobile payment transactions, e.g. mobile banking, over Java ME enabled, resource-limited mobile devices.

[1]  Paul E. Baclace Competitive agents for information filtering , 1992, CACM.

[2]  Don Davis,et al.  Defective Sign & Encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP, and XML , 2001, USENIX Annual Technical Conference, General Track.

[3]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.

[4]  Jan Ondrus,et al.  A Disruption Analysis in the Mobile Payment Market , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[5]  Ming Gu,et al.  Lightweight security for mobile commerce transactions , 2003, Comput. Commun..

[6]  A. D. Fernandes ELLIPTIC-CURVE CRYPTOGRAPHY , 1999 .

[7]  Eric Maiwald Fundamentals of network security , 2003 .

[8]  J. Gao,et al.  A wireless payment system , 2005, Second International Conference on Embedded Software and Systems (ICESS'05).

[9]  J. E. Rice,et al.  A proposed architecture for secure two-party mobile payment , 2009, 2009 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing.

[10]  W. Kou,et al.  Advances in Security and Payment Methods for Mobile Commerce , 2004 .

[11]  J. Gao,et al.  P2P-Paid: A Peer-to-Peer Wireless Payment System , 2005, Second IEEE International Workshop on Mobile Commerce and Services.

[12]  Vincent Rijmen,et al.  The Block Cipher Rijndael , 1998, CARDIS.

[13]  Hugo Krawczyk,et al.  Design, implementation, and deployment of the iKP secure electronic payment system , 2000, IEEE Journal on Selected Areas in Communications.

[14]  Xu Zhong,et al.  An efficient ECDSA-based signature scheme for wireless networks , 2006, Wuhan University Journal of Natural Sciences.

[15]  Jakob Nielsen,et al.  Usability engineering , 1997, The Computer Science and Engineering Handbook.

[16]  Zuhua Shao,et al.  Security of two signature schemes based on two hard problems , 2008, 2008 11th IEEE International Conference on Communication Technology.

[17]  P. Deans,et al.  E-Commerce and M-Commerce Technologies , 2004 .

[18]  Key Pousttchi,et al.  Security issues in mobile payment from the customer viewpoint , 2006, ECIS.

[19]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[20]  Johann Großschädl,et al.  A Survey of Public-Key Cryptography on J2ME-Enabled Mobile Devices , 2004, ISCIS.

[21]  Ayman I. Kayssi,et al.  J2ME application-layer end-to-end security for m-commerce , 2004, J. Netw. Comput. Appl..

[22]  Carla Schlatter Ellis Proceedings of the General Track: 2002 USENIX Annual Technical Conference, June 10-15, 2002, Monterey, California, USA , 2002, USENIX Annual Technical Conference, General Track.