Secure and Optimized Mobile Based Merchant Payment Protocol using Signcryption

The authors propose a Secure and Optimized Mobile based Merchant Payment SOMMP Protocol using Signcryption scheme with Forward Secrecy SFS based on elliptic curve which consumes less computational and communication cost. In SOMMP client sends message in the form of TransCertC Transaction Certificate which is a X.509 SLC X.509 Short Lived Certificate thereby reducing the client interactions with the engaging parties thereby reducing the consumption of resources from Client's perspective which are very scarce in Resource Constrained Devices like Mobile Phones. In SOMMP protocol WSLC WPKI Short Lived Certificate eliminates the need of certificates validation and removes the hurdle of PKI thereby reducing storage space, communication cost and computational cost. Their proposed SOMMP ensures Authentication, Integrity, Confidentiality and Non Repudiation, achieves Identity protection from merchant and Eavesdropper, achieves Transaction privacy from Eavesdropper and Payment Gateway, achieves Payment Secrecy, Order Secrecy, forward secrecy, and prevents Double Spending, Overspending and Money laundering. In addition to these SOMMP withstands Replay, Man in the Middle and Impersonation attacks. The security properties of the proposed SOMMP protocol have been verified using BAN Logic, AVISPA and Scyther Tools and presented with results.

[1]  Erland Jonsson,et al.  Handbook of Research on Emerging Developments in Data Privacy , 2014 .

[2]  Ratan K. Guha,et al.  Understanding the intruder through attacks on cryptographic protocols , 2006, ACM-SE 44.

[3]  Pascal Lafourcade,et al.  Comparing State Spaces in Automatic Security Protocol Verification , 2011 .

[4]  Sherali Zeadally,et al.  A secure vehicle-to-roadside communication payment protocol in vehicular ad hoc networks , 2008, Comput. Commun..

[5]  Çetin Kaya Koç,et al.  High-speed implementation of an ECC-based wireless authentication protocol on an ARM microprocessor , 2001 .

[6]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[7]  Santo Banerjee,et al.  Chaos Synchronization and Cryptography for Secure Communications: Applications for Encryption , 2010 .

[8]  Phu Dung Le,et al.  Formal Verification of a Secure Mobile Banking Protocol , 2011 .

[9]  Roger M. Needham,et al.  Authentication revisited , 1987, OPSR.

[10]  José María Sierra,et al.  A Secure Payment Protocol for Restricted Connectivity Scenarios in M-Commerce , 2007, EC-Web.

[11]  J. T. Isaac,et al.  An Anonymous Account-Based Mobile Payment Protocol for a Restricted Connectivity Scenario , 2007 .

[12]  Jesús Téllez Isaac,et al.  Anonymous Payment in a Client Centric Model for Digital Ecosystems , 2007, 2007 Inaugural IEEE-IES Digital EcoSystems and Technologies Conference.

[13]  Ratan K. Guha,et al.  A logic-based verification framework for authentication protocols , 2007 .

[14]  Min-Shiang Hwang,et al.  A simple micro-payment scheme , 2001, J. Syst. Softw..

[15]  Ren-Junn Hwang,et al.  An efficient signcryption scheme with forward secrecy based on elliptic curve , 2005, Appl. Math. Comput..

[16]  Dawn Xiaodong Song Athena: a new efficient automatic checker for security protocol analysis , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[17]  José María Sierra,et al.  Payment in a Kiosk Centric Model with Mobile and Low Computational Power Devices , 2006, ICCSA.

[18]  Mu-Shun Wang,et al.  Impact of Bank Operational Efficiency Using a Three-Stage DEA Model , 2014 .

[19]  Chun Chen,et al.  Lightweight and provably secure user authentication with anonymity for the global mobility network , 2011, Int. J. Commun. Syst..

[20]  Paul F. Syverson,et al.  On unifying some cryptographic protocol logics , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[21]  Huaxiong Wang,et al.  Formal analysis of card-based payment systems in mobile devices , 2006, ACSW.

[22]  Hung-Yu Chien,et al.  Digital signature with message recovery using self-certified public keys and its variants , 2003, Appl. Math. Comput..

[23]  Paul F. Syverson,et al.  The Logic of Authentication Protocols , 2000, FOSAD.

[24]  José María Sierra,et al.  Anonymous Payment in a Kiosk Centric Model using Digital signature scheme with message recovery and Low Computational Power Devices , 2006, J. Theor. Appl. Electron. Commer. Res..

[25]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[26]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[27]  Joos Vandewalle,et al.  Hardware architectures for public key cryptography , 2003, Integr..