A secure and privacy-preserving mobile wallet with outsourced verification in cloud computing

Mobile wallet, also known as mobile payment, is becoming one of the most frequently used approach to provide payment services under financial regulation via mobile device and may redefine our lifestyle with the rapid popularity of mobile Internet. In this paper, we address the security of the mobile wallet by providing a detailed threat analysis and identifying some unique design requirements in terms of security and privacy protection for mobile wallet. We then provide a novel approach to secure the mobile wallet and protect the privacy of the mobile user by incorporating the digital signature and pseudo-identity techniques. In view of several advantages of cloud computing, the computation task on the client side, which is usually featured with limited computation resources, is outsourced to the untrusted cloud server securely. The performance of our approach is evaluated via both theoretic analysis and experimental simulations. Also, the security analysis demonstrate that our approach can achieve desirable security properties of mobile wallet. HighlightsA secure and anonymous mobile wallet protocol has been proposed in this paper.Based on signature and pseudo-identity, unforgeability and anonymity can be offered.Performance evaluation and security analysis demonstrate our approach is practical.

[1]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[2]  Muhammad Waseem Khan SMS Security in Mobile Devices: A Survey , 2013 .

[3]  Sjouke Mauw,et al.  Security and trust management : 10th International Workshop, STM 2014, Wroclaw, Poland, September 10-11, 2014, proceedings , 2014 .

[4]  Bimal Roy Advances in Cryptology ASIACRYPT 2005: 11th International Conference on the Theory and Application of Cryptology and Information Security, Chennai, ... (Lecture Notes in Computer Science) , 2006 .

[5]  Mohsen Toorani,et al.  SSMS - A secure SMS messaging protocol for the m-payment systems , 2008, 2008 IEEE Symposium on Computers and Communications.

[6]  Rui Zhang,et al.  An efficient and provably‐secure certificateless signature scheme without bilinear pairings , 2012, Int. J. Commun. Syst..

[7]  Basel Alomair,et al.  Privacy versus scalability in radio frequency identification systems , 2010, Comput. Commun..

[8]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[9]  Konstantin Hyppönen,et al.  An Open, PKI-Based Mobile Payment System , 2006, ETRICS.

[10]  Yi Mu,et al.  Certificateless Signatures: New Schemes and Security Models , 2012, Comput. J..

[11]  Rafael Accorsi,et al.  Security and Trust Management , 2013, Lecture Notes in Computer Science.

[12]  Hu Xiong,et al.  Cost-Effective Scalable and Anonymous Certificateless Remote Authentication Protocol , 2014, IEEE Transactions on Information Forensics and Security.

[13]  Florian Hess,et al.  Efficient Identity Based Signature Schemes Based on Pairings , 2002, Selected Areas in Cryptography.

[14]  Ming Yin,et al.  The SIM-based mobile wallet , 2009, 2009 13th International Conference on Intelligence in Next Generation Networks.

[15]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[16]  Marc Girault,et al.  Server-Aided Verification: Theory and Practice , 2005, ASIACRYPT.

[17]  Wei Liu,et al.  The GPRS Mobile Payment System Based on RFID , 2006, 2006 International Conference on Communication Technology.

[18]  H. Harb,et al.  SecureSMSPay: Secure SMS Mobile Payment model , 2008, 2008 2nd International Conference on Anti-counterfeiting, Security and Identification.

[19]  Karen A. Scarfone,et al.  Guide to Bluetooth Security , 2008 .

[20]  Yi Mu,et al.  Improved certificateless signature scheme provably secure in the standard model , 2012, IET Inf. Secur..

[21]  Wei-Dar Chen,et al.  NFC mobile payment with Citizen Digital Certificate , 2011, The 2nd International Conference on Next Generation Information Technology.

[22]  Dong-Hee Shin,et al.  Towards an understanding of the consumer acceptance of mobile wallet , 2009, Comput. Hum. Behav..

[23]  Donald L. Amoroso,et al.  Building a Research Model for Mobile Wallet Consumer Adoption: The Case of Mobile Suica in Japan , 2012, J. Theor. Appl. Electron. Commer. Res..

[24]  Jian Meng,et al.  Secure Mobile Payment Model Based on WAP , 2008, 2008 4th International Conference on Wireless Communications, Networking and Mobile Computing.

[25]  Dongho Won,et al.  WIPI Mobile Platform with Secure Service for Mobile RFID Network Environment , 2006, APWeb Workshops.

[26]  Anthony C. Boucouvalas,et al.  Future personal "e-payment": IrFM , 2006, IEEE Wireless Communications.

[27]  Yi Mu,et al.  On the Security of Certificateless Signature Schemes from Asiacrypt 2003 , 2005, CANS.

[28]  Fagen Li,et al.  An Improved Certificateless Signature Scheme Secure in the Standard Model , 2008, Fundam. Informaticae.

[29]  Dong Hoon Lee,et al.  Anonymous and Traceable Communication Using Tamper-Proof Device for Vehicular Ad Hoc Networks , 2007, 2007 International Conference on Convergence Information Technology (ICCIT 2007).

[30]  Günter Müller Emerging Trends in Information and Communication Security, International Conference, ETRICS 2006, Freiburg, Germany, June 6-9, 2006, Proceedings , 2006 .

[31]  Duncan S. Wong,et al.  Secure Outsourced Attribute-Based Signatures , 2014, IEEE Transactions on Parallel and Distributed Systems.

[32]  Pavan Soni M-Payment Between Banks Using SMS [Point of View] , 2010, Proc. IEEE.

[33]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[34]  Pin-Han Ho,et al.  An Efficient Identity-Based Batch Verification Scheme for Vehicular Sensor Networks , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[35]  Karen A. Scarfone,et al.  Guide to Bluetooth Security: Recommendations of the National Institute of Standards and Technology (Special Publication 800-121 Revision 1) , 2012 .

[36]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[37]  Busra Ozdenizci,et al.  A Survey on Near Field Communication (NFC) Technology , 2012, Wireless Personal Communications.