Article Preview
TopIntroduction
Resurgence of smart phones in today’s world has resulted in significant efforts towards developing various types of mobile phone apps, starting from health and personal care to finance and investment, entertainment and travel to research and education. There are apps which store and transmit vital personal information which if in wrong hands can cause serious harm to person’s financial interests. These apps communicate over the internet with little or no security. Hence, it is easy to pry their communication and identify contents of the messages exchanged.
To thwart this threat, we need to employ a concept of data encryption. When applied, data encryption techniques convert plain text to a cipher text. A cipher text is plain text, but ineligible such that the malicious users who are monitoring the communication cannot make out the content of message. The process of converting from plain text to cipher text is known as encryption and reverse process as decryption. To convert plain text and cipher text and vice-versa, a key is required. This key is needed by both parties and is transferred from a trusted third party to both sides engaged in communication. The protocol that is used for securely exchanging key is called key exchange protocol.
The purpose of this paper is to compare our proposed protocol’s performance in real time against other similar protocols proposed by researchers and industry standard protocols such as 3D secure and IKP. The detailed discussion on reasoning of selection of various protocols in this experiment for comparison is presented in section four of the paper.
We hypothesize that it is possible to develop a secure key exchange protocol for mobile computers that is also more efficient and resource friendly when compared to other similar key exchange protocols.
We analyzed security requirements of different mobile based applications in our previous paper (Vyas, Trivedi, & Patel, Analysis of Security Requirements of Futuristic Mobile Applications, 2016). We found that there are many parameters that affect security of an application. However, some parameters affect certain applications more significantly than other parameters. We also found in our analysis that requirements of security for an E-commerce application are mostly fulfilled by our proposed protocol.
Our experiment is different from many experiments of key exchange protocols done in textbooks as most of the key exchange protocols are analyzed for their performance based on a mathematical model. This approach is better when a protocol is proposed as a theoretical concept, however, when implemented it needs to be tested for its performance against other protocols. We test our proposed protocol against other protocols to generate quantitative results which can be used to measure actual performance of protocol with real world applications.
E-commerce sector in India is slated to grow at 54% during years 2011-16 (Wigder, Noble, Sehgal, & Varon, 2011) (IANS, 2014). This growth is driven by smart phones (PTI, 2010) and high speed data plans available. To make purchasing easy for its customers, E-commerce companies are offering many deals and discounts to its users through app only deals. This will urge users to download and install their apps and thus make users shop from their smart phones. Shopping from smart phones apps of E-commerce companies is convenient. However, users share their financial details such as credit or debit card numbers.
It is for the above-mentioned reason that we selected an e-commerce application for testing and comparing our proposed protocol’s performance with standard protocol used by industry and some of the recently proposed protocols by researchers.
We mainly consider number of operations that are required by protocol to exchange key, battery power consumed in process of key exchange and time taken for key to transfer from one party to the other. A typical smart device user uses apps on various networks with varying speed. We conduct our simulations in 2G, 3G and Wi-Fi networks. We draw our conclusions based on results.