A Secure Mobile Payment Framework in MANET Environment

A Secure Mobile Payment Framework in MANET Environment

Shaik Shakeel Ahamad (Department of Computer and Information Sciences, University of Hyderabad, & Institute for Development and Research in Banking Technology, Hyderabad, India), V. N. Sastry (Institute for Development and Research in Banking Technology, Hyderabad, India) and Siba K. Udgata (Department of Computer and Information Sciences, University of Hyderabad, Hyderabad, India)
Copyright: © 2013 |Pages: 31
DOI: 10.4018/jebr.2013010104
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

In this paper the authors propose a Secure Mobile Payment Framework in Multi hop Cellular Network environment (which is an integration of cellular networks and mobile ad hoc networks) using Mobile Agent technology and Digital Signature with Message Recovery (DSMR) mechanism based on ECDSA mechanism. Secure communication in Multi hop Cellular Networks is a nontrivial task because of lack of infrastructure, no prior trust relationships among nodes due to the absence of a centralized authority. Mobile Agent technology and Digital Signature with Message Recovery based on ECDSA mechanism provides secure mobile payments in Multi hop Cellular Networks. Mobile Agent technology has many benefits such as bandwidth conservation, reduction of latency, reduction of completion time, Asynchronous (disconnected) communications. Digital Signature with Message Recovery based on ECDSA eliminates the need of adopting PKI cryptosystems. The proposed protocol ensures Authentication, Integrity, Confidentiality and Non Repudiation, achieves Identity protection from merchant and Eavesdropper, achieves Transaction privacy from Eavesdropper and Payment Gateway, achieves Payment Secrecy, Order Secrecy, forward secrecy, prevents Double Spending, Overspending and Money laundering. The security properties of the proposed protocol have been verified successfully using BAN Logic, AVISPA and Scyther Tools and presented with results.
Article Preview

Introduction

The unprecedented growth of mobile communication technology stimulated by the ever increasing demand for personal mobility in communications has led researchers to develop new technologies. One such recent development is Multi hop Cellular Networks (MCN) which is an integration of Single hop Cellular Networks (SCN) and ad hoc networks. Single hop cellular networks (SCN) is one where a mobile station (MS) communicates with base station (BS) and ad hoc networks are dynamic, decentralized, infrastructure less, self organizing and easily deployable without any planning. Both the technologies have their own merits and demerits. SCN’s performance is reliable and has strong and mature technology support but the infrastructure is very costly. On the other hand ad hoc networks are very cheap, easily deployable mainly due to the use of unlicensed spectrum of IEEE 802.11. Integration of these two technologies has led to the development of a new technology called Multi hop Cellular Networks (MCN) which provides the merits of both the technologies. The integration of cellular networks with mobile ad hoc networks offers lot of promising applications. Using Multi hop Cellular Networks mobile devices can communicate and access information at anytime and everywhere.

For any secure electronic payment system to be successful two conditions need to be satisfied a) Need of Public Key Infrastructure (PKI) to provide trust services for the engaging entities (i.e. engaging entities need to prove their credentials with the help of PKI) and b) Need of an online connection with the Bank in order to commit transaction and prevent fraud (double spending and overspending). Satisfying these two conditions is a challenging task in Multi hop Cellular Network environment so we propose to use Digital Signature with Message Recovery (DSMR) based on ECDSA mechanism for satisfying the first condition and Mobile Agent technology in order to satisfy the second condition. DSMR eliminates the need of certificates and removes the hurdle of PKI thereby reducing the consumption of resources. In addition to this DSMR requires smaller band width for data communications in order to achieve confidentiality, integrity, authentication and non repudiation properties. The authentication of public keys is implicitly being accomplished with DSMR verification. On the other hand Mobile Agent technology has many benefits such as bandwidth conservation, reduction of latency, reduction of completion time, Asynchronous (disconnected) communications. Mobile agent overcomes low bandwidth and disrupted network which is very common in Multi-hop Cellular-Networks. Using mobile agent the client need not be connected during the entire session thereby reducing the consumption of resources which are very scarce in mobile devices. This is achieved by sending an agent to the Issuer’s server carrying all the data necessary for the transaction. So by adopting DSMR mechanism and Mobile Agent technology provides an optimal solution for Mobile Payments in Multi hop Cellular Network environment. For reducing the size of messages and for greater efficiency in terms of key sizes and bandwidth we have used DSMR mechanism based on ECDSA. So ECDSA is suitable for resource constrained devices.

A typical scenario applying mobile agents for Mobile Payment framework in Multi hop Cellular Networks (MCN) environment would operate as follows. A Client tries to buy goods/services from merchant through a communication network i.e. internet and the client’s platform is mobile phone equipped with UICC (Universal Integrated Circuit Card) as secure element which is tamper resistant. Client cannot tamper the inner working of UICC because of tamper resistant nature of the UICC, the communication channel between UICC and mobile phone is secure and reliable. Mobile agents are created from the tamper resistant UICC which can be used as a communication bridge between the host and the agent so that a malicious host is unable to access the agent directly. UICC launches a smart mobile agent containing all the necessary negotiation and shopping logics to the Internet. The agent shops around and makes decisions based on the contained logics and finally returns the best quote to the UICC. As a result, during the shopping phase, once the agent has been launched only one message must be received and responded to by the UICC. Another advantage of using mobile agent technology is that agent’s real-time interaction capability. For many time-critical applications, the mobile agent can make decisions on the spot, without interactively asking for its owner’s confirmation. After the agent brings back a Order Information (OI), the UICC verifies the Order Information (OI) and performs the final purchase transaction.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 13: 4 Issues (2017)
Volume 12: 4 Issues (2016)
Volume 11: 4 Issues (2015)
Volume 10: 4 Issues (2014)
Volume 9: 4 Issues (2013)
Volume 8: 4 Issues (2012)
Volume 7: 4 Issues (2011)
Volume 6: 4 Issues (2010)
Volume 5: 4 Issues (2009)
Volume 4: 4 Issues (2008)
Volume 3: 4 Issues (2007)
Volume 2: 4 Issues (2006)
Volume 1: 4 Issues (2005)
View Complete Journal Contents Listing