Special Offers
- IGI Global’s New Emerging Topic e-Book Collections
  Acquire highly focused and affordable Cutting-Edge Peer-Reviewed Research Content through a selection of 17 topic-focused e-Book Collections discounted up to 90%, compared to list prices. Collection topics include Artificial Intelligence, Data Science, Language Learning, Marketing and Customer Relations, Sustainability, and many more. Hosted on the InfoSci^® platform, these collections feature no DRM, no additional cost for multi-user licensing, no embargo of content, full-text PDF & HTML format, and more.
  Learn More
- Open Access Book (Free Access) - Encyclopedia of Information Science and Technology, Sixth Edition (ISBN: 9781668473665)
  The Encyclopedia of Information Science and Technology, Sixth Edition) continues the legacy set forth by the first five editions by providing comprehensive coverage and up-to-date definitions of the most important issues, concepts, and trends pertaining to technological advancements and information management within a variety of settings and industries. The entire book is being published under open access.
  Read Now
- Open Access Book (Free Access) - Food Sustainability, Environmental Awareness, and Adaptation and Mitigation Strategies for Developing Countries (ISBN: 9781668456293)
  Food Sustainability, Environmental Awareness, and Adaptation and Mitigation Strategies for Developing Countries provides information on the recent technology, mitigation, and environmental protection that must be applied for food sustainability in developing countries. This book is being published under Platinum Open Access through funding from Diponegoro University, Indonesia.
  Read Now
- Open Access Book (Free Access) - New Models of Higher Education: Unbundled, Rebundled, Customized, and DIY (ISBN: 9781668438091)
  The Walmart Corporation and the Lumina Foundation have provided funding to make New Models of Higher Education: Unbundled, Rebundled, Customized, and DIY fully open access, completely removing any paywall between scholars in education and the latest research on new models for the future of higher education.
  Read Now
- Open Access Book (Free Access) - Handbook of Research on the Global View of Open Access and Scholarly Communications (ISBN: 9781799898054)
  Through a collaboration between IGI Global and the University of North Texas, the Handbook of Research on the Global View of Open Access and Scholarly Communications has been published as fully open access, completely removing any paywall between researchers of any field, and the latest research on the equitable and inclusive nature of Open Access and all of its complications.
  Read Now
Books
- - Books by Subject
  - Business, Administration, & Management
  - Scientific, Technical, & Medical (STM)
  - Education
  - Books by Field
Journals
- - Journals
  - OnDemand Journal Articles
  - Journals by Subject
  - Business, Administration, & Management
  - Scientific, Technical, & Medical (STM)
  - Education
  - Journals by Field
e-Collections
OnDemand
Open Access
- View All Open Access Opportunities
  Search across all of IGI Global’s available open access publishing opportunities to unleash your research potential.
  Find an Open Access Journal for Your Next Manuscript
  Search across all of IGI Global’s available open access publishing opportunities to unleash your research potential.
  Submit an Open Access Book Proposal
  Learn more about open access book publishing and how it can propel your research forward in the field.
  Convert Your Work to Open Access
  Already published? You can convert your work to open access to increase its impact through IGI Global’s Restrospective Open Access Program.
  Utilize Open Access Collection Database
  Open up your research potential by utilizing our open access content or integrating the open access collection into your library
  Consider Open Access Agreements
  For Libraries: consider no-cost or investment-level open access agreements with IGI Global to support your faculty's research endeavors.
  Search Funding Resources
  Looking for additional funding resources to support your open accesss endeavors? View industry resources compiled by our open access team.
  Review Open Access Policies & Ethical Guidelines
  Considering IGI Global to publish your work under open access? Review IGI Global’s open access policies and ethical guidelines
Publish with Us
Resources
- - Instructors
  - Course Adoption
  - Teaching Cases
  - K-12 Online Learning Collection
  - Authors and Editors
  - eEditorial Discovery^® System
  - Peer Review Process
  - Ethics and Malpractice
  - COPE Membership
  - Fair Use Policy
  - Open Access Publishing
  - FAQ
Catalogs
About Us

A Secure Mobile Wallet Framework with Formal Verification

Shaik Shakeel Ahamad, V. N. Sastry, Siba K. Udgata

Source Title: International Journal of Advanced Pervasive and Ubiquitous Computing (IJAPUC) 4(2)

DOI: 10.4018/japuc.2012040101

OnDemand:

(Individual Articles)

Available

$37.50

Current Special Offers

No Current Special Offers

Abstract

This paper proposes a Secure Mobile Wallet Framework (SMWF) using WPKI (Wireless Public Key Infrastructure) and UICC (Universal Integrated Circuit Card) by defining (a) a procedure of personalizing UICC by the client, (b) a procedure of provisioning and personalization (Mutual Authentication and Key Agreement Protocol) of Mobile Payments Application (which is on UICC) by the Bank and (c) our proposed mobile wallet is will have mobile wallet manager managed by CA (acting as TSM), every mobile application is independent, protected by firewalls and encrypted data is stored in the mobile wallet application. Their proposed Mobile Wallet ensures end to end security. The authors’ proposed SMWF is compared with recent works and found to be better in terms of generating client’s credentials, implementation of WPKI in UICC, personalization of mobile payment application by the bank and in ensuring end to end security (i.e., from Mobile Payments Application in UICC to the Bank Server). The proposed mobile payment protocol originating from Mobile Payment Application (which is on UICC) to the Bank Server realizes Fair Exchange ensures Confidentiality, Authentication, Integrity and Non Repudiation, prevents double spending, over spending and money laundering, and withstands replay, Man in the Middle (MITM) and Impersonation attacks. Proposed mobile payment protocol is formally verified using AVISPA and Scyther Tool and presented with results.

Article Preview

Top

Introduction

A mobile wallet is a complete payment application for NFC-enabled mobile phone that enables consumers to pay at stores at the point of sale with a mobile phone. The digital wallet, which is associated with a credit card, integrates all payment-related services like the management and storage of receipts, coupons and offers, and loyalty cards. With the rapid evolution of mobile technology, and an expanding base of mobile phone users, the mobile wallet has been recognized as having growth potential in the mobile commerce industry (Au & Kauffman, 2007). The industry strives to develop and build robust mobile commerce applications and at the same time provide an environment for secure, convenient, cost saving and efficient business transactions. A mobile wallet can support various transactions, including consumer-to-consumer, consumer-to-business, consumer-to-machine (i.e., paying for small-value transactions at a device such as a parking meter), and consumer-to-online. In addition, consumers have greater flexibility for settling transactions at the point of sale with mobile phone payments. Our proposed mobile wallet is a much-advanced and versatile application that includes elements of mobile transactions, as well as other items one may find in a wallet, such as debit cards, credit cards, membership cards, loyalty cards and travel cards. It also stores personal and sensitive information like passports, credit card information, PIN codes, online shopping accounts, booking details and insurance policies that can be encrypted or password-protected. Our proposed mobile wallet is loaded inside the UICC (Universal Integrated Circuit Card) of the mobile phone called UICC Wallet, which stores data in a UICC. The UICC is the smart card used in mobile phone in GSM or UMTS networks. Since it is a smart card, it inherits all the security features of smart cards. It provides a secure storage of data.

The remainder of the article is as follows: First, we give a literature review of mobile wallets, gaps found in the literature and contributions made by us. Then we propose a Secure Mobile Wallet Framework SMWF based on NFC. Next we present Security analysis of our proposed mobile payment protocol in SMWF. Followed by a comparative analyses of the proposed framework with the literature review (Table 1). Afterwards we present Formal Verification of the Proposed Protocol‘s Security using AVISPA and SCYTHER TOOLS. Finally we then conclude our work. We provide some explanations of notations and abbreviations in the Appendix (Tables 2 and 3).

Table 1.

Comparative analysis of SMWF protocol with the literature

Protocols Features	Google Wallet 2011	NTT DoCoMo 2012	Labrou et al., 2004	Steffens et al., 2009	Zhao & Muftic, 2011	Our’s
Authentication	Yes	Yes	Yes	Yes	Yes	Yes
Confidentiality	Yes	Yes	Yes	Yes	Yes	Yes
Integrity	Yes	Yes	Yes	Yes	Yes	Yes
Non-Repudiation	Yes	Yes	Yes	Yes	Yes	Yes
Client’s credentials are generated using OBKG procedure	No	No	No	No	No	Yes
WPKI is implemented in the memory of Mobile Phone	No	No	No	No	No	Yes
Ensures reliable and Secure end to end communication	No	No	No	No	No	Yes
Ensures end to end Security at application level	No	No	No	No	No	Yes
Proposed for Proximity (NFC) Mobile Payments	No	No	No	No	No	Yes
Identity Protection from Eavesdropper	No	No	No	No	No	Yes
Transaction Privacy Protection from Eavesdropper	No	No	No	No	No	Yes
Transaction Privacy Protection from PG	No	No	No	No	No	Yes
Prevents Double Spending	Nr	Nr	Nr	Nr	Nr	Yes
Prevents Over spending	Nr	Nr	Nr	Nr	Nr	Yes
Prevents Money Laundering	Nr	Nr	Nr	Nr	Nr	Yes
Withstands Replay Attack	Yes	Yes	No	No	No	Yes
Withstands Impersonation Attack	Yes	Yes	No	No	No	Yes
Withstands MITM Attack	Yes	Yes	No	No	No	Yes
Prone to Attacks	Yes	Yes	Yes	Yes	Yes	No
Formal Verification using AVISPA & SCYTHER TOOL	No	No	No	No	No	Yes
Biometric Authentication is ensured at the client’s side	No	No	No	No	No	Yes
Ensures Fair Exchange	No	No	No	No	No	Yes
Biometric Solution is proposed in a separate smart card	No	No	No	No	No	Yes

Complete Article List

Search this Journal:

Reset

Open Access Articles: Forthcoming

Volume 11: 4 Issues (2019)

Volume 10: 4 Issues (2018)

Volume 9: 4 Issues (2017)

Volume 8: 4 Issues (2016)

Volume 7: 4 Issues (2015)

Volume 6: 4 Issues (2014)

Volume 5: 4 Issues (2013)

Volume 4: 4 Issues (2012)

Volume 3: 4 Issues (2011)

Volume 2: 4 Issues (2010)

Volume 1: 4 Issues (2009)

View Complete Journal Contents Listing

MLA

APA

Chicago

Export Reference

A Secure Mobile Wallet Framework with Formal Verification

Abstract

Introduction

Complete Article List