Secure and Optimized Mobile Based Merchant Payment Protocol using Signcryption

Secure and Optimized Mobile Based Merchant Payment Protocol using Signcryption

Shaik Shakeel Ahamad (Institute for Development and Research in Banking Technology and University of Hyderabad, India), V. N. Sastry (Institute for Development and Research in Banking Technology and University of Hyderabad, India) and Siba K. Udgata (Institute for Development and Research in Banking Technology and University of Hyderabad, India)
Copyright: © 2012 |Pages: 31
DOI: 10.4018/jisp.2012040105
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

The authors propose a Secure and Optimized Mobile based Merchant Payment (SOMMP) Protocol using Signcryption scheme with Forward Secrecy (SFS) based on elliptic curve which consumes less computational and communication cost. In SOMMP client sends message in the form of TransCertC (Transaction Certificate) which is a X.509 SLC (X.509 Short Lived Certificate) thereby reducing the client interactions with the engaging parties thereby reducing the consumption of resources (from Client’s perspective) which are very scarce in Resource Constrained Devices like Mobile Phones. In SOMMP protocol WSLC (WPKI Short Lived Certificate) eliminates the need of certificates validation and removes the hurdle of PKI thereby reducing storage space, communication cost and computational cost. Their proposed SOMMP ensures Authentication, Integrity, Confidentiality and Non Repudiation, achieves Identity protection from merchant and Eavesdropper, achieves Transaction privacy from Eavesdropper and Payment Gateway, achieves Payment Secrecy, Order Secrecy, forward secrecy, and prevents Double Spending, Overspending and Money laundering. In addition to these SOMMP withstands Replay, Man in the Middle and Impersonation attacks. The security properties of the proposed SOMMP protocol have been verified using BAN Logic, AVISPA and Scyther Tools and presented with results.
Article Preview

Mobile Payment Protocols proposed (Téllez & Sierra, 2007a, 2007b, 2007c; Téllez et al., 2006a, 2006b, 2008) are suitable for scenarios with communication restrictions (Téllez & Sierra, 2007c; Téllez et al., 2006a) employs symmetric-key operations and (Téllez & Sierra, 2007a, 2007b; Téllez et al., 2006b, 2008) protocols employs Digital Signature with Message Recovery using Self-Certified public keys schemes based on RSA. Our proposed SOMMP protocol is suitable for scenarios with/without communication restrictions.

  • a)

    Protocols proposed (Téllez & Sierra, 2007c; Téllez et al., 2006a) employs symmetric-key operations and (Téllez & Sierra, 2007a, 2007b; Téllez et al., 2006b, 2008) employs Digital Signature with Message Recovery using Self-Certified public keys schemes based on RSA (which consumes more computational and communication cost compared with ECC).

  • b)

    The no of Client interactions with other engaged parties are more.

  • c)

    Protocols proposed (Téllez & Sierra, J. 2007a, 2007b, 2007c; Téllez et al., 2006a, 2006b, 2008) do not ensure forward secrecy and Public Verification.

  • d)

    In Téllez and Sierra (2007a, 2007b, 2007c) and Téllez et al. (2006a, 2006b) protocols every Client C needs to register itself with merchant in merchant registration protocol thereby consuming lot of resources.

  • e)

    Téllez and Sierra (2007c) and Téllez et al. (2006a) protocols does not ensure non repudiation.

  • f)

    Téllez and Sierra (2007a, 2007b) and Téllez et al. (2006b) protocols cannot withstand Replay attack, Impersonation attack, and MITM attack. Téllez et al. (2008) protocol cannot withstand MITM attack.

  • g)

    Merchant communicating Payment Gateway is not realistic in Téllez and Sierra (2007a, 2007b) and Téllez et al. (2006b, 2008)

  • h)

    Security protocols are error prone and are not easy to identify errors and prove their correctness. Mobile Payment Protocols proposed by Tellez et.al. were not verified using Manual Formal verification methods (like BAN Logic, SVO Logic) or using Automated Formal verification Tools like AVISPA, Scyther and CryptoVerif.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 12: 4 Issues (2018): 1 Released, 3 Forthcoming
Volume 11: 4 Issues (2017)
Volume 10: 4 Issues (2016)
Volume 9: 4 Issues (2015)
Volume 8: 4 Issues (2014)
Volume 7: 4 Issues (2013)
Volume 6: 4 Issues (2012)
Volume 5: 4 Issues (2011)
Volume 4: 4 Issues (2010)
Volume 3: 4 Issues (2009)
Volume 2: 4 Issues (2008)
Volume 1: 4 Issues (2007)
View Complete Journal Contents Listing