A Secure Mobile Wallet Framework with Formal Verification

2012 ◽  
Vol 4 (2) ◽  
pp. 1-15 ◽  
Author(s):  
Shaik Shakeel Ahamad ◽  
V. N. Sastry ◽  
Siba K. Udgata
Keyword(s):  
Integrated Circuit ◽  
Mobile Application ◽  
Key Agreement ◽  
Mutual Authentication ◽  
Mobile Payment ◽  
Mobile Payments ◽  
Payment Protocol ◽  
Man In The Middle ◽  
End To End ◽  
Wireless Public Key Infrastructure

This paper proposes a Secure Mobile Wallet Framework (SMWF) using WPKI (Wireless Public Key Infrastructure) and UICC (Universal Integrated Circuit Card) by defining (a) a procedure of personalizing UICC by the client, (b) a procedure of provisioning and personalization (Mutual Authentication and Key Agreement Protocol) of Mobile Payments Application (which is on UICC) by the Bank and (c) our proposed mobile wallet is will have mobile wallet manager managed by CA (acting as TSM), every mobile application is independent, protected by firewalls and encrypted data is stored in the mobile wallet application. Their proposed Mobile Wallet ensures end to end security. The authors’ proposed SMWF is compared with recent works and found to be better in terms of generating client’s credentials, implementation of WPKI in UICC, personalization of mobile payment application by the bank and in ensuring end to end security (i.e., from Mobile Payments Application in UICC to the Bank Server). The proposed mobile payment protocol originating from Mobile Payment Application (which is on UICC) to the Bank Server realizes Fair Exchange ensures Confidentiality, Authentication, Integrity and Non Repudiation, prevents double spending, over spending and money laundering, and withstands replay, Man in the Middle (MITM) and Impersonation attacks. Proposed mobile payment protocol is formally verified using AVISPA and Scyther Tool and presented with results.

A Secure Two-Factor Remote User Authentication and Session Key Agreement Scheme

2016 ◽  
Vol 12 (2) ◽  
pp. 62-79 ◽  
Author(s):  
Preeti Chandrakar ◽  
Hari Om
Keyword(s):  
Key Agreement ◽  
User Authentication ◽  
Mutual Authentication ◽  
Security Analysis ◽  
Session Key ◽  
Key Agreement Protocol ◽  
Remote User Authentication ◽  
Session Key Agreement ◽  
Man In The Middle ◽  
Remote User

In this article, the authors have proposed a secure two-factor remote user authentication and session key agreement protocol. As they have shown in the presented scheme, is precise and secure according to both formal and informal security analysis. For formal security analysis, they have applied BAN (Burrows-Abadi-Needham) logic which certifies that the presented scheme provides the amenity of mutual authentication and session key agreement safely. The informal security verification has shown that the proposed scheme is more vigorous against various sort of cruel threats. Moreover, the authors have simulated the presented scheme using broadly accepted AVISPA tool, whose simulation results make sure that the protocol is not dangerous from active and passive attacks together with replay and man-in-the-middle attacks. In addition, the performance evaluation and the security comparison have revealed that the presented scheme gives strong security as well as better complexity in the context of smart card memory requirement, communication cost and computation cost.

A Secure Mobile Payments Protocol Based on ECC

2014 ◽  
Vol 519-520 ◽  
pp. 151-154 ◽  
Author(s):  
Xiao Mei Chen ◽  
Shi Hong Zou
Keyword(s):  
Mobile Terminal ◽  
Mobile Payment ◽  
Key Generation ◽  
Symmetric Encryption ◽  
Security Risks ◽  
Mobile Payments ◽  
Network Bandwidth ◽  
Payment Protocol ◽  
Set Protocol ◽  
Key Length

Owing to the limitations of mobile terminals and network bandwidth, the current Secure Electronic Transaction (SET) protocol can not be introduced into mobile payment directly. Present mobile payment system often uses symmetric encryption algorithm that may bring in some security risks. A new secure mobile payment protocol based on ECC was presented ,which ensures information flows from merchant to customer and enhances the security of customer’s information. Theoretical analysis shows that, ECC can not only meet the requirements of short key generation time, but also ensure that at the same time of cracking code the ratio of RSA and ECC key length is greater than 5:1. The number of signing the certificate verification, asymmetric and symmetric encryption of the new protocol is also lesser than SET protocol, so the current mobile terminal and network capabilities can support this protocol to ensure safe and effective mobile payment process.

scholarly journals EMV-Compatible Offline Mobile Payment Protocol with Mutual Authentication

Sensors ◽  
2019 ◽  
Vol 19 (21) ◽  
pp. 4611
Author(s):  
Jia-Ning Luo ◽  
Ming-Hour Yang
Keyword(s):  
Numerical Analysis ◽  
Real Time ◽  
Credit Card ◽  
Mutual Authentication ◽  
Risk Control ◽  
Mobile Payment ◽  
Retail Environment ◽  
Hash Chain ◽  
Payment Protocol ◽  
And Performance

In 2014, Yang proposed a method to enhance the current EMV credit card protocol (EPMAR). However, the protocol ignores the exceeding of a credit quota caused by multiple offline transactions, with the result that the amount spent can exceed the risk control scope. In this paper, we proposed an EMV-compatible offline mobile payment protocol with mutual authentication (EOPMA) to enhance EPMAR. In EOPMA, we use the reverse hash chain technique to guarantee the payment, which solves the problem of credit quotas getting exceeded because of multiple offline payments. During a transaction, in addition to payment for merchandise, an offline authorization certificate for the transaction is sent to the merchant. The merchant can verify the correctness of the transaction in real time. Our protocol is compatible with the EMV standard, which is applicable to the retail environment of numerous merchants and effectively, making EMV transactions more secure and reliable. We use numerical analysis to examine the security and performance of the protocols. We formally check the correctness of EOPMA by using the Gong–Needham–Yahalom logic.

scholarly journals Secure Key Agreement and Authentication Protocol for Message Confirmation in Vehicular Cloud Computing

2020 ◽  
Vol 10 (18) ◽  
pp. 6268
Author(s):  
JoonYoung Lee ◽  
SungJin Yu ◽  
MyeongHyun Kim ◽  
YoungHo Park ◽  
SangWoo Lee ◽  
...  
Keyword(s):  
Cloud Computing ◽  
Key Agreement ◽  
Mutual Authentication ◽  
Authentication Protocol ◽  
Internet Security ◽  
Malicious Attacks ◽  
Session Key ◽  
Vehicular Cloud Computing ◽  
Vehicular Cloud ◽  
Man In The Middle

With the development of vehicular ad-hoc networks (VANETs) and Internet of vehicles (IoVs), a large amount of useful information is generated for vehicle drivers and traffic management systems. The amount of vehicle and traffic information is as large as the number of vehicles and it is enormous when compared to vehicle calculation and storage performance. To resolve this problem, VANET uses a combined cloud computing technology, called vehicular cloud computing (VCC), which controls vehicle-related data, and helps vehicle drivers directly or indirectly. However, VANETs remain vulnerable to attacks such as tracking, masquerade and man-in-the-middle attacks because VANETs communicate via open networks. To overcome these issues, many researchers have proposed secure authentication protocols for message confirmation with vehicular cloud computing. However, many researchers have pointed out that some proposed protocols use ideal tamper-proof devices (TPDs). They demonstrated that realistic TPDs cannot prevent adversaries attack. Limbasiya et al. presented a message confirmation scheme for vehicular cloud computing using a realistic TPD in order to prevent these problems. However, their proposed scheme still has security weaknesses over a TPD and does not guarantee mutual authentication. This paper proposes a secure key agreement and authentication protocol to address the security weaknesses inherent in the protocol of Limbasiya et al. The suggested protocol withstands malicious attacks and ensures secure mutual authentication for privacy-preserving. We prove that the proposed protocol can provide session key security using Real-Or-Random (ROR) model. We also employed Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation tool to show that the proposed protocol is able to defeat replay and man-in-the-middle attacks. Furthermore, we established that the proposed protocol can resist other malicious attacks by conducting the informal security analysis. We proved that our proposed protocol is lightweight and suitable for VCC environments.

Multi-Factor Identity Authenticated Key Agreement Protocol

2014 ◽  
Vol 556-562 ◽  
pp. 5597-5602
Author(s):  
Jun Wang ◽  
Yue Chen ◽  
Gang Yang ◽  
Hong Yong Jia ◽  
Ju Long Lan
Keyword(s):  
Smart Card ◽  
Key Agreement ◽  
Mutual Authentication ◽  
Impersonation Attack ◽  
Forward Security ◽  
Session Key ◽  
Session Key Agreement ◽  
Man In The Middle ◽  
Mutual Identity ◽  
Weak Resistance

This paper proposes scheme can achieve mutual authentication and session key agreement based on multi-factor. It improves the scheme proposed by Chuang et al on protecting from the stolen smart card attack, impersonation attack, server spoofing attack and man-in-the-middle attack, and guaranteeing on the forward security. It solves the problem of weak resistance to attacks in single-factor authentication approaches, by combining the smart card with biometrics and password. It also guarantees the security of mutual identity authentication between users and servers and that of session keys. It consumes more computing resources that the Chuang’s scheme, but it can resist to several known attacks efficiently.

A secure end-to-end proximity NFC-based mobile payment protocol

2019 ◽  
Vol 66 ◽  
pp. 103348 ◽  
Author(s):  
Sriramulu Bojjagani ◽  
V.N. Sastry
Keyword(s):  
Mobile Payment ◽  
Payment Protocol ◽  
End To End
Sign in / Sign up

Export Citation Format

Share Document