A secure and optimized mobile payment framework with formal verification
Pages 27 - 35
Abstract
In this paper we propose a Secure and Optimized Mobile Payment Framework based on Universal Integrated Circuit Card (UICC) (a) which summarizes a mobile payment in relation to several different participants, (b) a procedure of personalizing UICC by the client c) a procedure of provisioning and personalization (Mutual Authentication, Key Agreement Protocol & a procedure for ensuring non repudiation without adopting WPKI) of Mobile Payments Application (which is on UICC) by the Bank d) a mobile payment protocol is proposed between the personalized Mobile Payment Application on UICC and the Bank Server which ensures all the security properties. All the proposed protocols have been successfully verified using AVISPA and Scyther Tools.
References
[1]
Huy Hoang Ngo, Osama Dandash, Phu Dung Le, Bala Srinivasan and Campbell Wilson, "Formal Verification of a Secure Mobile Banking Protocol" Advances in Networks and Communications, Communications in Computer and Information Science, 2011, Volume 132, Part 2, 410--421.
[2]
Supakorn Kungpisdan1, Bala Srinivasan2, and Phu Dung Le, "A Secure Account-Based Mobile Payment Protocol" Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'04) 0-7695-2108-8/04.
[3]
Supakorn Kungpisdan, Bala Srinivasan, and Phu Dung Le, "Accountability Logic for Mobile Payment Protocols" Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'04).
[4]
Supakorn Kungpisdan, "Formal Modeling of Practical and Secure Mobile Payment Systems"
[5]
Gianluigi Me, Maurizio A. Strangio, "EC-PAY: An Efficient and Secure ECC-based Wireless Local Payment Scheme" Proceedings of the Third International Conference on Information Technology and Applications (ICITA'05).
[6]
Gianluigi Me, Alex Schuster "A mobile local payment system Bluetooth based" International Symposium on Wireless Communications (ISWSN'05) 2005.
[7]
Buyya, Rajkumar; Ma, Tianchi; Safavi-Naini, Reihaneh; Steketee, Chris and Susilo, Willy, "Formal analysis of card-based payment systems in mobile devices" ACSW frontiers 2006: proceedings of the Fourth Australasian Symposium on Grid Computing and e-Research (AusGrid 2006) and the Fourth Australasian Information Security Workshop (Network Security) (AISW 2006), Hobart, Tasmania, Australia, 16--19 January 2006, p.213--220.
[8]
Ahamad, S. S., Udgata, S. K. and Sastry, V. N. (2012) 'A new mobile payment system with formal verification', Int. J. Internet Technology and Secured Transactions, Vol. 4, No. 1, pp.71--103.
[9]
Muhammad, S., Furqan, Z. and Guha, R. K. (2006) 'Understanding the intruder through attacks on cryptographic protocols', Proceedings of the 44th ACM Southeast Conference (ACMSE2006), March, pp.667--672.
[10]
W. Stallings, "Cryptography and Network Security: Principles and Practices," 4th Edition, Pearson Education, ISBN-10: 0131873164 ISBN-13: 9780131873162, 2006.
[11]
C. J. F. Cremers, "Scyther-Semantics and Verification of Security Protocols," Ph.D. Thesis, Eindhoven University of Technology, 2006
[12]
A. Armando et al., "The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications," Proceedings of Computer Aided Verification'05 (CAV), Vol. 3576 of Lecture Notes in Computer Science, Springer, 2005, pp. 281--285.
[13]
Supakorn Kungpisdan, Bala Srinivasan, and Phu Dung Le, "Lightweight Mobile Credit-Card Payment Protocol", INDOCRYPT 2003, LNCS 2904, pp. 295--308.
[14]
D. R. Stinson, "Cryptography-Theory and Practice," 3rd edition, Chapman & Hall/CRC, 2006.
[15]
Karnouskos, S. (2004). Mobile Payment: A Journey Through Existing Procedures and Standardization Initiatives. IEEE Communications Surveys and Tutorials, 6(4), 44--66.
[16]
J. E. Rice and Y. Zhu, "A proposed architecture for secure two-party mobile payment", IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, 2009. PacRim 2009, pages 88--93.
Index Terms
- A secure and optimized mobile payment framework with formal verification
Recommendations
A secure NFC mobile payment protocol based on biometrics with formal verification
In this paper, we propose a secure NFC mobile payment protocol based on biometrics SNMPBs using wireless public key infrastructure WPKI and universal integrated circuit card UICC. Electronic signatures generated in this protocol are considered qualified ...
A Secure Mobile Wallet Framework with Formal Verification
This paper proposes a Secure Mobile Wallet Framework (SMWF) using WPKI (Wireless Public Key Infrastructure) and UICC (Universal Integrated Circuit Card) by defining (a) a procedure of personalizing UICC by the client, (b) a procedure of provisioning and ...
Secure mobile payment framework based on UICC with formal verification
In this paper, we propose a secure mobile payments framework based on universal integrated circuit card UICC by defining: a a procedure of personalising UICC by the client; b a procedure of provisioning and personalisation mutual authentication and key ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
August 2012
266 pages
ISBN:9781450318228
DOI:10.1145/2490428
- General Chairs:
- R. Chandrasekhar,
- Andrew Tanenbaum,
- P. Venkat Rangan
Copyright © 2012 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
- SIGSAC: ACM Special Interest Group on Security, Audit, and Control
- TCG: Trusted Computing Group
- Amrita: Amrita Vishwa Vidyapeetham
- CSA: Computer Science Association
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 17 August 2012
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
SECURIT '12
Sponsor:
- SIGSAC
- TCG
- Amrita
- CSA
SECURIT '12: First International Conference on Security of Internet of Things
August 17 - 19, 2012
Kollam, India
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 275Total Downloads
- Downloads (Last 12 months)2
- Downloads (Last 6 weeks)0
Reflects downloads up to 21 Nov 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in