research-article

A Secure Fair Exchange for SMS-Based Mobile Payment Protocols Based on Symmetric Encryption Algorithms with Formal Verification

Authors:

Chalee Thammarat,

Werasak Kurutach Academic Editor:

Javier AguiarAuthors Info & Claims

Wireless Communications and Mobile Computing, Volume 2018

https://doi.org/10.1155/2018/6953160

Published: 01 January 2018 Publication History

Abstract

Information security and fair exchange are essential to creating trust among all the parties participating in any sale transaction. However, implementing them in any mobile commerce is challenging due to the limitation of resources on mobile devices. Numerous m-commerce protocols that have been proposed so far still lack those two important aspects. In this paper, we propose mobile payment (m-payment) protocols, a crucial part of m-commerce, that incorporate both information security and fair exchange while retaining their own lightweight property. To allow convenience of use, the proposed protocols can be implemented on the existing Short Message Service (SMS) infrastructure. Our approach is based on the secure session key generation technique to enhance information security under lightweight conditions and involves a trusted third party to guarantee fair exchange without information disclosure. We have formally proven that our protocols are more effective and efficient than others in terms of fairness, security, and lightweight properties. In addition, the soundness and completeness of the protocols have been analyzed and proven using BAN logic and an automated security protocol proof tool named Scyther.

References

[1]

N. Saxena and N. S. Chaudhari, “EasySMS: A protocol for end-to-end secure transmission of SMS,” IEEE Transactions on Information Forensics and Security, vol. 9, no. 7, pp. 1157–1168, 2014.

Digital Library

[2]

M. Toorani and A. A. B. Shirazi, “SSMS - A secure SMS messaging protocol for the m-payment systems,” in Proceedings of the 13th IEEE Symposium on Computers and Communications, ISCC 2008, pp. 700–705, mar, July 2008.

[3]

N. Saxena and N. S. Chaudhari, “SecureSMS: A secure SMS protocol for VAS and other applications,” The Journal of Systems and Software, vol. 90, no. 1, pp. 138–150, 2014.

[4]

A. Biryukov, A. Shamir, and D. Wagner, Real time cryptanalysis of A5/1 on a PC, 2007, https://cryptome.org/a51-bsw.htm.

[5]

A. Pourali, M. V. Malakooti, and M. H. Yektaie, “A secure SMS model in e-commerce payment using combined AES and ECC encryption algorithms,” Society of Digital Information and Wireless Communication, p. 431, 2014.

[6]

N. R. Kisore and S. Sagi, “A secure SMS protocol for implementing digital cash system,” in Proceedings of the International Conference on Advances in Computing, Communications and Informatics, ICACCI 2015, pp. 1883–1892, ind, August 2015.

[7]

S. Bojjagani and V. N. Sastry, “SSMBP: A secure SMS-based mobile banking protocol with formal verification,” in Proceedings of the 11th IEEE International Conference on Wireless and Mobile Computing, Networking and Communications, WiMob 2015, pp. 252–259, are, October 2015.

[8]

H. Rongyu, Z. Guolei, C. Chaowen, X. Hui, Q. Xi, and Q. Zheng, “A PK-SIM card based end-to-end security framework for SMS,” Computer Standards & Interfaces, vol. 31, no. 4, pp. 629–641, 2009.

Digital Library

[9]

M. Thomas and V. Panchami, “An encryption protocol for end-to-end secure transmission of SMS,” in Proceedings of the IEEE International Conference on Circuit, Power and Computing Technologies, ICCPCT 2015, ind, March 2015.

[10]

A. Alotaibi and H. Aldabbas, “A review of fair exchange protocols,” International Journal of Computer Networks & Communications, vol. 4, no. 4, 2012.

[11]

A. Paulin and T. Welzer, “A universal system for fair non-repudiable certified e-mail without a trusted third party,” Computers & Security, vol. 32, pp. 207–218, 2013.

Digital Library

[12]

M. Jakobsson, “Ripping coins for a fair exchange,” Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics): Preface, vol. 921, pp. 220–230, 1995.

[13]

A. A. Mohammed, “Ownership transfer protocol,” in Proceedings of the Internet Technology and Secured Transactions, 2010.

[14]

R. H. Deng, “Practical protocols for certified electronic mail,” Journal of Network and Systems Management, vol. 4, no. 3, pp. 279–296, 1996.

[15]

A. Abdullah and H. Aldabbas, “Design and evaluation of a new fair exchange protocol based on an online TTP,” International Journal of Network Security & Its Applications, vol. 4, no. 4, pp. 21–36, 2012.

[16]

J. N. Luo, M. H. Yang, and S.-Y. Huang, “An Unlinkable Anonymous Payment Scheme based on near field communication,” Computers and Electrical Engineering, vol. 49, pp. 198–206, 2016.

Digital Library

[17]

J. Liu and L. Vigneron, “Design and verification of a non-repudiation protocol based on receiver-side smart card,” IET Information Security, vol. 4, no. 1, pp. 15–29, 2010.

[18]

W. Fan, H. Shu, E. Fife, and Q. Yan, “An enhanced-security fair E-payment protocol,” in Proceedings of the 2009 WRI World Congress on Computer Science and Information Engineering, CSIE 2009, pp. 516–519, usa, April 2009.

Digital Library

[19]

M. Ben-Or, O. Goldreich, S. Micali, and R. L. Rivest, “A fair protocol for signing contracts,” Institute of Electrical and Electronics Engineers Transactions on Information Theory, vol. 36, no. 1, pp. 40–46, 1990.

Digital Library

[20]

N. Asokan, M. Schunter, and M. Waidner, “Optimistic protocols for fair exchange,” in Proceedings of the 1997 4th ACM Conference on Computer and Communications Security, pp. 6–17, April 1997.

[21]

A. M. Alaraj and M. Munro, “Enforcing honesty in fair exchange protocols,” Advanced Information and Knowledge Processing, vol. 52, pp. 451–479, 2010.

[22]

A. M. Alaraj, “Purchase of physical products online,” in Proceedings of the 2012 International Conference on Multimedia Computing and Systems (ICMCS), pp. 937–940, Tangiers, Morocco, May 2012.

[23]

A. M. Alaraj, “Fair certified email protocol,” International Journal of Computer & Technology, vol. 10, no. 1, pp. 1255–1260, 2013.

[24]

R.-J. Hwang and C.-H. Lai, “Provable fair document exchange protocol with transaction privacy for e-commerce,” Symmetry, vol. 7, no. 2, pp. 464–487, 2015.

[25]

S. Bojjagani and V. N. Sastry, “A secure end-to-end SMS-based mobile banking protocol,” International Journal of Communication Systems, vol. 30, no. 15, pp. 1–19, 2017.

[26]

C.-L. Chen, H.-Y. Lin, Y.-Y. Chen, and J.-K. Jan, “A fair transaction model in mobile commerce,” in Proceedings of the Signal Processing and Information Technology, pp. 484–489, 2006.

[27]

M. Burrows, M. Abadi, and R. Needham, “Logic of authentication,” ACM Transactions on Computer Systems, vol. 8, no. 1, pp. 18–36, 1990.

Digital Library

[28]

C. Thammarat, R. Chokngamwong, C. Techapanupreeda, and S. Kungpisdan, “A secure SMS mobile payment protocol ensuring fair exchange,” in IEE Proc. The 29th Circuit/Systems Computers and Communications, pp. 163–166, Thailand, Phuket, 2014.

[29]

S. Kungpisdan and S. Metheekul, “A secure offline key generation with protection against key compromise,” in Proceedings of the 13th World Multi-Conference on Systemics, Cybernetics and Informatics, WMSCI 2009, Jointly with the 15th International Conference on Information Systems Analysis and Synthesis, ISAS 2009, pp. 63–67, usa, July 2009.

[30]

H. Pagnia and F. C. Gärtner, “On the impossibility of fair exchange without a trusted third party,” Technical Report TUD-BS-1999-02, Darmstadt University of Technology, Department of Computer Science, Darmstadt, Germany, 1999, pp. 1-15.

[31]

O. Dandash, Y. Wang, P. D. Le, and B. Srinivasan, “Fraudulent internet banking payments prevention using dynamic key,” Journal of Networks, vol. 3, no. 1, pp. 25–34, 2008.

[32]

S. Kungpisdan, P. D. Le, and B. Srinivasan, “A limited-used key generation scheme for internet transactions,” Lecture Notes in Computer Science, vol. 3325, 2005.

[33]

H. H. Ngo, X. Wu, P. D. Le, C. Wilson, and B. Srinivasan, “Dynamic key cryptography and applications,” International Journal of Network Security, vol. 10, no. 3, pp. 161–174, 2010.

[34]

S. Kungpisdan, B. Srinivasan, and P. D. Le, “Lightweight mobile credit-card payment protocol,” in Progress in cryptology---{INDOCRYPT} 2003, vol. 2904 of Lecture Notes in Comput. Sci., pp. 295–308, Springer, Berlin, 2003.

[35]

A. D. Rubin and R. N. Wright, “Off-line generation of limited-use credit card numbers,” Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics): Preface, vol. 2339, pp. 196–209, 2002.

[36]

C. Cremers, “The scyther tool: verification, falsification, and analysis of security protocols,” in Proceedings of the IEE on Computer Aided Verification, pp. 414–418, Springer, Berlin/Heidelberg, Germany, 2008.

[37]

C. Cremers and M. Sjouke, Operational semantics and verification of security protocols, Springer Science Business Media, 2012.

[38]

C. Patsakis, K. Dellios, and M. Bouroche, “Towards a distributed secure in-vehicle communication architecture for modern vehicles,” Computers & Security, vol. 40, pp. 60–74, 2014.

Digital Library

[39]

Q. Cheng, S. Lu, and J. Ma, “Analysis and improvement of the Internet-Draft IKEv3 protocol,” International Journal of Communication Systems, vol. 30, no. 9, 2017.

[40]

M. Bilal and S. Kang, “Time-assisted authentication protocol,” International Journal of Communication Systems, p. 16, 2017.

[41]

Y. Ma, “NFC communications-based mutual authentication scheme for the internet of things,” International Journal of Network Security, vol. 19, no. 4, pp. 631–638, 2017.

[42]

N. R. Potlapally, S. Ravi, A. Raghunathan, and N. K. Jha, “A study of the energy consumption characteristics of cryptographic algorithms and security protocols,” IEEE Transactions on Mobile Computing, vol. 5, no. 2, pp. 128–143, 2006.

Digital Library

[43]

D. Mishra, A. K. Das, A. Chaturvedi, and S. Mukhopadhyay, “A secure password-based authentication and key agreement scheme using smart cards,” Journal of Information Security and Applications, vol. 23, pp. 28–43, 2015.

Digital Library

[44]

R. Mishra and A. K. Barnwal, “A Privacy Preserving Secure and Efficient Authentication Scheme for Telecare Medical Information Systems,” Journal of Medical Systems, vol. 39, no. 5, 2015.

Digital Library

[45]

L. Hu, L. Chi, H.-T. Li, W. Yuan, Y. Sun, and J.-F. Chu, “The classic security application in M2M: The authentication scheme of mobile payment,” KSII Transactions on Internet and Information Systems, vol. 6, no. 1, pp. 131–146, 2012.

[46]

S. Kungpisdan, “Accountability of centralized payment systems: Formal reasoning, protocol design and analysis,” IETE Technical Review, vol. 27, no. 5, pp. 351–364, 2010.

[47]

Y. Chen, J. Martínez, P. Castillejo, and L. López, “A Privacy Protection User Authentication and Key Agreement Scheme Tailored for the Internet of Things Environment: PriAuth,” Wireless Communications and Mobile Computing, vol. 2017, pp. 1–17, 2017.

Digital Library

Cited By

Gupta BGaurav AArya VAlhalabi WAlsalman DVijayakumar P(2024)Enhancing user prompt confidentiality in Large Language Models through advanced differential encryptionComputers and Electrical Engineering10.1016/j.compeleceng.2024.109215116:COnline publication date: 1-May-2024
https://dl.acm.org/doi/10.1016/j.compeleceng.2024.109215
Techapanupreed CKurutach W(2020)Enhancing Transaction Security for Handling Accountability in Electronic Health RecordsSecurity and Communication Networks10.1155/2020/88994092020Online publication date: 1-Jan-2020
https://dl.acm.org/doi/10.1155/2020/8899409

Index Terms

A Secure Fair Exchange for SMS-Based Mobile Payment Protocols Based on Symmetric Encryption Algorithms with Formal Verification

Index terms have been assigned to the content through auto-classification.

Recommendations

A Family of Trusted Third Party Based Fair-Exchange Protocols

Fair exchange protocols play an important role in application areas such as e-commerce where protocol participants require mutual guarantees that a transaction involving exchange of items has taken place in a specific manner. A protocol is fair if no ...
Attribute-based optimistic fair exchange: How to restrict brokers with policies

Optimistic fair exchange (OFE) is a kind of protocols for solving the fair exchange problem between two participants with the help of an arbitrator that only needs to be involved when dispute occurs. As far as we are concerned, all previous work on OFE ...
A Formal Method for Analyzing Fair Exchange Protocols
ICIE '09: Proceedings of the 2009 WASE International Conference on Information Engineering - Volume 02

In the area of formal analyzing of security protocols, more and more attention has been given to analyzing properties of fair exchange protocols such as non-repudiation and fairness. On the basis of analyzing the limitations of existing methods, this ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Wireless Communications & Mobile Computing

Wireless Communications & Mobile Computing Volume 2018, Issue

2018

6447 pages

ISSN:1530-8669

Issue’s Table of Contents

Copyright © 2018 Chalee Thammarat and Werasak Kurutach.

This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Publisher

John Wiley and Sons Ltd.

United Kingdom

Publication History

Published: 01 January 2018

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Gupta BGaurav AArya VAlhalabi WAlsalman DVijayakumar P(2024)Enhancing user prompt confidentiality in Large Language Models through advanced differential encryptionComputers and Electrical Engineering10.1016/j.compeleceng.2024.109215116:COnline publication date: 1-May-2024
https://dl.acm.org/doi/10.1016/j.compeleceng.2024.109215
Techapanupreed CKurutach W(2020)Enhancing Transaction Security for Handling Accountability in Electronic Health RecordsSecurity and Communication Networks10.1155/2020/88994092020Online publication date: 1-Jan-2020
https://dl.acm.org/doi/10.1155/2020/8899409

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents