Design, implementation, and performance analysis of a secure payment protocol in a payment gateway centric model

详细信息    查看全文

• 作者：Jesús Téllez Isaac (1)
  Sherali Zeadally (2)
  
• 关键词：Performance evaluation ; Mobile payment protocol ; Secure protocol ; Implementation ; Security ; 68M12 Network protocols ; 94Axx Communication ; Information ; 91E45 Measurement and Performance ; 68M12 Network Protocols ; 90B118 Communication Networks
• 刊名：Computing
• 出版年：2014
• 出版时间：July 2014
• 年：2014
• 卷：96
• 期：7
• 页码：587-611
• 全文大小：
• 参考文献：1. Asokan N, Janson PA, Steiner M, Waidner M (1997) The state of the art in electronic payment systems. IEEE Comput 30(9):28-5 CrossRef
  2. Yu HC, Hsi KH, Kuo PJ (2002) Electronic payment systems: an analysis and comparison of types. Technol Soc 24(3):331-47 CrossRef
  3. Kungpisdan S (2005) Design and analysis of secure mobile payment systems. PhD thesis, Monash University
  4. González JAO (2006) Multi-party non-repudation protocols and applications. PhD thesis, University of Malaga (Campus de Teatinos)
  5. Leavitt N (2010) Payment applications make e-commerce mobile. Computer 43(12):19-2 CrossRef
  6. Antovski L, Gusev M (2003) M-payments. In: 25th international conference on informafion technology inferfaces (ITI-003), pp 16-9
  7. Siau K, Sheng H, Nah FFH (2004) The value of mobile commerce to customers. Third annual workshop on HCI research in MIS, pp 65-9
  8. Song X (2001) Mobile payment and security. Helsinki University of Technology Telecommunications Software and Multimedia Laboratory. http://www.tml.tkk.fi/Studies/T-110.501/2001/papers/xing.song.pdf
  9. Kshetri N (2012) Mobile payments in emerging markets. IT Prof 14(4):9-3 CrossRef
  10. Chita Kiran N, Kumar GN (2011) Building robust m-commerce payment system on offline wireless network. In: IEEE 5th international conference on advanced networks and telecommunication systems (ANTS-2011), pp 1-
  11. Hu ZY, Liu YW, Hu X, Li JH (2004) Anonymous micropayments authentication (ama) in mobile data network. In: 23rd annual joint conference of the IEEE computer and communications societies (INFOCOM-004), pp 46-3
  12. Hwang RJ, Shiau SH, Jan DF (2007) A new mobile payment scheme for roaming services. Electron Commer Res Appl 6(2):184-91 CrossRef
  13. Martinez-Pelaez R, Rico-Novella FJ, Satizabal C (2010) Study of mobile payment protocols and its performance evaluation on mobile devices. Int J Inf Technol Manag 9(3):337-56
  14. Chari S, Kermani P, Smith S, Tassiulas L (2001) Security issues in m-commerce: a usage-based taxonomy. E-commerce agents, marketplace solutions, security issues, and supply and demand, pp 264-82
  15. Hall J, Kilbank S, Barbeau M, Kranakis E (2001) Wpp A secure payment protocol for supporting credit-and debit-card transactions over wireless networks. In: International conference on telecommunications (ICT-001)
  16. Hong Wang EK (2003) Secure wireless payment protocol. International conference on wireless networks, pp 576-82
  17. Lei Y, Chen D, Jiang Z (2004) Generating digital signatures on mobile devices. In: 8th international conference on advanced information networking and applications (AINA-004), pp 532-35
  18. Misra SK, Wickramasinghe N (2004) Security of a mobile transaction: a trust model. Electron Commer Res 4(4):359-72 CrossRef
  19. Hassinen M, Hypp?nen K, Haataja K (2006) An open, pki-based mobile payment system. In: International conference emerging trends in information and communication security (ETRICS-006), pp 86-00
  20. Kumar SBR, Rabara SA (2010) Mpcs: secure account-based mobile payment system. Int J Inf Process Manag 1(1):59-9
  21. Alizadeh MV, Moghaddam RA, Momenebellah S (2011) New mobile payment protocol: mobile pay center protocol (mpcp). In: 3rd international conference on electronics computer technology (ICECT)-011), pp 74-8
  22. Brahma M, Patra GK, Thangavelu RP, Kumar VA (2011) Mobile based payment model for hpc clouds. In: International conference on recent trends in information technology (ICRTIT-2011), pp 189-93
  23. Buccafurri F, Lax G (2011) Implementing disposable credit card numbers by mobile phones. Electron Commer Res 11(3):271-96 CrossRef
  24. Launiainen T (2009) A comparison of mobile authentication methods. http://www.cse.tkk.fi/en/publications/B/5/papers/Launiainen_final.pdf
  25. Shuai F, You J, Zhensong L (2010) Research on symmetric key-based mobile payment protocol security. In: IEEE international conference on information theory and information, security (ICITIS-010), pp 340-44
  26. Bellare M, Rogaway P (1993) Entity authentication and key distribution. In: Advances in cryptology (CRYPTO-993), pp 232-49
  27. Kohl J, Neuman BC (1993) The kerberos network authentication service (version 5). Technical report, IETF RFC1510
  28. Neuman BC, Ts’o T (1994) Kerberos: an authentication service for computer networks. IEEE Commun 32(9):33-8 CrossRef
  29. Ford W (1995) Advances in public-key certificate standards. ACM SIGSAC Rev 13(3):9-5 CrossRef
  30. Housley R, Ford W, Polk W, Solo D (1999) Internet x.509 public key infrastructure certificateand crl profile. Technical report, IETF RFC2459
  31. Bakhtiari S, Baraani A, Khayyambashi MR (2009) Mobicash: A new anonymous mobile payment system implemented by elliptic curve cryptography. World Congress on computer science and information engineering, pp 286-90
  32. Vincent OR, Folorunso O, Akinde A (2010) Improving e-payment security using elliptic curve cryptosystem. Electron Commer Res 10(1):27-1 CrossRef
  33. Wu X, Dandash O, Le PD, Srinivasan B (2006) The design and implementation of a wireless payment system. In: First international conference on communication system software and middleware (Comsware-006), pp 1-
  34. Torres J, Carbonell M, Téllez J, Sierra JM (2008) Application of network smart cards to citizens identification systems. In: Smart card research and advanced applications, 8th IFIP WG 8.8/11.2 international conference (CARDIS-008), pp 241-54
  35. Gao J, Kulkarni V, Ranavat H, Chang L (2009) A 2d barcode-based mobile payment system. In: Third international conference on multimedia and ubiquitous, engineering (MUE-009), pp 320-29
  36. Lee J, Cho CH, Jun MS (2011) Secure quick response-payment(qr-pay) system using mobile device. In: 13th international conference on advanced communication technology (ICACT-011), pp 1424-427
  37. Ratha NK, Connell JH, Bolle RM (2001) Enhancing security and privacy in biometrics-based authentication systems. IBM Syst J 40(3):614-34 CrossRef
  38. Xi K, Ahmad T, Han F, Hu J (2010) A fingerprint based bio-cryptographic security protocol designed for client/server authentication in mobile computing environment. Secur Commun Netw 4(5):487-99
  39. Asokan N (1994) Anonymity in mobile computing environment. In: First workshop on mobile computing systems and applications (WMCSA-994), pp 200-04
  40. Isaac JT, Camara JS, Manzanares AI, Márquez JT (2006) Anonymous payment in a kiosk centric model using digital signature scheme with message recovery and low computational power devices. J. Theor. Appl. Electron. Commer. Res. 1(2):1-1
  41. Isaac JT, Cámara JS (2007) A secure payment protocol for restricted connectivity scenarios in m-commerce. In: 8th international conference E-commerce and web technologies (EC-Web-007), pp 1-0
  42. Isaac JT, Zeadally S, Camara JS (2010) Implementation and performance evaluation of a payment protocol for vehicular ad hoc networks. Electron Commer Res 10(2):209-33 CrossRef
  43. Sekhar VC, Sarvabhatla M (2012) A secure kiosk centric mobile payment protocol using symmetric key techniques. In: 7th IEEE international conference on industrial and, information systems (ICIIS-012), pp 1-
  44. Li W, Wen Q, Su Q, Zhengping, (2012) An efficient and secure mobile payment protocol for restricted connectivity scenarios in vehicular ad hoc network. Comput Commun 35(2):188-95
  45. Isaac JT, Zeadally S, Camara JS (2012) A lightweight secure mobile payment protocol for vehicular ad-hoc networks (vanets). Electron Commer Res 12(1):97-23 CrossRef
  46. Isaac JT, Zeadally S (2012) An anonymous secure payment protocol in a payment gateway centric model. Proc Comput Sci 10:758-65 CrossRef
  47. Abad-peiro JL, Asokan N, Steiner M, Waidner M (1997) Designing a generic payment service. IBM Syst J 37(1):72-8 CrossRef
  48. Kungpisdan S, Srinivasan B, Le PD (2003) Lightweight mobile credit-card payment protocol. In: 4th international conference on cryptology in India (Progress in Cryptology, INDOCRYPT-003), pp 295-08
  49. Krawczyk H, Bellare M, Canetti R (1997) Hmac: keyed-hashing for message authentication (rfc 2104)
  50. Bellare M, Garay JA, Hauser R, Herzberg A, Krawczyk H, Steiner M, Tsudik G, Herreweghen EV, Waidner M (2000) Design, implementation, and deployment of the ikp secure electronic payment system. IEEE J Select Areas Commun 18(4):611-27 CrossRef
  51. Mastercard Visa (1997) Set protocol specifications book, pp 1-
  52. Toh BTS, Kungpisdan S, Le PD (2004) Ksl protocol: design and implementation. In: IEEE conference on cybernetics and intelligent systems, pp 544-49
  53. Sun Microsystem (2008) Java platform, micro edition (java me), api specification. http://java.sun.com/javame/index.jsp
  54. Fun TS, Beng LY, Likoh J, Roslan R (2008) A lightweight and private mobile payment protocol by using mobile network operator. International conference on computer and communication engineering, pp 162-66
  55. Sun Microsystem (2008) Java platform, micro edition (java se) v 1.6.0, api specification. http://java.sun.com/javase/index.jsp
  56. Zhao H, Muftic S (2011) The concept of secure mobile wallet. In: World congress on internet, security (WorldCIS-011), pp 54-8
  57. The Legion of the Bouncy Castle (2008) The legion of the bouncy castle java cryptography apis version 1.4. http://www.bouncycastle.org
  58. NIST (2001) Fips pub 197 advance encryption standard (aes). http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
  59. Sánchez-Avila C, Sánchez-Reillol R (2001) The rijndael block cipher (aes proposal): a comparison with des. In: 35th IEEE international Carnahan conference on security, technology, pp 229-34
  60. Menezes A, Oorschot PV, Vanstone S (1997) Handbook of applied cryptography. CRC Press Inc, Boca Raton
  61. Yuan MJ (2003) Enterprise J2ME: developing mobile Java applications. PTR, Prentice Hall
  
• 作者单位：Jesús Téllez Isaac (1)
  Sherali Zeadally (2)
  
  1. Computer Science Department (Facyt) Av. Universidad, Universidad de Carabobo, Sector Bárbula, Valencia, Venezuela
  2. Department of Computer Science and Information Technology, University of the District of Columbia, Washington, D.C., 20008, USA
  
• ISSN：1436-5057

文摘

Many mobile payment systems have emerged in the last few years which allow payments for services and goods from mobile devices. However, most of them have been based on a scenario where all the entities are directly connected to each other (formally called the full connectivity scenario) and do not consider those situations where the client cannot directly communicate with the merchant. We present the design and the implementation of an anonymous secure payment protocol based on the payment gateway centric scenario for mobile environments where the client cannot communicate directly with the merchant to process the payment request. Our proposed payment protocol uses symmetric-key operations because of their low computational requirements. We present a performance evaluation of the proposed payment protocol in a real environment. Performance results obtained with the implemented protocol demonstrate that our protocol achieves a small execution time (11.68?s) for a payment transaction using a mobile phone and a restricted scenario which causes only a slight increase in the number of the steps necessary to complete a payment transaction as a result of the lack of direct communication between the client and the merchant.