Secure and optimized mobile based merchant payment protocol using signcryption
Secure and optimized mobile based merchant payment protocol using signcryption
No Thumbnail Available
Date
2012-01-01
Authors
Ahamad, Shaik Shakeel
Sastry, V. N.
Udgata, Siba K.
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
The authors propose a Secure and Optimized Mobile based Merchant Payment (SOMMP) Protocol using Signcryption scheme with Forward Secrecy (SFS) based on elliptic curve which consumes less computational and communication cost. In SOMMP client sends message in the form of TransCertC (Transaction Certificate) which is aX.509 SLC (X. 509 Short Lived Certificate) thereby reducing the client interactions with the engaging parties thereby reducing the consumption ofresources (from Client s perspective) which are very scarce in Resource Constrained Devices like Mobile Phones. In SOMMP protocol WSLC (WPKI Short Lived Certificate) eliminates the need of certificates validation and removes the hurdle of PKI thereby reducing storage space, communication cost and computational cost. Their proposed SOMMP ensures Authentication, Integrity, Confidentiality and Non Repudiation, achieves Identity protection from merchant and Eavesdropper, achieves Transaction privacy from Eavesdropper and Payment Gateway, achieves Payment Secrecy, Order Secrecy, forward secrecy, and prevents Double Spending, Overspending and Money laundering. In addition to these SOMMP withstands Replay, Man in the Middle and Impersonation attacks. The security properties of the proposed SOMMP protocol have been verified using BAN Logic, AVISPA and Scyther Tools and presented with results. Copyright © 2012, IGI Global.
Description
Keywords
Automated validation of internet security protocols and applications (AVISPA) tool and scyther tool,
Burrow s-Abadi-Needham logic,
Secure and Optimized Mobile based Merchant Payment (SOMMP),
Signcryption scheme with Forward Secrecy (SFS),
Transaction Certificate (TransCertC),
X.509 Short Lived Certificate (X.509SLC)
Citation
International Journal of Information Security and Privacy. v.6(2)