Abstract
Along with the increasing expansion of wireless networks and mobile devices, security, and efficiency in mobile payment systems have become especially important. In this research, a secure and efficient mobile payment system is provided using an Identity-Based Signature (IBS). In the proposed scheme, issues related to managing digital certificates and also the key escrow problem related to identity-based cryptosystems are resolved. In the proposed system, malicious users are not only tracked but revoked from the system. The security and correctness of the proposed protocol are analyzed theoretically and also ProVerif (Protocol Verifier) automated tool used for verifying the security of the proposed scheme formally. The proposed scheme reduces the computational overhead of mobile devices by modifying system parameters and utilizing a cloud server and demonstrates an appropriate technology to communicate between mobile devices to perform payment transactions. Moreover, the proposed protocol provides more security attributes and reduces the total running time of the signature validation algorithm server-aided compared to existing similar protocols.
Similar content being viewed by others
References
Boden J, Maier E, Wilken R (2020) The effect of credit card versus mobile payment on convenience and consumers’ willingness to pay. JRCS 52:101910. https://doi.org/10.1016/j.jretconser.2019.101910
Isaac JT, Zeadally S (2014) Secure mobile payment systems. IT Prof 16:36–43. https://doi.org/10.1109/MITP.2014.40
Bhardwaj A, Subrahmanyam GVB, Avasthi V, Sastry H (2016) Security Algorithms for cloud computing. Procedia Comput Sci 85:535–542. https://doi.org/10.1016/j.procs.2016.05.215
Verma TBAK (2017) Data security in mobile cloud computing paradigm: a survey, taxonomy and open research issues. J Supercomput 73:2558–2631. https://doi.org/10.1007/s11227-016-1945-y
Tso R, Yi X, Huang X (2011) Efficient and short certificateless signatures secure against realistic adversaries. J Supercomput 55:173–191. https://doi.org/10.1007/s11227-010-0427-x
Shamir A (1985) Identity-based cryptosystems and signature schemes LNCS 84:47–53. https://doi.org/10.1007/3-540-39568-7_5
Dev D, Baishnab KL (2014) A review and research towards mobile cloud computing. API. https://doi.org/10.1109/MobileCloud.2014.41
Dahlberg T, Guo J, Ondrus J (2015) A critical review of mobile payment research. Electron Commer Res Appl 14:265–284. https://doi.org/10.1016/j.elerap.2015.07.006
Chaum D (1983) Blind signatures for untraceable payments. Adv Crypto 199:199–203. https://doi.org/10.1007/978-1-4757-0602-4_18
Chang C, Lai Y (2003) A flexible date-attachment scheme on e-cash. Comput Secur 22:160–166. https://doi.org/10.1016/S0167-4048(03)00214-1
Juang WS (2007) D-cash: a flexible pre-paid e-cash scheme for date-attachment. Electron Commer Res Appl 6:74–80. https://doi.org/10.1016/j.elerap.2005.12.001
Fan C, Guan DJ, Wang C, Lin D (2009) Cryptanalysis of Lee-Hwang-Yang blind signature scheme. Comput Stand Interfaces 31:319–320. https://doi.org/10.1016/j.csi.2008.02.002
Desmedt Y, Odlyzko AM (1985) A chosen text attack on the RSA cryptosystem and some discrete logarithm schemes. LNCS 218:516–522. https://doi.org/10.1007/3-540-39799-X_40
Bisel LD (2007) The role of SSL in Cybersecurity. IT Prof 9:22–25. https://doi.org/10.1109/MITP.2007.41
Guan HJ (2009) The Research of SET-Based Electronic Payment System Model. 2009 Int Conf E-bus Inf Syst Secur EBISS 2009. https://doi.org/10.1109/EBISS.2009.5138128.
Frisby W, Moench B, Recht B, Ristenpart T (2012) Security Analysis of Smartphone Point-of-Sale Systems. Woot, pp 1–3. http://dl.acm.org/citation.cfm?id=2372399.2372403.
Leu FY, Huang YL, Wang SM (2015) A secure M-Commerce system based on credit card transaction. Electron Commer Res Appl 14:351–360. https://doi.org/10.1016/j.elerap.2015.05.001
Martínez-Peláez R, Toral-Cruz H, Ruiz J, Velarde-Alvarado P (2015) P2PM-pay: person to person mobile payment scheme controlled by expiration date. Wirel Pers Commun 85:289–304. https://doi.org/10.1007/s11277-015-2738-y
Hou M, Xu Q, Lin F (2012) An efficient certificate revocation and verification scheme from multi-Hashing. Compute 7:1437–1444. https://doi.org/10.4304/jcp.7.6.1437-1444
Hu Q, Asghar MR, Brownlee N (2019) Checking certificate revocation efficiently using certificate revocation guard. JISA 48:102356. https://doi.org/10.1016/j.jisa.2019.06.012
Isaac JT, Zeadally S (2012) An anonymous secure payment protocol in a payment gateway centric model. Procedia Comput Sci 10:758–765. https://doi.org/10.1016/j.procs.2012.06.097
Yang JH, Lin PY (2016) A mobile payment mechanism with anonymity for cloud computing. J Syst Softw 116:69–74. https://doi.org/10.1016/j.jss.2015.07.023
Paar C, Pelzl J (2010) Understanding cryptography A textbook for students and practitioners. Springer, Heidelberg, pp 1–239. https://doi.org/10.1007/978-3-642-04101-3.
Qin Zhen, Sun J, Wahaballa A, Zheng W, Xiong H, Qin Zhiguang (2017) A secure and privacy-preserving mobile wallet with outsourced verification in cloud computing. Comput Stand Interfaces 54:55–60. https://doi.org/10.1016/j.csi.2016.11.012
Huang X, Mu Y, Susilo W, Wong DS, Wu W (2012) Certificateless signatures: new schemes and security models. Comput J 55:457–474. https://doi.org/10.1093/comjnl/bxr097
Zhang C, Lu R, Lin X, Ho PH, Shen X (2008) An efficient identity-based batch verification scheme for vehicular sensor networks. API, pp 816–824. https://doi.org/10.1109/INFOCOM.2008.58.
Liao Y, He Y, Li F, Zhou S (2018) Analysis of a mobile payment protocol with outsourced verification in cloud server and the improvement. Comput Stand Interfaces 56:101–106. https://doi.org/10.1016/j.csi.2017.09.008
Boyen X (2008) A tapestry of identity-based encryption: practical frameworks compared. IJACT 1:3–21. https://doi.org/10.1504/IJACT.2008.017047
Penttinen JTJ (2017) Wireless communications security: solution for the Internet of Things. Wiley Online Library, pp 189–206. https://doi.org/10.1002/9781119084402.
Fu Y, Chen CS, Zhou H (2009) Smart phone for mobile commerce. Comput Stand Interfaces 31:740–747. https://doi.org/10.1016/j.csi.2008.09.016
Rodríguez-Hernández MC, Ilarri S (2015) Pull-based recommendations in mobile environments. Comput Stand Interfaces 44:185–204. https://doi.org/10.1016/j.csi.2015.08.002
Park S, Lee I (2019) Enhanced signature RTD transaction scheme based on Chebyshev polynomial for mobile payments service in IoT device environment. J Supercomput 75:4617–4637. https://doi.org/10.1007/s11227-018-2546-8
Badra M, Badra RB (2016) A lightweight security protocol for NFC-based mobile payments. Procedia Comput Sci 83:705–711. https://doi.org/10.1016/j.procs.2016.04.156
Ning J, Ming L, Yang H (2014) An anonymous e-rental protocol based on ID-based cryptography and NFC. J Supercomput 70:31–53. https://doi.org/10.1007/s11227-013-1051-3
Yang JH (2017) An electronic transaction mechanism using mobile devices for cloud computing. Wirel Pers Commun 94:713–724. https://doi.org/10.1007/s11277-016-3646-5
Jia X, He D, Zeadally S, Li LI (2017) Efficient revocable ID-based signature with cloud revocation server. API 5:2945–2954. https://doi.org/10.1109/ACCESS.2017.2676021
Blanchet B (2016) Modeling and verifying security protocols with the applied Pi Calculus and ProVerif. Foundations Trends Priv Secur 1:1–135. https://doi.org/10.1561/3300000004
Blanchet B, Smyth B, Cheval V, Sylvestre M (2017) Automatic cryptographic protocol verifier, user manual and tutorial. http://www.cs.bham.ac.uk/~bas/papers/ProVerif-manual-version-1.98pl1.pdf.
Scott M (2011) On the Efficient Implementation of Pairing-Based Protocols. LNCS 7089:296–308. https://doi.org/10.1007/978-3-642-25516-8_18
Acknowledgements
The authors sincerely thank this journal for giving chances to proposing the scheme.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Alidadi Shamsabadi, F., Bakhtiari Chehelcheshmeh, S. A cloud-based mobile payment system using identity-based signature providing key revocation. J Supercomput 78, 2503–2527 (2022). https://doi.org/10.1007/s11227-021-03830-4
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-021-03830-4