Abstract
The use of e-payment system for electronic trade is on its way to make daily life more easy and convenient. Contrarily, there are a number of security issues to be addressed, user anonymity and fair exchange have become important concerns along with authentication, confidentiality, integrity and non-repudiation. In a number of existing e-payment schemes, the customer pays for the product before acquiring it. Furthermore, many such schemes require very high computation and communication costs. To address such issues recently Yang et al. proposed an authenticated encryption scheme and an e-payment scheme based on their authenticated encryption. They excluded the need of digital signatures for authentication. Further they claimed their schemes to resist replay, man-in-middle, impersonation and identity theft attack while providing confidentiality, authenticity, integrity and privacy protection. However our analysis exposed that Yang et al.’s both authenticated encryption scheme and e-payment system are vulnerable to impersonation attack. An adversary just having knowledge of public parameters can easily masquerade as a legal user. Furthermore, we proposed improved authenticated encryption and e-payment schemes to overcome weaknesses of Yang et al.’s schemes. We prove the security of our schemes using automated tool ProVerif. The improved schemes are more robust and more lightweight than Yang et al.’s schemes which is evident from security and performance analysis.
Similar content being viewed by others
References
Chen, S., & Ning, J. (2002). Constraints on e-commerce in less developed countries: The case of china. Electronic Commerce Research, 2(1–2), 31–42. doi:10.1023/A:1013331817147.
Kshetri, N. (2013). Cybercrime and cyber-security issues associated with china: some economic and institutional considerations. Electronic Commerce Research, 13(1), 41–69. doi:10.1007/s10660-013-9105-4.
Huang, X., Dai, X., & Liang, W. (2014). Bulapay: A novel web service based third-party payment system for e-commerce. Electronic Commerce Research, 14(4), 611–633. doi:10.1007/s10660-014-9172-1.
Chaum, D. (2013). Blind signatures for untraceable payments. In Advances in cryptology—CRYPTO ’86 Proceedings (pp. 199–203). Berlin: Springer.
Lysyanskaya, A., & Ramzan, Z. (1998). Group blind digital signatures: A scalable solution to electronic cash. In D. M. Goldschlag & S. G. Stubblebine (Eds.), Financial cryptography (pp. 184–197). Berlin: Springer.
Zhang, L., Zhang, F., Qin, B., & Liu, S. (2011). Provably-secure electronic cash based on certificateless partially-blind signatures. Electronic Commerce Research and Applications, 10(5), 545–552.
Xiaojun, W. (2010). An e-payment system based on quantum group signature. Physica Scripta, 82(6), 65403.
Eslami, Z., & Talebi, M. (2011). A new untraceable off-line electronic cash system. Electronic Commerce Research and Applications, 10(1), 59–66.
Yen, Y.-C., Wu, T.-C., Lo, N.-W., & Tsai, K.-Y. (2012). A fair-exchange e-payment protocol for digital products with customer unlinkability. KSII Transactions on Internet and Information Systems, 6(11), 2956–2979.
Chen, X., Li, J., Ma, J., Lou, W., & Wong, D. S. (2014). New and efficient conditional e-payment systems with transferability. Future Generation Computer Systems, 37, 252–258.
Yang, J.-H., Chang, Y.-F., & Chen, Y.-H. (2013). An efficient authenticated encryption scheme based on ecc and its application for electronic payment. Information Technology And Control, 42(4), 315–324.
Farash, M. S., & Attari, M. A. (2014). A secure and efficient identity-based authenticated key exchange protocol for mobile client-server networks. The Journal of Supercomputing, 69(1), 395–411.
Irshad, A., Sher, M., Faisal, M. S., Ghani, A., Ul Hassan, M., & Ch, S. A. (2014). A secure authentication scheme for session initiation protocol by using ecc on the basis of the tang and liu scheme. Security and Communication Networks, 7(8), 1210–1218.
Irshad, A., Sher, M., Rehman, E., Ch, S. A., Ul Hassan, M., & Ghani, A. (2013). A single round-trip sip authentication scheme for voice over internet protocol using smart card. Multimedia Tools and Applications. doi:10.1007/s11042-013-1807-z.
Farash, M. S., & Attari, M. A. (2013). An enhanced authenticated key agreement for session initiation protocol. Information Technology and Control, 42(4), 333–342.
Farash, M. S. (2014). Cryptanalysis and improvement of an efficient mutual authentication rfid scheme based on elliptic curve cryptography. The Journal of Supercomputing, 70(1), 987–1001.
Farash, M. S., & Attari, M. A. (2014). An anonymous and untraceable password-based authentication scheme for session initiation protocol using smart cards. International Journal of Communication Systems. doi:10.1002/dac.2848.
Farash, M. S. (2014). Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Networking and Applications. doi:10.1007/s12083-014-0315-x.
Farash, M. S. (2015). Cryptanalysis and improvement of an improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks. International Journal of Network Management, 25(1), 31–51.
Farash, M. S., Kumari, S., & Bakhtiari, M. (2015). Cryptanalysis and improvement of a robust smart card secured authentication scheme on sip using elliptic curve cryptography. Multimedia Tools and Applications. doi:10.1007/s11042-015-2487-7.
Farash, M. S., Islam, S. H., & Mohammad, S. O. (2015). A provably secure and efficient two-party password-based explicit uthenticated key exchange protocol resistance to password guessing attacks. Concurrency and Computation: Practice and Experience. doi:10.1002/cpe.3477.
Zheng, Y. (1997). Digital signcryption or how to achieve cost (signature & encryption)〈〈 cost (signature) + cost (encryption). In Advances in Cryptology-CRYPTO’97 (pp. 165–179). Berlin: Springer.
He, D., Kumar, N., & Chilamkurti, N. (2015). A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks, Information Sciences. doi:10.1016/j.ins.2015.02.010
He, D., & Zeadally, S. (2015). Authentication protocol for an ambient assisted living system. Communications Magazine, IEEE, 53(1), 71–77.
Chaudhry, S., Naqvi, H., Shon, T., Sher, M., & Farash, M. (2015). Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. Journal of Medical Systems, 39(6), 1–11. doi:10.1007/s10916-015-0244-0.
Abdalla, M., Benhamouda, F., & Pointcheval, D. (2015). Public-key encryption indistinguishable under plaintext-checkable attacks. In Public-Key Cryptography—PKC 2015 (pp. 332–352). Berlin: Springer.
Ch, S. A., Nizamuddin, N., Sher, M., Ghani, A., Naqvi, H., & Irshad, A. (2014). An efficient signcryption scheme with forward secrecy and public verifiability based on hyper elliptic curve cryptography. Multimedia Tools and Applications. doi:10.1007/s11042-014-2283-9.
Ch, S. A., Nizamuddin, N., & Sher, M. (2012). Public verifiable signcryption schemes with forward secrecy based on hyperelliptic curve cryptosystem. In Information systems, technology and management (pp. 135–142). Springer.
Nizamuddin, N., Ch, S. A., Nasar, W., & Javaid, Q. (2011. )Efficient signcryption schemes based on hyperelliptic curve cryptosystem. In 2011 7th IEEE international conference on emerging technologies (ICET) (pp. 1–4).
Nizamuddin, N., Ch, S. A., & Amin, N. (2011). Signcryption schemes with forward secrecy based on hyperelliptic curve cryptosystem. In IEEE high capacity optical networks and enabling technologies (HONET), 2011 (pp. 244–247).
Zheng, Y. (1997). Digital signcryption or how to achieve cost (signature & encryption) cost (signature) + cost (encryption). In Advances in cryptology-CRYPTO’97 (pp. 165–179). Santa Barbara: Springer.
Li, C.-T. (2011). Secure smart card based password authentication scheme with user anonymity. Information Technology and Control, 40(2), 157–162.
Hong, J.-W., Yoon, S.-Y., Park, D.-I., Choi, M.-J., Yoon, E.-J., & Yoo, K.-Y. (2011). A new efficient key agreement scheme for vsat satellite communications based on elliptic curve cryptosystem. Information Technology and Control, 40(3), 252–259.
Farash, M. S., & Attari, M. A. (2014). A provably secure and efficient authentication scheme for access control in mobile pay-tv systems. Multimedia Tools and Applications. doi:10.1007/s11042-014-2296-4.
Johnson, D., Menezes, A., & Vanstone, S. (2001). The elliptic curve digital signature algorithm (ecdsa). International Journal of Information Security, 1(1), 36–63.
Xie, Q., Dong, N., Tan, X., Wong, D. S., & Wang, G. (2013). Improvement of a three-party password-based key exchange protocol with formal verification. Information Technology And Control, 42(3), 231–237.
Xie, Q., Dong, N., Wong, D. S., & Hu, B. Cryptanalysis and security enhancement of a robust two-factor authentication and key agreement protocol. International Journal of Communication Systems. doi:10.1002/dac.2858
Hu, B., Xie, Q., & Li, Y. (2011). Automatic verification of password-based authentication protocols using smart card. In 2011 IEEE international conference on information technology, computer engineering and management sciences (ICM) (Vol. 1, pp. 34–39).
Cheval, V., & Blanchet, B. (2013). Proving more observational equivalences with proverif. In D. Basin & J. C. Mitchell (Eds.), Principles of security and trust (pp. 226–246). Berlin: Springer.
Acknowledgments
Authors would like to thank the anonymous reviewers and Prof. John Gerdes for their valuable suggestions to improve the quality, correctness, presentation and readability of the manuscript.
Author information
Authors and Affiliations
Corresponding author
Appendix
Appendix
In this appendix, we provided the ProVerif verification code for the proposed e-payment system. The protocol model of ProVerif is consisting of three parts. In declaration cryptographic primitives are defined as constructors, destructors and equations. Names are also defined in declaration part. Processes and sub processes are defined in process part, while the protocol is modeled in main process part. In ProVerif, cryptographic primitives are represented as set of functions (termed as constructors and destructors), further ProVerif make use of equations to represent algebraic relations like Diffie-Hellman key agreement. We modeled the proposed scheme as parallel execution of three distinct processes namely user U, Merchant M and the Bank B as defined below:
The attacker is modeled by the predicate attacker(X), where X is not known to attacker, if the predicate not attacker(X) results into false, then protocol secrecy and authentication is not maintained, otherwise protocol is secure. The attacker knows all public parameters like participants public keys and other related terms. The proposed protocol is modeled as set of steps mentioned in Sect. 5.2, and shown in Fig. 7, in beginning two public channels are defined: ch1 for communication between the user and bank, while ch2 for communication between user and merchant.
The constants and variables are defined as:
where Du, Db and Dm are private keys of respective participants, while IDu,IDb and IDm are public identities of user, bank and merchant respectively. P is the base point selected over elliptic curve \(E_p(a,b)\) and p is the price of goods while GI is the goods informations. The constructors, destructors and equations are defined as follows:
Events for user, bank and merchant are defined as follows:
There are three distinct processes in proposed protocol: user, bank and merchant. The user process computes R, K, p, m and C1 and sends \(\{C1,R,T1\}\) to bank using channel ch1. After then user receives C2 and T2 from bank and verifies T2 and kx finally user computes R, K1 and C3 and sends \(\{C3,R1,T3\}\) to merchant on channel ch2. The user process is modeled as follows:
The bank process after receiving \(\{C1,R,T1\}\), first computes K and decrypts C1 using x coordinates of K, then bank verifies validity of Kx and T1. Finally bank computes M, E, DS and C2 and sends \(\{C2,T2\}\) to user via channel ch1. The bank process is described as follows:
The merchant process receives \(\{C3,R1,T3\}\) from user. Merchant process further computes K1 and then perform symmetric decryption on C1 using K1x, which is x coordinate of K1. Further merchant verifies validity of T3 and K1x and computes p,m,M and checks the signatures DS with M. Finally merchant process sends encrypted good C4 to user. The merchant process is as follows:
The parallel execution of three processes are modeled as:
The attacker query is applied on two secret keys K and K1 as follows:
Rights and permissions
About this article
Cite this article
Chaudhry, S.A., Farash, M.S., Naqvi, H. et al. A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography. Electron Commer Res 16, 113–139 (2016). https://doi.org/10.1007/s10660-015-9192-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10660-015-9192-5