A Secure Lightweight and Scalable Mobile Payment Framework
Existing SIP-based mobile payment solutions do not ensure all the security properties. In this paper we propose a Secure Lightweight and Scalable Mobile Payment Framework (SLSMP) using Signcryption scheme with Forward Secrecy (SFS) based on elliptic curve scheme which combines digital signature and encryption functions (Hwang et al., 2005) . It takes lower computation and communication cost to provide security functions. SLSMP is highly scalable which is attributed to SIP for data exchange. This paper uses WPKI, UICC as Secure Element and depicts system architecture and detailed protocol of SIP based mobile payment solution. Our proposed framework is suitable for both micro and macro payments. Our proposed protocol ensures End to End security i.e. ensures Authentication, Integrity, Confidentiality and Non Repudiation properties, achieves Identity protection from merchant and Eavesdropper, achieves Transaction privacy from Eavesdropper and Payment Gateway, achieves Payment Secrecy, Order Secrecy, forward secrecy, prevents Double Spending, Overspending and Money laundering.
KeywordsMobile Payments SIP (Session Initiation Protocol) ECDSA Signcryption scheme with Forward Secrecy (SFS) WPKI
Unable to display preview. Download preview PDF.
- 1.Zhang, G., Cheng, F., Hasso, C.M.: Towards Secure Mobile Payment Based on SIP. In: 15th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems 2008, Belfast, Northern Ireland, pp. 96–104 (2008)Google Scholar
- 2.Zhang, G., Cheng, F., Meinel, C.: SIMPA: A SIP-based Mobile Payment Architecture. In: Seventh IEEE/ACIS International Conference on Computer and Information Science 2008, pp. 287–292 (2008)Google Scholar
- 3.Hao, J., Zou, J., Dai, Y.: A Real-Time Payment Scheme for SIP Service Based on Hash Chain. In: IEEE International Conference on e-Business Engineering 2008, pp. 279–286 (2008)Google Scholar
- 4.Kungpisdan, S., Thai-Udom, T.: Securing Micropayment Transactions Over Session Initiation Protocol. In: 9th International Symposium on Communications and Information Technology (ISCIT 2009), pp. 187–192 (2009)Google Scholar
- 5.Hwang, R.-J., Lai, C.-H., Su, F.-F.: An efficient signcryption scheme with forward secrecy based on elliptic curve. Applied Mathematics and Computation 167, 870–881 (2005), doi:10.1016/j.amc.2004.06.124Google Scholar
- 6.Muhammad, S., Furqan, Z., Guha, R.K.: Understanding the intruder through attacks on cryptographic protocols. In: Proceedings of the 44th ACM Southeast Conference (ACMS 2006), pp. 667–672 (March 2006)Google Scholar
- 7.Ahamad, S.S., Sastry, V.N., Udgata, S.K.: Secure Mobile Payment Framework based on UICC with Formal Verification. Special Issue on ‘Future Trends in Security Issues in Internet and Web Applications’. Int. J. Computational Science and Engineering (2012) (in press) (accepted)Google Scholar
- 8.Ahamad, S.S., Sastry, V.N., Udgata, S.K.: A secure and optimized mobile payment framework with formal verification. In: SECURIT 2012, pp. 27–35 (2012)Google Scholar
- 9.Rosenberg, et al.: RFC 3261: SIP Session Initiation Protocol (June 2002)Google Scholar