KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

The Classic Security Application in M2M: the Authentication Scheme of Mobile Payment

  • Hu, Liang (Software College, Jilin University) ;
  • Chi, Ling (Software College, Jilin University) ;
  • Li, Hong-Tu (College of Computer Science and Technology, Jilin University) ;
  • Yuan, Wei (College of Computer Science and Technology, Jilin University) ;
  • Sun, Yuyu (College of Computer Science and Technology, Jilin University) ;
  • Chu, Jian-Feng (College of Computer Science and Technology, Jilin University)
  • Received : 2011.08.29
  • Accepted : 2012.01.07
  • Published : 2012.01.30
Download PDF
⟨ Previous Next ⟩

Abstract

As one of the four basic technologies of IOT (Internet of Things), M2M technology whose advance could influence on the technology of Internet of Things has a rapid development. Mobile Payment is one of the most widespread applications in M2M. Due to applying wireless network in Mobile Payment, the security issues based on wireless network have to be solved. The technologies applied in solutions generally include two sorts, encryption mechanism and authentication mechanism, the focus in this paper is the authentication mechanism of Mobile Payment. In this paper, we consider that there are four vital things in the authentication mechanism of Mobile Payment: two-way authentication, re-authentication, roaming authentication and inside authentication. Two-way authentication is to make the mobile device and the center system trust each other, and two-way authentication is the foundation of the other three. Re-authentication is to re-establish the active communication after the mobile subscriber changes his point of attachment to the network. Inside authentication is to prevent the attacker from obtaining the privacy via attacking the mobile device if the attacker captures the mobile device. Roaming authentication is to prove the mobile subscriber's legitimate identity to the foreign agency when he roams into a foreign place, and roaming authentication can be regarded as the integration of the above three. After making a simulation of our proposed authentication mechanism and analyzing the existed schemes, we summarize that the authentication mechanism based on the mentioned above in this paper and the encryption mechanism establish the integrate security framework of Mobile Payment together. This makes the parties of Mobile Payment apply the services which Mobile Payment provides credibly.

Keywords

References

  1. X.Y. Zhou and J.M. Schoenung, "An integrated impact assessment and weighting methodology: Evaluation of the environmental consequences of computer display technology substitution," in Proc. of Journal of Environmental Management, vol. 83, no. 1, pp. 1-24, 2007.
  2. Abidi. B.R, Aragam. N.R, Yao. Y and Abidi. MA, "Survey and analysis of multimodal sensor planning and integration for wide area surveillance," in Proc. of ACM Computer Surveys, vol. 41, no. 1, 2008.
  3. Mendes. LDP and Rodrigues. JJPC, "A survey on cross-layer solutions for wireless sensor networks," in Proc. of Journal of network and computer applications, vol. 34, no. 2, pp. 523-534, 2011. https://doi.org/10.1016/j.jnca.2010.11.009
  4. Axel. Glanz and Oliver. Jung, "Machine-to-machine kommunikition," in Proc. of Campus Verlag, pp. 7-14, 2010.
  5. Cha. Inhyok, Shah. Yogendra and Schmidt. Andreas U, "Trust in M2M communication," in Proc. of IEEE Vehicular Technology Magazine, vol. 4, no. 3 pp. 69-75, 2009.
  6. Chang. Kim, Soong. Anthony and Tseng. Mitch, "Global wireless machine-to-machine standardization," in Proc. of IEEE Internet Computing, vol. 15, no. 2, pp. 64-69, 2011.
  7. Dai. GuoHua, LI. BaoRong and L1U. ZhaoYuan, "M2M industry development status and problems," Guangzhou Research Institute of China Telecom Co. L TD.2008.
  8. Ramfos. A, Karnouskos. S and Vilmos. A, "SEMOPS: Paying with mobile personal devices," in Proc. of International Federation for Information Processing, vol. 146, pp. 247-261, 2004.
  9. Au. Yoris. A and Kauffman. Robert. J, "The economics of mobile payments: Understanding stakeholder issues for an emerging financial technology application," in Proc. of Electronic Commerce Research and Applications, vol. 7, no. 2, pp. 141-164, 2008.
  10. Stamatis. Karnouskos, Anna. Hondroudaki, András. Vilmos and Balázs. Csik, "Security, trust and privacy in the secure mobile payment service," in Proc. of 3rd International Conference on Mobile Business, 2004.
  11. Li. Xinghua, Lu. Xiang and Ma. Jianfeng, "Authentications and key management in 3G-WLAN interworking," in Proc. of Mobile Network & Applications, vol. 16, no. 3, pp. 394-407, 2011. https://doi.org/10.1007/s11036-010-0257-3
  12. Karnouskos. S and Vilmos. A, "The european perspective on mobile payments," in Proc. of Joinst IST Workshop on Mobile Future & Symposium of Trends in Communications, pp. 185-198, 2004.
  13. Leavitt. Neal, "Payment applications make e-commerce mobile," in Proc. IEEE of Computer, vol. 43, no. 12, pp. 19-22, 2010.
  14. Gu. Ruijun, Yao. Juan and Wang. Jiacai, "Research on mobile payment technology and business models in China under e-commerce environment," in Proc. of Future Generation Information Technology, vol. 6485, pp. 334-343, 2010.
  15. Chen. Xin, "The applications of mobile payment," in Proc. of High Performance Networking, Computing, Communication Systems and Mathematical Foundations, vol. 66, pp. 62-67, 2010.
  16. Rad. Habibollah. Arasteh, Tehrani. Mohamad. Bagher and Samsudin. Khairulmizam, "A simple and highly secure protocol for POS termina," in Proc. of 2nd International Conference on Environmental and Computer Science, pp. 204-207, 2009
  17. Shin. Dong-Hee, "Modeling the interaction of users and mobile payment system: Conceptual framework," in Proc. of International Journal of Human-Computer Interaction, vol. 26, no. 10, pp. 917-940, 2010. https://doi.org/10.1080/10447318.2010.502098
  18. Manvi. S. S, Bhajantri. L.B and Vijayakumar.M.A.l, "Secure mobile payment system in wireless environment," in Proc. of International Conference on Future Computer and Communication, pp. 31-35, 2009.
  19. Nami. Mohammad. Reza, "E-Banking: Issues and challenges," in Proc. of 10th ACIS International Conference on Software Engineering, Artificial Intelligences, Networking and Parallel Distributed, pp. 263-266, 2009.
  20. Wang. Yan, Wong. Duncan. S and Wang. Huaxiong, "Employ a mobile agent for making a payment," in Proc. of Journal Mobile Information Systems, vol. 4, no. 1, pp. 51-68, 2008.
  21. Tomi. Dahlberg, Niina. Mallat, Jan. Ondrus and Agnieszka. Zmijewska, "Past, present and future of mobile payments research: A literature review," in Proc. of Electronic Commerce Research and Applications, vol. 7, no. 2, pp. 165-181, 2008. https://doi.org/10.1016/j.elerap.2007.02.001
  22. Li. Yunhong and Luo. Siwen, "Research on mobile payment in the e-commerce," in Proc. of International Conference on Management of E-commerce and E-government, pp. 100-103, 2008.
  23. Zhang. Qinghua, "Mobile Payment in Mobile E-commerce," in Proc. of 7th World Congress on Intelligent Control and Automation, vol. S, pp. 1-23, 2008.
  24. Ayo. Charles K, Ekong.Uyinomen.O and Fatudimu. Ibukun. T, "The prospects of m-Commerce implementation: Issues and trends," in Proc. of Information Management in The Networked Economy: Issues & Solutions, pp. 210-217, 2007.
  25. Kaland. Kjell Olav, Rong. Chunming and Geng. Yang, "An e-wallet system with decentralized management," in Proc. of Management of E-Commerce and E-Government, pp. 35-50, 2007.
  26. Manochehri. Naser-Nick, AlHinai. Yousuf, "Mobile phone users attitude towards mobile commerce (m-commerce) and mobile services in oman," in Proc. of 2nd IEEE/IFIP International Conference in Central Asia on Internet, pp. 164-169, 2006.
  27. Vanneste. P, "Mobile payment transactions," in Proc. of Securing Electronic Business Processes, pp. 155-163, 2004.
  28. Jiang. Hua, "Study on mobile e-commerce security payment aystem," in Proc. of The International Symposium on Electronic Commerce and Security, pp. 745-757, 2008.
  29. Tabandehjooy. Ali Akbar and Nazhand. Navid, "A lightweight and secure protocol for mobile payments via wireless internet in m-commerce," in Proc. of 2010 International Conference on E-education, E-business, E-management and E-learning: IC4E 2010, pp. 495-498, 2010
  30. Harb. Hany, Farahat. Hassan and Ezz. Mohamed, "SecureSMSPay: Secure SMS mobile payment model," in Proc. of 2nd International Conference on Anti-counterfeiting, Security and Identification, pp. 11-17, 2008
  31. W. Stallings, "Cryptography and Network Security- Principles and Practices," Upper Saddle River, NJ: Prentice Hall, 2003.
  32. Fan. Rong, He. Dao-jing and Pan. Xue-zeng, "An efficient and DoS-resistant user authentication scheme for two-tiered wireless sensor networks," in Proc. of Journal of Zhejiang University-science C-computers & Electronics, vol. 12, no. 7, pp. 550-560, 2011. https://doi.org/10.1631/jzus.C1000377
  33. Y. W. Law, J. Doumen, and P. Hartel, "Benchmarking block ciphers for wireless sensor networks," in Proc. of IEEE International Conference Mobile Ad-hoc Sensor Systems, 2004, pp. 447-456.
  34. D. J. Malan, M. Welsh, and M. D. Smith, "A public-key infrastructure for key distribution in tinyOS based on elliptic curve cryptography," in Proc. of 1st IEEE International Conf. Sensor Ad Hoc Communucatuib Networks, pp. 71-80, 2004.
  35. G. Gaubatz, J.-P. Kaps, and B. Sunar, "Public key cryptography in sensor networks-revisited," in Proc. of 1st European Workshop Security Ad-Hoc Sensor Networks (ESAS), 2004.
  36. M. Bohge and W. Trappe, "An authentication framework for hierarchical ad hoc sensor networks," in Proc. of ACM Workshop Wireless Security, pp. 79-87, 2003.
  37. S. Schmidt, H. Krahn, S. Fischer, and D. Watjen, "A security architecture for mobile wireless sensor networks," in Proc. of 1st European Workshop Security Ad-Hoc Sensor Networks (ESAS), 2004.
  38. D. D. Hwang, B.C.C. Lai and I. Verbauwhede, "Energy-memory-security tradeoffs in distributed sensor networks", in Proc. of Lecture Notes in Computer Science on Ad-Hoc, Mobile, and Wireless Networks, vol. 3158, 2004.
  39. N. R. Potlapally, S. Ravi, A. Raghunathan and N.K. Jha, "Analyzing the energy consumption of security protocols," in Proc. of the 2003 International Symposium on Low Power Electronics and Desig, pp. 30-35, 2003.
  40. J. Lopez, "Unleashing public-key cryptography in wireless sensor networks," in Proc. of Journal of Computer Security, vol. 14, no. 5, pp. 469-482, 2006
  41. A. S. Wander, N. Gura, H. Eberle, V. Gupta, S. C. Shantz, "Energy analysis of public-key cryptography for wireless sensor networks," in Proc. of the Third IEEE International Conference on Pervasive Computing and Communication, pp. 324-328, 2005.
  42. L. Batina, J. Guajardo, T. Kerins, N. Mentens, P. Tuyls and I. Verbauwhede, "Public-key cryptography for RFID-tags," in Proc. of the Fifth IEEE International Conference on Pervasive Computing and Communications Workshops, pp. 217-222, 2007.
  43. Y. Oren and M. Feldhofer, "A low-resource public-key identification scheme for RFID tags and sensor nodes," in Proc. of the Second ACM Conference on Wireless Network Security, pp. 59-68, 2009.
  44. H. Chan, A. Perrig and D. Song, "Random key predistribution schemes for sensor networks," in Proc. of Symposium on Security and Privacy 2003, pp. 197-213, 2003
  45. W. Du, J. Deng, Y.S. Han and P.K. Varshney, "A pairwise key predistribution scheme for wireless sensor networks,", in Proc. of 10th ACM Conference on Computer and Communications Security, pp. 42-51, 2003.
  46. Delgado-Mohatar. Oscar,Fuster-Sabater. Amparo and Sierra. Jose. M, "A light-weight authentication scheme for wireless sensor networks," in Proc. of Journal Ad Hoc Networks, vol. 9, no. 5, pp. 727-735, 2011. https://doi.org/10.1016/j.adhoc.2010.08.020
  47. Ahmed. Adel. Ali and Fisal. Norsheila. Fisal, "Secure real-time routing protocol with load distribution in wireless sensor networks," in Proc. of Security and Communication Networks, vol. 4, no. 8, pp.839-859, 2011. https://doi.org/10.1002/sec.214
  48. Guangsong. Li, Jianfeng. Mab, Qi. Jiang and Xi. Chenb, "A novel re-authentication scheme based on tickets in wireless local area networks," in Proc. of Journal Parallel and Distributed Computing, vol. 71, no. 7, pp. 906-914, 2011. https://doi.org/10.1016/j.jpdc.2011.03.002
  49. C.C. Lee, M.S. Hwang and I.E. Liao, "Security enhancement on a new authentication scheme with anonymity for wireless environments," in Proc. of IEEE Transactions on Industrial Electronics, vol. 53, no. 5, pp. 1683-1687, 2006.
  50. C.C. Wu, W.B. Lee and W.J. Tsaur, "A secure authentication scheme with anonymity for wireless communications," in Proc. of IEEE Communications Letters, vol. 12, no. 10, pp. 722-723, 2008.
  51. C.C. Chang, C.Y. Lee and Y.C. Chiu, "Enhanced authentication scheme with anonymity for roaming service in global mobility networks," in Proc. of Journal Communications, vol. 32, no. 4, pp. 611-618, 2009.
  52. H.C. Hsiang and W.K. Shih, "Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment," in Proc. of Joucnal Computer Standards & Interfaces, vol. 31, no. 6, pp. 1118-1123, 2009. https://doi.org/10.1016/j.csi.2008.11.002
  53. Mun Hyeran, Han Kyusuk and Lee Yan Sun, "Enhanced secure anonymous authentication scheme for roaming service in global mobility networks," in Proc. of Mathematical and Computer Modelling, vol. 55, no. 1-2, pp. 214-222, 2012. https://doi.org/10.1016/j.mcm.2011.04.036
  54. Tao. Zhou and Jing. Xu, "Provably secure authentication protocol with anonymity for roaming service in global mobility networks," in Proc. of Computer Networks, vol. 55, no. 1, pp. 205-213, 2011. https://doi.org/10.1016/j.comnet.2010.08.008

Cited by

  1. Analysis and Improvement of a Robust User Authentication Framework for Ubiquitous Sensor Networks vol.10, pp.3, 2012, https://doi.org/10.1155/2014/637684
  2. A Secure Fair Exchange for SMS-Based Mobile Payment Protocols Based on Symmetric Encryption Algorithms with Formal Verification vol.2018, pp.None, 2012, https://doi.org/10.1155/2018/6953160
  3. Research on Use Motivations of Mobile Payment Adopters: A Case Study on Chinese Oversea Students in South Korea vol.23, pp.8, 2012, https://doi.org/10.9708/jksci.2018.23.08.059