Advertisement

Electronic Commerce Research

, Volume 18, Issue 2, pp 359–388 | Cite as

Design of electronic payment system based on authenticated key exchange

  • Susmita Mandal
  • Sujata Mohanty
  • Banshidhar Majhi
Article

Abstract

This paper proposes an electronic payment system based on authenticated key exchange protocol. In this scheme, an effective owner tracing mechanism is introduced to identify a malicious customer. Moreover, every participant can mutually authenticate each other. The security of the scheme is mainly based on the hardness assumption of computational Diffie–Hellman and discrete logarithm problems. Furthermore, the security of our scheme is simulated in the automated validation of Internet security protocols and applications tool and proved that the scheme is secure against replay and man-in-the-middle attacks.

Keywords

Anonymity revocation E-payment Mutual authentication AVISPA tool 

References

  1. 1.
    Chaum, D. (1983). Blind signatures for untraceable payments. In Advances in cryptology (pp. 199–203). Boston: Springer.Google Scholar
  2. 2.
    Doug Tygar, J. (1996). Atomicity in electronic commerce. In Proceedings of the fifteenth annual ACM symposium on principles of distributed computing (pp. 8–26). New York: ACM Press.Google Scholar
  3. 3.
    Medvinsky, G, & Neuman, C. (1993). Netcash: A design for practical electronic currency on the internet. In Proceedings of the 1st ACM conference on computer and communications security (pp. 102–106). New York: ACM.Google Scholar
  4. 4.
    Chaum, D., Fiat, A., & Naor, M. (1990). Untraceable electronic cash. In Proceedings on advances in cryptology (pp. 319–327). New York: Springer.Google Scholar
  5. 5.
    Hirschfeld, R. (1992). Making electronic refunds safer. In Advances in cryptology–CRYPTO’92 (pp. 106–112). Berlin: Springer.Google Scholar
  6. 6.
    Brands, S. (1993). Untraceable off-line cash in wallet with observers. In Advances in cryptology–CRYPTO’93 (pp. 302–318). Berlin: Springer.Google Scholar
  7. 7.
    Brands, S. (1995). Restrictive binding of secret-key certificates. In Advances in cryptology–EUROCRYPT’95 (pp. 231–247). Berlin: Springer.Google Scholar
  8. 8.
    Chan, A., Frankel, Y., MacKenzie, P., & Tsiounis, Y. (1996). Mis-representation of identities in e-cash schemes and how to prevent it. In Advances in cryptology–ASIACRYPT’96 (pp. 276–285). Berlin: Springer.Google Scholar
  9. 9.
    Fujisaki, E., & Okamoto, T. (1996). Practical escrow cash systems. In Security protocols (pp. 33–48). Berlin: Springer.Google Scholar
  10. 10.
    Okamoto, T. (2006). Efficient blind and partially blind signatures without random oracles. In Theory of cryptography (pp. 80–99). Berlin: Springer.Google Scholar
  11. 11.
    Shi, L., Carbunar, B., & Sion, R. (2007). Conditional e-cash. In Financial cryptography and data security (pp. 15–28). Berlin: Springer.Google Scholar
  12. 12.
    Blanton, M. (2008). Improved conditional e-payments. In Applied cryptography and network security (pp. 188–206). Berlin: Springer.Google Scholar
  13. 13.
    Popescu, C. & Oros, H. (2007). An off-line electronic cash system based on bilinear pairings. In Systems, signals and image processing, 2007 and 6th EURASIP conference focused on speech and image processing, multimedia communications and services. 14th international workshop on (pp. 438–440). IEEE.Google Scholar
  14. 14.
    Wang, S., Chen, Z., & Wang, X. A new certificateless electronic cash scheme with multiple banks based on group signatures. In Electronic commerce and security, 2008 international symposium on (pp. 362–366). IEEE.Google Scholar
  15. 15.
    Chou, J.-S., Chen, Y., Cho, M.-H., & Sun, H.-M. (2009). A novel id-based electronic cash system from pairings. IACR Cryptology ePrint Archive, 2009, 339.Google Scholar
  16. 16.
    Chen, Y., Chou, J.-S., Sun, H.-M., & Cho, M.-H. (2011). A novel electronic cash system with trustee-based anonymity revocation from pairing. Electronic Commerce Research and Applications, 10(6), 673–682.CrossRefGoogle Scholar
  17. 17.
    Isaac, J. T., & Zeadally, S. (2012). An anonymous secure payment protocol in a payment gateway centric model. Procedia Computer Science, 10, 758–765.CrossRefGoogle Scholar
  18. 18.
    Yang, J.-H., & Lin, P.-Y. (2015). A mobile payment mechanism with anonymity for cloud computing. Journal of Systems and Software.Google Scholar
  19. 19.
    Lin, P., Chen, H.-Y., Fang, Y., Jeng, J.-Y., & Lu, F.-S. (2008). A secure mobile electronic payment architecture platform for wireless mobile networks. Wireless Communications, IEEE Transactions on, 7(7), 2705–2713.CrossRefGoogle Scholar
  20. 20.
    Yang, J.-H., & Chang, C.-C. (2012). A low computational-cost electronic payment scheme for mobile commerce with large-scale mobile users. Wireless Personal Communications, 63(1), 83–99.CrossRefGoogle Scholar
  21. 21.
    Eslami, Z., & Talebi, M. (2011). A new untraceable off-line electronic cash system. Electronic Commerce Research and Applications, 10(1), 59–66.CrossRefGoogle Scholar
  22. 22.
    Li, Y.-F., & Chang, Y.-F. (2012). A security flaw of a bilinear-pairing-based electronic cash scheme with trustee-based anonymity revocation. In Genetic and evolutionary computing (ICGEC), 2012 sixth international conference on (pp. 71–74). IEEE.Google Scholar
  23. 23.
    Chen, C.-L., & Liao, J.-J. (2011). A fair online payment system for digital content via subliminal channel. Electronic Commerce Research and Applications, 10(3), 279–287.CrossRefGoogle Scholar
  24. 24.
    Zhang, Y., Li, H., Li, X., & Zhu, H. (2013). Provably secure and subliminal-free variant of schnorr signature. In Information and communication technology-EurAsia conference (pp. 383–391). Berlin: Springer.Google Scholar
  25. 25.
    Xiang, L., Xie, Y., Luo, G., & Wang, W. (2015). On the existence of subliminal channel in instant messaging systems. International Journal of Security and Its Applications, 9(3), 353–362.CrossRefGoogle Scholar
  26. 26.
    Yang, J.-H., Chang, Y.-F., & Chen, Y.-H. (2013). An efficient authenticated encryption scheme based on ecc and its application for electronic payment. Information Technology and Control, 42(4), 315–324.CrossRefGoogle Scholar
  27. 27.
    Ashraf Chaudhry, S., Sabzinejad Farash, M., Naqvi, H., & Sher, M. (2015). A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography. Electronic Commerce Research, 1–27.Google Scholar
  28. 28.
  29. 29.
    Van Tilborg, H. C. A., & Jajodia, S. (2014). Encyclopedia of cryptography and security. Heidelberg: Springer.Google Scholar
  30. 30.
    Bakhtiari, S., Safavi-Naini, R., & Pieprzyk, J., et al. Cryptographic hash functions: A survey.Google Scholar
  31. 31.
  32. 32.
    Otway, D., & Rees, O. (1987). Efficient and timely mutual authentication. ACM SIGOPS Operating Systems Review, 21(1), 8–10.CrossRefGoogle Scholar
  33. 33.
    Sun, H.-M., & Hsieh, B.-T. (2003). Security analysis of shim’s authenticated key agreement protocols from pairings. IACR Cryptology ePrint Archive, 2003, 113.Google Scholar
  34. 34.
    Viganò, L. (2006). Automated security protocol analysis with the avispa tool. Electronic Notes in Theoretical Computer Science, 155, 61–86.CrossRefGoogle Scholar
  35. 35.
    Avispa web tool: Automated validation of internet security protocols and applications. (2015).Google Scholar
  36. 36.
  37. 37.
    Dolev, D., & Yao, A. C. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2016

Authors and Affiliations

  • Susmita Mandal
    • 1
  • Sujata Mohanty
    • 1
  • Banshidhar Majhi
    • 1
  1. 1.Department of Computer Science and EngineeringNational Institute of Technology RourkelaRourkelaIndia

Personalised recommendations