nach oben

Peer-to-Peer Networking and Applications

Erschienen in:

17.01.2022

A secure IoT-based micro-payment protocol for wearable devices

verfasst von: Sriramulu Bojjagani, P. V. Venkateswara Rao, Dinesh Reddy Vemula, B Ramachandra Reddy, T. Jaya Lakshmi

Erschienen in: Peer-to-Peer Networking and Applications | Ausgabe 2/2022

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Wearable devices are parts of the essential cost of goods sold (COGS) in the wheel of the Internet of things (IoT), contributing to a potential impact in the finance and banking sectors. There is a need for lightweight cryptography mechanisms for IoT devices because these are resource constraints. This paper introduces a novel approach to an IoT-based micro-payment protocol in a wearable devices environment. This payment model uses an “elliptic curve integrated encryption scheme (ECIES)” to encrypt and decrypt the communicating messages between various entities. The proposed protocol allows the customer to buy the goods using a wearable device and send the mobile application’s confidential payment information. The application creates a secure session between the customer, banks and merchant. The static security analysis and informal security methods indicate that the proposed protocol is withstanding the various security vulnerabilities involved in mobile payments. For logical verification of the correctness of security properties using the formal way of “Burrows-Abadi-Needham (BAN)” logic confirms the proposed protocol’s accuracy. The practical simulation and validation using the Scyther and Tamarin tool ensure that the absence of security attacks of our proposed framework. Finally, the performance analysis based on cryptography features and computational overhead of related approaches specify that the proposed micro-payment protocol for wearable devices is secure and efficient.

Vorheriger Artikel Blockchain-based trust management for verifiable time synchronization service in IoT

Nächster Artikel A resource allocation scheme for D2D communications with unknown channel state information

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

https://tractica.omdia.com/wp-content/uploads/2015/07/WPAY-15-Brochure.pdf

https://www.statista.com/statistics/302484/wearable-technology-market-value

https://labs.f-secure.com/tools/drozer/

Challa S, Wazid M, Das AK, Kumar N, Reddy AG, Yoon E-J, Yoo K-Y (2017) Secure signature-based authenticated key establishment scheme for future iot applications. IEEE Access 5:3028–3043CrossRef

Yeh KH (2016) A secure iot-based healthcare system with body sensor networks. IEEE Access 4:10288–10299CrossRef

Chen Y, Xu W, Peng L, Zhang H (2019) Light-weight and privacy-preserving authentication protocol for mobile payments in the context of iot. IEEE Access 7:15210–15221CrossRef

Guravaiah K, Thivyavignesh R, Velusamy RL (2017) Vehicle monitoring using internet of things. In Proceedings of the 1st International Conference on Internet of Things and Machine Learning pp.1–7. https://doi.org/10.1145/3109761.3109785

Guravaiah K, Velusamy RL (2019) Prototype of home monitoring device using internet of things and river formation dynamics-based multi-hop routing protocol (rfdhm). IEEE Trans Consum Electron 65(3):329–338CrossRef

Tehrani K, Michael A (2020) http://www.wearabledevices.com/what-is-a-wearable-device/. Accessed 03 Jun 2020

Finnegan M (2020) https://www.computerworld.com/article/3556753/banking-on-wearables-time-for-finance-sector-to-take.html. Accessed 20 May 2020

Seneviratne S, Hu Y, Nguyen T, Lan G, Khalifa S, Thilakarathna K, Hassan M, Seneviratne A (2017) A survey of wearable devices and challenges. IEEE Commun Surv Tutorials 19(4):2573–2620CrossRef

Das AK, Wazid M, Kumar N, Khan MK, Choo KKR, Park Y (2017) Design of secure and lightweight authentication protocol for wearable devices environment. IEEE J Biomed Health Inform 22(4):1310–1322CrossRef

10.

Online Available. https://www.opnessl.org/. Accessed 10 Jun2020

11.

Das AK, Zeadally S, Wazid M (2017) Lightweight authentication protocols for wearable devices. Comput Electr Eng 63:196–208CrossRef

12.

Kumar D, Grover HS et al (2019) A secure authentication protocol for wearable devices environment using ecc. J Inf Secur Appl 47:8–15

13.

Liu S, Hu S, Weng J, Zhu S, Chen Z (2016) A novel asymmetric three-party based authentication scheme in wearable devices environment. J Netw Comput Appl 60:144–154CrossRef

14.

Yohan A, Lo NW, Randy V, Chen SJ, Hsu MY (2016) A novel authentication protocol for micropayment with wearable devices. In ACM Proceedings of the 10th International Conference on Ubiquitous Information Management and Communication, Danang, Viet Nam pp. 1–7

15.

Online Available Github. https://github.com/sriramulub

16.

Sun DZ, Huai JP, Sun JZ, Zhang JW, Feng ZY (2008) A new design of wearable token system for mobile device security. IEEE Trans Consum Electron 54(4):1784–1789CrossRef

17.

Corner MD, Noble BD (2005) Protecting file systems with transient authentication. Wireless Netw 11(1–2):7–19CrossRef

18.

Saravanan K, Yuvaraj D (2010) An new secure mechanism for bluetooth network. In 2010 the 2nd international conference on computer and automation engineering (ICCAE). IEEE1:202–205

19.

Bojjagani S, Sastry V (2019) A secure end-to-end proximity nfc-based mobile payment protocol. Comput Stand Interfaces p 103348. https://doi.org/10.1016/j.csi.2019.04.007

20.

Patel R, Kunche A, Mishra N, Bhaiyat Z, Joshi R (2015) Paytooth-a cashless mobile payment system based on bluetooth. Int J Comput Appl 120:24

21.

Liu W, Liu H, Wan Y, Kong H, Ning H (2016) The yoking-proof-based authentication protocol for cloud-assisted wearable devices. Pers Ubiquit Comput 20(3):469–479CrossRef

22.

Wu F, Li X, Xu L, Kumari S, Karuppiah M, Shen J (2017) A lightweight and privacy-preserving mutual authentication scheme for wearable devices assisted by cloud server. Comput Electr Eng 63:168–181CrossRef

23.

Gupta A, Tripathi M, Shaikh TJ, Sharma A (2019) A lightweight anonymous user authentication and key establishment scheme for wearable devices. Comput Netw 149:29–42CrossRef

24.

Bojjagani S, Sastry V (2017) A secure end-to-end sms-based mobile banking protocol. Int J Commun Syst 30(15):1–19. https://doi.org/10.1002/dac.3302CrossRef

25.

Bojjagani S, Sastry V (2017) Vaptai: A threat model for vulnerability assessment and penetration testing of android and ios mobile banking apps. In IEEE 3rd International Conference on Collaboration and Internet Computing (CIC), San Jose, California, USA, pp 77–86. https://doi.org/10.1109/CIC.2017.00022

26.

Bojjagani S, Sastry V (2016) Stamba: Security testing for android mobile banking apps. In Advances in Signal Processing and Intelligent Recognition Systems. Springer pp 671–683. https://doi.org/10.1007/978-3-319-28658-7_57

27.

Moonsamy V, Batten L (2014) Mitigating man-in-the-middle attacks on smartphones-a discussion of ssl pinning and dnssec. In Proceedings of the 12th Australian Information Security Management Conference.Edith Cowan University pp 5–13

28.

Bojjagani S, Brabin DD, Rao PV (2020) Phishpreventer: A secure authentication protocol for prevention of phishing attacks in mobile environment with formal verification. Procedia Comput Sci 171:1110–1119. https://doi.org/10.1016/j.procs.2020.04.119CrossRef

29.

Bojjagani S, Sastry V, Chen CM, Kumari S, Khan MK (2021) Systematic survey of mobile payments, protocols, and security infrastructure. J Ambient Intell Humaniz Comput pp. 1–46. https://doi.org/10.1007/s12652-021-03316-4

30.

Fahl S, Harbach M, Muders T, Baumgärtner L, Freisleben B, Smith M (2012) Why eve and mallory love android: An analysis of android ssl (in) security. In Proceedings of the 2012 ACM conference on Computer and communications security pp 50–61

31.

Patel R, Borisaniya B, Patel A, Patel D, Rajarajan M, Zisman A (2010) Comparative analysis of formal model checking tools for security protocol verification. In International Conference on Network Security and Applications. Springer pp 152–163

32.

Pimentel JCL, Monroy R (2008) Formal support to security protocol development: A survey. Computación y Sistemas 12(1):89–108

33.

Braghin C, Sharygina N, Barone-Adesi K (2011) A model checking-based approach for security policy verification of mobile systems. Form Asp Comput 23(5):627–648CrossRef

34.

Shashidhara R, Bojjagani S, Maurya AK, Kumari S, Xiong H (2020) A robust user authentication protocol with privacy-preserving for roaming service in mobility environments. Peer Peer Netw Appl 13(6):1943–1966. https://doi.org/10.1007/s12083-020-00929-y CrossRef

35.

Shi H, Ma W, Yang M, Zhang X (2012) A case study of model checking retail banking system with spin. JCP 7(10):2503–2510

36.

Tobarra L, Cazorla D, Cuartero F, Díaz G, Cambronero E (2009) Model checking wireless sensor network security protocols: Tinysec+ leap+ tinypk. Telecommun Syst 40(3–4):91–99CrossRef

37.

Burrows M, Abadi M (1989) A logic of authentication. In Proc R Soc Lond A.The Royal Society 426:233–271

38.

Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208MathSciNetCrossRef

39.

Kim M, Lee J, Yu S, Park K, Park Y, Park Y (2019) A secure authentication and key establishment scheme for wearable devices. In 2019 28th International Conference on Computer Communication and Networks (ICCCN).IEEE pp 1–2

40.

Santosa GB, Budiyanto S (2019) New design of lightweight authentication protocol in wearable technology. Telkomnika 17(2):561–572CrossRef

41.

Gupta V, Gupta S, Chang S, Stebila D (2002) Performance analysis of elliptic curve cryptography for ssl. In Proceedings of the 1st ACM workshop on Wireless security, Atlanta, GA, USA pp. 87–94

42.

Lo NW, Yohan A (2020) Ble-based authentication protocol for micropayment using wearable device. Wirel Pers Commun pp. 1–22

43.

Alese BK, Philemon E, Falaki SO (2012) Comparative analysis of public-key encryption schemes. Int J Eng Technol 2(9):1552–1568

44.

Mohit P, Amin R, Karati A, Biswas G, Khan MK (2017) A standard mutual authentication protocol for cloud computing based health care system. J Med Syst 41(4):50CrossRef

45.

Yeh KH, Su C, Choo KKR, Chiu W (2017) A novel certificateless signature scheme for smart objects in the internet-of-things. Sensors 17(5):1001CrossRef

46.

Gallagher P, Director A (1995) Secure hash standard (shs). FIPS PUB 180:183

47.

The Network Simulator-ns-2, Online Available: URL: https://www.isi.edu/nsnam/ns/. Accessed on: 20 Oct 2020

48.

Castle Bouncy, "Bouncy castle crypto APIs", Online Available: https://www.bouncycastle.org/. Accessed on:10 Mar 2020

49.

GlobalPlatform for Wearables (2021) Online Available: https://globalplatform.org/use-case/wearables/. Accessed on:15 Apr 2021

50.

Cremers CJF (2008) The Scyther tool: Automatic verification of security protocols, Computer Aided Verification 5423:414-418

51.

Cremers CJF (2006) Scyther: Semantics and verification of security protocols. Eindhoven University of Technology Eindhoven, Netherlands

52.

Cremers CJ (2008) The scyther tool: Verification, falsification, and analysis of security protocols. In International Conference on Computer Aided Verification. Springer pp 414–418

53.

Meier S, Schmidt B, Cremers C, Basin D (2013) The tamarin prover for the symbolic analysis of security protocols. In International Conference on Computer Aided Verification. Springer pp 696–701

54.

Team T et al (2020) Tamarin-prover manual. Accessed 14 Feb 2019

55.

Bojjagani S, Sastry VN (2015) "SSMBP: A secure SMS-based mobile banking protocol with formal verification," 2015 IEEE 11th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), pp. 252-259. https://doi.org/10.1109/WiMOB.2015.7347969

Titel: A secure IoT-based micro-payment protocol for wearable devices
verfasst von: Sriramulu Bojjagani
P. V. Venkateswara Rao
Dinesh Reddy Vemula
B Ramachandra Reddy
T. Jaya Lakshmi
Publikationsdatum: 17.01.2022
Verlag: Springer US
Erschienen in: Peer-to-Peer Networking and Applications / Ausgabe 2/2022
Print ISSN: 1936-6442
Elektronische ISSN: 1936-6450
DOI: https://doi.org/10.1007/s12083-021-01242-y

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 2/2022

Robust multi-agent reinforcement learning for noisy environments

A survey on security in consensus and smart contracts

Reputation management in vehicular network using blockchain

Cryptocurrencies activity as a complex network: Analysis of transactions graphs

A privacy-preserving multi-agent updating framework for self-adaptive tree model

100+ FPS detector of personal protective equipment for worker safety: A deep learning approach for green edge computing