Top

Electronic Commerce Research

Published in:

01-03-2016

A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography

Authors: Shehzad Ashraf Chaudhry, Mohammad Sabzinejad Farash, Husnain Naqvi, Muhammad Sher

Published in: Electronic Commerce Research | Issue 1/2016

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The use of e-payment system for electronic trade is on its way to make daily life more easy and convenient. Contrarily, there are a number of security issues to be addressed, user anonymity and fair exchange have become important concerns along with authentication, confidentiality, integrity and non-repudiation. In a number of existing e-payment schemes, the customer pays for the product before acquiring it. Furthermore, many such schemes require very high computation and communication costs. To address such issues recently Yang et al. proposed an authenticated encryption scheme and an e-payment scheme based on their authenticated encryption. They excluded the need of digital signatures for authentication. Further they claimed their schemes to resist replay, man-in-middle, impersonation and identity theft attack while providing confidentiality, authenticity, integrity and privacy protection. However our analysis exposed that Yang et al.’s both authenticated encryption scheme and e-payment system are vulnerable to impersonation attack. An adversary just having knowledge of public parameters can easily masquerade as a legal user. Furthermore, we proposed improved authenticated encryption and e-payment schemes to overcome weaknesses of Yang et al.’s schemes. We prove the security of our schemes using automated tool ProVerif. The improved schemes are more robust and more lightweight than Yang et al.’s schemes which is evident from security and performance analysis.

previous article Android mobile VoIP apps: a survey and examination of their security and privacy

next article Erratum to: Trust and risk in consumer acceptance of e-services

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Available only for authorised users

Chen, S., & Ning, J. (2002). Constraints on e-commerce in less developed countries: The case of china. Electronic Commerce Research, 2(1–2), 31–42. doi:10.1023/A:1013331817147.CrossRef

Kshetri, N. (2013). Cybercrime and cyber-security issues associated with china: some economic and institutional considerations. Electronic Commerce Research, 13(1), 41–69. doi:10.1007/s10660-013-9105-4.CrossRef

Huang, X., Dai, X., & Liang, W. (2014). Bulapay: A novel web service based third-party payment system for e-commerce. Electronic Commerce Research, 14(4), 611–633. doi:10.1007/s10660-014-9172-1.CrossRef

Chaum, D. (2013). Blind signatures for untraceable payments. In Advances in cryptology—CRYPTO ’86 Proceedings (pp. 199–203). Berlin: Springer.

Lysyanskaya, A., & Ramzan, Z. (1998). Group blind digital signatures: A scalable solution to electronic cash. In D. M. Goldschlag & S. G. Stubblebine (Eds.), Financial cryptography (pp. 184–197). Berlin: Springer.CrossRef

Zhang, L., Zhang, F., Qin, B., & Liu, S. (2011). Provably-secure electronic cash based on certificateless partially-blind signatures. Electronic Commerce Research and Applications, 10(5), 545–552.CrossRef

Xiaojun, W. (2010). An e-payment system based on quantum group signature. Physica Scripta, 82(6), 65403.CrossRef

Eslami, Z., & Talebi, M. (2011). A new untraceable off-line electronic cash system. Electronic Commerce Research and Applications, 10(1), 59–66.CrossRef

Yen, Y.-C., Wu, T.-C., Lo, N.-W., & Tsai, K.-Y. (2012). A fair-exchange e-payment protocol for digital products with customer unlinkability. KSII Transactions on Internet and Information Systems, 6(11), 2956–2979.

10.

Chen, X., Li, J., Ma, J., Lou, W., & Wong, D. S. (2014). New and efficient conditional e-payment systems with transferability. Future Generation Computer Systems, 37, 252–258.CrossRef

11.

Yang, J.-H., Chang, Y.-F., & Chen, Y.-H. (2013). An efficient authenticated encryption scheme based on ecc and its application for electronic payment. Information Technology And Control, 42(4), 315–324.CrossRef

12.

Farash, M. S., & Attari, M. A. (2014). A secure and efficient identity-based authenticated key exchange protocol for mobile client-server networks. The Journal of Supercomputing, 69(1), 395–411.CrossRef

13.

Irshad, A., Sher, M., Faisal, M. S., Ghani, A., Ul Hassan, M., & Ch, S. A. (2014). A secure authentication scheme for session initiation protocol by using ecc on the basis of the tang and liu scheme. Security and Communication Networks, 7(8), 1210–1218.CrossRef

14.

Irshad, A., Sher, M., Rehman, E., Ch, S. A., Ul Hassan, M., & Ghani, A. (2013). A single round-trip sip authentication scheme for voice over internet protocol using smart card. Multimedia Tools and Applications. doi:10.1007/s11042-013-1807-z.

15.

Farash, M. S., & Attari, M. A. (2013). An enhanced authenticated key agreement for session initiation protocol. Information Technology and Control, 42(4), 333–342.CrossRef

16.

Farash, M. S. (2014). Cryptanalysis and improvement of an efficient mutual authentication rfid scheme based on elliptic curve cryptography. The Journal of Supercomputing, 70(1), 987–1001.CrossRef

17.

Farash, M. S., & Attari, M. A. (2014). An anonymous and untraceable password-based authentication scheme for session initiation protocol using smart cards. International Journal of Communication Systems. doi:10.1002/dac.2848.

18.

Farash, M. S. (2014). Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Networking and Applications. doi:10.1007/s12083-014-0315-x.

19.

Farash, M. S. (2015). Cryptanalysis and improvement of an improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks. International Journal of Network Management, 25(1), 31–51.CrossRef

20.

Farash, M. S., Kumari, S., & Bakhtiari, M. (2015). Cryptanalysis and improvement of a robust smart card secured authentication scheme on sip using elliptic curve cryptography. Multimedia Tools and Applications. doi:10.1007/s11042-015-2487-7.

21.

Farash, M. S., Islam, S. H., & Mohammad, S. O. (2015). A provably secure and efficient two-party password-based explicit uthenticated key exchange protocol resistance to password guessing attacks. Concurrency and Computation: Practice and Experience. doi:10.1002/cpe.3477.

22.

Zheng, Y. (1997). Digital signcryption or how to achieve cost (signature & encryption)〈〈 cost (signature) + cost (encryption). In Advances in Cryptology-CRYPTO’97 (pp. 165–179). Berlin: Springer.

23.

He, D., Kumar, N., & Chilamkurti, N. (2015). A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks, Information Sciences. doi:10.1016/j.ins.2015.02.010

24.

He, D., & Zeadally, S. (2015). Authentication protocol for an ambient assisted living system. Communications Magazine, IEEE, 53(1), 71–77.CrossRef

25.

Chaudhry, S., Naqvi, H., Shon, T., Sher, M., & Farash, M. (2015). Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. Journal of Medical Systems, 39(6), 1–11. doi:10.1007/s10916-015-0244-0.CrossRef

26.

Abdalla, M., Benhamouda, F., & Pointcheval, D. (2015). Public-key encryption indistinguishable under plaintext-checkable attacks. In Public-Key Cryptography—PKC 2015 (pp. 332–352). Berlin: Springer.

27.

Ch, S. A., Nizamuddin, N., Sher, M., Ghani, A., Naqvi, H., & Irshad, A. (2014). An efficient signcryption scheme with forward secrecy and public verifiability based on hyper elliptic curve cryptography. Multimedia Tools and Applications. doi:10.1007/s11042-014-2283-9.

28.

Ch, S. A., Nizamuddin, N., & Sher, M. (2012). Public verifiable signcryption schemes with forward secrecy based on hyperelliptic curve cryptosystem. In Information systems, technology and management (pp. 135–142). Springer.

29.

Nizamuddin, N., Ch, S. A., Nasar, W., & Javaid, Q. (2011. )Efficient signcryption schemes based on hyperelliptic curve cryptosystem. In 2011 7th IEEE international conference on emerging technologies (ICET) (pp. 1–4).

30.

Nizamuddin, N., Ch, S. A., & Amin, N. (2011). Signcryption schemes with forward secrecy based on hyperelliptic curve cryptosystem. In IEEE high capacity optical networks and enabling technologies (HONET), 2011 (pp. 244–247).

31.

Zheng, Y. (1997). Digital signcryption or how to achieve cost (signature & encryption) cost (signature) + cost (encryption). In Advances in cryptology-CRYPTO’97 (pp. 165–179). Santa Barbara: Springer.

32.

Li, C.-T. (2011). Secure smart card based password authentication scheme with user anonymity. Information Technology and Control, 40(2), 157–162.CrossRef

33.

Hong, J.-W., Yoon, S.-Y., Park, D.-I., Choi, M.-J., Yoon, E.-J., & Yoo, K.-Y. (2011). A new efficient key agreement scheme for vsat satellite communications based on elliptic curve cryptosystem. Information Technology and Control, 40(3), 252–259.

34.

Farash, M. S., & Attari, M. A. (2014). A provably secure and efficient authentication scheme for access control in mobile pay-tv systems. Multimedia Tools and Applications. doi:10.1007/s11042-014-2296-4.

35.

Johnson, D., Menezes, A., & Vanstone, S. (2001). The elliptic curve digital signature algorithm (ecdsa). International Journal of Information Security, 1(1), 36–63.CrossRef

36.

Xie, Q., Dong, N., Tan, X., Wong, D. S., & Wang, G. (2013). Improvement of a three-party password-based key exchange protocol with formal verification. Information Technology And Control, 42(3), 231–237.CrossRef

37.

Xie, Q., Dong, N., Wong, D. S., & Hu, B. Cryptanalysis and security enhancement of a robust two-factor authentication and key agreement protocol. International Journal of Communication Systems. doi:10.1002/dac.2858

38.

Hu, B., Xie, Q., & Li, Y. (2011). Automatic verification of password-based authentication protocols using smart card. In 2011 IEEE international conference on information technology, computer engineering and management sciences (ICM) (Vol. 1, pp. 34–39).

39.

Cheval, V., & Blanchet, B. (2013). Proving more observational equivalences with proverif. In D. Basin & J. C. Mitchell (Eds.), Principles of security and trust (pp. 226–246). Berlin: Springer.CrossRef

Title: A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography
Authors: Shehzad Ashraf Chaudhry
Mohammad Sabzinejad Farash
Husnain Naqvi
Muhammad Sher
Publication date: 01-03-2016
Publisher: Springer US
Published in: Electronic Commerce Research / Issue 1/2016
Print ISSN: 1389-5753
Electronic ISSN: 1572-9362
DOI: https://doi.org/10.1007/s10660-015-9192-5

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Other articles of this Issue 1/2016

How do social-based cues influence consumers’ online purchase decisions? An event-related potential study

The role of risk in e-retailers’ adoption of payment methods: evidence for transition economies

Erratum to: Trust and risk in consumer acceptance of e-services

Android mobile VoIP apps: a survey and examination of their security and privacy