Abstract
Quick response (QR) code payment has become the mainstream of mobile payment in China. However, severe security threat greatly influences consumer confidence. Unifying security and convenience of QR code is a difficult issue. The paper proposes a secure and efficient mobile payment (SEMP) solution where signed and encrypted payment data are embedded into QR code. Since private keys are issued by fully distributed private key generators (PKGs), no matter malicious user, dishonest third party payment platform (TPP), or dishonest PKG, can not impersonate a legal person to authorize a payment or eavesdrop on the communication to obtain privacy information. The scheme has confidentiality and unforgeability. Especially, it can resist against authority attacks. Since no public key certificate is required, it has clear advantage over existing PKI schemes. The comparisons with related schemes show our SEMP scheme maintains less communication cost, while it provides higher security level. So it can better meet security and convenient requirements of mobile payment and it can apply in the QR code payment environment with dishonest authority.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Krombholz, K., Frühwirt, P., Kieseberg, P., Kapsalis, I., Huber, M., Weippl, E.: QR code security: a survey of attacks and challenges for usable security. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 79–90. Springer, Heidelberg (2014). doi:10.1007/978-3-319-07620-1_8
Tencent Inc. (2016). https://wx.qq.com/
Alibaba Group (2016). https://www.alipay.com/
Shah, D., Shah, Y.: QR code and its security issues. Int. J. Comput. Sci. 2(11), 22–26 (2014)
Yao, H., Shin, D.: Towards preventing qr code based attacks on android phone using security warnings. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 341–346 (2013)
Wang, C.D., Feng, C.R., Gao, S.M.: Research on the security of two-dimension code used in the mobile payment. J. Tian Jin Univ. Technol. 30(3), 15–20 (2014)
Czuszynski, K., Ruminski, J.: Interaction with medical data using QR-codes. In: Human System Interactions (HSI), pp. 182–187 (2014)
Lee, J., Cho, C.H., Jun, M.S.: Secure quick response-payment (QR-Pay) system using mobile device. In: Advanced Communication Technology (ICACT), pp. 1424–1427 (2011)
Han, J., Yang, Y., Huang, X., Yuen, T.H., Li, J., Cao, J.: Accountable mobile E-commerce scheme via identity-based plaintext-checkable encryption. Inf. Sci. 345, 143–155 (2016)
Goyal, V.: Reducing trust in the PKG in identity based cryptosystems. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 430–447. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74143-5_24
Libert, B., Vergnaud, D.: Towards practical black-box accountable authority IBE: weak black-box traceability with short ciphertexts and private keys. IEEE Trans. Inf. Theor. 57(10), 7189–7204 (2011)
Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). doi:10.1007/3-540-44647-8_13
Paterson, K.G.: ID-based signatures from pairings on elliptic curve. Electron. Lett. 38(18), 1025–1026 (2002)
Feldman, P.: A practical scheme for non-interactive verifiable secret sharing. In: Foundations of Computer Science, pp. 427–438 (1987)
Chen, L., Ng, S.L., Wang, G.: Threshold anonymous announcement in VANETs. Sel. Areas Commun. 29(3), 605–615 (2011)
Milburn, J., Lee, H.: FassKey: a secure and convenient authentication system. In: IEEE Netsoft Conference and Workshops, pp. 489–495 (2016)
Steve, G.: SQRL–Secure Quick Reliable Login (2013). https://www.grc.com/sqrl/sqrl.htm
Raya, M., Hubaux, J.P.: Securing vehicular ad hoc networks. J. Comput. Secur. 15(1), 39–68 (2007)
Calandriello, G., Papadimitratos, P., Hubaux, J.P., Lioy, A.: On the performance of secure vehicular communication systems. IEEE Trans. Dependable Secure Comput. 8(6), 898–912 (2011)
Acknowledgments
This work was supported by the Natural Science Foundation of Anhui Province (Grant No.1608085MF141), by the Fundamental Research Funds for the Central Universities (Grant No. J2014HGBZ0131) and by the Humanity and Social Science Key Foundation of Anhui Province (Grant No. SK2015A578).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Zhu, X., Hou, Z., Hu, D., Zhang, J. (2016). Secure and Efficient Mobile Payment Using QR Code in an Environment with Dishonest Authority. In: Wang, G., Ray, I., Alcaraz Calero, J., Thampi, S. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2016. Lecture Notes in Computer Science(), vol 10066. Springer, Cham. https://doi.org/10.1007/978-3-319-49148-6_37
Download citation
DOI: https://doi.org/10.1007/978-3-319-49148-6_37
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49147-9
Online ISBN: 978-3-319-49148-6
eBook Packages: Computer ScienceComputer Science (R0)