Abstract
Digital payment using mobile wallet is one of the easiest and frequent mode of payment methods in recent era. Payment through mobile wallet is becoming more widespread due to the rapid growth of smart device users as well as easy availability of Internet. However, it is very important to make the whole payment procedure of mobile wallet system safe and secure, otherwise it may be fatal for the users, as the users have to share their valuable credentials like real identity, secret key to make a successful payment. Also the service provider has to keep in mind that the resources available in a mobile device are not appropriate for carrying large computational overheads. To overcome these issues Qin et al. has proposed a secure and privacy preserving mobile wallet protocol integrating the digital signature and pseudo-identity technique using outsourced computing with the help of a cloud server. The cloud server performs the complex computation to reduce the computational overhead of mobile wallet. In this paper we have analyzed all possible security attacks that may occur in Qin et al. proposed scheme and also found that this scheme is vulnerable to various security attacks like known session specific temporary information attack, cloud server bypassing attack, untrusted cloud server and client colluding attack and impersonation attack. The aforesaid attacks are explained using mathematical model to show that this scheme is not enough secure.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Yu, X., Kywe, S.M., Li, Y.: Security issues of in-store mobile payment. In: Handbook of Blockchain, Digital Finance, and Inclusion, vol. 2 (2017)
Smith, S.M., et al.: System and method of conducting transactions using a mobile wallet system. U.S. Patent Application (2010)
Sakalauskas, E., Muleravicius, J., Timofejeva, I.: Computational resources for mobile e-wallet system with observers. In: ELECTRONICS 2017, Palanga, pp. 1–5. IEEE (2017)
Kenneth, W.: Mobile payments, digital wallets and tunnel vision. In: Biometric Technology Today, pp. 8–9. Elsevier (2011)
Feifei, W.: Research on security of mobile payment model based on trusted third party. In: Second International Conference on Network Security Wireless Communication and Trusted Computing (NSWCTC), Wuhan, pp. 442–445. IEEE (2010)
Amin, R., Biswas, G.P.: A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks. Ad Hoc Netw. 36(1), 58–80 (2016)
Kalra, S., Sood, S.K.: Secure authentication scheme for IoT and cloud servers. Pervasive Mob. Comput. 24, 210–223 (2015)
Ray, S., Biswas, G.P.: An ECC based public key infrastructure usable for mobile applications. In: Second International Conference on Computational Science, Engineering and Information Technology, pp. 562–568. ACM (2012)
Ray, S., Biswas, G.P., Dasgupta, M.: Secure multi-purpose mobile-banking using elliptic curve cryptography. Wirel. Pers. Commun. 90(3), 1331–1354 (2016)
Turkanović, M., Brumen, B., Hölbl, M.: A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the internet of things notion. Ad Hoc Netw. 20, 96–1129 (2014)
Qin, Z., Sun, J., Wahaballa, A., Zheng, W., Xiong, H., Qin, Z.: A secure and privacy-preserving mobile wallet with outsourced verification in cloud computing. Comput. Stan. Interfaces 54, 55–60 (2017)
Stallings, W.: Cryptography and Network Security: Principles and Practices. Pearson Education India (2006)
Veeraraghavan, P.: Pseudo-identity based encryption and its application in mobile ad hoc networks. In: 2011 IEEE 10th Malaysia International Conference on Communications (MICC), Malaysia, pp. 49–52. IEEE (2011)
Islam, S.K., Biswas, G.P.: An improved pairing-free identity-based authenticated key agreement protocol based on ECC. Procedia Eng. 30, 499–507 (2012)
Amin, R., Biswas, G.P., Giri, D., Khan, M.K., Kumar, N.: A more secure and privacy-aware anonymous user authentication scheme for distributed mobile cloud computing environments. Secur. Commun. Netw. 9(17), 4650–4666 (2016)
Liao, Y., He, Y., Li, F., Zhou, S.: Analysis of a mobile payment protocol with outsourced verification in cloud server and the improvement. Comput. Stan. Interfaces 56, 101–106 (2018)
Shin, D.: Towards an understanding of the consumer acceptance of mobile wallet. Comput. Hum. Behav. 25(6), 1343–1354 (2009)
Amoroso, D.L., Watanabe, R.M.: Building a research model for mobile wallet consumer adoption: the case of mobile Suica in Japan. J. Theor. Appl. Electron. Commerce Res. 7(1), 94–110 (2012)
Yu, Y., Mu, Y., Wang, G., Xia, Q., Yang, B.: Improved certificateless signature scheme provably secure in the standard model. IET Inf. Secur. 6(2), 102–110 (2012)
Xiong, H.: Cost-effective scalable and anonymous certificateless remote authentication protocol. IEEE Trans. Inf. Forensics Secur. 9(12), 2327–2339 (2014)
Coskun, V., Ozdenizci, B., Ok, K.: A survey on near field communication (NFC) technology. Wirel. Pers. Commun. 71(3), 2259–2294 (2013)
Luo, Y., Fu, S., Huang, K., Wang, D., Xu, M.: Securely outsourcing of bilinear pairings with untrusted servers for cloud storage. In: Trustcom/BIGDATASE/ISPA, IEEE 2016, Tianjin, pp. 623–629. IEEE (2016)
Dutta, R., Barua, R., Sarkar, P.: Pairing-based cryptography: a survey. Cryptology ePrint Archive, Report 2004/064 (2004)
Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_28
Chen, H.B., Chen, T.H., Lee, W.B., Chang, C.C.: Security enhancement for a three-party encrypted key exchange protocol against undetectable on-line password guessing attacks. Comput. Stan. Interfaces 30(1–2), 95–99 (2008)
Islam, S.K.: Provably secure dynamic identity-based three-factor password authentication scheme using extended chaotic maps. Nonlinear Dyn. 78(3), 2261–2276 (2014)
Islam, S.K., Khan, M.K., Obaidat, M.S., Muhaya, F.: Provably secure and anonymous password authentication protocol for roaming service in global mobility networks using extended chaotic maps. Wirel. Pers. Commun. 84(3), 2013–2034 (2015)
Islam, S.K., Amin, R., Biswas, G.P., Farash, M.S., Li, X., Kumari, S.: An improved three party authenticated key exchange protocol using hash function and elliptic curve cryptography for mobile-commerce environments. J. King Saud Univ.-Comput. Inf. Sci. 29(3), 311–324 (2017)
Sadhukhan, D., Ray, S.: Cryptanalysis of an elliptic curve cryptography based lightweight authentication scheme for smart grid communication. In: 2018 IEEE 4th International Conference on Recent Advances in Information Technology (RAIT), Dhanbad, pp. 1–6. IEEE (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Tribedi, D., Sadhukhan, D., Ray, S. (2019). Cryptanalysis of a Secure and Privacy Preserving Mobile Wallet Scheme with Outsourced Verification in Cloud Computing. In: Mandal, J., Mukhopadhyay, S., Dutta, P., Dasgupta, K. (eds) Computational Intelligence, Communications, and Business Analytics. CICBA 2018. Communications in Computer and Information Science, vol 1031. Springer, Singapore. https://doi.org/10.1007/978-981-13-8581-0_33
Download citation
DOI: https://doi.org/10.1007/978-981-13-8581-0_33
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-8580-3
Online ISBN: 978-981-13-8581-0
eBook Packages: Computer ScienceComputer Science (R0)