Skip to main content
SpringerLink
Log in

A lightweight secure mobile Payment protocol for vehicular ad-hoc networks (VANETs)

  • Published:
Electronic Commerce Research Aims and scope Submit manuscript

Abstract

In the last few years, many value-added applications (such as Payment services) in Vehicular Ad hoc NETworks (VANETs) have emerged. Although these applications offer great business opportunities they also introduce new concerns regarding security and privacy. Moreover, the wide range of scenarios (with or without connectivity restrictions) arising from vehicle-to-vehicle and vehicle-to-roadside communications have opened up new security challenges which must be considered by Payment system designers to achieve the same security capabilities independent of the scenario where Payment occurs. We designed and implemented a lightweight (using symmetric-key operations which requires low computational power) secure Payment protocol for those scenarios in VANETs and other mobile environments where the Merchant cannot communicate directly with the Acquirer (the Merchant’s financial institution) to process the Payment Request. We also present practical performance results that can be achieved with the proposed Payment protocol.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

Notes

  1. An Application Unit may use the OBU’s communication capabilities and can be an integrated part of a vehicle (permanently connected to an OBU) or could be a portable device such as a Personal Digital Assistant (PDA), a mobile phone or a gaming device that can dynamically attach to and detach from an OBU [9].

  2. The BigInteger class is a library available in JAVA which allows the representation of very large numbers.

  3. The internal memory available in a Nokia™ N95 mobile phone is 163840 Kilobytes.

References

  1. Abad Peiro, J. L., Asokan, N., Steiner, M., & Waidner, M. (1997). Designing a generic payment service. IBM Systems Journal, 37(1), 72–88.

    Article  Google Scholar 

  2. Asokan, N. (1994). Anonymity in mobile computing environment. In Workshop on mobile computing systems and applications (pp. 200–2004).

    Chapter  Google Scholar 

  3. Bakhtiari, S., Baraani, A., & Khayyambashi, M.-R. (2009). MobiCash: a new anonymous mobile payment system implemented by elliptic curve cryptography. In WRI world congress on computer science and information engineering (pp. 286–290).

    Chapter  Google Scholar 

  4. Bellare, M., & Rogaway, P. (1993). Entity authentication and key distribution. In Advances in cryptology (CRYPTO’93) (pp. 232–249).

    Google Scholar 

  5. Bellare, M., Garay, J., Hauser, R., Herzberg, A., Krawczyk, H., Steiner, M., Tsudik, G., Van Herreweghen, Els., & Waidner, M. (2000). Design, implementation and deployment of the iKP secure electronic payment system. IEEE Journal on Selected Areas in Communication, 18(4), 611–627.

    Article  Google Scholar 

  6. Bellare, M. (2006). New proofs for NMAC and HMAC: security without collision-resistance. In The 26th annual international cryptology conference (Crypto 2006) (pp. 602–619).

    Google Scholar 

  7. The Legion of the Bouncy Castle (2008). The Legion of the Bouncy Castle Java cryptography APIs version 1.4. http://www.bouncycastle.org/.

  8. Buccafurri, F., & Lax, G. (2011). Implementing disposable credit card numbers by mobile phones. Electronic Commerce Research, 11(3), 271–296.

    Article  Google Scholar 

  9. Car2Car Communication Consortium (2007). Overview of the C2C-CC System (Technical Report version 1.0).

  10. Chari, S., Kermani, P., Smith, S., & Tassiulas, L. (2001). Security issues in M-commerce: a usage-based taxonomy. In E-commerce agents (pp. 264–282).

    Chapter  Google Scholar 

  11. Ford, W. (1995). Advances in public-key certificate standards. ACM SIGSAC Review, 13(3), 9–15.

    Article  Google Scholar 

  12. Gao, J., Kulkarni, V., Ranavat, V., Chang, L., & Mei, H. (2009). A 2D barcode-based mobile payment system. In Third international conference on multimedia and ubiquitous engineering (MUE 2009) (pp. 320–329).

    Chapter  Google Scholar 

  13. Hall, J. J., Kilbank, S., Barbeu, M., & Kranakis, E. (2001). WPP: a secure payment protocol for supporting credit- and debit-card transactions over wireless networks. In International conference on telecommunications (ICT 2001).

    Google Scholar 

  14. Hassinen, M., Hyppönen, K., & Haatajam, K. (2006). An open, PKI-based mobile payment system. In International conference on emerging trends in information and communication security (ETRICS’2006) (pp. 86–100).

    Chapter  Google Scholar 

  15. Housley, R., Ford, W., Polk, W., & Solo, D. (1999). Internet X.509 public key infrastructure certificate and CRL profile, IETF RFC2459.

  16. Hu, Z., Liu, Y., Hu, X., & Li, J. (2004). Anonymous micropayments authentication (AMA) in mobile data network. In 23rd annual joint conference of the IEEE computer and communications societies (IEEE INFOCOM) (pp. 46–53).

    Google Scholar 

  17. Hwang, R., Su, F., & Huang, L. (2007). Fast firmware implementation of RSA-like security protocol for mobile devices. Wireless Personal Communications, 42(2), 213–223.

    Article  Google Scholar 

  18. Krawczyk, H., Bellare, M., & Canetti, R. (1997). HMAC: Keyed-hashing for message authentication, RFC 2104.

  19. Menezes, A. J., Van Oorschot, P. C., & Vanstone, S. A. (1997). Handbook of applied cryptography. Boca Raton: CRC Press.

    Google Scholar 

  20. NIST (1999). FIPS PUB 46-3 Data Encryption Standard (DES). http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf.

  21. NIST (2001). FIPS PUB 197 Advance Encryption Standard (AES). http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.

  22. Sun Microsystem (2008). Java platform, Micro Edition (Java ME), API specification. http://java.sun.com/javame/index.jsp.

  23. Sun Microsystem (2008). Java platform, Micro Edition (Java SE) v 1.6.0, API specification. http://java.sun.com/javase/index.jsp.

  24. Juntao, M. (2003). Enterprise J2ME: developing mobile java applications. New York: Prentice Hall.

    Google Scholar 

  25. Xi, K., Ahmad, T., Han, F., & Hu, J. (2010). A fingerprint based bio-cryptographic security protocol designed for client/server authentication in mobile computing environment. Security and Communication Networks, 4(5), 487–499.

    Article  Google Scholar 

  26. Kohl, J., & Neuman, B. C. (1993). The Kerberos network authentication service (Version 5), IETF RFC1510.

  27. Kungpisdan, S., Srinivasan, B., & Dung Le, P. (2004). A secure account-based mobile payment protocol. In International conference on information technology: coding and computing (ITCC’04) (pp. 35–39).

    Chapter  Google Scholar 

  28. Tiong, B., Kungpisdan, S., & Dung Le, P. (2004). KSL protocol: design and implementation. In IEEE conference on cybernetics and intelligent systems (pp. 544–549).

    Google Scholar 

  29. Lei, Y., Chen, D., & Jiang, Z. (2004). Generating digital signatures on mobile devices. In 18th international conference on advanced information networking and applications (AINA’04) (pp. 532–535).

    Google Scholar 

  30. Misra, S., & Wickamasinghe, N. (2004). Security of a mobile transaction: a trust model. Electronic Commerce Research, 4(4), 359–372.

    Article  Google Scholar 

  31. Martinez-Pelaez, R., Rico-Novella, F. J., & Satizaba, C. (2010). Study of mobile payment protocols and its performance evaluation on mobile devices. International Journal of Information Technology and Management, 9(3), 337–356.

    Article  Google Scholar 

  32. Mishra, B., Nayak, P., Behera, S., & Jena, D. (2011). Security in vehicular ad hoc networks: a survey. In Proceedings of the 2011 international conference on communication, computing & security (ICCCS 2011) (pp. 590–595).

    Google Scholar 

  33. Neuman, B. C., & Tso, T. (1994). Kerberos: an authentication service for computer networks. IEEE Communications, 32(9), 33–38.

    Article  Google Scholar 

  34. Papadimitratos, P., Kung, A., Hubaux, J.-P., & Kargl, F. (2006). Privacy and identity management for vehicular communication systems: a position paper. In Workshop on standards for privacy in user-centric identity management.

    Google Scholar 

  35. Ratha, N. K., Connell, J. H., & Bolle, R. M. (2001). Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal, 40(3), 614–634.

    Article  Google Scholar 

  36. Raya, M., & Hubaux, J.-P. (2005). The security of vehicular ad hoc networks. In 3rd ACM workshop on security of ad hoc and sensor networks (SASN’05) (pp. 11–21).

    Chapter  Google Scholar 

  37. Sanchez-Avila, C., & Sanchez-Reillol, R. (2001). The Rijndael block cipher (AES proposal): a comparison with DES. In 35th IEEE international Carnahan conference on security technology (pp. 229–234).

    Google Scholar 

  38. Samara, G., Al-Salihy, W., & Sures, R. (2010). Security analysis of vehicular ad hoc networks (VANET). In Second international conference on network applications, protocols and services (pp. 55–60).

    Chapter  Google Scholar 

  39. Shin, K., Choi, H., & Jeong, J. (2009). A practical security framework for a VANET-based entertainment service. In Proceedings of the 4th ACM workshop on performance monitoring and measurement of heterogeneous wireless and wired networks (PM2HW2N 2009) (pp. 175–182).

    Chapter  Google Scholar 

  40. Shuai, F., You, J., & Li, Z. (2010). Research on symmetric key-based mobile payment protocol security. In IEEE international conference on information theory and information security (ICITIS 2010) (pp. 340–344).

    Chapter  Google Scholar 

  41. Téllez, J., Sierra, J., Izquierdo, A., & Torres, J. (2006). Anonymous payment in a kiosk centric model using digital signature scheme with message recovery and low computational power devices. Journal of Theoretical and Applied Electronic Commerce Research, 1(2), 1–11.

    Google Scholar 

  42. Téllez, J., & Sierra, J. (2007). A secure payment protocol for restricted connectivity scenarios in m-commerce, EC-Web (pp. 1–10).

  43. Téllez, J., Sierra, J., Zeadally, S., & Torres, J. (2008). A secure vehicle-to-roadside communication payment protocol in vehicular ad hoc networks. Computer Communications, 31(10), 2478–2484.

    Article  Google Scholar 

  44. Téllez, J., Zeadally, S., & Sierra, J. (2010). Implementation and performance evaluation of a payment protocol for vehicular ad hoc networks. Electronic Commerce Research, 10(2), 209–233.

    Article  Google Scholar 

  45. Téllez, J., Zeadally, S., & Sierra, J. (2010). Security attacks and solutions for vehicular ad hoc networks. IET Communications, 4(7), 894–903.

    Article  Google Scholar 

  46. Tufail, A., Fraser, M., Hammad, A., Kim Ki, H., & Seung-Wha, Y. (2008). An empirical study to analyze the feasibility of WIFI for VANETs. In 12th international conference on computer supported cooperative work in design (CSCWD 2008) (pp. 553–558).

    Chapter  Google Scholar 

  47. Vincent, O., Folorunso, O., & Akinde, A. (2010). Improving e-payment security using elliptic curve cryptosystem. Electronic Commerce Research, 10(1), 27–41.

    Article  Google Scholar 

  48. Wang, H., & Kranakis, E. (2003). Secure wireless payment protocol. In International conference on wireless networks (pp. 576–582).

    Google Scholar 

  49. Wang, X., & Cui, N. (2009). Research of security mobile payment protocol in communication restrictions scenarios. In 2009 international conference on computational intelligence and security (pp. 213–217).

    Chapter  Google Scholar 

  50. Wu, X., Dandash, O., Dung Le, P., & Srinivasan, B. (2006). The design and implementation of a wireless payment system. In First international conference on communication system software and middleware (Comsware 2006) (pp. 1–5).

    Google Scholar 

  51. Yousefi, S., Mousavi, M., & Fathy, M. (2006). Vehicular ad hoc networks (VANETs): challenges and perspectives. In 6th international conference on ITS telecommunications (pp. 761–766).

    Chapter  Google Scholar 

Download references

Acknowledgements

We thank the anonymous reviewers for their constructive suggestions and remarks which helped to improve the quality and presentation of this paper.

Author information

Authors and Affiliations

  1. Computer Science Department (Facyt), Universidad de Carabobo, Av. Universidad, Sector Bárbula, Valencia, Venezuela

    Jesús Téllez Isaac

  2. Department of Computer Science and Information Technology, University of the District of Columbia, Washington, DC, 20008, USA

    Sherali Zeadally

  3. Computer Science Department, Universidad Carlos III de Madrid, Avda. de la Universidad, 30, 28911, Leganés (Madrid), Spain

    José Sierra Cámara

Authors
  1. Jesús Téllez Isaac
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sherali Zeadally
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. José Sierra Cámara
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sherali Zeadally.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Isaac, J.T., Zeadally, S. & Cámara, J.S. A lightweight secure mobile Payment protocol for vehicular ad-hoc networks (VANETs). Electron Commer Res 12, 97–123 (2012). https://doi.org/10.1007/s10660-011-9086-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10660-011-9086-0

Keywords

Search

Navigation