Abstract
In the last few years, many value-added applications (such as Payment services) in Vehicular Ad hoc NETworks (VANETs) have emerged. Although these applications offer great business opportunities they also introduce new concerns regarding security and privacy. Moreover, the wide range of scenarios (with or without connectivity restrictions) arising from vehicle-to-vehicle and vehicle-to-roadside communications have opened up new security challenges which must be considered by Payment system designers to achieve the same security capabilities independent of the scenario where Payment occurs. We designed and implemented a lightweight (using symmetric-key operations which requires low computational power) secure Payment protocol for those scenarios in VANETs and other mobile environments where the Merchant cannot communicate directly with the Acquirer (the Merchant’s financial institution) to process the Payment Request. We also present practical performance results that can be achieved with the proposed Payment protocol.
Similar content being viewed by others
Notes
An Application Unit may use the OBU’s communication capabilities and can be an integrated part of a vehicle (permanently connected to an OBU) or could be a portable device such as a Personal Digital Assistant (PDA), a mobile phone or a gaming device that can dynamically attach to and detach from an OBU [9].
The BigInteger class is a library available in JAVA which allows the representation of very large numbers.
The internal memory available in a Nokia™ N95 mobile phone is 163840 Kilobytes.
References
Abad Peiro, J. L., Asokan, N., Steiner, M., & Waidner, M. (1997). Designing a generic payment service. IBM Systems Journal, 37(1), 72–88.
Asokan, N. (1994). Anonymity in mobile computing environment. In Workshop on mobile computing systems and applications (pp. 200–2004).
Bakhtiari, S., Baraani, A., & Khayyambashi, M.-R. (2009). MobiCash: a new anonymous mobile payment system implemented by elliptic curve cryptography. In WRI world congress on computer science and information engineering (pp. 286–290).
Bellare, M., & Rogaway, P. (1993). Entity authentication and key distribution. In Advances in cryptology (CRYPTO’93) (pp. 232–249).
Bellare, M., Garay, J., Hauser, R., Herzberg, A., Krawczyk, H., Steiner, M., Tsudik, G., Van Herreweghen, Els., & Waidner, M. (2000). Design, implementation and deployment of the iKP secure electronic payment system. IEEE Journal on Selected Areas in Communication, 18(4), 611–627.
Bellare, M. (2006). New proofs for NMAC and HMAC: security without collision-resistance. In The 26th annual international cryptology conference (Crypto 2006) (pp. 602–619).
The Legion of the Bouncy Castle (2008). The Legion of the Bouncy Castle Java cryptography APIs version 1.4. http://www.bouncycastle.org/.
Buccafurri, F., & Lax, G. (2011). Implementing disposable credit card numbers by mobile phones. Electronic Commerce Research, 11(3), 271–296.
Car2Car Communication Consortium (2007). Overview of the C2C-CC System (Technical Report version 1.0).
Chari, S., Kermani, P., Smith, S., & Tassiulas, L. (2001). Security issues in M-commerce: a usage-based taxonomy. In E-commerce agents (pp. 264–282).
Ford, W. (1995). Advances in public-key certificate standards. ACM SIGSAC Review, 13(3), 9–15.
Gao, J., Kulkarni, V., Ranavat, V., Chang, L., & Mei, H. (2009). A 2D barcode-based mobile payment system. In Third international conference on multimedia and ubiquitous engineering (MUE 2009) (pp. 320–329).
Hall, J. J., Kilbank, S., Barbeu, M., & Kranakis, E. (2001). WPP: a secure payment protocol for supporting credit- and debit-card transactions over wireless networks. In International conference on telecommunications (ICT 2001).
Hassinen, M., Hyppönen, K., & Haatajam, K. (2006). An open, PKI-based mobile payment system. In International conference on emerging trends in information and communication security (ETRICS’2006) (pp. 86–100).
Housley, R., Ford, W., Polk, W., & Solo, D. (1999). Internet X.509 public key infrastructure certificate and CRL profile, IETF RFC2459.
Hu, Z., Liu, Y., Hu, X., & Li, J. (2004). Anonymous micropayments authentication (AMA) in mobile data network. In 23rd annual joint conference of the IEEE computer and communications societies (IEEE INFOCOM) (pp. 46–53).
Hwang, R., Su, F., & Huang, L. (2007). Fast firmware implementation of RSA-like security protocol for mobile devices. Wireless Personal Communications, 42(2), 213–223.
Krawczyk, H., Bellare, M., & Canetti, R. (1997). HMAC: Keyed-hashing for message authentication, RFC 2104.
Menezes, A. J., Van Oorschot, P. C., & Vanstone, S. A. (1997). Handbook of applied cryptography. Boca Raton: CRC Press.
NIST (1999). FIPS PUB 46-3 Data Encryption Standard (DES). http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf.
NIST (2001). FIPS PUB 197 Advance Encryption Standard (AES). http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.
Sun Microsystem (2008). Java platform, Micro Edition (Java ME), API specification. http://java.sun.com/javame/index.jsp.
Sun Microsystem (2008). Java platform, Micro Edition (Java SE) v 1.6.0, API specification. http://java.sun.com/javase/index.jsp.
Juntao, M. (2003). Enterprise J2ME: developing mobile java applications. New York: Prentice Hall.
Xi, K., Ahmad, T., Han, F., & Hu, J. (2010). A fingerprint based bio-cryptographic security protocol designed for client/server authentication in mobile computing environment. Security and Communication Networks, 4(5), 487–499.
Kohl, J., & Neuman, B. C. (1993). The Kerberos network authentication service (Version 5), IETF RFC1510.
Kungpisdan, S., Srinivasan, B., & Dung Le, P. (2004). A secure account-based mobile payment protocol. In International conference on information technology: coding and computing (ITCC’04) (pp. 35–39).
Tiong, B., Kungpisdan, S., & Dung Le, P. (2004). KSL protocol: design and implementation. In IEEE conference on cybernetics and intelligent systems (pp. 544–549).
Lei, Y., Chen, D., & Jiang, Z. (2004). Generating digital signatures on mobile devices. In 18th international conference on advanced information networking and applications (AINA’04) (pp. 532–535).
Misra, S., & Wickamasinghe, N. (2004). Security of a mobile transaction: a trust model. Electronic Commerce Research, 4(4), 359–372.
Martinez-Pelaez, R., Rico-Novella, F. J., & Satizaba, C. (2010). Study of mobile payment protocols and its performance evaluation on mobile devices. International Journal of Information Technology and Management, 9(3), 337–356.
Mishra, B., Nayak, P., Behera, S., & Jena, D. (2011). Security in vehicular ad hoc networks: a survey. In Proceedings of the 2011 international conference on communication, computing & security (ICCCS 2011) (pp. 590–595).
Neuman, B. C., & Tso, T. (1994). Kerberos: an authentication service for computer networks. IEEE Communications, 32(9), 33–38.
Papadimitratos, P., Kung, A., Hubaux, J.-P., & Kargl, F. (2006). Privacy and identity management for vehicular communication systems: a position paper. In Workshop on standards for privacy in user-centric identity management.
Ratha, N. K., Connell, J. H., & Bolle, R. M. (2001). Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal, 40(3), 614–634.
Raya, M., & Hubaux, J.-P. (2005). The security of vehicular ad hoc networks. In 3rd ACM workshop on security of ad hoc and sensor networks (SASN’05) (pp. 11–21).
Sanchez-Avila, C., & Sanchez-Reillol, R. (2001). The Rijndael block cipher (AES proposal): a comparison with DES. In 35th IEEE international Carnahan conference on security technology (pp. 229–234).
Samara, G., Al-Salihy, W., & Sures, R. (2010). Security analysis of vehicular ad hoc networks (VANET). In Second international conference on network applications, protocols and services (pp. 55–60).
Shin, K., Choi, H., & Jeong, J. (2009). A practical security framework for a VANET-based entertainment service. In Proceedings of the 4th ACM workshop on performance monitoring and measurement of heterogeneous wireless and wired networks (PM2HW2N 2009) (pp. 175–182).
Shuai, F., You, J., & Li, Z. (2010). Research on symmetric key-based mobile payment protocol security. In IEEE international conference on information theory and information security (ICITIS 2010) (pp. 340–344).
Téllez, J., Sierra, J., Izquierdo, A., & Torres, J. (2006). Anonymous payment in a kiosk centric model using digital signature scheme with message recovery and low computational power devices. Journal of Theoretical and Applied Electronic Commerce Research, 1(2), 1–11.
Téllez, J., & Sierra, J. (2007). A secure payment protocol for restricted connectivity scenarios in m-commerce, EC-Web (pp. 1–10).
Téllez, J., Sierra, J., Zeadally, S., & Torres, J. (2008). A secure vehicle-to-roadside communication payment protocol in vehicular ad hoc networks. Computer Communications, 31(10), 2478–2484.
Téllez, J., Zeadally, S., & Sierra, J. (2010). Implementation and performance evaluation of a payment protocol for vehicular ad hoc networks. Electronic Commerce Research, 10(2), 209–233.
Téllez, J., Zeadally, S., & Sierra, J. (2010). Security attacks and solutions for vehicular ad hoc networks. IET Communications, 4(7), 894–903.
Tufail, A., Fraser, M., Hammad, A., Kim Ki, H., & Seung-Wha, Y. (2008). An empirical study to analyze the feasibility of WIFI for VANETs. In 12th international conference on computer supported cooperative work in design (CSCWD 2008) (pp. 553–558).
Vincent, O., Folorunso, O., & Akinde, A. (2010). Improving e-payment security using elliptic curve cryptosystem. Electronic Commerce Research, 10(1), 27–41.
Wang, H., & Kranakis, E. (2003). Secure wireless payment protocol. In International conference on wireless networks (pp. 576–582).
Wang, X., & Cui, N. (2009). Research of security mobile payment protocol in communication restrictions scenarios. In 2009 international conference on computational intelligence and security (pp. 213–217).
Wu, X., Dandash, O., Dung Le, P., & Srinivasan, B. (2006). The design and implementation of a wireless payment system. In First international conference on communication system software and middleware (Comsware 2006) (pp. 1–5).
Yousefi, S., Mousavi, M., & Fathy, M. (2006). Vehicular ad hoc networks (VANETs): challenges and perspectives. In 6th international conference on ITS telecommunications (pp. 761–766).
Acknowledgements
We thank the anonymous reviewers for their constructive suggestions and remarks which helped to improve the quality and presentation of this paper.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Isaac, J.T., Zeadally, S. & Cámara, J.S. A lightweight secure mobile Payment protocol for vehicular ad-hoc networks (VANETs). Electron Commer Res 12, 97–123 (2012). https://doi.org/10.1007/s10660-011-9086-0
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10660-011-9086-0