Abstract
Rapid growth of global wearable device market within the last 5 years shows the tremendous interest of modern society on environmental sensing technology to develop intelligent and convenient services for human beings. Wearable devices like smart watch and intelligent eyeglasses have been successfully deployed or associated to various application domains such as gamification of healthcare, real time location identification, mobile online games and health indicator monitoring. The idea of incorporating micropayment capability within wearable device has become a hot issue along with the market growth of wearable devices. Security strength, performance efficiency and deployment cost are the three major factors to develop a user-friendly wearable-device-oriented micropayment environment. As almost all wearable devices with screen display including smart watches and smartphones manufactured in recent years are equipped with Bluetooth communication module as a default deployment model; a Bluetooth-based authentication frontend is a reasonable choice for a user-friendly wearable-device-oriented micropayment system in terms of the reduction of system deployment cost. In this paper, a robust and lightweight BLE-based authentication protocol to support wearable-device-oriented micropayment system is proposed. The proposed authentication protocol generates unique and secure session key for each communicating session utilizing Physical Unclonable Function. Security analysis is conducted to evaluate security strength of the proposed protocol. Performance comparison among existing protocols shows that the proposed protocol is superior to other solutions.
Similar content being viewed by others
References
Ahonen, P., & Savola, R. (2005). Security threats to mobile service development in the age of digital convergence. In EUROCON 2005—the international conference on computer as a tool, vol. 2, pp. 1052–1055. https://doi.org/10.1109/EURCON.2005.1630130.
Akram, R. N., Markantonakis, K., & Mayes, K. (2011). User centric security model for tamper-resistant devices. In Proceedings—2011 IEEE 8th international conference on E-business engineering, pp. 168–177. https://doi.org/10.1109/ICEBE.2011.69.
Al Asar Tech Co. Ltd. Customizable bluetooth jammer. Retrieved March 8, 2018, from http://www.alasartech.cn/Product-Details?product_id=173.
Alahakone, A. U., Senanayake, S. M. N. A., & Senanayake, C. M. (2010). Smart wearable device for real time gait event detection during running. In Proceedings—2010 IEEE Asia Pacific conference on circuits and systems, pp. 612–615. https://doi.org/10.1109/APCCAS.2010.5774975.
Atzori, L., Iera, A., & Morabito, G. (2010). The internet of things: A survey. Computer Networks, 54, 2787–2805. https://doi.org/10.1016/j.comnet.2010.05.010.
Bai, Q. H. (2012). Comparative research on two kinds of certification system of the public key infrastructure (PKI) and the identity based encryption (IBE). CSQRWC, 2012, 147–150. https://doi.org/10.1109/CSQRWC.2012.6294997.
Barnickel, J., Wang, J., & Meyer, U. (2012). Implementing an attack on bluetooth 2.1+ secure simple pairing in passkey entry mode. In Proceedings—2012 IEEE 11th international conference on trust, security and privacy in computing and communications, pp. 17–24. https://doi.org/10.1109/TrustCom.2012.182.
Beckmann, N., & Potkonjak, M. (2009). Hardware-based public-key cryptography with public physically unclonable functions. In Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics), pp. 206–220. https://doi.org/10.1007/978-3-642-04431-1_15.
Bluetooth SIG. (2014). Specification of the bluetooth system: Core package version 4.2. Retrieved July 14, 2017, from https://www.bluetooth.org/DocMan/handlers/DownloadDoc.ashx?doc_id=286439.
Dementyev, A., Hodges, S., Taylor, S., & Smith, J. (2013). Power consumption analysis of bluetooth low energy, zigbee, and ANT sensor nodes in a cyclic sleep scenario. In Proceedings—2013 IEEE international wireless symposium (IWS), pp. 1–4. https://doi.org/10.1109/IEEE-IWS.2013.6616827.
Diallo, A. S., Al-Khateeb, W. F. M., Olanrewaju, R. F., & Sado, F. (2014). A secure authentication scheme for bluetooth connection. In Proceedings—2014 international conference on computer and communication engineering, pp. 60–63. https://doi.org/10.1109/ICCCE.2014.29.
Dittmar, A., Meffre, R., De Oliveira, F., Gehin, C., & Delhomme, G. (2005). Wearable medical devices using textile and flexible technologies for ambulatory monitoring. In Proceedings—2005 IEEE engineering in medicine and biology 27th annual conference, pp. 7161–7164. https://doi.org/10.1109/IEMBS.2005.1616159.
Fan, C. I., Liang, Y. K., & Wu, C. N. (2011). An anonymous fair offline micropayment scheme. In International conference on information society (i-Society 2011), pp. 377–381.
Fan, K., Li, H., Jiang, W., Xiao, C., & Yang, Y. (2018). Secure authentication protocol for mobile payment. Tsinghua Science and Technology, 23, 610–620.
Handschuh, H., Schrijen, G. J., & Tuyls, P. (2010). Hardware intrinsic security from physically unclonable functions. In Information security and cryptography, pp. 39–53. https://doi.org/10.1007/978-3-642-14452-3_2.
He, D., Kumar, N., Lee, J. H., & Sherratt, R. (2014). Enhanced three-factor security protocol for consumer USB mass storage devices. IEEE Transactions on Consumer Electronics, 60, 30–37. https://doi.org/10.1109/TCE.2014.6780922.
He, D., Kumar, N., & Lee, J. H. (2015). Secure pseudonym-based near field communication protocol for the consumer internet of things. IEEE Transactions on Consumer Electronics, 61, 56–62. https://doi.org/10.1109/TCE.2015.7064111.
Herder, C., Yu, M. D., Koushanfar, F., & Devadas, S. (2014). Physical unclonable functions and applications: A tutorial. Proceedings of the IEEE, 102, 1126–1141. https://doi.org/10.1109/JPROC.2014.2320516.
Kadhiwal, S., & Zulfiquar, M. (2007). Analysis of mobile payment security measures and different standards. Computer Fraud and Security, 2007(6), 12–16. https://doi.org/10.1016/S1361-3723(07)70077-5.
Khan, M. F. F., & Sakamura, K. (2015). Tamper-resistant security for cyber-physical systems with eTRON architecture. In Proceedings—2015 IEEE international conference on data science and data intensive systems, pp. 196–203. https://doi.org/10.1109/DSDIS.2015.98.
Liu, Y., Zhao, Q., Liu, G., Chang, L., & Shen, J. (2017). A fairness-enhanced micropayment scheme. Wireless Personal Communications,. https://doi.org/10.1007/s11277-016-3740-8.
Madhoun, N. E., Guenane, F., & Pujolle, G. (2016). An online security protocol for NFC payment: Formally analyzed by the Scyther tool. In Proceedings—2016 second international conference on mobile and secure services (MobiSecServ), pp. 1–7. https://doi.org/10.1109/MOBISECSERV.2016.7440225.
Madhoun, N. E., & Pujolle, G. (2016). A secure cloud-based NFC payment architecture for small traders. In 2016 3rd smart cloud networks and systems (SCNS), pp. 1–6. Retrieved April 30, 2019, from http://ieeexplore.ieee.org/document/7870562/.
Maiti, A., Kim, I., & Schaumont, P. (2012). A robust physical unclonable function with enhanced challenge-response set. IEEE Transactions on Information Forensics and Security, 7, 333–345. https://doi.org/10.1109/TIFS.2011.2165540.
Maurya, P. K., & Bagchi, S. (2018). A secure PUF-based unilateral authentication scheme for RFID system. Wireless Personal Communications, 103(2), 1699–1712. https://doi.org/10.1007/s11277-018-5875-2.
Me, G., & Strangio, M. A. (2005). EC-PAY: An efficient and secure ECC-based wireless local payment scheme. In Proceedings—3rd international conference on information technology and applications (ICITA 2005), vol. II, pp. 442–447. https://doi.org/10.1109/ICITA.2005.122.
Miorandi, D., Sicari, S., De Pellegrini, F., & Chlamtac, I. (2015). Internet of things: Vision, applications, and research challenges. Ad Hoc Networks, 10, 1497–1516. https://doi.org/10.1016/j.adhoc.2012.02.016.
Nashwan, S. (2017). Secure authentication protocol for NFC mobile payment systems. International Journal of Computer Science and Network Security, 17(8), 256–263.
Patel, R., Kunche, A., Mishra, N., Bhaiyat, Z., & Joshi, P. R. (2015). Paytooth—a cashless mobile payment system based on bluetooth. International Journal of Computer Applications, 120, 38–43. https://doi.org/10.5120/21412-4450.
Pereira, G. C. C. F., Alves, R. C. A., da Silva, F. L., Azevedo, R. M., Albertini, B. C., & Margi, C. B. (2017). Performance evaluation of cryptographic algorithms over IoT platforms and operating systems. Security and Communication Networks, 2017, 1–16. https://doi.org/10.1155/2017/2046735.
Ravi, S., Raghunathan, A., & Chakradhar, S. (2004). Tamper resistance mechanisms for secure embedded systems. In 17th international conference on VLSI design proceedings, pp. 605–611. https://doi.org/10.1109/ICVD.2004.1260985.
Saravanan, K., & Yuvaraj, D. (2010). A new secure mechanism for bluetooth network. In 2010 the 2nd international conference on computer and automation engineering (ICCAE), pp. 202–205. https://doi.org/10.1109/ICCAE.2010.5451967.
Shim, K. A. (2016). A survey of public-key cryptographic primitives in wireless sensor networks. IEEE Communications Surveys and Tutorials, 18, 577–601. https://doi.org/10.1109/COMST.2015.2459691.
Singh Tanwar, G., Singh, G., & Gaur, V. (2010). Secured encryption—concept and challenge. International Journal of Computer Applications, 2, 89–94.
Thammarat, C., Chokngamwong, R., Techapanupreeda, C., & Kungpisdan, S. (2015). A secure lightweight protocol for NFC communications with mutual authentication based on limited-use of session keys. In 2015 international conference on information networking (ICOIN), pp. 133–138. Retrieved April 30, 2019, from http://ieeexplore.ieee.org/document/7057870/.
Weik, M. H. (2000). Closed system. In Computer science and communication dictionary, pp. 222. https://doi.org/10.1007/1-4020-0613-6_2792.
Wu, T. (1998). The secure remote password protocol. Retrieved May 4, 2019, from https://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.81.7567.
Xu, J., Zhang, T., Lin, D., Mao, Y., Liu, X., Chen, S., Shao, S., Tian, B., & Yi, S. (2013). Pairing and authentication security technologies in low-power bluetooth. In 2013 IEEE international conference on green computing and communications and IEEE internet of things and IEEE cyber, physical and social computing, pp. 1081–1085. https://doi.org/10.1109/GreenCom-iThings-CPSCom.2013.185.
Yeh, K. H., Su, C. H., Choo, K. K. R., & Chiu, W. (2017). A novel certificateless signature scheme for smart objects in the internet-of-things. Sensors, 17, 1001. https://doi.org/10.3390/s17051001.
Yohan, A., Lo, N. W., & Winata, D. (2018). An Indoor positioning-based mobile payment system using bluetooth low energy technology. Sensors, 18, 974. https://doi.org/10.3390/s18040974.
Zolfaghar, K., & Mohammadi, S. (2009). Securing bluetooth-based payment system using honeypot. In 2009 international conference on innovations in information technology (IIT), pp. 21–25. https://doi.org/10.1109/IIT.2009.5413764.
Acknowledgements
The authors gratefully acknowledge the support from TWISC and Ministry of Science and Technology, Taiwan, under the Grant Numbers MOST 108-2221-E-011-063, MOST 108-2221-E-011-065, and MOST 108-2218-E-011-021.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Lo, NW., Yohan, A. BLE-Based Authentication Protocol for Micropayment Using Wearable Device. Wireless Pers Commun 112, 2351–2372 (2020). https://doi.org/10.1007/s11277-020-07153-0
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-020-07153-0