Skip to main content
SpringerLink
Log in

BLE-Based Authentication Protocol for Micropayment Using Wearable Device

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Rapid growth of global wearable device market within the last 5 years shows the tremendous interest of modern society on environmental sensing technology to develop intelligent and convenient services for human beings. Wearable devices like smart watch and intelligent eyeglasses have been successfully deployed or associated to various application domains such as gamification of healthcare, real time location identification, mobile online games and health indicator monitoring. The idea of incorporating micropayment capability within wearable device has become a hot issue along with the market growth of wearable devices. Security strength, performance efficiency and deployment cost are the three major factors to develop a user-friendly wearable-device-oriented micropayment environment. As almost all wearable devices with screen display including smart watches and smartphones manufactured in recent years are equipped with Bluetooth communication module as a default deployment model; a Bluetooth-based authentication frontend is a reasonable choice for a user-friendly wearable-device-oriented micropayment system in terms of the reduction of system deployment cost. In this paper, a robust and lightweight BLE-based authentication protocol to support wearable-device-oriented micropayment system is proposed. The proposed authentication protocol generates unique and secure session key for each communicating session utilizing Physical Unclonable Function. Security analysis is conducted to evaluate security strength of the proposed protocol. Performance comparison among existing protocols shows that the proposed protocol is superior to other solutions.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Ahonen, P., & Savola, R. (2005). Security threats to mobile service development in the age of digital convergence. In EUROCON 2005—the international conference on computer as a tool, vol. 2, pp. 1052–1055. https://doi.org/10.1109/EURCON.2005.1630130.

  2. Akram, R. N., Markantonakis, K., & Mayes, K. (2011). User centric security model for tamper-resistant devices. In Proceedings—2011 IEEE 8th international conference on E-business engineering, pp. 168–177. https://doi.org/10.1109/ICEBE.2011.69.

  3. Al Asar Tech Co. Ltd. Customizable bluetooth jammer. Retrieved March 8, 2018, from http://www.alasartech.cn/Product-Details?product_id=173.

  4. Alahakone, A. U., Senanayake, S. M. N. A., & Senanayake, C. M. (2010). Smart wearable device for real time gait event detection during running. In Proceedings—2010 IEEE Asia Pacific conference on circuits and systems, pp. 612–615. https://doi.org/10.1109/APCCAS.2010.5774975.

  5. Atzori, L., Iera, A., & Morabito, G. (2010). The internet of things: A survey. Computer Networks, 54, 2787–2805. https://doi.org/10.1016/j.comnet.2010.05.010.

    Article  MATH  Google Scholar 

  6. Bai, Q. H. (2012). Comparative research on two kinds of certification system of the public key infrastructure (PKI) and the identity based encryption (IBE). CSQRWC, 2012, 147–150. https://doi.org/10.1109/CSQRWC.2012.6294997.

    Article  Google Scholar 

  7. Barnickel, J., Wang, J., & Meyer, U. (2012). Implementing an attack on bluetooth 2.1+ secure simple pairing in passkey entry mode. In Proceedings—2012 IEEE 11th international conference on trust, security and privacy in computing and communications, pp. 17–24. https://doi.org/10.1109/TrustCom.2012.182.

  8. Beckmann, N., & Potkonjak, M. (2009). Hardware-based public-key cryptography with public physically unclonable functions. In Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics), pp. 206–220. https://doi.org/10.1007/978-3-642-04431-1_15.

  9. Bluetooth SIG. (2014). Specification of the bluetooth system: Core package version 4.2. Retrieved July 14, 2017, from https://www.bluetooth.org/DocMan/handlers/DownloadDoc.ashx?doc_id=286439.

  10. Dementyev, A., Hodges, S., Taylor, S., & Smith, J. (2013). Power consumption analysis of bluetooth low energy, zigbee, and ANT sensor nodes in a cyclic sleep scenario. In Proceedings—2013 IEEE international wireless symposium (IWS), pp. 1–4. https://doi.org/10.1109/IEEE-IWS.2013.6616827.

  11. Diallo, A. S., Al-Khateeb, W. F. M., Olanrewaju, R. F., & Sado, F. (2014). A secure authentication scheme for bluetooth connection. In Proceedings—2014 international conference on computer and communication engineering, pp. 60–63. https://doi.org/10.1109/ICCCE.2014.29.

  12. Dittmar, A., Meffre, R., De Oliveira, F., Gehin, C., & Delhomme, G. (2005). Wearable medical devices using textile and flexible technologies for ambulatory monitoring. In Proceedings—2005 IEEE engineering in medicine and biology 27th annual conference, pp. 7161–7164. https://doi.org/10.1109/IEMBS.2005.1616159.

  13. Fan, C. I., Liang, Y. K., & Wu, C. N. (2011). An anonymous fair offline micropayment scheme. In International conference on information society (i-Society 2011), pp. 377–381.

  14. Fan, K., Li, H., Jiang, W., Xiao, C., & Yang, Y. (2018). Secure authentication protocol for mobile payment. Tsinghua Science and Technology, 23, 610–620.

    Article  Google Scholar 

  15. Handschuh, H., Schrijen, G. J., & Tuyls, P. (2010). Hardware intrinsic security from physically unclonable functions. In Information security and cryptography, pp. 39–53. https://doi.org/10.1007/978-3-642-14452-3_2.

  16. He, D., Kumar, N., Lee, J. H., & Sherratt, R. (2014). Enhanced three-factor security protocol for consumer USB mass storage devices. IEEE Transactions on Consumer Electronics, 60, 30–37. https://doi.org/10.1109/TCE.2014.6780922.

    Article  Google Scholar 

  17. He, D., Kumar, N., & Lee, J. H. (2015). Secure pseudonym-based near field communication protocol for the consumer internet of things. IEEE Transactions on Consumer Electronics, 61, 56–62. https://doi.org/10.1109/TCE.2015.7064111.

    Article  Google Scholar 

  18. Herder, C., Yu, M. D., Koushanfar, F., & Devadas, S. (2014). Physical unclonable functions and applications: A tutorial. Proceedings of the IEEE, 102, 1126–1141. https://doi.org/10.1109/JPROC.2014.2320516.

    Article  Google Scholar 

  19. Kadhiwal, S., & Zulfiquar, M. (2007). Analysis of mobile payment security measures and different standards. Computer Fraud and Security, 2007(6), 12–16. https://doi.org/10.1016/S1361-3723(07)70077-5.

    Article  Google Scholar 

  20. Khan, M. F. F., & Sakamura, K. (2015). Tamper-resistant security for cyber-physical systems with eTRON architecture. In Proceedings—2015 IEEE international conference on data science and data intensive systems, pp. 196–203. https://doi.org/10.1109/DSDIS.2015.98.

  21. Liu, Y., Zhao, Q., Liu, G., Chang, L., & Shen, J. (2017). A fairness-enhanced micropayment scheme. Wireless Personal Communications,. https://doi.org/10.1007/s11277-016-3740-8.

    Article  Google Scholar 

  22. Madhoun, N. E., Guenane, F., & Pujolle, G. (2016). An online security protocol for NFC payment: Formally analyzed by the Scyther tool. In Proceedings—2016 second international conference on mobile and secure services (MobiSecServ), pp. 1–7. https://doi.org/10.1109/MOBISECSERV.2016.7440225.

  23. Madhoun, N. E., & Pujolle, G. (2016). A secure cloud-based NFC payment architecture for small traders. In 2016 3rd smart cloud networks and systems (SCNS), pp. 1–6. Retrieved April 30, 2019, from http://ieeexplore.ieee.org/document/7870562/.

  24. Maiti, A., Kim, I., & Schaumont, P. (2012). A robust physical unclonable function with enhanced challenge-response set. IEEE Transactions on Information Forensics and Security, 7, 333–345. https://doi.org/10.1109/TIFS.2011.2165540.

    Article  Google Scholar 

  25. Maurya, P. K., & Bagchi, S. (2018). A secure PUF-based unilateral authentication scheme for RFID system. Wireless Personal Communications, 103(2), 1699–1712. https://doi.org/10.1007/s11277-018-5875-2.

    Article  Google Scholar 

  26. Me, G., & Strangio, M. A. (2005). EC-PAY: An efficient and secure ECC-based wireless local payment scheme. In Proceedings—3rd international conference on information technology and applications (ICITA 2005), vol. II, pp. 442–447. https://doi.org/10.1109/ICITA.2005.122.

  27. Miorandi, D., Sicari, S., De Pellegrini, F., & Chlamtac, I. (2015). Internet of things: Vision, applications, and research challenges. Ad Hoc Networks, 10, 1497–1516. https://doi.org/10.1016/j.adhoc.2012.02.016.

    Article  Google Scholar 

  28. Nashwan, S. (2017). Secure authentication protocol for NFC mobile payment systems. International Journal of Computer Science and Network Security, 17(8), 256–263.

    Google Scholar 

  29. Patel, R., Kunche, A., Mishra, N., Bhaiyat, Z., & Joshi, P. R. (2015). Paytooth—a cashless mobile payment system based on bluetooth. International Journal of Computer Applications, 120, 38–43. https://doi.org/10.5120/21412-4450.

    Article  Google Scholar 

  30. Pereira, G. C. C. F., Alves, R. C. A., da Silva, F. L., Azevedo, R. M., Albertini, B. C., & Margi, C. B. (2017). Performance evaluation of cryptographic algorithms over IoT platforms and operating systems. Security and Communication Networks, 2017, 1–16. https://doi.org/10.1155/2017/2046735.

    Article  Google Scholar 

  31. Ravi, S., Raghunathan, A., & Chakradhar, S. (2004). Tamper resistance mechanisms for secure embedded systems. In 17th international conference on VLSI design proceedings, pp. 605–611. https://doi.org/10.1109/ICVD.2004.1260985.

  32. Saravanan, K., & Yuvaraj, D. (2010). A new secure mechanism for bluetooth network. In 2010 the 2nd international conference on computer and automation engineering (ICCAE), pp. 202–205. https://doi.org/10.1109/ICCAE.2010.5451967.

  33. Shim, K. A. (2016). A survey of public-key cryptographic primitives in wireless sensor networks. IEEE Communications Surveys and Tutorials, 18, 577–601. https://doi.org/10.1109/COMST.2015.2459691.

    Article  Google Scholar 

  34. Singh Tanwar, G., Singh, G., & Gaur, V. (2010). Secured encryption—concept and challenge. International Journal of Computer Applications, 2, 89–94.

    Article  Google Scholar 

  35. Thammarat, C., Chokngamwong, R., Techapanupreeda, C., & Kungpisdan, S. (2015). A secure lightweight protocol for NFC communications with mutual authentication based on limited-use of session keys. In 2015 international conference on information networking (ICOIN), pp. 133–138. Retrieved April 30, 2019, from http://ieeexplore.ieee.org/document/7057870/.

  36. Weik, M. H. (2000). Closed system. In Computer science and communication dictionary, pp. 222. https://doi.org/10.1007/1-4020-0613-6_2792.

  37. Wu, T. (1998). The secure remote password protocol. Retrieved May 4, 2019, from https://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.81.7567.

  38. Xu, J., Zhang, T., Lin, D., Mao, Y., Liu, X., Chen, S., Shao, S., Tian, B., & Yi, S. (2013). Pairing and authentication security technologies in low-power bluetooth. In 2013 IEEE international conference on green computing and communications and IEEE internet of things and IEEE cyber, physical and social computing, pp. 1081–1085. https://doi.org/10.1109/GreenCom-iThings-CPSCom.2013.185.

  39. Yeh, K. H., Su, C. H., Choo, K. K. R., & Chiu, W. (2017). A novel certificateless signature scheme for smart objects in the internet-of-things. Sensors, 17, 1001. https://doi.org/10.3390/s17051001.

    Article  Google Scholar 

  40. Yohan, A., Lo, N. W., & Winata, D. (2018). An Indoor positioning-based mobile payment system using bluetooth low energy technology. Sensors, 18, 974. https://doi.org/10.3390/s18040974.

    Article  Google Scholar 

  41. Zolfaghar, K., & Mohammadi, S. (2009). Securing bluetooth-based payment system using honeypot. In 2009 international conference on innovations in information technology (IIT), pp. 21–25. https://doi.org/10.1109/IIT.2009.5413764.

Download references

Acknowledgements

The authors gratefully acknowledge the support from TWISC and Ministry of Science and Technology, Taiwan, under the Grant Numbers MOST 108-2221-E-011-063, MOST 108-2221-E-011-065, and MOST 108-2218-E-011-021.

Author information

Authors and Affiliations

  1. Department of Information Management, National Taiwan University of Science and Technology, Taipei, Taiwan

    Nai-Wei Lo & Alexander Yohan

Authors
  1. Nai-Wei Lo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexander Yohan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alexander Yohan.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lo, NW., Yohan, A. BLE-Based Authentication Protocol for Micropayment Using Wearable Device. Wireless Pers Commun 112, 2351–2372 (2020). https://doi.org/10.1007/s11277-020-07153-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-020-07153-0

Keywords

Search

Navigation