A lightweight two-gateway based payment protocol ensuring accountability and unlinkable anonymity with dynamic identity
Graphical abstract
Introduction
Online shopping has been increasing exponentially in the recent days. The main idea behind online shopping of digital goods is to order the goods and make the payment using a payment protocol with user anonymity [1], [2]. This user anonymity is preserved by using dynamic identity (ID), that needs to be updated at the end of each transaction [3], [4]. The online shopping is usually performed through portable devices such as iPads, tablets, smartphones etc., which have lower power, limited storage, and less computational capacity compared to desktop computers [5], [6]. Therefore, it is highly desirable to use, lightweight payment protocols in portable devices and the usage of the Public Key Infrastructure (PKI) in these protocols is not advisable. Symmetric key operations as well as hash functions are the most lightweight operations in the field of cryptography [7].
A payment protocol has to satisfy many properties and one such important property is accountability. Formally, “Accountability is the property whereby the association of a unique originator with an object or action can be proved to a third party” [8]. The payment protocol may lead to several disputes without accountability property. Authentication provides origination of the message and confirms the sender of the message [9], [10], [11]. Hence, accountability could be achieved via authentication. Customer anonymity, which is another property to be satisfied in online transactions, can be obtained by means of the two primitives, untraceability and unlinkability [5]. A payment protocol satisfies untraceability property, when an attacker is unable to distinguish a particular customer from a group of customers. A payment protocol is said to satisfy unlinkability property, when the sent messages are not associated with the sender and receiver [12]. Thus, if the payment protocol is unlinkable, an attacker cannot identify the customer and his account in the specific bank. Therefore, unlinkability is a stronger notion of anonymity [13].
Let us consider a situation in which a customer uses two different bank cards for the online payment. If the total cost of the product is more than the balance in a single bank, then the customer tends to use the second card also to make the payment. In this case, the customer is unable to make the payment through the normal payment system. This scenario requires an efficient payment protocol for the online payment system, where the customer can pay the required amount through two gateways.
This section presents some of the existing payment protocols, and briefs their working mechanisms. The popular SET protocol, which is proposed by VISA and MasterCard consists of many phases such as purchase order, card inquiry, authorization, payment initialization and payment capture [14]. Customer’s bank details and purchase order details are concealed from the merchant and the bank respectively. But this protocol requires all the parties to have certificates for their public keys. Bellare et al. [15] introduced a collection of protocols for secure online payment which is designed based on a public key cryptosystem. Merchant, customer and payment gateway are the protocol entities in iKP. The following protocols 1KP, 2KP and 3KP stand apart in the aspect of the number of protocol entities maintaining their individual public key pairs and the scheme with more key pairs achieves better security [15]. Supakorn Kungpisdan [16] introduced a secure payment protocol using symmetric key cryptosystem. In this protocol, the secret information (card details, pin number, etc.) are not disclosed at the time of transaction. The protocol consists of several entities such as client, merchant, issuer, acquirer and payment gateway. Moreover, this protocol is composed of two subprotocols, merchant registration protocol and payment protocol. The client executes the merchant registration protocol to register himself with merchant and then he executes the payment protocol to make the payment. Isaac-Camara [17] designed a payment protocol using public key infrastructure for the restricted connectivity environment in mobile commerce. Fun et al. [18] introduced Mobile Network Operator (MNO) based lightweight payment protocol using symmetric keys for mobile environments which provides customer anonymity. Isaac-Zeadally [19] proposed a payment gateway centric model based anonymous payment protocol which is used in mobile devices. In this scheme, there is no direct communication between the client and the merchant and in each communication cycle, the merchant and the client contact through the payment gateway. Later, Yang-Lin [1] pointed out that Isaac-Zeadally mechanism does not provide fairness and non-repudiation requirements on the client side. Further, it is noted that their scheme used a redundant symmetric key between the client and the merchant. This key is not essential as all the messages are transmitted through the payment gateway and thus causes a key management problem and increases the computation and communication costs in the cloud environment. The schemes in [14], [15], [17] are based on the public key cryptography and hence, they are not applicable for lightweight payment devices, whereas the schemes in [16], [18], [19] are designed based on the Symmetric Key Infrastructure (SKI) and therefore are used in lightweight payment devices. However, in these schemes [16], [18], [19], there is no facility of making payment through two gateways. The customer anonymity is achieved by the issuer bank by creating user IDs and sending them in bulk, due to which the future sessions can be compromised.
A system provided in [20] supports two cards from the same bank (gift card) for making payment for a single item. Each payment has only one funding source and has to be fully supported by a single bank. However, it will not cover the terms of the purchase protection program at that point. A payment mechanism in [21] permits to use two cards from different banks with the exception of the cards being MasterCard/Visa/American Express cards only. These card services follow 3-D secure protocol. This protocol is designed for a single payment, but the organisation uses two different individual transactions which do not affect each other to complete the original payment. Accountability issues are caused when one transaction commits and the other transaction fails due to network problem. So the customer is unable to start a fresh transaction for buying products or services. In order to overcome these shortcomings, an efficient payment protocol is needed.
A Light Weight Two Gateway (LWTG) payment protocol has been proposed in [22] for not only making payment for a single item using two cards from different banks, but also for using a dynamic ID to provide customer anonymity. Further, the LWTG protocol overcomes the issues faced by the existing protocols, which use the mechanism of bulk posting of the customers ID from the issuer bank.
In this paper, the LWTG payment protocol is enhanced to satisfy the atomicity property, by including suitable subprotocols and commitment phase. A nested transaction is developed where the original transaction commits only if the two inner transactions are committed successfully. Otherwise, the whole nested transaction rolls back and the committed product can be used to resolve accountability issue. The customer can also start a fresh transaction for buying digital goods.
Many researchers have endeavored to develop payment protocols with strong security and advanced features. However, most of the existing protocols not only cannot sustain all the security concerns, but also do not provide the facility of making payment using two banks. The notion of two gateway payment protocol has been proposed in [22]. The primary contributions of this work are as follows:
- •
The LWTG payment protocol is enhanced to achieve untraceability, unlinkability and atomicity properties.
- •
The mathematical model is described and the formal proof of correctness is provided for accountability, untraceability and unlinkability properties using strand space.
The rest of the paper is organized as follows: Section 2 gives a detailed description of the preliminary concepts of the strand space model which is used to prove accountability and anonymity properties. Section 3 discusses the LWTG protocol and its amendments. Section 4 introduces LWTG space and Section 5 analyses the protocol using the formal method strand space model along with the automated tool CPSA. A comparative study of the number of cryptographic operations and the protocol features of our scheme with some existing schemes is presented in Section 6. Section 7 includes the conclusion and future scopes.
Section snippets
Strand space model
Strand space model is a widely known and accepted formal method for protocol verification and recently many researchers [12], [22], [23], [24] have employed it for protocol correctness. The basic strand space model is discussed in [25] and this section describes the improved strand space model which is used to analyse the accountability and anonymity properties.
Gateway payment system
A customer needs an interface for a mobile web payment between the financial institution and the merchant. Such an interface is referred to as a payment gateway, which connects the secured network of banks with the insecured Internet [19]. This payment procedure consists of four participants, namely customer, merchant, acquirer and issuer. Here, the customer’s bank acts as an issuer by creating an account and providing a card to the customer. Acquirer is a bank that creates an account for the
LWTG space
In this section, the ability of an adversary is formulated to intensify the analysis and model the LWTG payment protocol using the improved strand space as detailed in Section 2.
Definition 11 Let denote the penetrator set and the strands in have the traces of the following form: : Emits an atomic message. where t is a text message. : Receives a message. : Receives a message and sends its multiple copies. : Receives two messages consecutively, concatenates and sends the compoundPenetrator strand[25]
Analysis of the LWTG protocol
In this section, the formal analysis of accountability property of the enhanced LWTG payment protocol is performed using CPSA scenarios. Also, the formal proof of correctness for untraceability and unlinkability properties is provided.
Comparative analysis
This section presents the performance of the modified LWTG payment protocol which is compared with some of the existing protocols in two aspects, number of cryptographic operations used and the protocol features satisfied.
Conclusion
Lightweight payment protocols are essential for the purchase of digital goods through mobile devices. In this work, LWTG payment protocol for making payment using two gateways is enhanced to meet the security requirements such as unlinkability, untraceablity and atomicity properties. Using the automated tool CPSA, the designed protocol is simulated and the obtained results are presented. Also, the formal proofs for accountability, untraceability and unlinkability using the strand space model
Venkatasamy Sureshkumar received his M.Sc and M.Phil degree in Mathematics from Bharathiyar University in 2004 and Alagappa University in 2005 respectively. Currently, he is working as an Assistant Professor in the Department of Applied Mathematics and Computational Sciences, PSG College of Technology, Coimbatore, Tamilnadu, India. His research interests include Security protocols and Formal methods.
References (25)
- Norn A. How to use multiple credit cards for a single amazon purchase. 2016....
- et al.
A mobile payment mechanism with anonymity for cloud computing
J Syst Softw
(2015) - et al.
A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security
Int J Commun Syst
(2015) - et al.
A new dynamic identity-based authentication protocol for multi-server environment using elliptic curve cryptography
Security Commun Netw
(2012) - et al.
Cryptanalysis of a dynamic id-based remote user authentication scheme with access control for multi-server environments
IEICE Trans Inf Syst
(2013) - et al.
Anonymous two-factor authentication for consumer roaming service in global mobility networks
IEEE Trans Consumer Electron
(2013) Comment on robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications
Commun IET
(2015)- et al.
A lightweight message authentication scheme for smart grid communications in power sector
Comput Electricl Eng
(2016) - et al.
Analysis of accountability property in payment systems using strand space model
Security in computing and communications
(2015) - et al.
Cryptanalysis and enhancement of anonymity preserving remote user mutual authentication and session key agreement scheme for e-health care systems
J Medical Syst
(2015)
Fingerprint biometric-based self-authentication and deniable authentication schemes for the electronic world
IETE Techn Rev
A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks
Ad Hoc Netw
Cited by (15)
A secure elliptic curve cryptography based mutual authentication protocol for cloud-assisted TMIS
2019, Telematics and InformaticsCitation Excerpt :In addition to, the security obligations, data confidentiality, patient anonymity, and patient authentication are significant aspects to support the communication throughout. In order to keep up patient anonymity (Gope and Amin, 2016; Islam et al., 2017; Sureshkumar et al., 2017), the identification of the patient wants to differentiate from the others including adversary. In TMIS, the patient’s medical reports are extremely important, and they have not to acknowledge widely.
A key agreement protocol with partial backward confidentiality
2017, Computer NetworksCitation Excerpt :Both of these protocols are for static groups not for dynamic groups. Authentication with anonymity may be used as a security property in various application areas, such as IoT-enabled devices in a distributed cloud computing environment [5], patient monitoring system using wireless medical sensors [6] and payment systems [7]. The fault-tolerance property, which is introduced by Tzeng in [8], is necessary for detecting and correcting the malicious behavior of participants during key computations.
A Survey on Mobile Payment Request Verification over Cloud using Key Distribution
2022, 4th International Conference on Recent Trends in Computer Science and Technology, ICRTCST 2021 - ProceedingsSCB-HC-ECC–Based Privacy Safeguard Protocol for Secure Cloud Storage of Smart Card–Based Health Care System
2021, Frontiers in Public HealthSmart Mutual Authentication Protocol for Cloud Based Medical Healthcare Systems Using Internet of Medical Things
2021, IEEE Journal on Selected Areas in Communications
Venkatasamy Sureshkumar received his M.Sc and M.Phil degree in Mathematics from Bharathiyar University in 2004 and Alagappa University in 2005 respectively. Currently, he is working as an Assistant Professor in the Department of Applied Mathematics and Computational Sciences, PSG College of Technology, Coimbatore, Tamilnadu, India. His research interests include Security protocols and Formal methods.
R. Anitha is an Associate Professor in the Department of Applied Mathematics and Computational Sciences, PSG College of Technology, Coimbatore, India. She received her PhD degree from Bharathiyar University, Coimbatore in 1997. She is Life member of CRSI, ISTE and Member of ACM. Her research interests include Cryptography, Security protocols, Information security and system security.
N. Rajamanickam received Master of Computer Applications from Bharathidasan University. He completed his Ph.D. degree in Computer Science from PSG College of Technology, Coimbatore, India. He is currently working as an Assistant Professor in the Department of Applied Mathematics and Computational Sciences, PSG College of Technology. His main research interests include security policy, security protocols, and internet of things.
Ruhul Amin received his B.Tech. and M.Tech. degree from West Bengal University of Technology in Computer Science and Engineering Department in 2009 and 2013 respectively. He is currently working as a lecturer in the Department of Computer Science Engineering, Thapar University, Patiala, India. His current research interests include Cryptographic authentication protocol and security in wireless sensor network.