Shaik Shakeel Ahamad

Secure mobile payment framework based on UICC with formal verification

In this paper, we propose a secure mobile payments framework based on universal integrated circuit card UICC by defining: a a procedure of personalising UICC by the client; b a procedure of provisioning and personalisation mutual authentication and key agreement protocol of mobile payments application which is on UICC by the bank; and c a mobile payment protocol between the personalised mobile payment application on UICC and the bank server. Our provisioning and personalisation procedure is compared with recent works and found to be better in terms of generating clients credentials, implementation of WPKI in UICC, personalisation of mobile payment application by the bank and end to end security. Our mobile payment protocol originating from mobile payment application to the bank is also compared with recent works and found to be better in terms of confidentiality, authentication, integrity and non-repudiation, preventing double spending, over spending and money laundering, and withstands replay, man in the middle MITM and impersonation attacks. Proposed protocols are experimentally verified using BAN logic and scyther tool.

A Secure Lightweight and Scalable Mobile Payment Framework

Existing SIP-based mobile payment solutions do not ensure all the security properties. In this paper we propose a Secure Lightweight and Scalable Mobile Payment Framework (SLSMP) using Signcryption scheme with Forward Secrecy (SFS) based on elliptic curve scheme which combines digital signature and encryption functions (Hwang et al., 2005) [5]. It takes lower computation and communication cost to provide security functions. SLSMP is highly scalable which is attributed to SIP for data exchange. This paper uses WPKI, UICC as Secure Element and depicts system architecture and detailed protocol of SIP based mobile payment solution. Our proposed framework is suitable for both micro and macro payments. Our proposed protocol ensures End to End security i.e. ensures Authentication, Integrity, Confidentiality and Non Repudiation properties, achieves Identity protection from merchant and Eavesdropper, achieves Transaction privacy from Eavesdropper and Payment Gateway, achieves Payment Secrecy, Order Secrecy, forward secrecy, prevents Double Spending, Overspending and Money laundering.

A secure and optimized mobile payment framework with formal verification

In this paper we propose a Secure and Optimized Mobile Payment Framework based on Universal Integrated Circuit Card (UICC) (a) which summarizes a mobile payment in relation to several different participants, (b) a procedure of personalizing UICC by the client c) a procedure of provisioning and personalization (Mutual Authentication, Key Agreement Protocol & a procedure for ensuring non repudiation without adopting WPKI) of Mobile Payments Application (which is on UICC) by the Bank d) a mobile payment protocol is proposed between the personalized Mobile Payment Application on UICC and the Bank Server which ensures all the security properties. All the proposed protocols have been successfully verified using AVISPA and Scyther Tools.

Enhanced Mobile SET Protocol with Formal Verification

In this paper we propose an Enhanced Mobile SET (EMSET) protocol with formal verification using Mobile Agent technology and Digital Signature with Message Recovery based on ECDSA mechanism. Mobile Agent technology and Digital Signature with Message Recovery (DSMR) based on ECDSA mechanism provides in proposing EMSET protocol in Mobile Networks. Mobile Agent technology has many benefits such as bandwidth conservation, reduction of latency, reduction of completion time, Asynchronous (disconnected) communications. Digital Signature with Message Recovery based on ECDSA eliminates the need of adopting PKI cryptosystems. Our proposed protocol EMSET ensures Authentication, Integrity, Confidentiality and Non Repudiation, achieves Identity protection from merchant and Eavesdropper, achieves Transaction privacy from Eavesdropper and Payment Gateway, achieves Payment Secrecy, Order Secrecy, forward secrecy, and prevents Double Spending, Overspending and Money laundering. In addition to these our proposed protocol withstands Replay, Man in the Middle and Impersonation attacks. The security properties of the proposed protocol have been verified using Scyther Tool and presented with results.

A Secure and Optimized Proximity Mobile Payment Framework with Formal Verification

In this paper the authors propose a Secure and Optimized Proximity Mobile Payment (SOPMP) Framework using NFC (Near Field Communication) technology, WPKI (Wireless Public Key Infrastructure), UICC (Universal Integrated Circuit Card). The novelty of this proposed mobile payment framework is messages are exchanged in the form of Digital Signature with Message Recovery (DSMR) and merchant sends Invoice in the form of Digital Invoice Certificate (DIC) (which is digitally signed by the merchant). The communication link between mobile phone and merchant POS (Point Of Sale) is NFC. Digital Signature with Message Recovery based on ECDSA eliminates the need of adopting PKI cryptosystems thereby reducing the consumption of resources i.e. it consumes less computational and communication cost. DSMR eliminates the need of certificates validation and removes the hurdle of PKI thereby reducing storage space, communication cost and computational cost. The authors proposed protocol ensures Authentication, Integrity, Confidentiality and Non Repudiation, achieves Identity protection from merchant and Eavesdropper, achieves Transaction privacy from Eavesdropper and Payment Gateway, achieves Payment Secrecy, Order Secrecy, forward secrecy, and prevents Double Spending, Overspending and Money laundering. In addition to these our proposed protocol withstands Replay, Man in the Middle and Impersonation attacks. The security properties of the proposed protocol have been verified using AVISPA and Scyther Tools and presented with results.

A Biometric based Secure Mobile Payment Framework

In this paper we propose a Secure Mobile Payment Framework based on Biometric (SMPB) using WPKI (Wireless Public Key Infrastructure) and UICC (Universal Integrated Circuit Card). Our proposed Biometric based Mobile Payment Framework (SMPB) is compared with recent works and found to be better in terms of ensuring end to end security (i.e. from Mobile Payments Application in UICC to the Bank Server). Our proposed mobile payment protocol originating from Mobile Payment Application (which is on UICC) to the Bank Server realizes Fair Exchange ensures Confidentiality, Authentication, Integrity and Non Repudiation, prevents double spending, over spending and money laundering, and withstands replay, Man in the Middle (MITM) and Impersonation attacks.

A Secure Mobile Payment Framework in MANET Environment

In this paper the authors propose a Secure Mobile Payment Framework in Multi hop Cellular Network environment (which is an integration of cellular networks and mobile ad hoc networks) using Mobile Agent technology and Digital Signature with Message Recovery (DSMR) mechanism based on ECDSA mechanism. Secure communication in Multi hop Cellular Networks is a nontrivial task because of lack of infrastructure, no prior trust relationships among nodes due to the absence of a centralized authority. Mobile Agent technology and Digital Signature with Message Recovery based on ECDSA mechanism provides secure mobile payments in Multi hop Cellular Networks. Mobile Agent technology has many benefits such as bandwidth conservation, reduction of latency, reduction of completion time, Asynchronous (disconnected) communications. Digital Signature with Message Recovery based on ECDSA eliminates the need of adopting PKI cryptosystems. The proposed protocol ensures Authentication, Integrity, Confidentiality and Non Repudiation, achieves Identity protection from merchant and Eavesdropper, achieves Transaction privacy from Eavesdropper and Payment Gateway, achieves Payment Secrecy, Order Secrecy, forward secrecy, prevents Double Spending, Overspending and Money laundering. The security properties of the proposed protocol have been verified successfully using BAN Logic, AVISPA and Scyther Tools and presented with results.

A Secure and Reliable Mobile Banking Framework

In this paper we propose a secure mobile banking framework which ensures reliable end to end communication channel and end to end application security from the UICC to the Remote Bank Server via Mobile Equipment. SSL/TLS ensures secure connection from the UICC to the Remote Bank Server, TCP provides end to end reliable communication and Bearer Independent Protocol (BIP) provides and manages the link layer in achieving end to end reliable communications between the UICC and the Remote Bank Server. All the digital signatures are generated in a tamper proof hardware i.e. UICC at the client side and Hardware Security Module at the Bank side. So all the signatures generated in the framework are qualified signatures. Bank server is supported by Communication Manager, Synchronization Manager, Security Manager, Concurrency Manager, Backup Manager, Archives Manager and Error and Exception Handling Manager in order to ensure end to end security at the communication layer and at the application layer.

Secure and Optimized Mobile Based Merchant Payment Protocol using Signcryption

The authors propose a Secure and Optimized Mobile based Merchant Payment SOMMP Protocol using Signcryption scheme with Forward Secrecy SFS based on elliptic curve which consumes less computational and communication cost. In SOMMP client sends message in the form of TransCertC Transaction Certificate which is a X.509 SLC X.509 Short Lived Certificate thereby reducing the client interactions with the engaging parties thereby reducing the consumption of resources from Clients perspective which are very scarce in Resource Constrained Devices like Mobile Phones. In SOMMP protocol WSLC WPKI Short Lived Certificate eliminates the need of certificates validation and removes the hurdle of PKI thereby reducing storage space, communication cost and computational cost. Their proposed SOMMP ensures Authentication, Integrity, Confidentiality and Non Repudiation, achieves Identity protection from merchant and Eavesdropper, achieves Transaction privacy from Eavesdropper and Payment Gateway, achieves Payment Secrecy, Order Secrecy, forward secrecy, and prevents Double Spending, Overspending and Money laundering. In addition to these SOMMP withstands Replay, Man in the Middle and Impersonation attacks. The security properties of the proposed SOMMP protocol have been verified using BAN Logic, AVISPA and Scyther Tools and presented with results.