Analysis of a mobile payment protocol with outsourced verification in cloud server and the improvement
Introduction
More and more financial-services apps and the availability of mobile device drive the growth of mobile payment services. As one of the modern components of mobile payment services, mobile wallet provides a very convenient way to allow the clients to conduct the payment via their mobile devices from anywhere and anytime. Obviously, it is possible that mobile payment is becoming one of the most popular payment methods in the near future. However, mobile devices, such as smart phone and ipad, which are limited-resource, can not perform large-scale computing. Thus an easy and convenient method is to outsource some complex computation of a mobile payment protocol to an untrusted cloud server.
Recently, Qin et al.[2] proposed an efficient privacy-preserving mobile payment protocol with outsourced verification in untrusted cloud server. There were four main entities directly involving in the interactive protocol. A payment service provider(PSP), a customer, a merchant and an untrusted cloud server. A payment service provider generates the pseudo public/private key of entities(the customer client and the merchant). The customer wants to buy goods or services of the merchant. The merchant needs to sell some goods or services to the customer. The untrusted cloud server provides some outsourced computing to reduce computation cost of the merchant(or the customer) in payment phase. According to the practical security requirements, the protocol must satisfy the following security properties: unforgeability, anonymity, traceability and non-repudiation. The unforgeability property guarantees that any payment and receipt are not forged; the anonymity property guarantees that the merchant(or the customer) does not know the real identity of the customer(or the merchant); the traceability property guarantees that the PSP knows the real identity of entities of transactions from the payment and the receipt.
However, aim to the Qin et al.’s construction, it is not enough for the protocol to only satisfy the above security properties. This is because the cloud server is untrusted, and the value replying from the cloud server may be “false” which can cheat the merchant(or customer). We describe a practical attack in the following scenario, which is called a colluding attack. A customer Alice wants to buy an Apple Mac Book Air of the merchant Bob, which needs 1700 dollars. When both of them agree on this price, Alice signs Payment to generate her “signature” which includes a transaction identity, price to be paid and some pseudo identities of Alice and Bob. Then Alice sends Payment and to Bob, and at the same time she also sends Payment and to the cloud server and pays 700 dollars to the cloud server in order to let the cloud server help her to cheat Bob. Bob first generates by simply randomizing the and then sends to the cloud server. At last, when the cloud server receives and even if is invalid, it also can compute the values needed by Bob from and if the construction of generating in outsourced verification phase is too simple. Since there is no verification mechanism for the outsourced verification of the untrusted cloud server in order to reduce the computation cost of Bob, it is possible that Bob will accept the invalid signature Finally, Alice pays 700 dollars to buy the Apple Mac Book Air which worths 1700 dollars, but Bob loses the device and gets nothing. Unfortunately, the protocol of Qin et al.is insecure on the colluding attack.
In the paper, we firstly point out that the construction of their protocol is unreasonable, which causes the protocol not to be implemented. Then we show their protocol is not secure under the colluding attack of client and untrusted cloud server at outsourced verification phase. Finally, we improve their protocol and analyze the security of our improved protocol.
The rest of this paper is organized as follows. In Section 2 we recall the system model and security requirement of the protocol and the bilinear pairing. Then we recall Qin et al.’s mobile payment protocol and prove it isn’t secure in Section 3. We propose our improved protocol and analyze its security and efficiency in Section 4. Finally, we conclude the paper in Section 5.
Section snippets
System model
In this section, in order to make the mobile payment protocol with outsourced verification (MPP-OV) in cloud server [2] be clear. We simplify their complex system model and omit the entities which are not necessary to directly use in MPP-OV protocol. The MPP-OV protocol includes the following four entities. The interactions of the four entities are described in Fig. 1.
- •
Client (or Customer). An entity, Alice, is one who wants to purchase goods or services provided by a merchant.
- •
Merchant: An
Qin et al.’s procotol
We firstly recall the Qin et al.’s protocol [2] before we analyse it.
The improved procotol
According to the efficiency and security of the protocol, we construct the protocol as follows.
- •
Setup and Key Generation Phase
- –
Setup: The PSP takes as input a security parameter k, and generates an additive group G1 and a multiplicative group G2 of the same prime order p, and a bilinear pairing e: G1 × G1 → G2. The PSP picks a random element as its master key and computes public key and where P is a generator of G1. It randomly picks three hash functions H1: G1 → {0, 1}l
- –
Conclusion
In this paper, we firstly recalled Qin et al.’s protocol, and then pointed out their protocol existed two issues: one is that the construction of their protocol is unreasonable; the other is that there exists a colluding attack of the customer (or the merchant) and the untrusted cloud server at the outsourced verification phase. Inspired by the comments of anonymous reviewers, we considered two colluding attacks. At last we improved their protocol, and proposed two protocols at the outsourced
Acknowledgments
The author sincerely thanks the editor for giving us chances to improve our protocol several times. The author also sincerely thanks the anonymous reviewers for their very valuable comments.
References (5)
- D. Boneh, M. Franklin, Identity-based encryption from the weil pairing, Advances in Cryptology-CRYPTO 2001,...
- et al.
A secure and privacy-preserving mobile wallet with outsourced verification in cloud computing
Comput. Stand. Interfaces
(2016)
Cited by (26)
A systematic security analysis of EMV protocol
2023, Computer Standards and InterfacesCitation Excerpt :As we know, the formal security analysis could help us jumping out the vicious cycle of “attack and fix”. Almost every modern cryptographic construction is designed with security proofs, which typically rely on certain assumptions and security model, the various work of [9–15] are examples. Among them, Fang et al. [9] consider the same topic of payment security, propose a secure payment protocol in mobile payment scenario, and also give provable security analysis with respect to off-site attack.
A designated cloud server-based multi-user certificateless public key authenticated encryption with conjunctive keyword search against IKGA
2022, Computer Standards and InterfacesCitation Excerpt :Nowadays, electronic devices (i.e., mobile phones, tablets, laptops, etc.) are snowballing in every movement of human life. However, these devices have significantly less storage space and less computing power to handle daily use [1,2]. To overcome the above problems, the cloud environment plays a vital role.
A Bitcoin-based Secure Outsourcing Scheme for Optimization Problem in Multimedia Internet of Things
2024, ACM Transactions on Multimedia Computing, Communications and ApplicationsA new method for solving the mobile payment scheduling problem using harris hawks optimization algorithm during the COVID-19 pandemic
2023, Information Systems and e-Business ManagementLightweight and Secure IoT-Based Payment Protocols from an Identity-Based Signature Scheme
2022, Electronics (Switzerland)