International Journal of Internet Technology and Secured Transactions, 2012
In this paper, we propose a new payment instrument, i.e., mobile traveller's check (MTC) in the r... more In this paper, we propose a new payment instrument, i.e., mobile traveller's check (MTC) in the realm of mobile commerce. This payment instrument provides the merits of both e-cash and e-check, i.e., MTC can be used freely as an e-cash and it is as secure as an e-check. We present the mobile payment protocol based on MTC which uses elliptic curve digital signature algorithm (ECDSA) for generating and verifying digital signatures and DES for encrypting and decrypting the messages which are suitable for resource constrained devices like mobile phones. We use 'extended BAN' logic (Abadi et al., 1993) to provide a concise and clear understanding of this secure payment instrument (MTC). We formalise and verify the interactions and trust relationships among engaging entities.
In this paper we propose a Secure Mobile Payment Framework based on Biometric (SMPB) using WPKI (... more In this paper we propose a Secure Mobile Payment Framework based on Biometric (SMPB) using WPKI (Wireless Public Key Infrastructure) and UICC (Universal Integrated Circuit Card). Our proposed Biometric based Mobile Payment Framework (SMPB) is compared with recent works and found to be better in terms of ensuring end to end security (i.e. from Mobile Payments Application in UICC to the Bank Server). Our proposed mobile payment protocol originating from Mobile Payment Application (which is on UICC) to the Bank Server realizes Fair Exchange ensures Confidentiality, Authentication, Integrity and Non Repudiation, prevents double spending, over spending and money laundering, and withstands replay, Man in the Middle (MITM) and Impersonation attacks.
Proceedings of the First International Conference on Security of Internet of Things - SecurIT '12, 2012
ABSTRACT In this paper we propose a Secure and Optimized Mobile Payment Framework based on Univer... more ABSTRACT In this paper we propose a Secure and Optimized Mobile Payment Framework based on Universal Integrated Circuit Card (UICC) (a) which summarizes a mobile payment in relation to several different participants, (b) a procedure of personalizing UICC by the client c) a procedure of provisioning and personalization (Mutual Authentication, Key Agreement Protocol & a procedure for ensuring non repudiation without adopting WPKI) of Mobile Payments Application (which is on UICC) by the Bank d) a mobile payment protocol is proposed between the personalized Mobile Payment Application on UICC and the Bank Server which ensures all the security properties. All the proposed protocols have been successfully verified using AVISPA and Scyther Tools.
International Journal of Computational Science and Engineering, 2014
ABSTRACT In this paper, we propose a secure mobile payments framework based on universal integrat... more ABSTRACT In this paper, we propose a secure mobile payments framework based on universal integrated circuit card (UICC) by defining: a) a procedure of personalising UICC by the client; b) a procedure of provisioning and personalisation (mutual authentication and key agreement protocol) of mobile payments application (which is on UICC) by the bank; and c) a mobile payment protocol between the personalised mobile payment application on UICC and the bank server. Our provisioning and personalisation procedure is compared with recent works and found to be better in terms of generating client's credentials, implementation of WPKI in UICC, personalisation of mobile payment application by the bank and end to end security. Our mobile payment protocol originating from mobile payment application to the bank is also compared with recent works and found to be better in terms of confidentiality, authentication, integrity and non-repudiation, preventing double spending, over spending and money laundering, and withstands replay, man in the middle (MITM) and impersonation attacks. Proposed protocols are experimentally verified using BAN logic and scyther tool.
International Journal of Internet Technology and Secured Transactions, 2012
In this paper, we propose a new payment instrument, i.e., mobile traveller's check (MTC) in the r... more In this paper, we propose a new payment instrument, i.e., mobile traveller's check (MTC) in the realm of mobile commerce. This payment instrument provides the merits of both e-cash and e-check, i.e., MTC can be used freely as an e-cash and it is as secure as an e-check. We present the mobile payment protocol based on MTC which uses elliptic curve digital signature algorithm (ECDSA) for generating and verifying digital signatures and DES for encrypting and decrypting the messages which are suitable for resource constrained devices like mobile phones. We use 'extended BAN' logic (Abadi et al., 1993) to provide a concise and clear understanding of this secure payment instrument (MTC). We formalise and verify the interactions and trust relationships among engaging entities.
In this paper we propose a Secure Mobile Payment Framework based on Biometric (SMPB) using WPKI (... more In this paper we propose a Secure Mobile Payment Framework based on Biometric (SMPB) using WPKI (Wireless Public Key Infrastructure) and UICC (Universal Integrated Circuit Card). Our proposed Biometric based Mobile Payment Framework (SMPB) is compared with recent works and found to be better in terms of ensuring end to end security (i.e. from Mobile Payments Application in UICC to the Bank Server). Our proposed mobile payment protocol originating from Mobile Payment Application (which is on UICC) to the Bank Server realizes Fair Exchange ensures Confidentiality, Authentication, Integrity and Non Repudiation, prevents double spending, over spending and money laundering, and withstands replay, Man in the Middle (MITM) and Impersonation attacks.
Proceedings of the First International Conference on Security of Internet of Things - SecurIT '12, 2012
ABSTRACT In this paper we propose a Secure and Optimized Mobile Payment Framework based on Univer... more ABSTRACT In this paper we propose a Secure and Optimized Mobile Payment Framework based on Universal Integrated Circuit Card (UICC) (a) which summarizes a mobile payment in relation to several different participants, (b) a procedure of personalizing UICC by the client c) a procedure of provisioning and personalization (Mutual Authentication, Key Agreement Protocol & a procedure for ensuring non repudiation without adopting WPKI) of Mobile Payments Application (which is on UICC) by the Bank d) a mobile payment protocol is proposed between the personalized Mobile Payment Application on UICC and the Bank Server which ensures all the security properties. All the proposed protocols have been successfully verified using AVISPA and Scyther Tools.
International Journal of Computational Science and Engineering, 2014
ABSTRACT In this paper, we propose a secure mobile payments framework based on universal integrat... more ABSTRACT In this paper, we propose a secure mobile payments framework based on universal integrated circuit card (UICC) by defining: a) a procedure of personalising UICC by the client; b) a procedure of provisioning and personalisation (mutual authentication and key agreement protocol) of mobile payments application (which is on UICC) by the bank; and c) a mobile payment protocol between the personalised mobile payment application on UICC and the bank server. Our provisioning and personalisation procedure is compared with recent works and found to be better in terms of generating client's credentials, implementation of WPKI in UICC, personalisation of mobile payment application by the bank and end to end security. Our mobile payment protocol originating from mobile payment application to the bank is also compared with recent works and found to be better in terms of confidentiality, authentication, integrity and non-repudiation, preventing double spending, over spending and money laundering, and withstands replay, man in the middle (MITM) and impersonation attacks. Proposed protocols are experimentally verified using BAN logic and scyther tool.
Uploads
Papers by Shakeel Ahamad