Academia.eduAcademia.edu

Outline

Title
Abstract
FAQs
Figures
Introduction
Conclusion
References
All Topics
Computer Science
Distributed Systems

Public Key Cryptography for Mobile Payment

Profile image of Sattar AboudSattar Aboud

2010, Ubiquitous Computing and Communication Journal

Abstract

Since the mobile systems are growing quickly, the e-commerce will change gently to m-commerce. As a result, mobile security will become the one of the most important part of mobile system and will become the hottest area facing the mobile payment due to mobile networks directness. However, the appropriate encryption scheme for mobile communication must have small amount of data calculating and quick operation as of its inherent restrictions of small quantity and low calculating ability. The objectives of this paper are to look at mobile payment and its security. Also, to explain elliptic curve with public key encryption, authentication of security wireless milieu. Compare with the RSA scheme, an elliptic curve has shorter key size, smaller signature length, low calculating, fast operations and high security working.

FAQs

sparkles

AI

What challenges does mobile payment face in ensuring security?add

The paper identifies mobile security as a critical challenge for mobile payment, particularly regarding protecting sensitive transaction data and ensuring user confidentiality. It emphasizes the necessity for secure wireless payment schemes to address transaction disputes effectively.

How does elliptic curve cryptography improve mobile payment transactions?add

Elliptic curve cryptography, introduced in 1985, provides significant computational advantages with smaller key sizes compared to RSA, enabling faster transactions. Its efficiency makes it suitable for the demands of wireless secure communication in mobile payment schemes.

What role does the time stamping server (TSS) play in mobile payments?add

The time stamping server (TSS) offers notarization from a neutral perspective, enhancing transaction integrity in the event of disputes. This mechanism is integrated within the mobile payment scheme to ensure accountability and reliability.

How does public key encryption enhance key management in mobile payment systems?add

Public key encryption simplifies key management by allowing secure key transmission without the need for a shared secret. The RSA scheme, developed in 1978, exemplifies this advantage by being provably secure against chosen message attacks.

What are the advantages of using digital signatures in mobile payments?add

Digital signatures ensure authenticity, integrity, and nonrepudiation of transactions, which are critical for secure mobile payments. Utilizing elliptic curve cryptography, they provide a robust mechanism for proving participant identity without physical communication.

Figures (3)
Figure 1: mobile payment scheme is the customer accounts holder. So the bank is more appropriate as the payment processor. TA is the part, where CA and TSS, to give notarization from the neutral viewpoint if challenge happens. IC is similar as in SEMOPS; it is in charge for routing and distributing notifications to recipient payment processor.
Figure 1: mobile payment scheme is the customer accounts holder. So the bank is more appropriate as the payment processor. TA is the part, where CA and TSS, to give notarization from the neutral viewpoint if challenge happens. IC is similar as in SEMOPS; it is in charge for routing and distributing notifications to recipient payment processor.
Figure 2: NIST Key size comparison for public key In addition, Elliptic curve cryptography needs less bandwidth, less storage space and _ less computing time, compared with the other schemes. This lets to apply encryption in platforms that are restricted, such as wireless devices, smart cards, and thin-clients. It also gives a large win in states where efficiency is significant. Elliptic curve cryptography is shown in figure 3.
Figure 2: NIST Key size comparison for public key In addition, Elliptic curve cryptography needs less bandwidth, less storage space and _ less computing time, compared with the other schemes. This lets to apply encryption in platforms that are restricted, such as wireless devices, smart cards, and thin-clients. It also gives a large win in states where efficiency is significant. Elliptic curve cryptography is shown in figure 3.
Figure 3: Elliptic curve cryptography suppose p is prime number finite field F, includes
Figure 3: Elliptic curve cryptography suppose p is prime number finite field F, includes

Related papers

A Detailed Study of Elliptic Curve Cryptography Algorithm and Its Performance.
Ijesrt Journal

International Journal of Engineering Sciences & Research Technology, 2013

In this paper, we propose a detailed study of Elliptic Curve Cryptography Algorithm and its performance..ECC can be used with fewer keys to give more security, high speed in a less bandwidth. While these advantages make ECC propose for mobile devices, they can provide computational burden on secure web servers. In resource constrained system, Elliptic Curve Cryptography is a promising alternative for public algorithms, because it provides similar level of security with proposed shorter keys than conventional integer based public key algorithm. ECC over binary field is taken up with special interest because the operation in binary filed operation, are thought to be more in space and efficient in time. However, the software implementation of ECC over binary field are still slow, especially on low end processors, which are used in small computing devices such as sensors node, mobile phone, etc. This proposed paper, studied the Cryptography algorithms and software implementation of ECC. Firstly, while implementing ECC with software, the choice of some architectural parameters like word size may affect the choice of algorithms or not, has been examined. Also, identification of software for low-end processors has been done. In addition, this paper has examined several implements to the instruction that architecture of an 8 bit processor and studied their impact on the performance of ECC with other algorithms. ECC is well is well suited for high speeds, lower power consumption, bandwidth savings, storage efficiencies, smaller certificates and it reduces computational time and also the amount of data transmitted and stored, and strong security for low-power devices in wireless networks.

View PDFchevron_right
A Novel M-Commerce Data Security Mechanism using Elliptic Curve Cryptography
Prabhu Kavin B

International Journal of Innovative Technology and Exploring Engineering, 2019

Cryptography is a mathematical science which permits only the authorized users to access the data. Today, it is necessary for our routine life to safeguard online data like credit card numbers, bank transactions, etc. Many cryptographic algorithm-based data security mechanisms have been introduced by various researchers for protecting the online / M-Commerce data. Even though, no data security algorithms achieved the required security level with less time. For overcoming these issues, we propose a new data security algorithm called Elliptic-Curve Cryptography and Diffie-Hellman based data security algorithm for securing the M-Commerce data. Here, the key size of the Elliptic Curve Cryptography is less than RSA that will be helpful to improve the efficiency and reduce the storage space. This algorithm is able to establish a secure session key through a server over an insecure channel and also handle various illegitimate users. In addition, this new algorithm is more secure, efficient...

View PDFchevron_right
Secure and Optimized Mobile Based Merchant Payment Protocol using Signcryption
Siba Udgata

International Journal of Information Security and Privacy, 2012

The authors propose a Secure and Optimized Mobile based Merchant Payment (SOMMP) Protocol using Signcryption scheme with Forward Secrecy (SFS) based on elliptic curve which consumes less computational and communication cost. In SOMMP client sends message in the form of TransCertC (Transaction Certificate) which is a X.509 SLC (X.509 Short Lived Certificate) thereby reducing the client interactions with the engaging parties thereby reducing the consumption of resources (from Client’s perspective) which are very scarce in Resource Constrained Devices like Mobile Phones. In SOMMP protocol WSLC (WPKI Short Lived Certificate) eliminates the need of certificates validation and removes the hurdle of PKI thereby reducing storage space, communication cost and computational cost. Their proposed SOMMP ensures Authentication, Integrity, Confidentiality and Non Repudiation, achieves Identity protection from merchant and Eavesdropper, achieves Transaction privacy from Eavesdropper and Payment Gat...

View PDFchevron_right
Prospective Utilization of Elliptic Curve Cryptography for Security: Authentication, Encryption and Decryption
IOSR Journals

Public key cryptography is typically used in the field of mathematical, which consist of factors decomposition problem of huge numbers and discrete logarithm problem in finite field. For huge numbers in public key cryptography, factors decomposition problems RSA cryptography is generally used, but in the field of hardware and high-performance computing technology RSA has encountered some difficulties. To overcome such type of difficulties the elliptic curve discrete logarithm is introduced, which provides advantages, whose public key is short, network bandwidth is small and ability to defend against to attack is strong. This paper presents the design principles of elliptic curve public key cryptography, Authentication, Encryption and Decryption with shorter key of RSA.

View PDFchevron_right
Elliptic Curve Cryptography and Its Applications to Mobile Devices
Anh Tuan Vo

The explosive growth in the use of mobile and wireless devices demands a new generation of PKC schemes that has to accommodate limitations on power and bandwidth, at the same time, to provide an adequate level of security for such devices. This paper examines the use of ECC in such constrained environments and discusses the basis of its security, explores its performance and lastly, surveys the use of ECC applications on the market today.

View PDFchevron_right
Application of Elliptic Curves Cryptography In Wireless Communications Security
Mohammad Ghamgosar

JOURNAL OF APPLIED …, 2006

This paper provides an overview of elliptic curves and their use in cryptography. The focus of the paper is on the performance advantages obtained in the wireless environments by using elliptic curve cryptography instead of traditional cryptosystems such as RSA. Specific applications to secure messaging and identity-based encryption are also discussed.

View PDFchevron_right
Applications of Elliptic Curve Cryptography
Yogita Pagar

2015

The point of this paper is to create a basis for apply efficient encryption schemes in wireless communications and in devices with low computing power and resources. Elliptic Curve Cryptography (ECC) fits well for an efficient and secure encryption scheme. It is more efficient than the traditional integer based RSA schemes because ECC utilizes smaller key sizes for equivalent security. A comparative study of ECC with RSA is made in terms of key size, computational power, size of data files and encrypted files. Also, another aim is to design an API to implement ECC encryption /decryption algorithm.

View PDFchevron_right
A Secure Anonymous Authentication Protocol for Mobile Services on Elliptic Curve Cryptography
유기영 교수님, Goutham Reddy Alavalapati

Mobile user authentication is an essential topic to consider in the current communications technology due to greater deployment of handheld devices and advanced technologies. Memon et al. recently proposed an efficient and secure two-factor authentication protocol for location-based services using asymmetric key cryptography. Unlike their claims, the vigilant analysis of this paper substantiates that Memon et al.'s protocol has quite a few limitations such as vulnerability to key compromised impersonation attack, insecure password changing phase, imperfect mutual authentication, and vulnerability to insider attack. Furthermore, this paper proposes an enhanced secure authentication protocol for roaming services on elliptic curve cryptography. The proposed protocol is also a two-factor authentication protocol and is suitable for practical applications due to the composition of lightweight operations. The proposed protocol's formal security is verified using Automated Validation of Internet Security Protocols and Applications tool to certify that the proposed protocol is free from security threats. The informal and formal security analyses along with the performance analysis sections determine that the proposed protocol performs better than Memon et al.'s protocol and other related protocols in terms of security and efficiency.

View PDFchevron_right
A Survey Report On Elliptic Curve Cryptography
samta gajbhiye

International Journal of Electrical and Computer Engineering (IJECE), 2011

The paper presents an extensive and careful study of elliptic curve cryptography (ECC) and its applications. This paper also discuss the arithmetic involved in elliptic curve and how these curve operations is crucial in determining the performance of cryptographic systems. It also presents different forms of elliptic curve in various coordinate system , specifying which is most widely used and why. It also explains how isogenenies between elliptic curve provides the secure ECC. Exentended form of elliptic curve i.e hyperelliptic curve has been presented here with its pros and cons. Performance of ECC and HEC is also discussed based on scalar multiplication and DLP.

View PDFchevron_right
Analysis of Elliptic Curve Cryptography & RSA
Mohammad Khan, mustafizul haque

Journal of ICT Standardization

In today’s digital world, the Internet is an essential component of communication networks. It provides a platform for quickly exchanging information among communicating parties. There is a risk of unauthorized persons gaining access to our sensitive information while it is being transmitted. Cryptography is one of the most effective and efficient strategies for protecting our data and it are utilized all around the world. The efficiency of a cryptography algorithm is determined by a number of parameters, one of which is the length of the key. For cryptography, key (public/private) is an essential part. To provide robust security, RSA takes larger key size. If we use larger key size, the processing performance will be slowed. As a result, processing speed will decrease and memory consumption will increase. Due to this, cryptographic algorithms with smaller key size and higher security are becoming more popular. Out of the cryptographic algorithms, Elliptic Curve Cryptography (ECC) p...

View PDFchevron_right

References (8)

  1. Nambiar, S., and Liang, L., IEEE IRI, 8-10, 475-480, November 2004.
  2. L. Antovski, and M. Gusev, "M-Payments", Proceedings of the 25 th International Conference Information Technology Interfaces, 2003 (ITI'03).
  3. S. Nambiar, and T.L. Chang, "M-Payment Solutions and M-Commerce Fraud
  4. X. Zheng, and D. Chen, "Study of Mobile Payments System", Proceedings of the IEEE International Conference on E-Commerce, 2003 (CEC'03).
  5. S. Kungpisdan, B. Srivnivasan, and P.D. Le, "A Secure Account-Based Mobile Payment Protocol", Proceedings of the International Conference on Information Technology: Coding and Computing, 2004 (ITCC'04).
  6. A. Fourati, H.K.B. Ayed, F. Kamoun, and A. Benzekri, "A SET Based Approach to Secure the Payment in Mobile Commerce", In Proceedings of 27th Annual IEEE Conference on Local Computer Networks (LCN'02), November 06 -08, 2002, Tampa, Florida
  7. Jerry Gao, Krishnaveni Edunuru, Jacky Cai, and Simon Shim, "P2P-Paid: A Peer-to-Peer Wireless Payment System" Proceedings of the 2005 Second IEEE International Workshop on Mobile Commerce and Services (WMCS'05).
  8. ZHAO Lianggang, CHEN Kefei, "Application of Elliptic Curve Cryptosystem for Security Protocol of Wireless Communication", Computer Engineering, Volume 28 No.3, 2002, pp 128-129, shanghai, China. Special Issue of Ubiquitous Computing Security Systems UbiCC Journal -Volume 5 www.ubicc.org

Related papers

Analysis of Elliptic Curve Cryptography for Mobile Banking
Swapnali Ghosalkar

International journal of engineering research and technology, 2014

The tremendous increase in the use of mobile and wireless devices with limitations on power, bandwidth and low security postulates a new generation of Public Key Cryptography (PKC) schemes. We state Elliptic curve cryptography as a PKC scheme which is capable of fulfilling those requirements. Our paper examines the use of Elliptic Curve Cryptography (ECC) in such a constrained environment along with the other two aspects of ECC, namely its security and efficiency. In the paper, the performance of ECC is evaluated by comparing its different methods of implementation to find out the most efficient solution for mobile environment considering the constraints of battery life, processing power, memory, speed, bandwidth etc. The efficient method is then tested for mobile payment application. ECC encryption and decryption is implemented and tested on user module to check whether it is capable of handling all constraints and providing high security. The implementation is divided into two par...

View PDFchevron_right
Improving e-payment security using Elliptic Curve Cryptosystem
Jafarullah M

Electronic Commerce Research, 2010

The use of e-commerce has been associated with a lot of skepticism and apprehension due to some crimes associated with e-commerce and specifically to payment systems. The secure socket layer (SSL) protocol is trusted in this regard to secure transactions for sensitive applications like e-commerce. Unfortunately, the use of SSL protocol causes slow response time on the server which is a major cause of frustration for on-line shoppers. In this paper, we propose a secured credit-debit card payment systems based on Elliptic Curve Cryptosystem (ECC). We first examined ECC algorithm over prime fields GF(p), implement our proposed method using a typical transaction involving credit/debit card numbers and compared the performance with RSA cryptosystem. Our result shows that ECC is faster in terms of response to transaction request and occupies less memory space than equivalent RSA system. Thus, these makes it more suitable public Key cryptography scheme for application in a constraint open environment like payment system where fast operations are needed.

View PDFchevron_right
Elliptic Curve Cryptography-A new approach to Public Key Cryptography
Ijesrt Journal

Elliptic curve cryptography (ECC) is an approach to public key Cryptography based on the algebraic structure of Elliptic curves over finite field. Elliptic curves are also used in several integer factorization algorithms that have applications in cryptography. An elliptic curve in cryptography was suggested independently by Neal Koblitz and Victor S. Millar in 1985. Elliptic curve cryptography algorithms entered wide use in 2004 to 2005.Cryptography comes from Greek words meaning “hidden writing”. Cryptography converts readable data or clear text into encoded data called cipher text. By definition cryptography is the science of hiding information so that unauthorized users cannot read it. It involves Encryption and decryption of messages. Encryption is the process of converting a Plain text into cipher text and decryption is the process of getting back the original Message from the encrypted text. ECC is a newer approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields, and considered a s a marvelous technique with low key size for the use r, and hard exponential time challenge for an intruder to break into the system. In ECC a 16 0 bits key, provides the same security as RSA [1] 1024 bits key, thus lower computation f aster cryptographic power is required. The advantage of elliptic curve cryptosystems is the absence of sub exponential time algorithms, for attack. As ECC uses less key size to provide more security, and for this advantage it is used to perform operations, running on smaller chips or m ore compact software. The public key cryptography- based r emote authentication schemes are not suitable for mobile devices, because of the limitation in the bandwidth, computational strength, power availability or storage in mobile devices. Elliptic Curve cryptography is very difficult to understand by attacker because it relies on Elliptic Curve Discrete Logarithm Problem known as ECDLP. So it is difficult to break.

View PDFchevron_right
An Identity-Based Elliptic Curve Cryptography for Mobile Payment Security
Adebayo Abayomi-Alli

SN Computer Science, 2020

Security breaches have been observed in different dimensions in mobile payment system. The violation of user's privacy is a common phenomenon in mobile payment transactions. This study presents an improved security scheme for a mobile payment system using elliptic curve cryptography over a binary field with International Mobile Equipment Identity to ensure higher security. The scheme uses a payment gateway for registration and maps all input text to elliptic curve points using ASCII values. Payment details are stored on the gateway, which is encrypted but decrypted only with merchant's decryption key. The proposed scheme was evaluated in terms of key size, security strength, computational power, memory capacity, encryption and decryption time and mobile phone battery. The result shows that the scheme provides integrity, confidentiality and privacy. The result also shows that the proposed scheme is time-efficient and computationally inexpensive for resourceconstrained environment like mobile payment system.

View PDFchevron_right
ELLIPTIC CURVE ALGORITHM USAGE IN WIRELESS SECURITY WITH PUBLIC KEY CRYPTOGRAPHY
GJESR Journal

Public key techniques revolutionized cryptography. Over the last twenty years however, new techniques have been developed which offer both better performance and higher security than these first generation public key techniques. The best-assured group of new public key techniques is built on the arithmetic of elliptic curves. This paper will outline a case for moving to elliptic curves as a foundation for future Internet security. This case will be based on both the relative security offered by elliptic curves and first generation public key systems and the relative performance of these algorithms. While at current security levels elliptic curves offer significant benefits over existing public key algorithms, as one scales security upwards over time to meet the evolving threat posed by eavesdroppers and hackers with access to greater computing resources, elliptic curves begin to offer dramatic savings over the old, first generation techniques. The two noteworthy first generation public key algorithms used to secure the Internet today are known as RSA and Diffie-Hellman (DH). The security of the first is based on the difficulty of factoring the product of two large primes. The second is related to a problem known as the discrete logarithm problem for finite groups. Both are based on the use of elementary number theory. Interestingly, the security of the two schemes, though formulated differently, is closely related. Wireless sensor networks (WSNs) in healthcare are one of the most important and rapidly growing areas. One of the most critical security concerns is patients' privacy. Since patients are monitored all the time, authentication of who can access the information, and what information one is authorized to access are indispensable to maintain privacy. In health-care environments, authentication and access control face a big challenge due to dynamic network topology, mobility, and stringent resource constraints. In this paper, we propose a secure, scalable, and energy-efficient security scheme called Mutual Authentication and Access Control scheme based on Elliptic Curve Cryptography (MAACE). MAACE provides mutual authentication where a healthcare professional can authenticate to an accessed node (a PDA or medical sensor) and vice versa. This is to ensure that medical data is not exposed to an unauthorized person. On the other hand, it ensures that medical data sent to healthcare professionals did not originate from a malicious node. By applying elliptic curve cryptography (ECC), MAACE provides a public key approach which is more scalable and requires less memory compared to symmetric key-based schemes. Furthermore, it is practically feasible to implement it on sensor platforms. Security analysis and performance evaluation results are presented and compared to existing schemes to show advantages of the proposed scheme. Keywords: Public Key, Cryptography, ECC, RSA, Geo-Graphic Information System.

View PDFchevron_right

Related topics

  • Ubiquitous Computing Communication
    • 580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved