BIOMETRIC BASED THREE-FACTOR MUTUAL AUTHENTICATION SCHEME FOR ELECTRONIC PAYMENT SYSTEM USING ELLIPTIC CURVE CRYPTOGRAPHY

IF 1.1 4区计算机科学 Q4 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Malaysian Journal of Computer Science Pub Date : 2020-11-27 DOI:10.22452/mjcs.sp2020no1.4

M. D, S. N

{"title":"BIOMETRIC BASED THREE-FACTOR MUTUAL AUTHENTICATION SCHEME FOR ELECTRONIC PAYMENT SYSTEM USING ELLIPTIC CURVE CRYPTOGRAPHY","authors":"M. D, S. N","doi":"10.22452/mjcs.sp2020no1.4","DOIUrl":null,"url":null,"abstract":"Electronic payment system plays a vital role in e-commerce and other financial transactions with ever-increasing acceptance of smart device based applications. To ensure secure transactions, various authentication schemes have been proposed in recent times. But existing password and smart card-based traditional e-payment systems have some limitations and also raises security concerns. However, they consume more energy and are not feasible for the e-payment system as it consists of resource constraint devices like mobile devices. Furthermore, it is prone to security issues if the password is guessed or smart card is stolen. Thus to enhance the security and to reduce the computational cost, biometric authentication based payment protocol using elliptic curve cryptography is proposed. Since biometric features are unique and also cannot be stolen or reproduced. The proposed system resists various security attacks like impersonation attack, replay attack, session key agreement, man-in-the-middle attack, and user anonymity. Furthermore, it reduces computational and communication costs when compared to other protocols as it exploits ECC. Thus the proposed authentication protocol is convenient for the electronic payment system. A simulation tool, AVISPA is utilized to verify the security of designed payment protocol and BAN logic for formal security analysis.","PeriodicalId":49894,"journal":{"name":"Malaysian Journal of Computer Science","volume":" ","pages":""},"PeriodicalIF":1.1000,"publicationDate":"2020-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Malaysian Journal of Computer Science","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.22452/mjcs.sp2020no1.4","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 1

Abstract

Electronic payment system plays a vital role in e-commerce and other financial transactions with ever-increasing acceptance of smart device based applications. To ensure secure transactions, various authentication schemes have been proposed in recent times. But existing password and smart card-based traditional e-payment systems have some limitations and also raises security concerns. However, they consume more energy and are not feasible for the e-payment system as it consists of resource constraint devices like mobile devices. Furthermore, it is prone to security issues if the password is guessed or smart card is stolen. Thus to enhance the security and to reduce the computational cost, biometric authentication based payment protocol using elliptic curve cryptography is proposed. Since biometric features are unique and also cannot be stolen or reproduced. The proposed system resists various security attacks like impersonation attack, replay attack, session key agreement, man-in-the-middle attack, and user anonymity. Furthermore, it reduces computational and communication costs when compared to other protocols as it exploits ECC. Thus the proposed authentication protocol is convenient for the electronic payment system. A simulation tool, AVISPA is utilized to verify the security of designed payment protocol and BAN logic for formal security analysis.

查看原文本刊更多论文

基于生物特征的椭圆曲线密码电子支付系统三因素相互认证方案

随着基于智能设备的应用越来越被接受，电子支付系统在电子商务和其他金融交易中发挥着至关重要的作用。为了确保安全的交易，近年来提出了各种身份验证方案。但现有的基于密码和智能卡的传统电子支付系统存在一些局限性，也引发了安全问题。然而，它们消耗更多的能量，对于电子支付系统来说是不可行的，因为它由移动设备等资源约束设备组成。此外，如果密码被猜测或智能卡被盗，它很容易出现安全问题。为了提高安全性和降低计算成本，提出了一种基于椭圆曲线密码的生物特征认证支付协议。由于生物特征是唯一的，也不能被窃取或复制。所提出的系统可以抵御各种安全攻击，如模拟攻击、重放攻击、会话密钥协商、中间人攻击和用户匿名。此外，与其他协议相比，它利用ECC降低了计算和通信成本。因此，所提出的认证协议对于电子支付系统是方便的。利用模拟工具AVISPA验证了所设计的支付协议的安全性，并对BAN逻辑进行了形式化安全分析。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Malaysian Journal of Computer Science COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE-COMPUTER SCIENCE, THEORY & METHODS

CiteScore

2.20

自引率

33.30%

发文量

审稿时长

7.5 months

期刊介绍： The Malaysian Journal of Computer Science (ISSN 0127-9084) is published four times a year in January, April, July and October by the Faculty of Computer Science and Information Technology, University of Malaya, since 1985. Over the years, the journal has gained popularity and the number of paper submissions has increased steadily. The rigorous reviews from the referees have helped in ensuring that the high standard of the journal is maintained. The objectives are to promote exchange of information and knowledge in research work, new inventions/developments of Computer Science and on the use of Information Technology towards the structuring of an information-rich society and to assist the academic staff from local and foreign universities, business and industrial sectors, government departments and academic institutions on publishing research results and studies in Computer Science and Information Technology through a scholarly publication. The journal is being indexed and abstracted by Clarivate Analytics'' Web of Science and Elsevier''s Scopus