payment often use either the web or mobile channel individually to confirm the identity request of a remote user. Most common activity in mobile commerce is ...
User Authentication Using Mobile Phones for Mobile Payment Soonhwa Sung, Cheong Youn, Eunbae Kong and Jaecheol Ryou
Software Research Center (SOREC) Dept. of Computer Science and Engineering College of Engineering Chungnam National University, Yuseong-gu, Daejeon, South Korea, 305-764 {shsung, cyoun, keb, jcryou}@cnu.ac.kr
Abstract— Mobile authentication systems for mobile payment often use either the web or mobile channel individually to confirm the identity request of a remote user. Most common activity in mobile commerce is done through mobile phones. The mobile phones are vulnerable to numerous security threats due to involvement of valuable financial and personal information. To provide secure web transactions using mobile phones, multifactorial authentication techniques are preferred. In former study, user authentication software technology using mobile phones, one of the multifactorial authentication techniques, can potentially be copied to another device. For the solution of the problem, this paper proposes Transaction Certificate Mode (TCM), a software token, which supports mutual authentication considering stolen, borrowed, and infected mobile phones for mobile payments. It uses a novel approach based on TCM to enforce a lightweight mobile security and provides a highly secure environment that is simple to use and deploy.
revealed [10]. One way to strengthen your authentication policy is by adding factors such as tokens, smart cards, digital certificates and biometrics. The most common form of multi-factor authentication is two-factor authentication using a token or smart cards as the second form of identification. For the two factor authentication, mobile phones can be a good option as everyone carries a mobile handset [1]. Recently, many user authentication schemes for mobile client-server environment were proposed. However, these schemes are subjected to an inherent design weakness, namely, the server knows all users’ private keys. Under this problem, these schemes cannot provide insider attack resistance or mutual authentication. Furthermore, some of these schemes cannot simultaneously provide user anonymity, perfect forward secrecy, or leakage of session temporary secrets resistance. Remote user authentication allows a remote user and a server authenticate the identity with each other over insecure networks. Mobile devices are widely and popularly used in many electronic transaction, such as online shopping, Internet banking, e-payment, e-voting and pay-TV. Considering the limited energy resources and computing ability of mobile devices, it is inappropriate for remote user authentication schemes to be realized in traditional public key cryptography because most cryptographic algorithms require much expensive computation and it suffers from heavy certificate burden. In addition, Mobile phones are most common devices to do business and commerce due to involvement of huge financial and personal data transferring such as Personal Identification Number (PIN), Bank Account Number (BAN) etc. Mobile commerce demands the means for secure mobile payment. The security issue of mobile networks challenges more efficient protocols and authentications. Authenticating users on mobile devices can be challenging, and many solutions currently being used by mobile applications either compromise security or usability [11]. A mobile device, user authentication solution must address three main security risks: stolen device, borrowed device, and infected device. Stolen device: If user’s device is lost or stolen, the attacker can generally get access to everything stored on the device. This is generally true because currently, most mobile devices
Keywords— mutual authentication; mobile payment protocol; mobile phone; transaction certificate; software token I.
INTRODUCTION
There have been different strategies proposed for making authentication mechanism more and more secure. There are different ways by which the secure passwords can be hacked such as Hashing, Guessing, Default Passwords, and Brute Force. A password containing both uppercase and lowercase characters, numbers and special characters is a strong password and can never be guessed. However, it still is not much secure way of authentication [1]. Many password-based schemes [2, 3, 4, 5] use static identity, which can easily leak information to an attacker. Many papers[6, 7, 8, 9] have proposed a number of ideas for preserving the user’s anonymity by employing a random value or time-stamp, to vary user identity for each session. However, these schemes provide a smart card for each user and assume that the contents of smart card for each user cannot be This work was supported by the National Research Foundation of Korea(NRF) and the Center for Women In Science, Engineering and Technology(WISET) Grant funded by the Korean Government(Program for Returners into R&D by the Ministry of Science, ICT & Future Planning(MSIP)). This research was partly supported by the R&D program of MSIP(Ministry of Science, ICT and Future Planning) [Project No. 10047528] and the National GNSS Research Center program of Defense Acquisition Program Administration and Agency for Defense Development.
978-1-4799-8342-1/15/$31.00 ©2015 IEEE
51
ICOIN 2015
either do not support disk encryption, or do not have disk encryption enabled by their users. If a user’s device is stolen, the attacker can access plaintext data on the device, brute force passwords used to encrypt data, etc. The attacker can perform both software attacks and physical attacks against the device. Borrowed device: The likelihood of this risk is much greater for mobile devices than for other computers such as laptops, desktops, and so on. Users often allow others to borrow their mobile devices to make a phone call, send a Short Message Service (SMS), etc., and mobile devices currently only support a single user account/password. Users cannot create a “guest” account on their devices that only offers access to a limited subset of functionality. The risk is different than that of a stolen device because in this case, the user provides the device in an unlocked state to somebody else. Therefore, full disk encryption is an ineffective control in this case. On the other hand, the types of attacks that can be conducted with a borrowed device are limited as the user borrowing the device will have access to it for a limited amount of time and may be under the device’s supervision. Infected device: Mobile devices are at least as likely to get infected with malware as any other type of computer. There are several reasons why mobile devices may be more likely to get infected. First, although some application stores have stricter controls than others, there is no way for the application stores to guarantee that the applications they are providing do not contain something malicious. Secondly, many mobile devices run operating systems with known exploitable vulnerabilities because mobile devices’ operating systems do not receive frequent security updates. This risk is not unique to the mobile platform in any way. Malware continues to be a significant risk for many end users on their computers [12]. To solve the above problems, we need user authentication techniques using mobile phones to increase user-based faith on mobile financial transactions. Thus we propose mobile payment using mobile phones with Transaction Certificate Mode (TCM) for a mutual authentication transaction. The rest of this paper is organized as follows: Related work is presented in section2, Transaction Certification Mode (TCM) is presented in section 3, mutual authentication protocol using TCM is detailed in section 4, and an analysis is evaluated in section 5. Section 6 concludes the paper. II.
Kaviani et al., [14] presented a strong authentication mechanism that exploits the use of mobile devices to provide a two-factor authentication method. Their approach uses a combination of one-time password, as the first authentication factor, and credentials stored on a mobile device, as the second factor, to offer a strong and secure authentication approach. They also present an analysis of the security and usability of this mechanism. The security protocol is analyzed against an adversary model; this evaluation proves that their method is safe against various attacks, most importantly key logging, shoulder surfing, and phishing attacks. Rijswik et al., [15] illustrated an overview of the two factor authentication landscape and address the issues of closed versus open solutions. They introduced a novel open standards based authentication technology that they have developed and released in open source. They then provided a classification of two factor authentication technologies. Rosa [16] focused on two-factor authentication methods employing smart phones. It is well-known there are several risks that shall be evaluated carefully when designing such applications. It actually turns out this situation probably signalizes an emerging fall of the two-factor authentication from certain contemporary banking applications. They also promise to deliver an excellent mix of computational power, rich peripheral devices, and amazing applications right into the client’s palm. Singhal and Tapaswi[17] described a method of implementation of Two Factor Authentication using Mobile handsets. The two factor authentication is based on Time Synchronous Authentication using the RFC1321 MD5 Message Digest Algorithm of Epoch Time, Personal Identity Number (PIN) and Init-Secret. The Password generated would be One Time Password (OTP) which would be valid for 60 seconds only after which it expires and the user cannot login through that password. While tokens provide a much safer environment for users, it can be very costly for organizations. In addition, a bank has to provide continuous support for training customers on how to use the tokens. The banks have to also be ready to provide replacements if a token breaks or gets stolen. Replacing a token is a lot more expensive than replacing an Automated Teller Machine (ATM) card or resetting a password. From the customer’s prospective, having an account with more than one bank means the need to carry and maintain several token which constitute a big inconvenience and can lead to tokens being lost, stolen, or broken. In many cases, the customers are charged for each token. Therefore, we propose a mobile-based software token which supports a mutual authentication using Transaction Certificate Mode (TCM). This allows customers to install multiple software tokens and financial institutions to save the cost of purchasing and maintaining hardware tokens. A software token can potentially be copied to another device, but the proposed mobile-based software token cannot be copied to another device because it operates whenever a mobile phone accepts a mutual authentication transaction with TCM.
THE RELATED WORKS
Yoo et al., [13] explored leading 2 factor authentication programs that combine both security and convenience using QR (Quick Response) code with smart phone users can login to the website without to put 6 to 8 digit code such as OTP(One Time Password). Users can enjoy the both security and convenience. They encourage further research into technological development within internet security systems because of the significant role security systems play in the growth of online markets.
52
III.
TRANSACTION CERTIFICATE MO ODE(TCM)
Recently, several protocols came into beinng successively to meet the requirement of efficient operatioons in low-power roaming environment with the fast advance of communication technologies. Unfortunately, these protocols are not a suitable candidate for special requirements in auttomobile roaming system such as low consumption, high performance and convenience since these protocols pay moore attention to a common network environment. Although a security of encryption allgorithm is very important, they are limited to the mobile phoone resources such as processor capabilities and memory capaccity. The proposed scheme operates TCM software which has proceeded mutual authentications considering limited mobile phhone resources.
Fig.1. Transaction Certificatte Mode (TCM) Construction B. TCM Algorithm u authentication solution for TCM algorithm provides user mobile devices which have security risks: stolen device, borrowed device, and infected device.
A. TCM Construction
z
c valid user TCM is software for certificates which confirm and merchant accessing their accounts. As described d in Fig.1, TCM composes TCM1 and TCM2, Custom mer Bank (CB) has issued TCM1 and Merchant Bank (MB) has issued TCM2. TCM algorithm uses the following terms: 1) International Mobile Equipmennt Identity(IMEI) number IMEI is a number, usually unique to identiify Global System for Mobile Communication (GSM) or Code Division Multiple Access (CDMA) mobile phones. It is usuaally found printed inside the battery compartment of the phone. p The IMEI number is used by the GSM network to idenntify valid devices and therefore can be used for stopping a stolen s phone from accessing the network in that country. 2) One Time Password Password for every transaction will be geneerated using IMEI number which is unique. Same password is stored on the server, which uses same software generator program where it can be crosschecked for authentication. 3) Call Back Technique ms the user ID and When a user connects to a server and confirm password, the server disconnects the user coonnection and tries to connect to the user directly. This techniquue is applied in the windows server operating system for confirrming the identity of the dial up users. Phone number of everyy user is registered in their specification. If any user account has h been stolen or another person tries to connect to the server,, he is only able to communicate by its line through which its number has been registered in the server.
CM1 and TCM2 work TCM Algorithm: TC synchronously.
1) TCM1 converts custoomer information, order information, and custoomer nonce to digital code. 2) Digital code of TCM11 has been hashed. 3) After encryption by public p key of customer bank, a customer signs it by his h private key. 4) TCM1 prepares a muttual authentication for transaction entities. 5) TCM2 converts merchhant information, invoice information, and mercchant nonce to digital code. 6) Digital code of TCM22 has been hashed. 7) After encryption by public p key of merchant bank, a merchant signs it by his h private key. 8) TCM2 prepares a muttual authentication for transaction entities.
Fig.2. Processing Mutual Authentication Requests TCM supports mutual authentication requests as shown in Fig.2. A client and server maanage a certification key for a transaction. After a muttual authentication, a client certification of cert 4 in a keyy store is sent to a server and a trust store saves it while a servver certification of cert 2 in key
53
store is sent to a client and a trust store saves it. A trust store sets up verified certificates for anotherr transaction and provides mutual authentications with TCM T for mobile payments.
Upon receiving {C3, C4} from the server S, the user Uc carries out the tasks as detailed below.. . 7) Calculates C5=C3⊕Bc and C6=H(C1∥C3∥Sk) where Sk=H(Bc∥C5∥N ∥ c) is the common session key.
OTOCOL USING MUTUAL AUTHENTICATION PRO TCM
8) Checks whether C6=C = 4. If the check is passed, Uc authenticates the servver and unilateral authentication is completed; otherwiise Uc rejects.
IV.
A. Secure Mutual Authentication Protoocol
9) Calculates C7=H(Bc∥C ∥ 5∥Nc) and sends C7 to the server.
me consists of three The proposed mutual authentication schem phases: Registration phase, login phase, and a authentication phase. z Registration Phase
Upon receiving C7 from the user, u the server carries out the following tasks. 10) Calculates C8=H(Bs∥C2∥Ns). 11) Checks whether C8=C7. If the values are equal, the server authenticates the user and the mutual authentication is achieeved.
The user Uc submits IDc and Pwc to S in ordder to register with the server S. Afterwards, S performs the folloowing tasks. 1) Calculates Vc=H(IDc, IMEI, Pris).
Table1. Notation
2) Calculates Ac=H(IDc, IMEI, Pris)⊕ ⊕Pwc. 3) Stores (IDc, Vc, Ac, H(.)) on TCM z
Login Phase
In order to login to server S, Uc providess IDc and Pwc for TCM. Then TCM carries out the following taasks. 1) Calculates Bc=Ac⊕Pwc.. 2) Checks whether Bc=Vc. If the tesst fails, request is rejected. 3) Calculates C1=Bc⊕Nc. 4) Sends (IDc, C1) to the server S. z
Authentication Phase
When the server S receives a login reqquest (IDc, C1), it performs the tasks as detailed below. 1) Tests IDc format. If the format is i incorrect, login request is rejected. 2) Calculates Bs=H(IDc, IMEI, Pris) 3) Calculates C2=C1⊕Bs 4) Calculates C3=Bs⊕Nc
5) Calculates C4=H(C1∥C3∥Sk) whhere Sk=H(Bs∥C2 ∥Ns) is the common session key. 6) Send {C3, C4} authentication.
to
Uc to
achieve
unilateral
Fig.3. Secure Mutual Authentication A Protocol
54
B. Mobile Payment Protocol Using TC CM
V.
We improve the protocol to suppport the mutual authentication. In Fig. 4, we have considdered four major components with certain roles: 1) User or Customer Agent(CA) c of a bank A user is a valid account holding customer and CA is a software module whichh is running on the customer’s mobile device 2) Merchant Agent(MA) An MA is online service providder and merchant website by which users do online purchasing. 3) Customer’s Bank(CB) This is the bank at which a user haas valid account, it also contains a server authenticaation necessary to authenticate a user. 4) Merchant’s Bank(MB) This is the bank in which a meerchant has valid account, a merchant bank is also responsible for a merchant authentication.
A ANALYSIS
In this section, the proposed mobile payment protocol is comparing two existing paymeent protocols from some aspects such as privacy protection annd non-repudiation with digital sign. Privacy protection incluudes identity privacy protection and transaction privacy prrotection. Table 2 describes comparison of privacy protecctions and non-repudiation by digital sign for the proposed mobile payment protocol with two existing payment protocolss. Only Tellez et al. protocol [19] and the proposed protocol achieve user’s identity protectioon from a server. In Tellez et al. protocol, a client only revealls temporary identity or called client’s nickname to a server when w sending the request for the transaction identity. The propposed mobile payment protocol protects user’s identity by sending call back technique which confirms the user ID and passsword, TCM, to a server when requesting the transaction idenntity from a server. TCM avoids revealing the real user’s identitty to a server. Comparison results show thhat only the proposed mobile payment protocol provides iddentity protections, transaction privacy and non-repudiation transaction. It is revealed that p protocol satisfies all only the proposed mobile payment privacy protection and non-repudiation requirements.
Mobile Payment Protocol using TCM commences when minates when CA CA requests to MA purchase and term receives a confirmation of payment from CM. This ments which are protocol supports user-based paym different from a current payment mecchanism weighted towards merchants. ment transactions is As shown in Fig. 3, the flow for paym as follows: 1) CA requests MA for purchase. 2) MA prepares an invoice and sendds the Merchant’s encrypted banking information annd certificate with the invoice details to the CA. 3) CA sends order information certificcates to MA. 4) MA sends authentications to MB. 5) CA requests MB for TCM2. 6) MB acknowledges TCM2 and sendds it to CA. 7) MB requests CB for TCM1. p operates 8) Secure mutual authentication protocol between CA and CB. 9) CA receives a notification of paymeent from CB.
Table2. Comparison on Prrivacy Protection and NonRepudiationn Transaction
Table 3 demonstrates the num mber of cryptographic operations involved at each party. The number of symmetric key t proposed protocol has each encryption and decryption of the three, that is, the number of XO OR in login phase has three and the number of XOR in autheentication phase has three. The number of hash function for the t user has two in registration phase and the number of it i for the server has five in authentication phase. Mutual authentications a using TCM may cause many hash function for the server, so it has more hash function than another protocool. In another computation, the proposed protocol has improveed. Fig.4. Mobile Payment Protocol using Transsaction Certificate Mode (TCM)
55
Table3. Comparison of the Number of Cryptographic C Operations
[8] [9]
[10]
[11]
[12] [13]
VI.
CONCLUSION
[14]
o mobile phones In secure mobile payments, popularity of grows to give power to mobile devices as a payment device. However, some problems such as limitatioon of power, less powerful processor of mobile phones neeed new suitable algorithms for mobile phone payments. Therefore, this paper has proposed a new security algorithm for mobile phones based on mutual communnication techniques and developed mobile payments protocol using u TCM. It has lower computation at each party because TCM represents payment gateway. Due to TCM, users cann ensure that their account information will not be compromissed by any parties involved. As a result with our proposed protocol, thee mobile users can have efficient and secure payments, which support s user-based mobile payments using mobile phones. It may m achieve more acceptability than existing protocols.
[15] [16] [17] [18] [19] [20]
[21]
REFERENCES [1] [2]
[3]
[4] [5] [6]
[7]
S. Manav and T. Shashikala, “Software Tokenns Based Two Factor Authentication Scheme”, International Journall of Information and Electronics Engineering, vol.2, No.3, 2012. Li-Hua Li, Iuon-Chung Lin and Min-Shiang Hwang, “A Remote Password Authentication Scheme for Multi-servver Architecture Using Neural Networks”, IEEE Transactions on Neurall Network, vol. 12, pp. 1498-1504, 2001 H “A Modified Jau-Ji Shen, Chih-Wei Lin and Min-Shiang Hwang, Remote User Authentication Scheme Using Smart Cards”, IEEE Transactions on Consumer Electronics, vol. 49, no. n 2, pp.414-416, May 2003. Liang Tang, “A Simple Min-Shiang Hwang, Cheng-Chi Lee and Yuan-L Remote User Authentication Scheme”, Mathem matical and Computer Modeling, vol. 36, pp. 103-107, 2002. Peng Yang, “Flexible Cheng-Chi Lee, Min-Shiang Hwang and Wei-P Remote User Authentication Scheme Using Smart Cards”, IEEE Transactions on Neural Network, vol. 36, no. 3, ppp46-52, 2002. I En Liao, Cheng Chi Lee and Min Shianng Hwang, “Security Enhancement for a Dynamic ID-based Remotee User Authentication Scheme”, International Conference on Next Genneration Web Services Practices, vol. 6, no. 2, pp.517-522, 2005. Eun Jun Yoon and Kee Young Yoo, “Improving the Dynamic ID-based Remote Mutual Authentication Scheme”, First Innternational Workshop on Information Security, vol. 4277, pp.499-507, 20006.
56
F Xiao and Jing Dan, “A More Yan-Yan Wang, Jia-Yong Liu, Feng-Xia Efficient and Secure Dynamic ID-based Remote User Authentication Scheme”, Computer Communications, vol. 32, no. 4, pp.583-585, 2009. Cheng Chi Lee, Tsung Hung Lin L and Rui Xiang Chang, “A Secure Dynamic ID based Remote Usser Authentication Scheme for Multiserver Environment Using Smart S Cards”, Expert Systems with Applications, vol. 38, no. 11, pp. 13863-13870, 2011. Triet TRAN and Anh-Duc DUONG, Toan-Thinh TRUONG, Minh-T “Improvement of the More Effficient and Secure ID-based Remote Mutual Authentication With Key K Agreement Scheme for Mobile Devices on ECC”, An Internaational Journal of Future Technology Research Association Internationnal (FTRA), vol. 3, no. 2, June 2012. Haiyan Sun, Qiaoyan Wen, Huaa Zhang and Zhengping Jin, “A Novel Remote User Authentication andd Agreement Scheme for Mobile ClientServer Environment”, An Internaational Journal of Applied Mathematics & Information Sciences, vol. 7, no. n 4, pp1365-1374, 2013. Amit Sethi, Omair Manzoor andd Tarun Sethi, “User Authentication on Mobile Devices” 2012. Available at http://www.cigital.com/wpcontent/uploads/downloads/2012/11/mobile-authentication.pdf Y. Soonduck, S. Seung-jung and a R. Dae-hyun, “An Effective Two Factor Authentication Method Using U QR Code”, ASTL, vol.21, pp.106109, 2013. K. Nima, H. Kirstie and B. Konnstantin, “A Two-Factor Authentication Mechanism Using Mobile Phonnes”, 2008. Available at http://lerssedl.ece.ubc.ca/record/163/files/1633.pdf R.Van, M. Roland and D. Joosst, “tiqr: A Novel Take on Two-factor Authentication”, Proceedings off the 25th International Conference on Large Installation System Adminiistration, USENIX Association, 2011. R. Tomas, “The Decline and Daawn of Two- Factor Authentication on Smart Phones”, Information Secuurity Summit, 2012. S. Manav and T. Shashikala, “Software Tokens Based Two Factor Authentication Scheme”, Internnational Journal of Information and Electronics Engineering, vol. 2, no. n 3, May 2012. Kungpisdan, S., Srinivasan, B. and a Phu Dung L., “Lightweight Mobile Credit-Card Payment Protocol”, Berlin Heidelberg: Springer-Verlag, pp.321-328, 2003. Tellez J. and Sierra J., “Anonym mous Payment in a Client Centric Model for Digital Ecosystem”, IEEE DE EST, pp. 422-427, 2007. T. S. Fun, L. Y. Beng, J. Likohh, and R. Roslan, “A Lightweight and Private Mobile Payment Protocool by Using Mobile Network Operator”, The International Conference on Computer and Communication Engineering, pp. 162-166, 2008. Jesus Tellez Isaac and Sheralli Zeadally, “An Anonymous Secure Payment Protocol in a paymennt Gateway Centric Model”, The 9th on Mobile Web Information International Conference Systems(MobiWIS), Procedia Computer Science 10, pp758-765, 2012.
