Secure Protocol for Financial Transactions Using Smartphones - SPFT - Formally Proved by AVISPA

Shizra Sultan, Abdul Ghafoor Abbasi, Awais Shibli, Ali Nasir

Abstract

Smartphones are overpowering the IT world by rising as a prerequisite for other technologies. Emerging technology paradigms such as Cloud computing, web data services, online banking and many others are revamping them as compatibility to smartphones. Banking is a vital and critical need in daily life. It involves routine financial transactions among sellers, buyers and third parties. Several payment protocols are designed for mobile platforms which involve hardware tokens, PIN, credit cards, ATMs etc. for secure transactions. Many of them are not properly verified and have hidden flaws .Numerous vulnerabilities have been found in existing solutions which raise a big question about the defense capability of smartphones to protect user’s data. In this paper we propose a secure payment protocol for smartphones without using any hardware token. It implicates bank as a transparent entity and users rely on a payment gateway to mark a successful transaction. Suggested protocol uses symmetric keys, Digital certificates X.509, and two-factor authentication to make a secure financial deal. To prove the secrecy and authentication properties of the protocol we have formally verified it by AVISPA.

References

  1. Kungpisdan, S., Srinivasan, B., and Dung Le. P., 2004. “A Secure Account-Based Mobile Payment Protocol” In (ITCC'04), Proceedings of the International Conference on Information Technology: Coding and Computing
  2. Liu, J., Liao, J., Zhu, X., 2005. “A System Model and Protocol for Mobile Payment” .In (ICEBE'05), Proceedings of the IEEE International Conference on e-Business Engineering
  3. Tellez, J., Camara, J., 2007. “An Anonymous AccountBased Mobile Payment Protocol for a Restricted Connectivity Scenario” In (DEXA'03), 18th International Workshop on Database and Expert Systems Applications
  4. Vilmos, A., Karnouskos, S., 2003. “SEMOPS: Design of a new payment service” In 14th international workshop on Database & Expert Systems Applications
  5. Abdel-Hamid, A., Badway, O., Aboud, M., 2012. “SEMOPS+SIP+ECC: Enhanced secure mobile payments” In (INFOS2012), 8th international conference on Informatics & systems
  6. Xueming, W., Nan, C., 2009. “Research of security mobile payment protocol in communication restriction scenarios”. In international conference on computational intelligence & security
  7. Chang, C., Yang.J., Chang,k., 2012. "An Efficient and Flexible Mobile Payment Protocol”. In (ICGEC 7812) Genetic and Evolutionary Computing (ICGEC), 2012 Sixth International Conference
  8. Ahamad, S., Sastry, N., Udgata, K., 2012. "Enhanced Mobile SET Protocol with Formal Verification”. In (ICCCT 7812), Third International Conference of Computer and Communication Technology
  9. Isaac, J., Camara, J, 2007. "An Anonymous Account-Based Mobile Payment Protocol for a Restricted Connectivity Scenario," In (DEXA 7807) Database and Expert Systems Applications
  10. Avalle, M., Pironti, A., Sisto, R., 2014. "Formal verification of security protocol implementations: a survey". Journal of Formal Aspects of Computing Volume 26, Issue 1, pp 99-123 2014
  11. Secure Electronic Transaction (SET) Protocol, http://www.isaca.org/Journal/PastIssues/2000/Volume-6/Pages/Secure-ElectronicTransaction-SET-Protocol.aspx
Download


Paper Citation


in Harvard Style

Sultan S., Abbasi A., Shibli A. and Nasir A. (2014). Secure Protocol for Financial Transactions Using Smartphones - SPFT - Formally Proved by AVISPA . In Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014) ISBN 978-989-758-045-1, pages 387-392. DOI: 10.5220/0005059903870392


in Bibtex Style

@conference{secrypt14,
author={Shizra Sultan and Abdul Ghafoor Abbasi and Awais Shibli and Ali Nasir},
title={Secure Protocol for Financial Transactions Using Smartphones - SPFT - Formally Proved by AVISPA},
booktitle={Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)},
year={2014},
pages={387-392},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005059903870392},
isbn={978-989-758-045-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)
TI - Secure Protocol for Financial Transactions Using Smartphones - SPFT - Formally Proved by AVISPA
SN - 978-989-758-045-1
AU - Sultan S.
AU - Abbasi A.
AU - Shibli A.
AU - Nasir A.
PY - 2014
SP - 387
EP - 392
DO - 10.5220/0005059903870392