Authors:
Shizra Sultan
;
Abdul Ghafoor Abbasi
;
Awais Shibli
and
Ali Nasir
Affiliation:
National University of Science and Technology, Pakistan
Keyword(s):
Financial Protocol, Smartphones, Secure Payment Protocol, Formal Verification, AVISPA.
Related
Ontology
Subjects/Areas/Topics:
Formal Methods for Security
;
Identification, Authentication and Non-Repudiation
;
Information and Systems Security
;
Security and Privacy in Mobile Systems
;
Security Protocols
;
Security Verification and Validation
Abstract:
Smartphones are overpowering the IT world by rising as a prerequisite for other technologies. Emerging technology paradigms such as Cloud computing, web data services, online banking and many others are revamping them as compatibility to smartphones. Banking is a vital and critical need in daily life. It involves routine financial transactions among sellers, buyers and third parties. Several payment protocols are designed for mobile platforms which involve hardware tokens, PIN, credit cards, ATMs etc. for secure transactions. Many of them are not properly verified and have hidden flaws .Numerous vulnerabilities have been found in existing solutions which raise a big question about the defense capability of smartphones to protect user’s data. In this paper we propose a secure payment protocol for smartphones without using any hardware token. It implicates bank as a transparent entity and users rely on a payment gateway to mark a successful transaction. Suggested protocol uses symmetri
c keys, Digital certificates X.509, and two-factor authentication to make a secure financial deal. To prove the secrecy and authentication properties of the protocol we have formally verified it by AVISPA.
(More)