Call for Paper - March 2023 Edition
IJCA solicits original research papers for the March 2023 Edition. Last date of manuscript submission is February 20, 2023. Read More

A Secure Mobile Banking Scheme based on Certificateless Cryptography in the Standard Security Model

Print
PDF
International Journal of Computer Applications
© 2013 by IJCA Journal
Volume 74 - Number 9
Year of Publication: 2013
Authors:
Mohammed Hassouna
Nashwa Mohamed
Eihab Bashier
10.5120/12910-9890

Mohammed Hassouna, Nashwa Mohamed and Eihab Bashier. Article: A Secure Mobile Banking Scheme based on Certificateless Cryptography in the Standard Security Model. International Journal of Computer Applications 74(9):1-6, July 2013. Full text available. BibTeX

@article{key:article,
	author = {Mohammed Hassouna and Nashwa Mohamed and Eihab Bashier},
	title = {Article: A Secure Mobile Banking Scheme based on Certificateless Cryptography in the Standard Security Model},
	journal = {International Journal of Computer Applications},
	year = {2013},
	volume = {74},
	number = {9},
	pages = {1-6},
	month = {July},
	note = {Full text available}
}

Abstract

Providing the security services (authenticity, integrity, confidentiality and non-repudiation) all together in mobile banking has remained a problematic issue for both banks and their customers. Both the public key infrastructure (PKI) and the identity-based public key cryptography (IB-PKC) which have been thought to provide solutions to these security services, have their own limitations. While the PKI suffers the scalability and certificate management problems, the identity-based cryptography suffers the key escrow problem. This paper proposes a secure web-based mobile banking scheme using certificateless public key cryptography. Within this scheme, the key generating center(KGC) has an offline connection with a public directory server. Both of the client and the bank's web-server use the identities of each other to obtain the public key of each from the KGC's public directory server. Then, each party computes an authenticated per-session shared secret symmetric key. By using this shared secret key the client can encrypt his username and password to access his banking account and carry out signed banking transactions. As a result, the proposed scheme is secure in the standard model and provides authentication, confidentiality, integrity and nonrepudiation. Moreover, the scheme is secure against known key attack, resilient against unknown key share and key-compromise impersonation, and secure against weak perfect forward secrecy

References

  • S. S. Al-Riyami and K. G. Paterson. Certificateless public key cryptography. In C. S. Laih, editor, Asiacrypt 2003, Lecture Notes in Computer Science, pages 452–473, 2003. Full version available at Cryptology ePrint Archive.
  • Shaghayegh Bakhtiari, Ahmad Baraani, and Mohammad- Reza Khayyambashi. Mobicash: A new anonymous mobile payment system implemented by elliptic curve cryptography. In Mark Burgin, Masud H. Chowdhury, Chan H. Ham, Simone A. Ludwig, Weilian Su, and Sumanth Yenduri, editors, CSIE (3), pages 286–290. IEEE Computer Society, 2009.
  • Alexander W. Dent, Benoˆýt Libert, and Kenneth G. Paterson. Certificateless encryption schemes strongly secure in the standard model. In Public Key Cryptography, pages 344–359, 2008.
  • Patrick Gallagher, Deputy Director Foreword, and Cita Furlani Director. Fips pub 186-3 federal information processing standards publication digital signature standard (dss), 2009.
  • C. Narendiran, S. A. Rabara, and N. Rajendran. Performance evaluation on end-to-end security architecture for mobile banking system. Wireless Days, 2008. WD '08. 1st IFIP, pages 1–5, 2008.
  • C. Narendiran, S. A. Rabara, and N. Rajendran. Public key infrastructure for mobile banking security. Global Mobile Congress 2009, pages 1–6, 2009.
  • S. Sharmila Deva Selvi, S. Sree Vivek, and C. Pandu Rangan. Cca2 secure certificateless encryption schemes based on rsa. IACR Cryptology ePrint Archive, 2010:459, 2010.
  • S. Sharmila Deva Selvi, S. Sree Vivek, and C. Pandu Rangan. Certificateless kem and hybrid signcryption schemes revisited. In ISPEC, pages 294–307, 2010.
  • A. Shamir. Identity-based cryptosystems and signature schemes. In In Advances in Cryptology-CRYPTO'84, volume 196, pages 47–53, 1984.
  • S. A. Shubat and M. A. Ashraf. Secure protocol for short message service. In Proceedings of world academy of science, engineering and technology, volume 49, 2009.
  • C. Swanson and D. Jao. A study of two-party certificateless authenticated key-agreement protocols. In Proceedings of the 10th International Conference on Cryptology in India: Progress in Cryptology, INDOCRYPT '09, pages 57–71, Berlin, Heidelberg, 2009. Springer-Verlag.
  • M. Sunanda V. R. Prasad and V. Maruthi Prasad. Secure sms with identity based cryptography in mobile telecommunication networks. International Journal of Computer Science and Technology, 2, 2011.
  • C. Wang, D Long, and Y. Tang. An efficient certificateless signature from pairing. International Journal of Network Security, 8(1):96–100, 2009.
  • Erik De Win, Serge Mister, Bart Preneel, and Michael J. Wiener. On the performance of signature schemes based on elliptic curves. In Proceedings of the Third International Symposium on Algorithmic Number Theory, pages 252–266, London, UK, 1998. Springer-Verlag.
  • K. Wouters, G. Van Damme, and N. Luyckx. A pkibased mobile banking demonstrator, 8th european workshop on public key infrastructure. services and applications, 48:203–20, 2011.
  • Wenjian Xie and Zhang Zhang. Certificateless signcryption without pairing. IACR Cryptology ePrint Archive, 2010:187, 2010.
  • Wenjian Xie and Zhang Zhang. Efficient and provably secure certificateless signcryption from bilinear maps. In WCNIS, pages 558–562, 2010.
  • H. Xiong, Z. Qin, and F. Li. An improved certificateless signature scheme secure in the standard model. Fundamenta Informaticae, 88, 2008.
  • H. Yang, Y. Zhang, and Y. Zhou. An improved certificateless authenticated key agreement protocol. Cryptology ePrint Archive, Report 2011/653, 2011. http:// eprint. iacr. org/.
  • L. Zhang and F Zhang. A new provably secure certificateless signature scheme. In 08 IEEE International Conference on Communications, pages 1685–1689, 2008.
  • S. Zhao, A. Aggarwal, and S. Liu. Building secure user-to-user messaging in mobile telecommunication networks. In Wireless Telecommunications Symposium (WTS) 2008, pages 151–157, 2008.
  • L. Zhuo, T. Wang, J. Zhong, H. Shu, L. Wang, and F. Zhu. Design of secure access system of mobile bank based on pki with smart card. In 2011 2nd International Conference on Artificial Intelligence, Management Science and Electronic Commerce (AIMSEC), pages 1057 – 1060, 2011.