An Improved Authentication Scheme for Electronic Payment Systems in Global Mobility Networks

  • Mohammad Heydari
  • S. Mohammad-Sajad Sadough
  • Shehzad Ashraf Chaudhry
  • Mohammad Sabzinejad Farash Department of Mathematics and Computer Sciences, Kharazmi University
  • Mohammad Reza Aref
Keywords: Authenticated encryption‎, ‎E-payment system‎, ‎Elliptic curve cryptography‎, ‎Digital signature‎, ‎Signcryption


The use of e-payment system for electronic trade is on its way to make daily life more easy and convenient‎. ‎Contrarily‎, ‎there are a number of security issues to be addressed‎, ‎user anonymity and fair exchange have become important concerns along with authentication‎, ‎confidentiality‎, ‎integrity and non-repudiation‎. ‎In a number of existing e-payment schemes‎, ‎the customer pays for the product before acquiring it‎. ‎Furthermore‎, ‎many such schemes require very high computation and communication costs‎. ‎To address such issues recently Yang‎. ‎proposed an authenticated encryption scheme and an e-payment scheme based on their authenticated encryption‎. ‎They excluded the need of digital signatures for authentication‎, ‎further they claimed their schemes to resist replay‎, ‎man-in-middle‎, ‎impersonation and identity theft attack‎, ‎while providing confidentiality‎, ‎authenticity‎, ‎integrity and privacy protection‎. ‎However our analysis exposed that Yang et al.'s both authenticated encryption scheme and e-payment system are vulnerable to impersonation attack‎. ‎An adversary just having knowledge of public parameters can easily masquerade as a legal user‎. ‎Furthermore‎, ‎we proposed improved authenticated encryption and e-payment schemes to overcome weaknesses of Yang et al.'s schemes‎. ‎We prove the security of our schemes using automated tool ProVerif‎. ‎The improved schemes are more robust and more lightweight than Yang et al.'s schemes which is evident from security and performance analysis‎.