Article: Secure mobile payment framework based on UICC with formal verification Journal: International Journal of Computational Science and Engineering (IJCSE) 2014 Vol.9 No.4 pp.355 - 370 Abstract: In this paper, we propose a secure mobile payments framework based on universal integrated circuit card (UICC) by defining: a) a procedure of personalising UICC by the client; b) a procedure of provisioning and personalisation (mutual authentication and key agreement protocol) of mobile payments application (which is on UICC) by the bank; and c) a mobile payment protocol between the personalised mobile payment application on UICC and the bank server. Our provisioning and personalisation procedure is compared with recent works and found to be better in terms of generating client's credentials, implementation of WPKI in UICC, personalisation of mobile payment application by the bank and end to end security. Our mobile payment protocol originating from mobile payment application to the bank is also compared with recent works and found to be better in terms of confidentiality, authentication, integrity and non-repudiation, preventing double spending, over spending and money laundering, and withstands replay, man in the middle (MITM) and impersonation attacks. Proposed protocols are experimentally verified using BAN logic and scyther tool. Inderscience Publishers - linking academia, business and industry through research

Title: Secure mobile payment framework based on UICC with formal verification

Authors: Shaik Shakeel Ahamad; V.N. Sastry; Siba K. Udgata

Addresses: Department of Computer and Information Sciences, University of Hyderabad, Hyderabad-46, Andhra Pradesh, India; Institute for Development and Research in Banking Technology (IDRBT), Castle Hills, Masab Tank, Hyderabad-57, Andhra Pradesh, India ' Institute for Development and Research in Banking Technology (IDRBT), Castle Hills, Masab Tank, Hyderabad-57, Andhra Pradesh, India ' Department of Computer and Information Sciences, University of Hyderabad, Gachibowli, Hyderabad-46, Andhra Pradesh, India

Abstract: In this paper, we propose a secure mobile payments framework based on universal integrated circuit card (UICC) by defining: a) a procedure of personalising UICC by the client; b) a procedure of provisioning and personalisation (mutual authentication and key agreement protocol) of mobile payments application (which is on UICC) by the bank; and c) a mobile payment protocol between the personalised mobile payment application on UICC and the bank server. Our provisioning and personalisation procedure is compared with recent works and found to be better in terms of generating client's credentials, implementation of WPKI in UICC, personalisation of mobile payment application by the bank and end to end security. Our mobile payment protocol originating from mobile payment application to the bank is also compared with recent works and found to be better in terms of confidentiality, authentication, integrity and non-repudiation, preventing double spending, over spending and money laundering, and withstands replay, man in the middle (MITM) and impersonation attacks. Proposed protocols are experimentally verified using BAN logic and scyther tool.

Keywords: mobile payment; m-payment; UICC; personalisation; mutual authentication; key agreement; BAN logic; scyther tool; secure payment; formal verification; universal integrated circuit card; payment security.

DOI: 10.1504/IJCSE.2014.060718

International Journal of Computational Science and Engineering, 2014 Vol.9 No.4, pp.355 - 370

Received: 17 Feb 2012
Accepted: 26 Apr 2012
Published online: 24 May 2014 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Secure mobile payment framework based on UICC with formal verification

Keep up-to-date