Litcius/Paper detail

Improved Secure Transaction Scheme With Certificateless Cryptographic Primitives for IoT-Based Mobile Payments

Zirui Qiao, Qiliang Yang, Yanwei Zhou, Mingwu Zhang

2021IEEE Systems Journal48 citationsDOI

Abstract

To achieve security of mobile payments within insecure public communication networks, in 2018, a secure transaction scheme for mobile payments is constructed by Yeh from a certificateless signature (CLS) scheme without bilinear pairing Yeh, (2008). However, we point out that this CLS scheme is insecure, and a malicious users can create a valid forged signature on any new message by performing public key replacement attacks. The security flaws of the underlying CLS scheme cause that the upper transaction scheme cannot keep its claimed security. In this article, we describe how this forgery attack works against the CLS scheme, which demonstrates that Yeh’s scheme cannot achieve its original security. Furthermore, to further solve the above-mentioned security flaws, a concrete construction of CLS scheme with improved security is presented. Our improved scheme can be rigorously proved using Forking lemma in the random oracle model, assuming that solving the discrete logarithm problem is infeasible. Finally, a secure transaction scheme for android-based mobile payments is proposed from our improved CLS scheme.

Topics & Concepts

CryptographyComputer scienceScheme (mathematics)Computer securityDatabase transactionPaymentMobile paymentCryptographic primitiveComputer networkCryptographic protocolMobile computingDatabaseWorld Wide WebMathematicsMathematical analysisCryptography and Data SecurityPrivacy-Preserving Technologies in DataCloud Data Security Solutions