Analysis and Improvement on a Mobile Payment Protocol with Outsourced Verification in Cloud Service
KANG Baoyuan, DU Jianqi, SI Lin, XIE MingmingSchool of Computer Science and Technology, Tianjin Pol-ytechnic University, Tianjin 300387, China
Mobile wallet is a very convenient means of mobile payment to allow the clients to conduct the payment via their mobile devices. To reduce the computation burden of resources- constraint mobile devices, a few mobile wallet protocols with outsourced verification in cloud computing were proposed. But in some of the protocols, there exist the risk of a colluding attack of the customer and the untrusted cloud server. In this paper, we propose an improved protocol, in which the payment information is protected by Hash function and random number. The malicious customer and cloud server cannot change the payment information to conduct a collusion forgery attack to defraud the merchant. The security analysis indicates that the proposed improved protocol can enhance the security in terms of correctness, unforgeability and traceability without increasing the computational burden.
Key words:mobile payment; cloud service; digital signature; security; bilinear map
 Amoroso D L, Magnier-Watanabe R. Building a research model for mobile wallet consumer adoption: The case of mobile Suica in Japan [J]. Journal of Theoretical and Applied Electronic Commerce Research, 2012, 7 (1): 94-110.
 Shibin D, Kathrine J. A secure and hybrid approach for key escrow problem and to enhance authentic mobile wallets [J]. Smart Innovation, Systems and Technologies, 2019, 105: 81- 89.
 Varghese B, Buyya R. Next generation cloud computing: New trends and research directions [J]. Future Generation Computer Systems, 2018, 79 (3): 849-861.
 Kang B Y, Wang J Q, Shao D Y. Certificateless public au-diting with privacy preserving for cloud-assisted wireless body area networks [J]. Mobile Information Systems, 2017, 2017: 2925465.
 Wu T Y, Tseng Y M, Huang S S, et al. Non-repudiable provable data possession scheme with designated verifier in cloud storage systems [J]. IEEE Access, 2017, 5: 19333- 19341.
 Qin Z, Sun J F, Wahaballa A, et al. A secure and privacy-pre- serving mobile wallet with outsourced verification in cloud computing [J]. Computer Standards and Interfaces, 2016, 54: 55-60.
 Al-Riyami S, Paterson K. Certificateless public key cryp-tography [C]// Advances in Cryptology-ASIACRYPT 2003, Proceedings of the 9th International Conference on the Theory and Application of Cryptology and Information Se-curity. Berlin: Springer-Verlag, 2003: 452-473.
 Cao S, Lang X, Liu X, et al. Probably secure and efficient certificateless aggregate signature [J]. Netinfo Security, 2019, 19(1): 42-50(Ch).
 Xiong H. Cost-effective scalable and anonymous certificate-less remote authentication protocol [J]. IEEE Transaction and Information Forensics and Security, 2014, 9(12): 2327- 2339.
 Kang B Y, Xu D. A secure certificateless aggregate signature scheme [J]. International Journal of Security and Its Applications, 2016, 10(3): 55-68.
 Chen Y M, Cheng X G, Wang S, et al. Research on certifi-cateless group signature scheme based on bilinear pairings [J]. Netinfo Security, 2017, 17(3): 53-58(Ch).
 Liao Y J, He Y C, Li F G, et al. Analysis of a mobile pay-ment protocol with outsourced verification in cloud server and the improvement [J]. Computer Standards and Interfaces, 2018, 56: 101-106.
 Kang B Y, Wang J Q, Shao D Y. Attack on privacy-pre- serving public auditing schemes for cloud storage [J]. Mathematical Problems in Engineering, 2017, 2017: 8062182.
 Kang B Y, Wang M, Jing D Y. An off-line payment scheme for digital content via subliminal channel [J]. Journal of In-formation Science and Engineering, 2018, 34: 171-192.
 Wu T Y, Tseng Y M. Publicly verifiable multi-secret sharing scheme from bilinear pairings [J]. IET Information Security, 2013, 7(3): 239-246.