Dynamic Symmetric Key Mobile Commerce Scheme Based on Self-Verified Mechanism

In terms of the security and efficiency of mobile e-commerce, the authors summarized the advantages and disadvantages of several related schemes, especially the self-verified mobile payment scheme based on the elliptic curve cryptosystem (ECC) and then proposed a new type of dynamic symmetric key mobile commerce scheme based on self-verifiedmechanism.The authors analyzed the basic algorithm based on self-verified mechanisms and detailed the complete transaction process of the proposed scheme. The authors analyzed the payment scheme based on the security and high efficiency index. The analysis shows that the proposed scheme not only meets the high efficiency of mobile electronic payment premise, but also takes the security into account. The user confirmation mechanism at the end of the proposed scheme further strengthens the security of the proposed scheme. In brief, the proposed scheme is more efficient and practical than most of the existing schemes.


Introduction
With the rapid development of mobile communication technology, more and more electronic trading has been introduced to the wireless network environment [1,2].The wireless mobile network in the electronic trading model not only provides numerous merchants with a new way of promoting the sale of products and increases the profit, but also greatly enriches the network shopping environment of the consumers [2].Mobile electronic commerce has achieved rapid development, since the mobile users and merchants traded anywhere and anytime [3].However, compared with fixed networks, there are some factors that have restricted the development of mobile commerce, such as lower bandwidth, longer delay time, unstable connection, limited storage space, and restricted computing power [2].In order to reduce the risk of these problems, the priority of all kinds of mobile payment schemes is the security and efficiency of the solution.
Recently, with the development of mobile commerce based on the characteristics of the mobile network, some researchers have successively put forward certificate-based public key cryptosystem scheme (CBCS) [4,5], ID-based cryptography scheme (IDBCS) [2,6,7], and self-verified digital signature scheme (SVDSS) [3,8,9].CBCS is similar to the scheme based on the Secure Electronic Transaction protocol, in which user's authentication requires the certificate preserved in the certificate authority (CA).When the node certificate is updated or canceled, each node directory needs to be updated synchronously.The requirements of this sort of certificate management for calculation, storage, and communication of the system are relatively high.In order to avoid the certificate management burden, IDBCS used key escrow (KE) features [10] and key distribution center (KDC) unified manage public/private key pair of all trading entity, which can generate a symmetric key, and then improve the efficiency of system.However, once the KDC public/private key leaks, the system will lose the security barrier.In addition, with the increase of the number of users, the KDC needs to maintain a set of large user authentication tables, resulting in increasing the burden of the system [2].SVDSS is more efficient and secure than CBCS and IDBCS.On the one hand, its authentication mechanism does not need to rely on complex certificate management, which reduces the amount of calculation and traffic and improves the execution The core work of SVDSS is generating the authentication key and digital signature which verifies the identity of transaction entity.At present, the mainstream generative mechanism of SVDSS is based on ECC.Compared with the public key cryptosystem (PKC), ECC uses smaller key length to meet the same level of security and has very low computational burden [9,11,12].The specific performance comparison can be seen in Table 1.Therefore, the electronic payment scheme based on ECC is more effective than that based on PKC.
The symmetric key encryption system has a simple encryption processing, encryption speed, shorter key, and so forth [12].The authors summarize the theory and experience of predecessors and propose a new type of dynamic symmetric key mobile commerce scheme based on self-verified mechanism in this paper.This proposed scheme meets the requirements of both security and high efficiency because of the application of ECC.Based on the self-verified signature concept, each transaction entity holds the verification key and the digital signature for a later user authentication [3,13].The symmetric keys held by two entities are generated dynamically by the verification key and the digital signature.This contributes to security and efficient information interaction.A special key management mechanism is not necessary to reduce the cost of key management.In this way, the network operator only needs to provide users with a secure network and does not need to maintain redundancy authentication table.Therefore, the electronic payment scheme can not only meet the requirements of the large-scale mobile users, but also execute secure and efficient information interaction with generated symmetric key between the two entities after successful authentication.The environment of the electronic payment scheme is very suitable for large-scale mobile user environments, because the network operator does not need to maintain redundancy authentication table.In addition, the proposed scheme supports user anonymity mechanism and confidentiality, and it can prevent impersonation attack effectively.With our efforts, the system safeguards the rights and interests of users and ensures security.This scheme adopts ECC.Compared with other mechanisms such as the PKC and pairing function encryption mechanism, ECC obviously improves the operating efficiency of the system [14][15][16].To sum up, the proposed scheme is effective and practical in mobile commerce.The unique identity of trading entity  This paper is structured as follows.In Section 2, the authors summarize the main idea of the self-verified mechanism and basic steps.In Section 3, the paper presents detailed process of the proposed scheme.In Section 4, the authors analyze operational efficiency and security.Finally, conclusions are made in Section 5.

The Principle of Self-Verified Mechanism
Yang and Chang [3] proposed an authentication mechanism which is divided into three phases: the initialization phase, the registration phase, and the authentication phase.

The Initialization Phase.
In this phase, the server  initializes the system parameters over an elliptic curve domain through the following steps.In order to facilitate subsequent statements, important parameters and explanations are listed in Table 2.

Elliptic Curve Equation.
chooses a finite field   over a large odd prime  and generates an elliptic curve equation   (, ): where parameters satisfy the following conditions: selects a public point  over   (, ) and a public oneway hash function (⋅), where  is the finite point over   (, ).

Generating Public Key.
chooses its private key   ∈   to compute its public key by   =   * . (3)

The Registration Phase.
Assume that user  wants to log in the server .Prior to the logging,  must register to .

Generating Verification Key and Self-Verified Signature.
Firstly,  sends a registration request to .  generates   s verification key by where   ∈  *  and ID  is   s identity. computes   by where  and  denote the -coordinate and -coordinate of   , respectively.To generate the self-verified signature (  ,   ),  computes Then,  checks if    is equal to   .If they are equal, then  confirms that {  , (  ,   )} is really generated by .

The Authentication Phase.
In this phase,  wants to log in ;  can verify the user's legality [12].

Obtaining Data Set. 𝐴 uses 𝐻(⋅) to compute
where TS is the timestamp;  sends data set (ID  , ,   ,   ) to .

Identity Authentication.
After receiving (ID  , ,   ,   ),  computes checks if   is equal to  that is sent from .If they are equal, then  can authenticate that  is a legal user.

Proposed Scheme
There are three transaction entities in the proposed epayment scheme: the provider of electronic goods , the mobile user , and the network operator  that is a collection of financial institutions. provides the wireless network bearer services to  and , such as 3G services.Before being involved in trading officially,  and  must register to  and obtain the exclusive account.Only in this way can  provide service for user's transaction.The trading model of the proposed scheme is shown in Figure 1.
The proposed electronic trading scheme is divided into four phases: the registration phase, the withdrawing phase, the paying phase, and the depositing phase.During the registration phase,  and  need to register to  for obtaining their verification keys and self-verified signatures.The function of withdrawing phase is that  not only obtains an electronic identification of account balance but also completes the identity authentication with .In the paying phase,  and  perform authentication with each other; then  will obtain the electronic goods from .During the depositing phase,  agrees on this transaction and then  redeems the price from the account of .

The Registration Phase.
Before the depositing phase,  and  need to register to  for obtaining their verification keys and self-verified signatures.The steps of this phase are demonstrated as follows.

Storing Authentication Information.
stores the registration information of  and  to its database.The information provides the foundation of authentication, generating keys, information transfer, and payment in later transaction.

The Withdrawing Phase.
According to the registration information in the registration phase,  obtains an electronic identification of account balance that the maximum value is   .In the subsequent transactions, the value of electronic goods bought by  from  will not exceed   .In this phase,  and  not only complete the identity authentication but also generate a pair of symmetric key between themselves, and the symmetric key will be applied during user confirmation mechanism in the depositing phase.The steps of this phase are shown as follows and the specific flow chart is shown in Figure 2.
Step 1.  makes use of {  , (  ,   )} to compute where TS is the timestamp and  sends ID  , ID  , (  ,   ), TS, and   to .
Step 2. In order to verify the legitimacy of ,  uses its private key   to compute Then,  checks validity of TS.If TS is valid,  computes confirms that  is legal and above withdrawing information is really sent from  when    equals   .Otherwise,  rejects the transaction.
Step 3.  generates an electronic identification of account balance that the maximum value is   .In the subsequent transactions, the value of electronic goods bought by  from  will not exceed   .Meanwhile,  generates a serial number SN of   .
Step 4.  makes use of    , ID  , ID  to generate the symmetric key Based on ECC,  generates the digital signature Sig(  ‖SN‖ ID  ) and computes and then it sends   to  and stores (  , SN) in the local database and deducts the cost of   from mobile user's account. Step and obtain ) each other.After the authentication is legalized,  will obtain the electronic goods encrypted by the symmetric key    generated between the two entities.The steps of this phase are shown as follows and the specific flow chart is shown in Figure 3.
Step 1.1. browses 's online shop and generates the good information GI 1 that contains the descriptions and the prices defined by  1 of the electronic goods.Meanwhile,  arbitrarily selects an integer   ∈   and obtains the value   by generates the dynamic symmetric key    between  and  by where ID  and ID  is the unique identification of  and . encrypts the payment message with the key Step 1.2.After receiving the encrypted payment message PI,  obtains    by decrypts PI and obtains payment message DI by SN is legal and obtain the K sP U Store GI 1 , ID U , V N , SN in the database ) ) ) ) ) ) ) ) )  verifies the legitimacy of digital signature with computing Ver(Sig(  ‖SN‖ID  )).If the signature is legal,  can confirm PI is really sent by .Therefore,  confirms that (   ,   , SN) is legal and obtains the dynamic symmetric key    .
Step 1.3. obtains the good information GI and then determines whether inequality  1 ≤   was established.If   is greater than or equal to  1 ,  stores (GI 1 , ID  ,   , SN) in the database and sends     (EG 1 ) to , where EG 1 is the electronic goods.Then  obtains the EG 1 encrypted by    .Otherwise,  rejects the transaction.
If user wants to execute subsequent transactions, the proposed scheme can make full use of symmetric key    , which is generated in the previous process.In the th transaction, both entities apply hash function   (⋅), symmetric key    , and good information GI  to complete the transaction.The steps of this phase are shown as follows.
Step J.1. browses 's online shop and generates the th good information GI  .In the meantime  updates symmetric key     =    (   ), where    (⋅) represents performing the hash operation  times.
Step J.2.  uses     to compute the payment message by where GI  contains the price information   and sends PI  to .  updates the symmetric key     and obtains the payment message by Step J.3.After receiving DI,  judges the condition checks if the equation EP    = EP   holds.If the equation holds, then  confirms that  is legal.
Step 3.  uses    to compute and sends EP   to .  makes use of    and obtains ID  , ID  , GI, SN.If  agrees on this transaction and replies confirmation information to , then  completes the deposit.Otherwise,  rejects this transaction.

The Performance and the Security Analyses
This scheme will be compared to the related schemes in terms of performance and security analysis in order to identify the characteristics and advantages of proposed scheme.Compared with previous trading models [2,3], the proposed scheme further compresses the computation costs, and the dynamic symmetric key introduced improves the dynamic efficiency of the system.Considering the complexity and integration of current system, the proposed scheme adds the user confirmation mechanism which can maximize the protection of the rights of the user.

The Performance Analysis.
Compared with authentication mechanism of CBCS and IDBCS, the efficiency SVDSS authentication is higher.The reason is that this scheme adopts the self-verified signature mechanism to implement authentication between transactions entities, eliminate the need for frequent transfer certificate and verification, and save communication cost.In the specific verification process, the proposed scheme adopts the mechanism based on ECC.Compared with the public key cryptosystem (PKC) [8], ECC uses smaller key length to meet the same level of security and bear very low computational burden [9,10].After trading entity verifies that each side is legal object, it achieves symmetric encryption/decryption using the symmetric key.In the concrete scheme, it further improves the system efficiency from the following two aspects.

Payment Efficiency.
In the previous mobile commerce, hash function was used to generate electronic money instead of cash.  denotes the execution time for executing the hash function for token generation and verification.As for   denotes 0.006 ms on 15 a Pentium IV 3.0 GHz with 2 GB [17].In the literature [2], in order to generate and verify  tokens, the total number of hash operation performed is 3 N in the entire transaction process (including the generating, using, and redeeming of electronic token).In the literature [3], when  obtains the tokens from ,  did not use hash function but did get the tokens directly.So the total number of hash operation performed is 2 N.According to literature [2,3], the total execution time for token generation and verification is 3  and 2  .Usually, the number  is from 50 to 50,000.The total execution time of token generation and verification is illustrated in Figure 5, where the literature [2,3] introduces the Lin et al. 's scheme and Yang and chang's scheme, respectively.In the proposed scheme,  does not use hash function to generate the electronic tokens;  the user directly obtains   from .The total price of the goods purchased keeps accumulating in , as long as the price does not exceed   .Therefore, compared with literature [2,3], payment efficiency of proposed scheme has been greatly improved.

Message Encryption and Decryption.
Recently, in order to improve the efficiency of mobile commerce, symmetric key mechanisms have been applied actively.However, due to the difficulties of key management of symmetric key, the concrete scheme of mobile commerce is based on asymmetric keys, to generate a symmetric key between trading entity.According to literature [2], the system generates symmetric key between entities, but the public/private key that can generate symmetric key exists in the KDC.Once the KDC information leakage occurs, the security of the whole system will be under threat.And the generated symmetric keys in subsequent transactions are not continuously updated, which will result in the insecurity of the system.In the literature [3], both the symmetric keys are generated by executing three times point multiplication over   (, ) during each paying phase.In the paying phase, assume  and  execute  times payment, the total execution time for generating the symmetric keys is 3 ECC .
ECC denotes the time of the multiplication on an elliptic curve   (, ).In this paper, the scheme generates the first pair symmetric key in the first process during the paying phase.In the subsequent transaction, only the hash function is used to update the symmetric key     =    (   ).The total execution time for generating the symmetric keys is 3 ECC + ( − 1) * 2 *   .In fact,  ECC is much larger than   .This will further reduce the computing cost of the system and improve the execution efficiency.As is shown in Figure 6, the computational cost of generating symmetric key in the proposed scheme is higher than that in the literature [3].

The Security Analysis.
The authors analyze the security of proposed scheme as follows.

Prevent Impersonation Attack.
Assume that an attacker makes an attempt to modify the response information returned to  [18][19][20][21].Obviously, the attacker needs to forge a set of data, including   , (  ,   ).After receiving the forged information,  will naturally enter into the verification mode by computing (11) and (12).
If    is not equal to     ,  discovers the user is illegal and then rejects the transaction.The same authentication mechanism also occurs between  user and .The proposed scheme makes full use of this authentication mechanism to prevent impersonation attack.

User Anonymity.
In electronic payment schemes, the vender (service provider) does not need to know the user's real identity to protect the user's privacy [22][23][24].Provider obtains the payment information (17).
It does not contain identity information about user; service providers' judgment of the source information is based on the validity of Sig(  ‖SN‖ID  ).Subsequent transactions are based on (   ,   , SN); as long as the total price of the purchased goods does not exceed   , the entire transaction can continue proceeding. redeems the  =  1 +  2 + ⋅ ⋅ ⋅ +   from  based on SN in the depositing phase.In the process of the whole system, vender has no access to the user's identity information.

Confidentiality.
Through the analysis of the concrete transaction process, information of the transaction between entities is held by pairwise symmetric key to encrypt/decrypt.Concrete example is as follows.
Equations ( 17) and (19) achieve the secure transfer of information between  and .
Equations ( 20) and ( 21) achieve the secure transfer of information between  and .However, compared to the asymmetric keys, symmetric keys are easy to crack [25,26].Thus during the transaction phase, the symmetric key between the user and the service provider is continuously updated, which can also prevent the Man-in-the-Middle attack.

User Confirmation Mechanism.
In fact, the operation of a whole system is not isolated, and the attack also exists.In order to improve the system security and protect the lawful rights and interests of customers, the proposed scheme particularly introduces this mechanism.First all, symmetric key is generated between  and  in the withdrawing phase.In the depositing phase,  obtains ID  , ID  , SN, and GI and computes (25).
After receiving EP   from ,  can decrypt it and generate a feedback (agree on or reject the transaction).Finally, according to the user's feedback information,  completes/terminates the depositing process.

Conclusions
This scheme is based on the self-verified mechanism, the application of ECC, key agreement mechanism, prepayment mechanism, and other technologies to guarantee security and high efficiency of this proposed scheme.The proposed scheme does not need certificate management, which avoids the burden of network node storage certificate in CBCS and the communication overhead due to transferring certificate at the same time.The use of the self-verified mechanism avoids the defects of key escrow of IDBCS and no longer requires KDC to maintain a set of large user authentication tables, which can greatly reduce the system burden.The proposed scheme also takes advantage of updated symmetric key and user confirmation mechanism to guarantee the security.In a word, this scheme possesses the advantages of the current trading system which ensures the real time and user anonymity and further improves efficiency and security of system.

Figure 3 :
Figure 3: Flow chart of paying phase.

Figure 5 :
Figure 5: The analysis of payment efficiency.

Figure 6 :
Figure 6: The analysis of generating symmetric key.

Table 1 :
Comparison of performance of RSA and ECC.

Table 2 :
The parameter self-authentication scheme.
5.  uses symmetric key to decrypt   for    ,   , SN,    , Sig(  ‖SN‖ID  ).Then whether the equation    =   is established is checked.If it is established,  confirms that   is really sent by , stores (  , SN) into the users' database, and obtains symmetric key    .3.3.The Paying Phase.In this phase,  sends good information GI to ; then  and  perform authentication with ID U || ID P || U || TS ID U , ID P , E U , S U , TS, C AO w If the inequality is not established,  rejects the transaction.If the inequality is established,  stores ( 1 +  2 + ⋅ ⋅ ⋅ +   , ID  ,   , SN) into the database and sends      (EG  ) to .Finally,  obtains electronic goods EG  encrypted by     .3.4.The Depositing Phase.After the paying phase,  obtains  =  1 +  2 + ⋅ ⋅ ⋅ +   from  and wants to redeem them from  in this phase.The steps of this phase are shown as follows and the specific flow chart is shown in Figure 4. Step 1.  makes use of   to generate EP   =    (ID  , ID  , SN,   , GI) .