Light-Weight and Privacy-Preserving Authentication Protocol for Mobile Payments in the Context of IoT

Abstract

Read online

The widespread use of smart devices attracts much attention on the research for a mobile payment protocol in the context of the Internet of Things (IoT). However, payment trust and user privacy still raise critical concerns to the application of mobile payments since existing authentication protocols for mobile payments either suffer from the heavy workload on a resource-limited smart device or cannot provide user anonymity in the mobile payment. To address these challenges elegantly, this paper presents a lightweight and privacy-preserving authentication protocol for mobile payment in the context of IoT. First, we put forward a unidirectional certificateless proxy re-signature scheme, which is of independent interest. Based on this signature scheme, this paper, then, gives a new mobile payment protocol that for the first time not only achieves anonymity and unforgeability but also leaves low resource consumption on smart devices. In the proposed protocol, the efficiency is notably improved by placing the most computational cost on Pay Platform (usually with abundant computational power) instead of lightweight mobile devices. Moreover, by considering that the Pay Platform and Merchant Server needs to perform computation for each transaction, the idea of batch-verification has been adopted to mitigate the overhead for millions of users at the Pay Platform and Merchant Server to address the scalability issue. Through the formal security analysis presented in this paper, the proposed protocol is proved to be secure under the extended CDH problem. In addition, the performance evaluation shows that the proposed protocol is feasible and efficient for the resource-limited smart devices in the IoT.

Keywords

• Anonymity
• authentication
• certificateless cryptosystem
• proxy re-signature
• mobile payments
• IoT