Journal of King Saud University: Computer and Information Sciences (Oct 2023)
The use of IoT-based wearable devices to ensure secure lightweight payments in FinTech applications
Abstract
Daily digital payments in Financial Technology (FinTech) are growing exponentially. A huge demand is for developing secure, lightweight cryptography protocols for wearable IoT-based devices. The devices hold the consumer information and transit functions in a secure environment to provide authentication and confidentiality using contactless Near-Field Communication (NFC) or Bluetooth technologies. On the other hand, Security breaches have been observed in various dimensions, especially in wearable payment technologies. In this paper, we developed a threat model in the proposed framework and how to mitigate these attacks. This study accepts the three-authentication factor, as biometrics is one of the user’s most vital authentication mechanisms. The scheme uses an “Elliptic Curve Integrated Encryption Scheme (ECIES)”, “Elliptic Curve Digital Signature Algorithm (ECDSA)” and “Advanced Encryption Standard (AES)” to encrypt the messages between the entities to ensure higher security. The security analysis of the proposed scheme is demonstrated through the Real-or-Random oracle model (RoR) and Scyther’s widely accepted model-checking tools. Finally, we present a comparative summary based on security features, communication cost, and computation overhead of existing methods, specifying that the proposed framework is secure and efficient for all kinds of remote and proximity payments, such as mini, macro, and micro-payments, using wearable devices.