An Electronic Transaction Mechanism Using Mobile Devices for Cloud Computing

Abstract

In recent years, various electronic payment mechanisms have been proposed for cloud computing. However, the related works have high computation and communication costs so they are not really suitable for cloud environments. To solve this problem, we propose a new electronic transaction mechanism using mobile devices for cloud computing in this paper. The proposed mechanism uses the exclusive-or operation and one-way hash function to reduce the computation cost. In addition, it does not require a pre-shared key between the client and the vender for the authentication. Thus, the proposed mechanism has less communication cost. Compared with the related works, the proposed mechanism is more efficient and suitable for the electronic transactions using mobile devices in cloud computing.

1 Introduction

With the development of network technologies, more and more traditional transactions are implemented on the Internet, which is so-called electronic commerce (e-commerce). In e-commerce, the electronic transaction (e-transaction) mechanism [1–4] is the most important tool because it can be applied to many applications, such as online shopping, online TV, and online music. On the other hand, cloud computing [5–7] is another popular network technology because it can store huge data for users in the remote server. That is, the cloud user does not need to speed lots of money to expand the storage space in their own devices. In addition, the user’s secret information can be protected in the cloud server. Due to the above reasons, many e-transaction mechanisms for cloud computing have been proposed [8, 9]. In recent years, more and more user utilizes the mobile device to accomplish all e-transactions on the Internet. Thus, the e-transaction mechanism for cloud computing become a popular research topic in e-commerce applications.

In 2013, Yang et al. [8] proposed an electronic payment system for cloud computing. There are five roles in their e-payment system: the client, the shop, the bank, the cloud registration center (CRC), and the trusted authority (TA). They designed the e-payment system in the secure cloud area, which contains the personal cloud and the public cloud. The personal cloud stores the user’s registration and payment information, and the public cloud stores the shop’s and the bank’s transaction information. Before the e-transaction begins, the client, the shop, and the bank have to register to TA to get their certificates. Then, the transaction participants can use the certificates to prove their identities in the cloud environments. Because all transactions are performed in the secure cloud area, the user’s payment and purchasing information can be well-protected in their e-payment system.

However, we find that Yang et al.’s e-payment system has some drawbacks. First, their system uses the certificate to authenticate each participant. This causes additional computation costs for each participant in their system. Second, each participant has to share a symmetric key with the other participant for authentication and encryption. If the client wants to purchase from several shops, then the client has to maintain many symmetric keys for different shops. This causes the key management problem for client. Third, their system still has large computation costs so it is not suitable for mobile users in the cloud environments.

To solve the above problems, we propose a new e-transaction mechanism using mobile devices for cloud computing in this paper. The proposed mechanism does not require any certificate for authentication. In addition, the user only needs to keep one secret value to transact with different venders. Besides, the proposed mechanism uses the one-way hash function [10, 11] and exclusive-or operation to design so the computation costs can be greatly reduced. According to the above advantages, the proposed e-transaction mechanism satisfies the security requirements of integrity, authentication, and non-repudiation. Compared with the related works, the proposed mechanism are more efficient and securer. Therefore, it is very suitable for the e-transaction using mobile devices in cloud computing.

2 Review of Yang et al.’s Mechanism

In this section, we review Yang et al.’s e-payment system. Their system has five participants: the client, the shop, the bank, the cloud registration center (CRC), and the trusted authority (TA). Besides, their system is divided into five phases: the registration phase, login phase, certificate issuing phase, withdrawing phase, and payment phase. The notations used in their system are shown in Table 1. Note that all the transaction steps are performed in the cloud. Then, the steps of the five phases in Yang et al.’s e-payment system are shown as follows.

Table 1 The notations of Yang et al.’s system

Registration phase

Step 1.:

The client computes H ₃ (PW) and sends (ID _C , H ₃ (PW)) to CRC

Step 2.:

CRC checks ID _C and stores (ID _C , H ₃ (PW)) in its database

Login phase

Step 1.:

The client chooses a random number r _c in \({\text{Z}}_{q}^{ *}\) and computes M ₁ = F _P (ID _C , r _c ). Then, the client sends M ₁ to the personal cloud for the user authentication

Step 2.:

The personal cloud decrypts F _P (·) to get ID _C and r _c and uses ID _C to obtain H ₃(PW) from the cloud database. Then the personal cloud chooses a random number r _s in \({\text{Z}}_{q}^{ *}\) and computes M ₂ = E _H3(PW )(r _s ) and Mac ₁ = H ₄ (H ₃ (PW), r _c ). Finally, it sends Mac ₁ and M ₂ to the client

Step 3.:

The client computes H ₄ (H ₃ (PW), r _c ) and checks if it is equal to Mac ₁. If they are equal, then the client decrypts M ₂ to get r _s and computes Mac ₂ = H ₄ (H ₃ (PW), r _c , r _s )). Then, the client computes M ₃ = F _P (Mac ₂) and sends it to the personal cloud. Finally, the personal cloud can decrypt M ₃ to get Mac ₂, and then the personal cloud checks if H ₄ (H ₃ (PW), r _c , r _s ) is equal to Mac ₂. If they are equal, then the client is a legal cloud user

Certificate issuing phase

Step 1.:

TA chooses the system parameters G ₁, G ₂, e, H ₁(·), H ₂(·), H ₃(·), and H ₄(·). Besides, TA also chooses a random number s in \({\text{Z}}_{q}^{ *}\) as its private key and computes P _pub  = sP as its public key. Finally, TA publishes {G ₁, G ₂, q, P, P _pub , e, H ₁, H ₂, H _3, E, D}

Step 2.:

The client sends the requirement message to TA to get his public key, private key the certificate. Then, TA computes Q _C  = H ₁(ID _C ) and S _C  = sQ _C as the client’s public and private keys, respectively. Besides, TA chooses a random number y in \({\text{Z}}_{q}^{ *}\) and computes U _C  = E _s (ID _C  ⊕ y) and V _C  = s(H ₁(U _C ) + Q _C ). Finally, TA stores (U _C , y) in its database and sends (Q _C , S _C , U _C , V _C ) to the client in a secure channel

Step3.:

After receiving Q _C , S _C , U _C , and V _C , the client checks the validities of U _C and V _C . Note that the shop and the bank also use the above steps to get their certificates (U _S , V _S ) and (U _B , V _B )

Withdrawing phase

Step1.:

The bank service server chooses two random numbers r and k in \({\text{Z}}_{q}^{ *}\) to compute R = rP, Q _C  = H ₁(ID _C ), kQ _C , K _BC  = H ₂ (e(S _B , kQ _C )), and M ₄ = E _KBC (ID _B , U _B , V _B , R). Then, the server sends M ₄ and kQ _B to the personal cloud

Step 2.:

The personal cloud computes K _CB  = H ₂(e(S _C , kQ _B )) to get (ID _B , U _B , V _B , R) from M ₄. Besides, the personal cloud computes Q _B  = H ₁ (ID _B ) to verify the bank’s certificate (U _B , V _B ) by checking if e(V _B , P) = e(H(U _B ) + Q _B , P _pub ). If the equation holds, then the personal cloud chooses two random numbers a and b in \({\text{Z}}_{q}^{ *}\) to compute R′ = aR + bP, h = H ₃(m, R), h = h′/a mod q, and M ₅ = E _KCB (ID _C , ID _B , h, U _C , V _C ). Then, the personal cloud sends M ₅ to the bank service server

Step 3.:

The bank service server uses K _BC to get (ID _C , ID _B , h, U _C , V _C ) from M ₅ and checks if e(V _C , P) = e(H ₁(U _C ) + Q _C , P _pub ). If the equation holds, then the bank server computes S = rQ _B  + hS _B and M ₆ = E _KBC (ID _B , S) and sends M ₆ to the personal cloud

Step 4.:

The personal cloud uses K _CB to get (ID _B , S) from M ₆ and computes S′ = aS + bQ _B . In addition, the personal cloud verify (R′, S′) by checking if e(S′, P) = e(Q _B , h′Ppub + R′). If the equation holds, then the personal cloud obtains a valid e-cash (m, R′, S′)

Payment phase

Step 1.:

The personal cloud chooses a random number t to compute tQ _C and sends it to the shop service server

Step 2.:

The shop service server computes K _SC  = H ₂(e(S _S , tQ _C )) and M ₇ = E _KSC (ID _S , U _S , V _S ). Then, the shop server sends M ₇ to the personal cloud

Step 3.:

The personal cloud computes K _CS  = H ₂(e(S _C , tQ _S )) and Q _S  = H ₁(ID _S ) to verify (U _S , V _S ) by checking if e(V _S , P) = e(H ₁(U _S ) + Q _S , P _pub ). If the equation holds, then the personal cloud computes M ₈ = E _KCS ((m, R′, S′), U _C , V _C ) and sends it to the shop service server

Step 4.:

The shop service server uses K _SC to get ((m, R′, S′), U _C , V _C ) from M ₈ and checks if e(V _C , P) = e(H ₁(U _C ) + Q _C , P _pub ). If the equation holds, then the shop server computes Q _B  = H ₁(ID _B ) and h′ = H ₃(m, R′). To verify the validity of the e-cash, the shop server checks if e(S′, P) = e(Q _B , h′P _pub  + R′). If the above equation holds, then the shop server ensures the payment is valid and successful

According to the above steps, we find that Yang et al.’s system uses the certificate to authenticate each participant. This causes large computation costs for each participant in the system. In addition, each participant in their system has to share a symmetric key with the others for authentication and encryption. This causes the key management problem for users. Besides, their system has large computation costs so it is not suitable for mobile user in cloud environments. To solve the above problems, we propose a new e-transaction mechanism in the next section.

3 The Proposed e-Transaction Mechanism

The proposed e-transaction mechanism has four participants: the trust authority (TA), the client, the vender, and the bank. Note that the client, the vender, and the bank have to register to TA before the transaction starts (Fig. 1). The operation flow of the proposed mechanism is shown in Fig. 2. The notations used in the proposed mechanism are listed in Table 2.

Fig. 1

The operation flow of Yang et al.’s e-payment system

Fig. 2

The operation flow of the proposed e-transaction mechanism

Table 2 The notations of the proposed mechanism

Registration phase

Step 1.:

The client sends ID _C , PW _C , and the registration request to TA. Then, TA computes NID _C  = h(ID _C ∥ x) and A = h(NID _C ∥ PW _C ) and stores ID _C , PW _C , and NID _C in its database. Finally, TA sends NID _C and A to the personal cloud

Step 2.:

TA computes P = h(h (NID _C ∥ PW _C ) ∥ ID _B ) and sends P and NID _C to the bank service server

Step 3.:

TA computes Q = h(h (NID _C ∥ PW _C ) ∥ ID _V ) and sends Q and NID _C to the vender service server

The steps of the registration phase are illustrated in Fig. 3.

Fig. 3

Registration phase of the proposed mechanism

Withdrawing phase

Step 1.:

The personal cloud chooses a random number y to compute D = h(P ∥ TS _C )⊕y and G = h(y⊕TS _C ) and sends {NID _C , D, G, TS _C } to the bank service server

Step 2.:

The bank service server checks the validity of the timestamp TS _C . If TS _C is valid, then the server computes y′ = h(P ∥ TS _C )⊕D and G′ = h(y′⊕TS _C ). The bank server also checks if G = G′ for the authentication. If the equation holds, then the bank server ensures the personal cloud is valid. Thus, the bank server computes CB = h(y′ ∥ G′ ∥ TS _B ∥ TS _C ) and BC = h(CB ∥ TS _B ) and sends (BC, TS _B ) to the personal cloud

Step 3.:

The personal cloud checks the validity of the timestamp TS _B . If it is valid, the personal cloud computes CB′ = h(y ∥ G ∥ TS _B ∥ TS _C ) and BC′ = h(CB′ ∥ TS _B) . The personal cloud also checks if BC′ = BC for the authentication. If the equation holds, then the personal cloud ensures the bank is valid. Then, the personal cloud performs any elliptic curve blind signature scheme (such as [11]) to create a blind message M for the e-cash information m. Finally, the personal cloud sends M to the bank

Step 4.:

The bank service server generates the blind signature S for M and sends S to the personal cloud

Step 5.:

The personal cloud computes the signature s from the blind signature S to get the signed e-cash

Payment phase

Step 1.:

The personal cloud computes H = h(Q ∥ TS _C ∥ a)⊕goods and F = h(goods⊕TS _C ) and sends {NID _C , H, F, a, TS _C } to the vender service server

Step 2.:

The vender service server checks the timestamp TS _C . If it is valid, then the vender server computes goods′ = h(Q ∥ TS _C ∥ a)⊕H and F′ = h(goods′⊕TS _C ) and checks if F = F′. If the equation holds, then the vender server computes CV = h(goods′ ∥ F′ ∥ TS _V ∥ TS _C ) and VC = h(CV ∥ TS _V ) and sends (VC, TS _V ) to the personal cloud

Step 3.:

The personal cloud checks TS _V . If it is valid, then the personal cloud computes CV′ = h(goods ∥ F ∥ TS _V ∥TS _C ) and VC′ = h(CV′∥ TS _V ). Besides, the personal cloud checks if VC′ = VC. If the equation holds, then the personal cloud ensures the vender is valid and sends (m, s) to the vender service server

Step 4.:

Finally, the vender service server verifies (m, s) using the bank’s public key. In addition, the vender server sends (m, s) to the bank service server for checking the amount of the payment and the double spending. If the bank server responds a legal payment message to the vender server, then the vender sends the goods to the client

Unlike Yang et al.’s scheme [9], the proposed mechanism does not need the certificate for each participant’s authentication. Thus, the computation cost can be reduced. In addition, each participant does not share the symmetric keys with other participant so the key management problem can be solved. Besides, the proposed mechanism uses the one-way hash functions and XOR operations so the computation cost is very low. On the other hand, any digital signature scheme can be easily applied to the proposed mechanism. This increases the flexibility of the proposed mechanism to implement the e-transaction in cloud computing environments. According to the above reasons, the proposed mechanism is efficient and flexible for the e-transaction using mobile devices in cloud computing (Figs. 4, 5).

Fig. 4

Withdrawing phase of the proposed mechanism

Fig. 5

Payment phase of the proposed mechanism

4 Discussion

In this section, we present the security and performance analyses to show that the proposed mechanism is secure and efficient. The analyses are shown as follows.

4.1 Security Analyses

We utilize some typical attacks on the proposed mechanism to analyze its security and show that the proposed mechanism is secure as follows.

4.1.1 Impersonating Attack

Assume that an attacker impersonates the personal cloud to withdraw the e-cash from the bank service server. Then, the attacker randomly generate A″ and y″ to compute P″ = h(A″ ∥ ID _B ), D″ = h(P″ ∥ TS _C )⊕y″ and G″ = h(y″⊕TS _C ), and he sends {NID _C , D″, G″, TS _C } to the bank service server. However, the attacker cannot be authenticated by the bank server because of the following reason: After receiving the messages from the attacker, the bank server computes y′ = h(P ∥ TS _C )⊕D″ and G′ = h(y′⊕TS _C ) and checks if G′ is equal to G″. Nevertheless, G′ is not equal to G″ because of P″ ≠ P and y″ ≠ y′. Thus, we have G″ = h(y″⊕TS _C ) ≠ G′ = h(y′⊕TS _C ). According to the above analysis, the proposed mechanism can prevent the impersonating attack since the attacker does not know the authentication information A = h(NID _C ∥ PW _C ).

4.1.2 Server Spoofing Attack

Assume that an attacker wants to pretend that he is a bank server, and then he generates the forged messages: CB″ = h(y″ ∥ G″ ∥ TS _B ∥ TS _C ) and BC″ = h(CB″ ∥ TS _B ) and sends (BC″, TS _B ) to the personal cloud. However, this attack cannot succeed because of the following reason: After receiving (BC″, TS _B ), the personal cloud computes CB′ = h(y ∥ G ∥ TS _B ∥ TS _C ) and BC′ = h(CB′ ∥ TS _B) and checks if BC′ = BC″ for the authentication. Nevertheless, the personal cloud will find that BC′ ≠ BC″ because BC′ = h(CB′ ∥ TS _B)  ≠ BC″ = h(CB″ ∥ TS _B ). Therefore, the person cloud will know these messages are sent by the attacker. That is, the server spoofing attack is infeasible for the proposed mechanism.

4.1.3 Insider Attack

Assume that a malicious client tries to obtain TA’s secret key x, then he may computes x from his NID _C  = h(ID _C ⊕x). However, computing x from NID _C  = h(ID _C ⊕x) is impossible because x is protected by a one-way hash function. Similarly, the bank server cannot obtain the user authentication information A = h(NID _C ∥ PW _C ) from P = h(h (NID _C ∥ PW _C ) ∥ ID _B ). This is because that A is also protected by the one-way hash function. Therefore, the insider attack is impossible for the proposed mechanism.

4.1.4 Outsider Attack

Assume that an attacker wants to obtain the secret value P, then he intercepts D = h(P ∥ TS _C ) from the communications between the personal cloud and the vender service server in the withdrawing phase. Then, the attacker tries to obtain P from D = h(P ∥ TS _C )⊕y. However, it is impossible because the attacker does not know the random number y. In addition, P is also protected by the one-way hash function. According to the above reason, the outsider attack is infeasible for the proposed mechanism.

4.1.5 Replay Attack

Assume that an attacker wants to impersonate a client, then he intercepts {NID _C , H, F, a, TS _C } from the communications between the personal cloud and the vender service server. Thus, the attacker generates a fake timestamp TS _C ′ and re-sends {NID _C , H, F, a, TS _C ′} to the vender to impersonate a legal client. However, this attack is impossible because F = h(goods⊕TS _C ) contains the real timestamp TS _C . The vender server will find that TS _C ′ is not the same with TS _C . That is, the proposed mechanism can prevent from the replay attack.

4.1.6 Anonymity

The client uses an anonymous identity NID _C to perform the transaction with the vender in the proposed mechanism. Thus, the vender does not know who the client is. That is, the client’s privacy can be protected. If the disputation occurs, then the vender can send NID _C to TA for the judgment. TA can trace the real identity of the malicious client in its database. Therefore, the proposed mechanism can provide the anonymity for the user to protect the buying privacy in the e-transaction.

4.2 Performance Analyses

In the subsection, we present the performance analyses of the proposed mechanism and the related works [9, 12]. Table 3 illustrates the computation costs of the proposed mechanism and the related works as follows.

Table 3 The computation costs of the related works

In Table 3, BP, PM, SY, HA, and XR are bilinear pairing of ECC, point multiplication of ECC, symmetric en/decryption, one-way hash function, and exclusive or computations, respectively. According to [10], the magnitude comparison of the above computation costs can be denoted as BP > PM > SY > HA > XR in practice. Table 3 shows that the computation cost of the proposed scheme is much less than those of the related works [9, 12]. Therefore, the proposed mechanism is more efficient than the related works.

5 Conclusions

In this paper, we propose an e-transaction mechanism using mobile devices for cloud computing. The proposed mechanism has low computation and communication costs because it uses lightweight operations and less pre-shared keys to design. In addition, the client only needs to keep one secret value to transact with different venders so the key management problem can be solved. Moreover, the proposed mechanism provides the anonymity for clients to protect their buying privacy. According to the above reasons, the proposed mechanism is more efficient and suitable for the e-transactions using mobile devices in cloud computing.