|
An Investigative Report On Encryption Based Security Mechanisms For E-Wallets
[Full Text]
AUTHOR(S)
Shibin David, Jaspher W kathrine
KEYWORDS
mobile cloud computing, data offloading, data outsourcing, data security, privacy, cloud storage, encryption schemes.
ABSTRACT
The inception of mobile wallets or e-wallets has laid recess on the retail outlets to embrace e-wallet payment system. In contrast to e-banking, e-wallets have made allowance for the customers to pay cash directly through their mobile device which can be spent online and in-store as well. The application of the unified theory of acceptance and use of technology (UTAUT) represents features such as usefulness and easy access which attracts the users in terms of security and trust. Despite the leads that e-wallet possesses over the banking applications, there prevails certain shortcomings in terms of security such as fragile encryption mechanism, poor session maintenance, threats over offloading, tampering the proof of the receipt over a transaction, personification of the original identity, etc. Majority of the ongoing researches elevates the security of the e-wallet channel by including location-based security, strengthening the app security, appending block chain technology and more. However, a concrete novel secure mobile wallet framework lags the mandate to overcome all the aforementioned threats. In this paper, a systematic survey that covers the security and privacy aspects of e-wallet is studied. Also, an in-depth review of various encryption schemes and its outcomes, various offloading mechanisms, threats over e-wallet applications and its remedial measures are discussed in an aspiration to reach the expected solution.
REFERENCES
[1] Z. Qin, J. Sun, A. Wahaballa, W. Zheng, H. Xiong, and Z. Qin, “A secure and privacy-preserving mobile wallet with outsourced verification in cloud computing,” Comput. Stand. Interfaces, vol. 54, no. P1, pp. 55–60, Nov. 2017.
[2] M. Olsen, J. Hedman, and R. Vatrapu, “E-wallet Properties,” in Proceedings of the 2011 10th International Conference on Mobile Business: ICMB 2011, 2011, pp. 158–165.
[3] R. Batra and N. Kalra, “ARE DIGITAL WALLETS THE NEW CURRENCY?,” 2016.
[4] D. Shibin and G. J. W. Kathrine, “A comprehensive overview on secure offloading in mobile cloud computing,” in 2017 4th International Conference on Electronics and Communication Systems (ICECS), 2017, pp. 121–124.
[5] Y. Liao, Y. He, F. Li, and S. Zhou, “Analysis of a mobile payment protocol with outsourced verification in cloud server and the improvement,” Comput. Stand. Interfaces, vol. 56, pp. 101–106, Feb. 2018.
[6] D. Shibin and J. W. Kathrine, “A Secure and Hybrid Approach for Key Escrow Problem and to Enhance Authentic Mobile Wallets,” Springer, Singapore, 2019, pp. 81–89.
[7] M. S. Ackerman and D. T. Davis, “Privacy and Security Issues in E-Commerce.”
[8] X. Dai and J. Grundy, “Three Kinds of E-wallets for a NetPay Micro-Payment System,” Springer, Berlin, Heidelberg, 2004, pp. 66–77.
[9] E. Barker, M. Smid, D. Branstad, and S. Chokhani, “NIST Special Publication 800-130 A Framework for Designing Cryptographic Key Management Systems.”
[10] R. Upadhyaya and A. Jain, “Cyber ethics and cyber crime: A deep dwelved study into legality, ransomware, underground web and bitcoin wallet,” in 2016 International Conference on Computing, Communication and Automation (ICCCA), 2016, pp. 143–148.
[11] T. Caldwell, “Locking down the e-wallet,” Comput. Fraud Secur., vol. 2012, no. 4, pp. 5–8, Apr. 2012.
[12] M. Olsen, J. Hedman, and R. Vatrapu, “e-wallet Prototypes,” Springer, Berlin, Heidelberg, 2011, pp. 223–236.
[13] M. Olsen, J. Hedman, and R. Vatrapu, “Designing digital payment artifacts,” in Proceedings of the 14th Annual International Conference on Electronic Commerce - ICEC ’12, 2012, pp. 161–168.
[14] K. Marinova, “MOBILE WALLET-FUNCTIONS, COMPONENTS AND ARCHITECTURE,” 2017.
[15] M. Wu, M. Wu, R. C. Miller, and G. Little, “Web wallet: Preventing phishing attacks by revealing user intentions,” Proc. Symp. USABLE Priv. Secur. (SOUPS, vol. 149, pp. 102--113, 2006.
[16] M. Roland, J. Langer, and J. Scharinger, “Applying relay attacks to Google Wallet,” in 2013 5th International Workshop on Near Field Communication (NFC), 2013, pp. 1–6.
[17] L. Francis, G. Hancke, K. Mayes, and K. Markantonakis, “Practical NFC Peer-to-Peer Relay Attack Using Mobile Phones,” Springer, Berlin, Heidelberg, 2010, pp. 35–49.
[18] A. Sahai and B. Waters, “Fuzzy Identity-Based Encryption,” Springer, Berlin, Heidelberg, 2005, pp. 457–473.
[19] H. Cheng, C. Rong, Z.-H. Tan, and Q. Zeng, Identity based Encryption and Biometric Authentication Scheme for Secure Data Access in Cloud Computing, vol. 21, no. 2. Technology Exchange, 1991.
[20] J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-Policy Attribute-Based Encryption,” in 2007 IEEE Symposium on Security and Privacy (SP ’07), 2007, pp. 321–334.
[21] K. Fan, H. Xu, L. Gao, H. Li, and Y. Yang, “Efficient and privacy preserving access control scheme for fog-enabled IoT,” Futur. Gener. Comput. Syst., vol. 99, pp. 134–142, Oct. 2019.
[22] A. Lewko and B. Waters, “Decentralizing Attribute-Based Encryption,” Springer, Berlin, Heidelberg, 2011, pp. 568–588.
[23] J. Li, X. Huang, J. Li, X. Chen, and Y. Xiang, “Securely Outsourcing Attribute-Based Encryption with Checkability,” IEEE Trans. Parallel Distrib. Syst., vol. 25, no. 8, pp. 2201–2210, Aug. 2014.
[24] F. Xhafa, J. Feng, Y. Zhang, X. Chen, and J. Li, “Privacy-aware attribute-based PHR sharing with user accountability in cloud computing,” J. Supercomput., vol. 71, no. 5, pp. 1607–1619, May 2015.
[25] P. K. Tysowski and M. A. Hasan, “Hybrid Attribute- and Re-Encryption-Based Key Management for Secure and Scalable Mobile Applications in Clouds,” IEEE Trans. Cloud Comput., vol. 1, no. 2, pp. 172–186, 2013.
[26] L. Zhou, V. Varadharajan, and M. Hitchens, “Achieving Secure Role-Based Access Control on Encrypted Data in Cloud Storage,” IEEE Trans. Inf. Forensics Secur., vol. 8, no. 12, pp. 1947–1960, Dec. 2013.
[27] L. Sun, H. Wang, and E. Bertino, “Role-based access control to outsourced data in cloud computing,” Proc. Twenty-Fourth Australas. Database Conf. - Vol. 137, pp. 119–128, 2013.
[28] D. Kotz, R. Gray, S. Nog, D. Rus, S. Chawla, and G. Cybenko, “AGENT TCL: targeting the needs of mobile computers,” IEEE Internet Comput., vol. 1, no. 4, pp. 58–67, 1997.
[29] R. P. Goldberg, “Survey of virtual machine research,” Computer (Long. Beach. Calif)., vol. 7, no. 6, pp. 34–45, Jun. 1974.
[30] Girish and Phaneendra HD, “Identity-Based Cryptography and Comparison with traditional Public key Encryption: A Survey.”
[31] M. Chase, “Multi-authority Attribute Based Encryption,” in Theory of Cryptography, Berlin, Heidelberg: Springer Berlin Heidelberg, 2007, pp. 515–534.
[32] C.-J. Wang and J.-F. Luo, “A Key-policy Attribute-based Encryption Scheme with Constant Size Ciphertext,” in 2012 Eighth International Conference on Computational Intelligence and Security, 2012, pp. 447–451.
[33] G. Wang, Q. Liu, J. Wu, and M. Guo, “Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers,” Comput. Secur., vol. 30, no. 5, pp. 320–331, Jul. 2011.
[34] B. Waters, “Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization,” Springer, Berlin, Heidelberg, 2011, pp. 53–70.
[35] H. Deng et al., “Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts,” Inf. Sci. (Ny)., vol. 275, pp. 370–384, Aug. 2014.
[36] E. Novak, “Security and Privacy for Ubiquitous Mobile Devices,” Diss. Theses, Masters Proj., Oct. 2016.
[37] N. Attrapadung and B. Libert, “Functional Encryption for Inner Product: Achieving Constant-Size Ciphertexts with Adaptive Security or Support for Negation,” Springer, Berlin, Heidelberg, 2010, pp. 384–402.
[38] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for fine-grained access control of encrypted data,” in Proceedings of the 13th ACM conference on Computer and communications security - CCS ’06, 2006, p. 89.
[39] L. Cheung and C. Newport, “Provably secure ciphertext policy ABE,” in Proceedings of the 14th ACM conference on Computer and communications security - CCS ’07, 2007, p. 456.
[40] A. Bastia, M. Parhi, B. K. Pattanayak, and M. R. Patra, “Service Composition Using Efficient Multi-agents in Cloud Computing Environment,” Springer, New Delhi, 2015, pp. 357–370.
[41] J. H. Llego, D. H. P. Singh, E. N. P. Singh, and E. Mamta, Multivariate Authentication and Encryption Scheme for Data Privacy in IoT Healthcare Monitoring, vol. 2, no. 8. 2016.
[42] K. Zhao, H. Jin, D. Zou, G. Chen, and W. Dai, “Feasibility of Deploying Biometric Encryption in Mobile Cloud Computing,” in 2013 8th ChinaGrid Annual Conference, 2013, pp. 28–33.
[43] H. A. Dinesha and V. K. Agrawal, “Multi-level authentication technique for accessing cloud services,” in 2012 International Conference on Computing, Communication and Applications, 2012, pp. 1–4.
[44] S. El-Etriby, E. Meslhy, H. A. Abd, E. M. Mohamed, and H. S. Abdul-Kader, “Modern Encryption Techniques for Cloud Computing Randomness and Performance Testing,” Int. Conf. Commun. Inf. Technol. , pp. 800–805, 2014.
[45] Y. Zhang, X. Chen, J. Li, D. S. Wong, H. Li, and I. You, “Ensuring attribute privacy protection and fast decryption for outsourced data security in mobile cloud computing,” Inf. Sci. (Ny)., vol. 379, pp. 42–61, Feb. 2017.
[46] S. K. Pasupuleti, S. Ramalingam, and R. Buyya, “An efficient and secure privacy-preserving approach for outsourced data of resource constrained mobile devices in cloud computing,” J. Netw. Comput. Appl., vol. 64, pp. 12–22, Apr. 2016.
[47] K. Kumar, J. Liu, Y.-H. Lu, and B. Bhargava, “A Survey of Computation Offloading for Mobile Systems,” Mob. Networks Appl., vol. 18, no. 1, pp. 129–140, Feb. 2013.
[48] P. Mach and Z. Becvar, “Mobile Edge Computing: A Survey on Architecture and Computation Offloading,” IEEE Commun. Surv. Tutorials, vol. 19, no. 3, pp. 1628–1656, 2017.
[49] M. Bosamia, “Mobile Wallet Payments Recent Potential Threats and Vulnerabilities with its possible security Measures,” 2017.
[50] L. Yang, T. Wei, F. Zhang, and J. Ma, “SADUS: Secure data deletion in user space for mobile devices,” Comput. Secur., vol. 77, pp. 612–626, Aug. 2018.
[51] S. Wessel, M. Huber, F. Stumpf, and C. Eckert, “Improving mobile device security with operating system-level virtualization,” Comput. Secur., vol. 52, pp. 207–220, Jul. 2015.
[52] P. G. Schierz, O. Schilke, and B. W. Wirtz, “Understanding consumer acceptance of mobile payment services: An empirical analysis,” Electron. Commer. Res. Appl., vol. 9, no. 3, pp. 209–216, May 2010.
[53] J. L. Hernandez-Ardieta, A. I. Gonzalez-Tablas, J. M. de Fuentes, and B. Ramos, “A taxonomy and survey of attacks on digital signatures,” Comput. Secur., vol. 34, pp. 67–112, May 2013.
[54] C. Cinar, M. Alkan, M. Dorterler, and I. Alper Dogru, “A Study on Advanced Persistent Threat,” in 2018 3rd International Conference on Computer Science and Engineering (UBMK), 2018, pp. 116–121.
[55] Feng, Wei, and Zheng Yan. “MCS-Chain: Decentralized and Trustworthy Mobile Crowdsourcing Based on Blockchain.” Future Generation Computer Systems 95 (2019): 649-666.
[56] Lau, L. “Mobile Security: End Users Are the Weakest Link in the System.” Mobile Security and Privacy: Advances, Challenges and Future Research Directions. Elsevier Inc., 2016. 57-66.
[57] Roman, Rodrigo, Javier Lopez, and Masahiro Mambo. “Mobile Edge Computing, Fog et Al.: A Survey and Analysis of Security Threats and Challenges.” Future Generation Computer Systems 78 (2018): 680-698.
[58] Huang, Binbin et al. “Security Modeling and Efficient Computation Offloading for Service Workflow in Mobile Edge Computing.” Future Generation Computer Systems 97 (2019): 755-774.
[59] Xiong, Zehui et al. “When Mobile Blockchain Meets Edge Computing.” IEEE Communications Magazine 56.8 (2018): 33–39.
[60] Ahram, Tareq et al. “Blockchain Technology Innovations.” 2017 IEEE Technology and Engineering Management Society Conference, TEMSCON 2017. Institute of Electrical and Electronics Engineers Inc., 2017. 137-141.
[61] Ichikawa, Daisuke, Makiko Kashiyama, and Taro Ueno. “Tamper-Resistant Mobile Health Using Blockchain Technology.” JMIR mHealth and uHealth 5.7 (2017): e111.
[62] Kosba, Ahmed et al. “Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts.” Proceedings - 2016 IEEE Symposium on Security and Privacy, SP 2016. Institute of Electrical and Electronics Engineers Inc., 2016. 839–858.
[63] Zyskind, Guy, Oz Nathan, and Alex Sandy Pentland. “Decentralizing Privacy: Using Blockchain to Protect Personal Data.” Proceedings - 2015 IEEE Security and Privacy Workshops, SPW 2015. Institute of Electrical and Electronics Engineers Inc., 2015. 180-184.
[64] Xu, Xiwei et al. “The Blockchain as a Software Connector.” Proceedings - 2016 13th Working IEEE/IFIP Conference on Software Architecture, WICSA 2016. Institute of Electrical and Electronics Engineers Inc., 2016. 182-191.
[65] Kravitz, David W., and Jason Cooper. “Securing User Identity and Transactions Symbiotically: IoT Meets Blockchain.” GIoTS 2017 - Global Internet of Things Summit, Proceedings. Institute of Electrical and Electronics Engineers Inc., 2017.
[66] Jacob, Nigel, and Carla Brodley. “Offloading IDS Computation to the GPU.” Proceedings - Annual Computer Security Applications Conference, ACSAC. N.p., 2006. 371–380.
[67] Saab, Salwa Adriana et al. “Partial Mobile Application Offloading to the Cloud for Energy-Efficiency with Security Measures.” Sustainable Computing: Informatics and Systems 8 (2015): 38–46.
[68] Xiao, Liang et al. “Mobile Offloading Game against Smart Attacks.” Proceedings - IEEE INFOCOM. Vol. 2016-September. Institute of Electrical and Electronics Engineers Inc., 2016. 403–408.
[69] Gember, Aaron, Christopher Dragga, and Aditya Akella. “ECOS: Leveraging Software-Defined Networks to Support Mobile Application Offloading.” Proceedings of the eighth ACM/IEEE…i(2012): 199–210.
[70] Wan, Xiaoyue et al. “Reinforcement Learning Based Mobile Offloading for Cloud-Based Malware Detection.” 2017 IEEE Global Communications Conference, GLOBECOM 2017 - Proceedings. Vol. 2018-January. Institute of Electrical and Electronics Engineers Inc., 2018. 1–6.
[71] Li, Yanda et al. “Mobile Cloud Offloading for Malware Detections with Learning.” Proceedings - IEEE INFOCOM. Vol. 2015-August. Institute of Electrical and Electronics Engineers Inc., 2015. 197–201.
[72] Shin, Dong Hee. “Towards an Understanding of the Consumer Acceptance of Mobile Wallet.” Computers in Human Behavior 25.6 (2009): 1343–1354.
[73] Zhao, H, and S Muftic. “The Concept of Secure Mobile Wallet.” World Congress on Internet Security, WorldCIS-2011 (2011): 54–58.
[74] Caldwell, Tracey. “Locking down the E-Wallet.” Computer Fraud and Security 2012.4 (2012): 5–8.
[75] Roland, Michael, Josef Langer, and Josef Scharinger. “Practical Attack Scenarios on Secure Element-Enabled Mobile Devices.” Proceedings - 4th International Workshop on Near Field Communication, NFC 2012. N.p., 2012. 19–24.
[76] Upadhayaya, Abhay. “Electronic Commerce and E-Wallet.” International Journal of Recent Research and Review 1 (2012): 37–41.
[77] Seetharaman, A et al. “Factors Influencing Behavioural Intention to Use the Mobile Wallet in Singapore.” Applied Economics and Business Research 7.2 (2017): 116–136.
[78] Aydin, Gokhan. “Adoption of Mobile Payment Systems: A Study on Mobile Wallets.” Pressacademia 5.1 (2016): 73–73.
[79] Kumar, Anup, Amit Adlakaha, and Kampan Mukherjee. “The Effect of Perceived Security and Grievance Redressal on Continuance Intention to Use M-Wallets in a Developing Country.” International Journal of Bank Marketing 36.7 (2018): 1170–1189.
|
