Abstract
This paper presents an improved security scheme using a hybrid of elliptic curve integrated encryption and provably secure elliptic curve with cyclotomic points. The proposed scheme uses Weierstrass form of an elliptic curve and cyclotomic polynomial, by creating a relationship to uniquely generate a hash function to form a structure from a coordinate in the curve and variable in the polynomial. The scheme was tested using e-payment information for mutual agreement and transaction authentication. The scheme is secured for encryption of information with low computational time and useful to fight against small subgroup, chosen ciphertext attacks and ensures data confidentiality and integrity.
Similar content being viewed by others
References
Abdalla M, Benhamouda F, Pointcheval D (2016) Public-key encryption indistinguishable under plaintext-checkable attacks. IET Inf Secur 10(6):288–303. https://doi.org/10.1016/j.ins.2015.02.010
Adrian D, Bhargavan K, Durumeric Z, Gaudry P, Green M, Halderman JA, Heninger N, Springall D, Thomé E, Valenta L et al (2015) Imperfect forward secrecy: how Diffie–Hellman fails in practice. In: Proceedings of the 22nd ACM SIGSAC conference on computer and communications security. Denver Colorado, USA pp 5–17. https://doi.org/10.1145/2810103.2813707
Ansah R, Boadi R, Obeng-Denteh W, Omari-Sasu A (2016) Review of the birch and swinnerton-dyer conjecture. Am J Math Stat 6(4):182–189. https://doi.org/10.5923/j.ajms.20160604.07
Antipa A, Brown D, Menezes A, Struik R, Vanstone S (2003) Validation of elliptic curve public keys. In: International workshop on public key cryptography. Springer, Berlin, Heidelberg pp 211–223. https://doi.org/10.1007/3-540-36288-616
Arbit A, Livne Y, Oren Y, Wool A (2015) Implementing public-key cryptography on passive rfid tags is practical. Int J Inf Secur 14(1):85–99. https://doi.org/10.1007/s10207-014-0236-y
Baker A (2013) An introduction to galois theory. School of Mathematics & Statistics, University of Glasgow
Bakhtiari S, Baraani A, Khayyambashi MR (2009) Mobicash: a new anonymous mobile payment system implemented by elliptic curve cryptography. In: 2009 WRI world congress on computer science and information engineering, vol 3. IEEE, Los Angeles, California pp 286–290. https://doi.org/10.1109/CSIE.2009.939
Buchanan B (2016) Cryptography and sovereignty. Survival 58(5):95–122. https://doi.org/10.1080/00396338.2016.1231534
Ch SA, Sher M, Ghani A, Naqvi H, Irshad A et al (2015) An efficient signcryption scheme with forward secrecy and public verifiability based on hyper elliptic curve cryptography. Multimed Tools Appl 74(5):1711–1723. https://doi.org/10.1007/s11042-014-2283-9
Chaudhry SA, Farash MS, Naqvi H, Kumari S, Khan MK (2015) An enhanced privacy preserving remote user authentication scheme with provable security. Secur Commun Netw 8(18):3782–3795. https://doi.org/10.1002/sec.1299
Chaudhry SA, Farash MS, Naqvi H, Sher M (2016) A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography. Electron Commer Res 16(1):113–139. https://doi.org/10.1007/s10660-015-9192-5
Chen J, He K, Yuan Q, Xue G, Du R, Wang L (2017) Batch identification game model for invalid signatures in wireless mobile networks. IEEE Trans Mob Comput 16(6):1530–1543. https://doi.org/10.1109/TMC.2016.2604820
Chen J, Lim HW, Ling S, Wang H, Wee H (2014) Shorter identity-based encryption via asymmetric pairings. Des Codes Cryptogr 73(3):911–947. https://doi.org/10.1007/s10623-013-9834-3
Choi SG, Dachman-Soled D, Malkin T, Wee H (2017) Improved, black-box, non-malleable encryption from semantic security. Des Codes Cryptogr. https://doi.org/10.1007/s10623-017-0348-2
Cormen TH (2009) Introduction to algorithms. MIT Press, Cambridge
Crandall R, Pomerance C (2006) Prime numbers: a computational perspective, vol 182. Springer Science & Business Media, Berlin
Das AK (2012) A random key establishment scheme for multi-phase deployment in large-scale distributed sensor networks. Int J Inf Secur. https://doi.org/10.1007/s10207-012-0162-9
Dent AW (2010) Choosing key sizes for cryptography. Inf Secur Tech Rep 15(1):21–27. https://doi.org/10.1016/j.istr.2010.10.006
Emura K, Kanaoka A, Ohta S, Takahashi T (2017) Establishing secure and anonymous communication channel: Kem/dem-based construction and its implementation. J Inf Secur Appl. https://doi.org/10.1016/j.jisa.2016.12.001
Farash MS (2016) Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer Peer Netw Appl 9(1):82–91. https://doi.org/10.1007/s12083-014-0315-x
Farash MS, Attari MA (2014) A secure and efficient identity-based authenticated key exchange protocol for mobile client-server networks. J Supercomput 69(1):395–411. https://doi.org/10.1007/s11227-014-1170-5
Farash MS, Chaudhry SA, Heydari M, Sadough S, Mohammad S, Kumari S, Khan MK (2015) A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security. Int J Commun Syst. https://doi.org/10.1002/dac.3019
Galindo D, Martín S, Morillo P, Villar JL (2005) Fujisaki-okamoto hybrid encryption revisited. Int J Inf Secur 4(4):228–241. https://doi.org/10.1007/s10207-004-0042-z
Gayoso Martínez V, Hernández Álvarez F, Hernández Encinas L, Sánchez Ávila C (2011) Analysis of ecies and other cryptosystems based on elliptic curves. J Inf Assur Secur 6(4):285–293
Gayoso Martínez V, Hernández Encinas L, Queiruga DA (2015) Security and practical considerations when implementing the elliptic curve integrated encryption scheme. Cryptologia 39(3):244–269. https://doi.org/10.1080/01611194.2014.988363
Goo EH, Lee SD (2015) Reconfigurable real number field elliptic curve cryptography to improve the security. J Comput Virol Hack Tech 11(3):123–128. https://doi.org/10.1007/s11416-014-0233-8
Hall J, Kilbank S, Barbeau M, Kranakis E (2001) Wpp: a secure payment protocol for supporting credit-and debit-card transactions over wireless networks. In: IEEE International conference on telecommunications (ICT). Citeseer, Bucharest, Romania
Hankerson D, Menezes AJ, Vanstone S (2006) Guide to elliptic curve cryptography. Springer Science & Business Media, Berlin. https://doi.org/10.1007/b97644
He D, Zhang Y, Chen J (2014) Cryptanalysis and improvement of an anonymous authentication protocol for wireless access networks. Wirel Pers Commun 74(2):229–243. https://doi.org/10.1007/s11277-013-1282-x
Huang CT, Zhang YH, Lin LC, Wang WJ, Wang SJ (2016) Mutual authentications to parties with qr-code applications in mobile systems. Int J Inf Secur. https://doi.org/10.1007/s10207-016-0349-6
Islam SH, Biswas G (2011) A more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J Syst Softw 84(11):1892–1898. https://doi.org/10.1016/j.jss.2011.06.061
Kim M, Jung Y, Song J (2017) A modified exhaustive search on a password system using sha-1. Int J Inf Secur 16(3):263–269. https://doi.org/10.1007/s10207-016-0332-2
Kumari S, Karuppiah M, Das AK, Li X, Wu F, Kumar N (2017) A secure authentication scheme based on elliptic curve cryptography for Iot and cloud servers. J Supercomput. https://doi.org/10.1007/s11227-017-2048-0
Le XH, Khalid M, Sankar R, Lee S (2011) An efficient mutual authentication and access control scheme for wireless sensor networks in healthcare. J Netw 6(3):355. https://doi.org/10.4304/jnw.6.3.355-364
Lin P, Chen HY, Fang Y, Jeng JY, Lu FS (2008) A secure mobile electronic payment architecture platform for wireless mobile networks. IEEE Trans Wirel Commun 7(7):2705–2713. https://doi.org/10.1109/TWC.2008.070111
Mandal S, Mohanty S, Majhi B (2016) Design of electronic payment system based on authenticated key exchange. Electron Commer Res. https://doi.org/10.1007/s10660-016-9246-3
Martínez VG, Encinas LH (2013) Implementing the ecc brainpool curve generation procedure using open source software. In: Proceedings of the international conference on security and management (SAM). The Steering Committee of the world congress in computer science, computer engineering and applied computing (WorldComp), pp 1
Mir O, van der Weide T, Lee CC (2015) A secure user anonymity and authentication scheme using avispa for telecare medical information systems. J Med Syst 39(9):89. https://doi.org/10.1007/s10916-015-0265-8
Nateghizad M, Erkin Z, Lagendijk RL (2016) An efficient privacy-preserving comparison protocol in smart metering systems. EURASIP J Inf Secur 1:11. https://doi.org/10.1186/s13635-016-0033-4
Rivest RL, Shamir A, Adleman L (1978) A method for obtaining digital signatures and public-key cryptosystems. Commun ACM 21(2):120–126. https://doi.org/10.1145/359340.359342
Shen H, Kumar N, He D, Shen J, Chilamkurti N (2016) A security-enhanced authentication with key agreement scheme for wireless mobile communications using elliptic curve cryptosystem. J Supercomput 72(9):3588–3600. https://doi.org/10.1007/s11227-015-1614-6
Sowjanya K, Dasgupta M, Ray S (2019) An elliptic curve cryptography based enhanced anonymous authentication protocol for wearable health monitoring systems. Int J Inf Secur. https://doi.org/10.1007/s10207-019-00464-9
Stallings W, Tahiliani MP (2014) Cryptography and network security: principles and practice, vol 6. Pearson, London
Tian Y, Li Q, Hu J, Lin H (2020) Secure limitation analysis of public-key cryptography for smart card settings. World Wide Web 23(2):1423–1440. https://doi.org/10.1007/s11280-019-00715-8
Tu H, Kumar N, Chilamkurti N, Rho S (2015) An improved authentication protocol for session initiation protocol using smart card. Peer Peer Netw Appl 8(5):903–910. https://doi.org/10.1007/s12083-014-0248-4
Vincent OR, Folorunso O, Akinde A (2010) Improving e-payment security using elliptic curve cryptosystem. Electron Commer Res 10(1):27–41. https://doi.org/10.1007/s10660-010-9047-z
Vincent OR, Lawal OM (2018) A key agreement authentication protocol using an improved parallel pollard rho for electronic payment system. J Supercomput 74(5):1973–1993. https://doi.org/10.1007/s11227-017-2204-6
Vincent OR, Okediran TM, Abayomi-Alli AA, Adeniran OJ (2020) An identity-based elliptic curve cryptography for mobile payment security. J SN Comput Sci 1(112):1–12. https://doi.org/10.1007/s11227-017-2204-6
Xue K, Ma C, Hong P, Ding R (2013) A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks. J Netw Comput Appl 36(1):316–323. https://doi.org/10.1016/j.jnca.2012.05.010
Yang JH, Chang YF, Chen YH (2013) An efficient authenticated encryption scheme based on ECC and its application for electronic payment. Inf Technol Control 42(4):315–324. https://doi.org/10.5755/j01.itc.42.4.2150
Yang X, Ma W, Zhang C (2017) Efficient chosen ciphertext secure key encapsulation mechanism in standard model over ideal lattices. Int J Comput Math 94(5):866–883. https://doi.org/10.1080/00207160.2016.1149578
Zhang L, Tang S, Cai Z (2014) Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. Int J Commun Syst 27(11):2691–2702. https://doi.org/10.1002/dac.2499
Zhu BB, Yan J, Bao G, Yang M, Xu N et al (2014) Captcha as graphical passwords-a new security primitive based on hard AI problems. IEEE Trans Inf Forensics Secur 9(6):891–904. https://doi.org/10.1109/TIFS.2014.2312547
Acknowledgements
The authors acknowledge the Department of Mathematics of the Federal University of Agriculture Abeokuta for the contributions.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lawal, O.M., Vincent, O.R., Agboola, A.A.A. et al. An improved hybrid scheme for e-payment security using elliptic curve cryptography. Int. j. inf. tecnol. 13, 139–153 (2021). https://doi.org/10.1007/s41870-020-00517-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41870-020-00517-6