Enhanced authentication and key exchange for end to end security in mobile commerce using wireless public key infrastructure
| Pages | 14-22 |
| Published date | 20 September 2019 |
| DOI | https://doi.org/10.1108/IDD-02-2019-0012 |
| Date | 20 September 2019 |
| Author | Krishna Prakasha,Balachandra Muniyal,Vasundhara Acharya |
| Subject Matter | Library & information science,Library & information services,Lending,Document delivery,Collection building & management,Stock revision,Consortia |
Enhanced authentication and key exchange for
end to end security in mobile commerce
using wireless public key infrastructure
Krishna Prakasha and Balachandra Muniyal
Department of I&CT, Manipal Institute of Technology (MIT), Manipal Academy of Higher Education (MAHE), Manipal, India, and
Vasundhara Acharya
Department of CSE, Manipal Institute of Technology (MIT), Manipal Academy of Higher Education (MAHE), Manipal, India
Abstract
Purpose –The purpose of the study is to develop a secure, efficient, and enhanced user authentication mechanism to achieve reliable and
authenticated connection. In online transactions, users and resources are located at different places, and the sensitive information is to be protected
and transferred using the suitable, reliable mechanism.
Design/methodology/approach –One of the latest approach to handle the requirement is by a Public Key Infrastructure (PKI) or its vari ant
Wireless Public Key Infrastructure (WPKI). Fundamental management techniques are required to be very secure and vital since they are one of the
points of attack in public key cryptosystem. Entity authentication and key agreement (AKA) is a critical cryptographic problem in wireless
communication, where a mutual entity authentication plays a vital role in the establishment of the secure and authentic connecti on. This paper
proposes an efficient and enhanced AKA scheme (EAKA) with the end-to-end security and verifies the proposed system for protection using
automated validation of internet security protocols and applications. An efficient way for the implementation of an enhanced version of the protocol
is proposed using a lattice-based cryptographic algorithm.
Findings –The time consumed for the proposed research work shows that it is practical and acceptable.
Originality/value –The proposed research work is an efficient and enhanced user authentication mechanism.
Keywords AKA, AVISPA, End to end security, PKI, Wireless communication, WPKI
Paper type Research paper
1. Introduction
The sustained demand for mobile devices initiates the
telecommunications network to build the focus on its
performance.Authentication is one of the critical cryptographic
problems. It results in authorization to grant system resources
or leads to a secure key exchange. Authentication in wireless or
resource constrained networks is even morechallenging due to
various limitations on the resource and platform. For multiple
services, the mobile user must be authenticated whenever the
user visits theremote network. The 3rd Generation Partnership
Project (3GPP) recommended a protocol for authentication
and key agreement (AKA) and used foremost in a mutual
authentication process, where the mobile phone user and the
remote system needs to authenticate. The traditional AKA
protocol incorporates symmetric key encryption and a normal
Public Key Infrastructure(PKI) to verify the digital certificates.
A digital certificate bindsuser public key with the owner.
Entity AKA is a critical cryptographic problem in wireless
communication where a mutual entity authentication plays a
key role in the establishment of a secure and authentic
connection. The AKA setting requires three participants
Fouque et al. (2016). Before trusting and using the public key
of the user, the digital certificates issued by a trustedcertificate
authority (CA) is to be verified. The certificatebinds the public
key of the user to the subject. The time consumed for the
verification of a digital certificate directly influences the
performance of a system. The certificate verification in
resource-constrained devices introduces more complexity and
challenge to the developmentof cryptosystems.
PKI is the collection of software, hardware, procedures and
policies needed to manage digital certificate lifecycle based on
asymmetric cryptography (Stallings, 2013). The creation,
storage, renewal and revocation are some of the stages in
certificate lifecycle. In the PKI, if one of the end devices is
mobile, then it is called as Wireless Public Key Infrastructure
(WPKI). A WPKI consists of the following vital elements
Forouzan (2008):
CA, a root of trust to issue digital certificates;
A registration authority (RA), which is nominated by CA
to issue digital certificates and reduction of CA workload;
A database to maintain certificate and revoked certificates;
Thecurrentissueandfulltextarchiveofthisjournalisavailableon
Emerald Insight at: https://www.emerald.com/insight/2398-6247.htm
Information Discovery and Delivery
48/1 (2020) 14–22
© Emerald Publishing Limited [ISSN 2398-6247]
[DOI 10.1108/IDD-02-2019-0012]
Received 1 February 2019
Revised 18 April 2019
27 July 2019
Accepted 11 August 2019
14
Get this document and AI-powered insights with a free trial of vLex and Vincent AI
Get Started for FreeStart Your Free Trial of vLex and Vincent AI, Your Precision-Engineered Legal Assistant
-
Access comprehensive legal content with no limitations across vLex's unparalleled global legal database
-
Build stronger arguments with verified citations and CERT citator that tracks case history and precedential strength
-
Transform your legal research from hours to minutes with Vincent AI's intelligent search and analysis capabilities
-
Elevate your practice by focusing your expertise where it matters most while Vincent handles the heavy lifting
Start Your Free Trial of vLex and Vincent AI, Your Precision-Engineered Legal Assistant
-
Access comprehensive legal content with no limitations across vLex's unparalleled global legal database
-
Build stronger arguments with verified citations and CERT citator that tracks case history and precedential strength
-
Transform your legal research from hours to minutes with Vincent AI's intelligent search and analysis capabilities
-
Elevate your practice by focusing your expertise where it matters most while Vincent handles the heavy lifting
Start Your Free Trial of vLex and Vincent AI, Your Precision-Engineered Legal Assistant
-
Access comprehensive legal content with no limitations across vLex's unparalleled global legal database
-
Build stronger arguments with verified citations and CERT citator that tracks case history and precedential strength
-
Transform your legal research from hours to minutes with Vincent AI's intelligent search and analysis capabilities
-
Elevate your practice by focusing your expertise where it matters most while Vincent handles the heavy lifting
Start Your Free Trial of vLex and Vincent AI, Your Precision-Engineered Legal Assistant
-
Access comprehensive legal content with no limitations across vLex's unparalleled global legal database
-
Build stronger arguments with verified citations and CERT citator that tracks case history and precedential strength
-
Transform your legal research from hours to minutes with Vincent AI's intelligent search and analysis capabilities
-
Elevate your practice by focusing your expertise where it matters most while Vincent handles the heavy lifting
Start Your Free Trial of vLex and Vincent AI, Your Precision-Engineered Legal Assistant
-
Access comprehensive legal content with no limitations across vLex's unparalleled global legal database
-
Build stronger arguments with verified citations and CERT citator that tracks case history and precedential strength
-
Transform your legal research from hours to minutes with Vincent AI's intelligent search and analysis capabilities
-
Elevate your practice by focusing your expertise where it matters most while Vincent handles the heavy lifting