Lightweight Cryptography Scheme

SA2pMP employs a lightweight cryptography scheme. The symmetric-key cryptogra-phy algorithm (AES) contributes to the encryption, while the digital signature algorithm (ECDSA) is used to sign the digital signature for the transaction information. As illus-trated in Figure 4.2, the plaintext message is signed before being encrypted, which can be referred to as “Sign-and-Encrypt”. Signing and encryption are not independent of one another. When signing and encryption are combined, the signature layer should somehow depend on the encryption layer, so as to reveal any tampering with the encryption layer (Davis,2002).

Conceptually, the independent operation makes it easy for users and programmers to layer cryptography operations and to avoid constraining application designs of the devel-opers. However, such independent operations make it hard to fulfill the recipient’s secu-rity expectations. For a suitable combination, the signature layer and the encryption layer actually need to refer to each other. The recipient needs proof that the signer and the

en-Encryption Layer Signature Layer

msg msg

msg

msg

Communication Layer

msg

msg

Added Identifier

Added Identifier

prime

Figure 4.2: The lightweight cryptography scheme for SA2pMP.

crypter were the same sender (Davis, 2002). In SA2pMP the digital signature layer and the encryption layer are not independent, as these two layers are connected to each other by employing an added identifier. The other reason to cross between the signature layer and the encryption layer is to ensure the message is sent from the appointed client to the appointed server.

As illustrated in Figure4.2, the communication layer refers to an open, public wireless network environment over which data are transferred. The public wireless network envi-ronment is a network envienvi-ronment which is not secure enough for payment transactions.

During a transaction, the transaction message is transferred in this unsecured network. The public key employed in digital signature does not need to be encrypted; the public key can be transferred over an open wireless network. The transaction information, denoted as msg, needs to be kept away from third party eavesdropping, so both the signature layer and the encryption layer are employed to process msg. For these reasons, SIM, PHID, and ACCID are combined as the added identifier, which is then signed along with the message.

After the signing process, the message is encrypted by the encryption secret key KE. The process is described by Equation4.1.

ClientDevice : Encrypt(DSign(msg, ID_C), K_E) (4.1) In Figure4.2, the added identifier is represented by ID_C. SIM ensures that the holder of the mobile device possesses the right to access wireless network resources; SIM, together with PHID, assures that the sender of the message is the appointed ClientDevice. ACCID identifies the unique character of the client for the bank and each client has a bank account.

Meanwhile, ACCID is employed to identify the banking server, as banks have the informa-tion included in their account numbers. Equainforma-tion4.2describes IDC. It should be noted that the + operator in Equation4.2denotes simple concatenation of the strings.

IDC= (SIM + PHID + ACCID) (4.2)

Digital Signature Layer

SA2pMP employs a digital signature to protect authentication, integrity, and non-repudiation for a mobile banking system. A digital signature is a public-key cryptography algorithm, which makes use of a private key to encrypt messages and a public key to decrypt them.

Normally an encryption process is referred to as a signing process for the digital signature algorithm, while a decryption process is referred to as a verification process. (Refer to2.7.3 for background knowledge of digital signature.)

Compared to desktop computers, mobile devices are viewed as resource-limited in com-puting capability, CPU processor speed, memory and battery life. Factors such as the cryp-tography’s key size and the computing efficiency need to be considered when choosing a proper digital signature algorithm to implement in the proposed architecture. The advan-tages of ECDSA in short key size and high-security enable it to be employed naturally in resource-limited environments. Refer to Subsection3.4.1for details.

ECDSAprime192 is employed in SA2pMP. The implementation of ECDSA uses ellip-tic curves over the prime field Zpwith the key size of 192-bit. Fernandes(1999) suggests that prime curves are best for software applications. The key size has been chosen for this research based on recommendations byLenstra and Verheul(1999) and JSR177 (Sun Mi-crosystems,n.d.-b). The SHA-1 algorithm is employed for generating the message digest.

ECDSAprime192 has an equal security level to DSA with key size of 1024-bit.

Encryption Layer

SA2pMP utilizes a symmetric-key cryptography algorithm to ensure a secured channel and to protect confidentiality. To encrypt a plain-text message, the symmetric-key cryptography algorithms paralleled with the public-cryptography algorithms are chosen for the proposed architecture. SA2pMP employs AES (with the key size of 256 bits) as the encryption algo-rithm to protect confidentiality.

Compared to the public-key cryptography algorithms, AES has a smaller size and a better operational speed. In the group of symmetric-key cryptography algorithms, AES possesses obvious advantages (see 2.7.2), such as simplicity in design, variant cipher key size, better performance in speed, and reliability in both software and hardware (Dray, 2000). For ensuring the security of the secret key, AES is a suitable implementation for SA2pMP. (Subsection3.4.1explain the rationale for the choice.)

To protect the security of secret key, the strategy of Java package security or separated hardware is suggested. The secret key security is introduced in subsection4.1.6.