An Improved Authentication Scheme for Electroni Payment Systems in Global Mobility Networks

Recently Yang et al. proposed an authenticated encryption scheme based on elliptic curve cryptography. The scheme reduced computation cost by excluding the construction of sender's digital signatures. Furthermore, Yang et al. presented an e-payment system based on their authenticated encryption scheme. They claimed their scheme to resist replay, man-in-middle, impersonation and identity theft attack, while providing confidentiality, authenticity, integrity and privacy protection. However, in this paper we show that Yang et al.'s both authenticated encryption scheme and e-payment system are vulnerable to impersonation attack. An attacker after acquiring the public key and identities of the participants can easily masquerade as legitimate user. Then, we presented improvements over both Yang et al.'s authenticated encryption and e-payment schemes. We analyze the security of proposed schemes using widespread automated tool ProVerif. The proposed schemes are more secure and lightweight as compared with Yang et al.'s schemes.