Smart devices and Internet of Things (IoT) are growing in importance every day and so do our security concerns about using them for our financial transactions. As we carry the world with us through wearable technology, Dr Sriramulu Bojjagani, Assistant Professor, Department of Computer Science Engineering works towards making wearable devices more secure.

With a thriving interest in Cyber Security, Formal Verification Methods and Vulnerability Analysis and Penetration Testing, Dr Bojjagani has recently published his paper on “A Secure IoT-based Micro-payment Protocol for Wearable Devices” in Peer-to-Peer Networking and Applications (PPNA), Springer.DOI: 10.1007/s12083-021-01242-y

Abstract:

Wearable devices are one of the parts of the essential cost of goods sold (COGS) in the wheel of the Internet of things (IoT), contributing towards a potential impact in the finance and banking sectors. There is a need for lightweight cryptography mechanisms for IoT devices because these are resource constraints. This paper introduces a novel approach to an IoT-based micro-payment protocol in a wearable device’s environment. This payment model uses “elliptic curve integrated encryption scheme (ECIES)” for encryption and decryption of the communicating messages between various entities. The proposed protocol allows the customer to buy the goods using a wearable device and send the mobile application’s confidential payment information. The application creates a secure session between the customer, banks, and merchant. The static security analysis and informal security methods indicate that the proposed protocol is withstanding the various security vulnerabilities involved in mobile payments. For logical verification of the correctness of security properties using the formal way of “Burrows-Abadi-Needham (BAN)” logic confirms the proposed protocol’s accuracy. The practical simulation and validation using the Scyther and Tamarin tool ensure the absence of security attacks in our scheme. Finally, the performance analysis based on cryptography features and computational overhead of related approaches specify that the proposed micro-payment protocol for wearable devices is secure and efficient.

Architecture for wearable devices:

The architecture for wearable devices is shown in Fig. 1. It consists of six types of entities, such as Issuer bank (IB), acquirer bank (AB), payment gateway (PG), a certification authority (CA), mobile terminal, and wearable sensing devices. The person using various wearable devices such as a smartwatch, smart wristband, smart glass, etc. In the architecture, a wearable device is connected to the mobile terminal through NFC. An app is running on a mobile device. Wearable devices are resource constraints because they have limited computing capabilities regarding battery, display, storage, and processing compared to a mobile terminal (smartphone). Hence, NFC is used to pair the wearable device and mobile terminal for transmitting public messages. Before conducting any transaction with the merchant, the customer and merchant should register their mobile numbers with the bank.

Fig. 1. Architecture for wearable devices

The customer can place an order with the merchant using the following steps and the complete messages flow in the proposed protocol is shown shown in the Figure.

● The customer places an order for an item through a wearable device.

● The request is transferred to the mobile app. The mobile app verifies the user authentication.

● After a successful authentication request, the app forwarded the request to the issuing bank for payment verification.

● The customer also sends a payment request for a deduction of the amount from his/her issuing bank.

● Once the bank validates the customer data in terms of sufficient funds available and user’s integrity. The issuing bank routes the transaction to the payment gateway through a secure network.

● In this step, the payment gateway verified the customer payment order and transferred it to the acquiring bank.

● If all the verifications are successful, then the transaction amount is then debited from the issuing bank and credited to the merchants’ acquiring bank.

Application demonstration:

As we know, most wearable devices run the Android operating system. The proposed framework developed as an Android application package (APK) file run in an Android wearable emulator, but we have operated in the Samsung Galaxy Note-2 device due to limits of the screen device and lack of environment. First, it needs to install the APK file and start running the app. Before running the app, some points need to be considered, such as the following:

● The company voice gateway provided for the service of an SMS gateway connected to Xeon server and assigned us a shortcode 56677.

● The payment gateway switch is used to communicate with the customer and merchant bank accounts.

● Two mobile numbers are registered with the banks and telecom operations, and it is used for SMS service.

● The deployed decryption web application on the Xeon server.

● HTTPS connection is used between voice gateway and Xeon server established Indian financial network (INFINET) link between server and bank.

We have not mentioned all the screenshots for the app from starting the login and authentication phase, but the protocol requires the essential information only shown in the screenshot. We didn’t mention the banks considered for implementing the micro-payment protocol for security and reputation reasons.

The proposed protocol action is as follows:

Step 1: The customer x runs a wearable application to enter Wearable-id, mobile number, pin and amount and sends an encrypted message to the Xeon server via short-code 56677. To encrypt the message, the customer may choose any one of the ECC curves as shown in Fig. 2.

Step 2: The SMS gateway receives the encrypted SMS, which is delivered to the server

Step 3: The server receives the encrypted SMS and executes the decryption application. Next, the user runs decryption activity and selects the P-224 private key. After decryption, the message is shown in Fig. 3.

Step 4: After the message is decrypted, the user presses the “Next” button to communicate with the payment gateway.

Step 5: Now, the merchant fills in the remaining fields of merchant UPI-id, mobile number, and purpose of payment and then selects any payment gateway as shown in Fig. 4.

Fig. 4: The merchant enters the details and sends to any payment server

Dr Bojjagani’s research will further refine the parameters of security in IoT enabling wearable devices to become smarter and safer.

• To make the proposed protocols more secure can add biometric-based authentication can be added.
• The future directions of the proposed framework fit only for micro-payments. In future, we have upgraded to credit card/debit card payments to enhance the proposed framework for macro-payments.

Continue reading →

Yuvaraj Tankala and Joseph K Paul, 5th-semester B Tech Computer Science and Engineering students of SRM University-AP, Andhra Pradesh, India has worked with Dr Manikandan V M, Assistant Professor in Computer Science and Engineering Department on a research project and their research paper “A Content-based Image Retrieval Scheme with Object Detection and Quantized Color Histogram” got accepted for publication in the International Journal of Computational Science and Engineering.

Content-based image retrieval (CBIR) is an active area of research due to its wide applications. Most of the existing CBIR schemes are concentrated to do the searching of the images based on the texture, colour, or shape features extracted from the query image. In this manuscript, we propose an object detection based CBIR scheme with quantized colour histograms. In the proposed scheme, the meaningful objects will be identified from the query image by using you only look once (YOLO) object detection techniques and the quantized histograms of each of the object categories. The object lists, their count, and the area covered by the objects along with quantized colour histograms will be used during feature matching to retrieve the related images from the large image pool. The experimental of the proposed scheme is carried on the Corel 1K and Caltech image dataset. We have observed an average precision of 0.96 during the experimental study which is quite high while comparing the precision from the well-known existing schemes.

To retrieve relevant images from a large image pool, we use content-based image retrieval (CBIR) schemes. In a CBIR scheme, the properties of the query image will be matched with the properties of the images in the image pool. The images which are very close to the given query image will be returned by the CBIR scheme. Most of the existing CBIR schemes use colour, shape and texture properties for image comparison. In the proposed scheme, we use an object detection-based approach with quantized colour histograms to retrieve the relevant images from the image pool.

The real-life applications of the proposed scheme are listed below:
● In the fashion designing and textile industry, CBIR systems can be used to find the existing designs.
● The CBIR systems are useful in crime prevention by retrieving similar crime scenes or the images of criminal persons based on the query image.
● Professional web designers or poster designers want to retrieve relevant images depends on the specific context that they are working.
● To retrieve similar medical images with the relevant treatment details in a computer-assisted diagnosis system.

The team currently continue their research work in the same domain to come up with a content-based image retrieval system that will return the relevant images by understanding the relationships among the objects in the image. The classes of the objects in the scene and their properties also will be considered along with the relationship between the objects in the scene.

Continue reading →