BIOMETRIC BASED THREE-FACTOR MUTUAL AUTHENTICATION SCHEME FOR ELECTRONIC PAYMENT SYSTEM USING ELLIPTIC CURVE CRYPTOGRAPHY

Electronic payment system plays a vital role in e-commerce and other financial transactions with ever-increasing acceptance of smart device based applications. To ensure secure transactions, various authentication schemes have been proposed in recent times. But existing password and smart card-based traditional e-payment systems have some limitations and also raises security concerns. However, they consume more energy and are not feasible for the e-payment system as it consists of resource constraint devices like mobile devices. Furthermore, it is prone to security issues if the password is guessed or smart card is stolen. Thus to enhance the security and to reduce the computational cost, biometric authentication based payment protocol using elliptic curve cryptography is proposed. Since biometric features are unique and also cannot be stolen or reproduced. The proposed system resists various security attacks like impersonation attack, replay attack, session key agreement, man-in-the-middle attack, and user anonymity. Furthermore, it reduces computational and communication costs when compared to other protocols as it exploits ECC. Thus the proposed authentication protocol is convenient for the electronic payment system. A simulation tool, AVISPA is utilized to verify the security of designed payment protocol and BAN logic for formal security analysis.