An Investigative Report on Encryption Based Security Mechanisms for E-Wallets

INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 8, ISSUE 10, OCTOBER 2019 ISSN 2277-8616 An Investigative Report On Encryption Based Security Mechanisms For E-Wallets

Shibin David, Jaspher W kathrine

Abstract: The inception of mobile wallets or e-wallets has laid recess on the retail outlets to embrace e-wallet payment system. In contrast to e-banking, e-wallets have made allowance for the customers to pay cash directly through their mobile device which can be spent online and in-store as well. The application of the unified theory of acceptance and use of technology (UTAUT) represents features such as usefulness and easy access which attracts the users in terms of security and trust. Despite the leads that e-wallet possesses over the banking applications, there prevails certain shortcomings in terms of security such as fragile encryption mechanism, poor session maintenance, threats over offloading, tampering the proof of the receipt over a transaction, personification of the original identity, etc. Majority of the ongoing researches elevates the security of the e-wallet channel by including location-based security, strengthening the app security, appending block chain technology and more. However, a concrete novel secure mobile wallet framework lags the mandate to overcome all the aforementioned threats. In this paper, a systematic survey that covers the security and privacy aspects of e-wallet is studied. Also, an in-depth review of various encryption schemes and its outcomes, various offloading mechanisms, threats over e-wallet applications and its remedial measures are discussed in an aspiration to reach the expected solution.

Index Terms: mobile cloud computing, data offloading, data outsourcing, data security, privacy, cloud storage, encryption schemes. ————————————————————

1 INTRODUCTION authenticity. Privacy could be defined in two perspectives Mobile wallet otherwise termed as e-wallet, has become one of such as the authority over one’s personal data and the the most widely used platforms to make payment under the intended access over the unauthorized users [7]. On the other regulations of the finance for a mobile device which may add hand, performance becomes an important factor to be standards to the regular payment routine with the increase in considered regardless of the customer’s anonymity and offline the growth of mobile network connectivity [1]. Due to its ease processing. The e-wallet application has been internally of access and usefulness, it has reached the corners of the categorized into three types such as server-side wallet, client- world and used by laymen even though it is sophisticated. In side wallet and cookie-based wallet cache to store the e-coins recent days, the evolution of mobile wallets is enormous [8]. In all the afore-mentioned wallets, unique encryption which includes applications like Paytm, Paymate, scheme is applied to prove the authenticity and improve the PayUmoney, MobiKwik, etc. which brings ease of use privacy of the transaction in the network. The factors involved amongst the users to access, utilize and make payment. E- in the process of encryption schemes are categories of keys wallets have replaced the physical wallets by reducing the used, access control, security mechanism involved and usage of currency notes, coins, etc. among various age groups number of bytes of input data to be processed. Cryptographic of people [2]. This has become evident through surveys that keys are used to achieve confidentiality in the encryption cashless transaction are ease of use and time saving where in mechanism. Being involved in the process of encryption, keys security remains a concern [3]. Mobile wallet applications are are classified into two categories such as symmetric and dependent on inadequate resources such as the limited battery asymmetric keys [3][4]. Symmetric encryption uses single lifetime, bandwidth, storage capacity and performance of the symmetric key for both encryption and decryption. processor within the mobile [4]. These limitations can be Asymmetric encryption uses two different keys (public and substantially reduced by performing computation offloading private) which are related to perform encryption and to the resourceful servers. But, large-scale computations are decryption [10]. These cryptographic keys may be used for not permissible in this environment [4]. Henceforth, long-term use (static) or even for a single session (ephemeral) outsourced verification was suggested by Liao et al., where in a transaction [9]. the computation was outsourced to an untrusted server [5]. It Initially, authentication is given to the mobile users to clearly indicates that when the payment is done through secure the message or information to be transmitted over the wireless networks, there are high range of threats such as network. Further, the transmitted message has to be sent to denial of service, rogue access points, etc., and security attacks the resourceful servers for computation through offloading are possible [6]. Encryption is the process of transforming an [4]. In the grid environment, the process migration may takes intelligible message to an unintelligible message [1]. This place from one system to another whereas the computation encryption plays an important role in e-wallet to enhance its offloading moves the process to the servers outside the computing environment. Computation offloading involves mobile agents, virtualized environment, mobile client ———————————————— authentication and remote authentication. If all these  Shibin David is currently working as an Assistant Professor at Karunya Institute of Technology and Sciences, Coimbatore, India. His research interests processes should take place in a convincing environment, the are cryptography and network security, mobile computing, wireless security. E- threats standing against the mobile wallet payment providers mail:[email protected] and applications should be keenly observed and analysed [10]  Jaspher W Kathrine is working as an Assistant Professor at Karunya Institute of [11]. Even though the e-wallet appears to be a highly secure Technology and Sciences, Coimbatore, India. Her research are includes Grid Computing, Cryptography and Network Security, Cloud Computing. component, it faces certain threats such as phishing attack, malware attack, and hacking, human error, risk of losing the

1755 IJSTR©2019 www.ijstr.org INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 8, ISSUE 10, OCTOBER 2019 ISSN 2277-8616 device, impersonation and man-in-the-middle attack [10]. The implementation and application scope of various platforms for detailed flow of the protective covering mechanism has to be mobile wallets to improve the security and privacy. A studied carefully in order to bring out a feasible and secure comparative analysis on the evaluation criteria, salient solution to the existing threats prevailing amidst the arena of features, merits and limitations of the existing schemes, tools mobile wallets. The remainder of this paper is structured as used, are discussed in Section 4. Finally, in Section 5, the follows. Fig.1 describes about the search strategy for selecting inferences of the research work and the concluding remarks the articles for this survey. Section 2 reports the definition for are presented. keywords some past related surveys. Section 3 outlines the

Fig. 1. Flowchart of search strategy

2 Related works and Literature Survey include purchasing items on-line with a computer or as simple The principal difference between online banking, mobile as using a smartphone to purchase something at a store [12]. banking and e-wallet is narrated in this section. Banking Individual’s bank account can also be linked to the digital technology is expected to keep up with the increase in the wallet, by adding bank details. Individual might also have demands of the customers in day to day life. Online banking their driver’s license, loyalty card(s) and other ID documents can be defined as the transaction that is done over the internet, stored on the phone. The credentials of the person can be normally through a bank’s web page under a private manager passed to a merchant’s terminal wirelessly via near field and portal and with a desktop computer or laptop computer. communication (NFC). Now-a-days, digital wallets are being Mobile banking paves a way to perform many of the made not just for basic financial transactions but to also transaction similar to the online banking using a smartphone authenticate the holder’s credentials [13]. For example, a or tablet instead of desktop computer. E-Wallet is a digital wallet could verify the age of the buyer to the store virtual/digital wallet where we can keep your money to use it while purchasing alcohol as it might be linked to your Adhaar when we need without swiping you debit/credit cards. Card. This online system has already gained popularity in Starting from grocery items to flight tickets, everything can be Japan, where digital wallets are known as "wallet mobiles". brought using e-wallets. An e-wallet refers to an electronic Moreover, a cryptocurrency wallet is a digital wallet where device or online service that allows an individual to make private keys are stored for crypto currencies like bitcoin. electronic payments which is depicted in Fig.2. This can

Fig 2. Architecture of mobile wallet

An e-wallet has both a software and information component. 3 Security mechanisms behind e-wallets The software provides security and encryption for the The comprehensive literature on the other hand states about personal information and also for the actual transaction being the mobile agents and wireless networks, virtualized done by the individual. Typically, e-wallets are stored on the environment and computing, mobile client authentication and client side and are easily self-maintained and fully compatible remote authentication [4]. Mobile agents are those which with most Touch-commerce websites [14]. A server-side controls the migration of the programs from one computer digital wallet, also known as an e-wallet or thin wallet, is one system to other system. It acts as an agent to transfer the that an organization creates and maintains on its servers. computations from mobile devices to the resourceful servers. Server-side e-wallets are getting popular amongst majority of Here, the infrastructure for the mobile agents are kept as a retailers due to the security, efficiency, and added utility it target using the technologies such as xml and java [28]. provides to the end-user, which increases their satisfaction of Virtualization says about the logical partition of the large their overall purchase within lesser amount of time. The computer systems into smaller independent computing units. information component is actually a database to store user- Multitasking is enabled due to the concept of virtualization input information. This information consists of your where multiple applications run in parallel [29]. shipping address, billing address, payment methods, individual’s credentials, and personal information. (Also including credit card numbers, expiry dates, adhaar details, and security numbers). Table. 1 will narrate the comparative study of properties of the e-wallets along with the existing e- wallet system.

Table 1 Comparison of properties of various mobile payment applications Systems VISA/ Paypal Google Oyster Octopus SMART Properties Master Banxafe M-PESA Mobile Wallet Card Card Money card SMS and app based system X X X App access to system X X X X NFC based X X X Purchasing list X X X Multiple accounts X X X Balance in SMS X X X Balance on receipt X X X Recipient list X X X

Merchants must activate the X X X list/ initiate sales Many steps to complete the X X X X transaction Transfer of money to friends X X X

Online access to user account X X X Payment history X X X X X Bank account pre-requisite X X X X X Creation of virtual account X X X X X X pre-requisite PIN code for purchase X X X X X User account needed X X X X X X

Table 2 Comparison between the encryption schemes and its security parameters

Encryption Schemes/ Access Control Scalability Flexibility Efficiency Security Parameters IDE Low Low Low Low HE Low Low Low Low ABE Low High Low Low KP-ABE Low Low High Low CP-ABE High Low High Low

MA-ABE High High High High

3.1. Encryption techniques used in mobile wallets communication is appreciated in mobile wallets, it stays as Encryption seems to be one of the finest solutions to secure a short range communication platform [17]. The ultimate data till date. Authentication of the user and clear goal behind every security mechanism is to provide the encryption can provide good security for the data. Data or legitimate access to mobile device and the impending information transmitted form the mobile device should be transactions to be carried out by the applications. This protected from attacks. As there are plenty of loopholes to section will describe about the various encryption schemes access the data around, the role of attackers becomes and its merits towards the appliance on mobile wallet tranquil to access all the private data. In a traditional web applications. Sahai and Waters et al. developed Fuzzy wallet referred in [15], the information needs to be Identity based encryption [18] where identity is viewed as a submitted online and it underwent phishing attack which set of attributes. The limitations with this scheme is that the evaded the privacy of the data. But in the recent days, the users with secret key can perform encryption using a public evolution of Near Field communication (NFC) alongside key and decryption using a secret key and identity with a the mobile devices, poured interest in developing NFC certain distance. Error tolerance needs attention in the FIBE security despite of the device being an attack platform [16] scheme since the comparison between more than identities and software based relay attack. Even though NFC can never be the same. Cheng, Rong, Tan, Zeng et al

1758 IJSTR©2019 www.ijstr.org INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 8, ISSUE 10, OCTOBER 2019 ISSN 2277-8616 proposed scheme to securely access the data using Identity  Searchable encryption which includes symmetric based encryption and biometric authentication [19]. This searchable encryption and asymmetric searchable scheme required a centralized server and a secure channel encryption [1][5]. between the sender and receiver for transmitting the secret  Homomorphic encryption [5][11]. key information. Cipher-text policy attribute based  Identity based encryption [13]. encryption [20] proposed by Bethencourt, Sahai and Waters  Attribute based encryption which includes key- et al. has been serving as a method to analyse the policy attribute based encryption, cipher-text complexity behind access control on encrypted data. In the policy based encryption and multi-authority above said method, attributes are used to describe the attribute based encryption [18-21]. user’s credentials and the user who encrypts the message creates a special policy for the receiver who decrypt the Table. 2 has shown a comparison between the encryption message. The encrypted data in the CPABE will be kept schemes and its security parameters to investigate the confidential despite of the untrusted server and proved security mechanisms such as access control, scalability, secure against the collusion attack. Chase et al. suggested a flexibility and efficiency of various encryption schemes Multi authority based encryption scheme allows multiple available in the security standards. Similarly, Table.3 has a polynomial quantity of independent authorities to overlook deep overview of various encryption schemes and its and issue secret keys. Encryption takes place with the help variants which are reflected in the encryption standards are of a set of attributes defined by the authority and a random discussed. number whereas decryption takes place if atleast ‘x’ number of attributes revealed by the decrypting entity [21]. 3.2. Mobile wallets – Offloading perspective and layering of block chain technology Multi authority based encryption (ABE) is proposed in [22] Computation offloading is the transmission of the where it allows any party to become the competent computational tasks to external resourceful servers for authority and imbibes no coordination requirement other computation. Mobile systems have inadequate resources than the initial creation of reference parameters. Encryption such as the performance of the processor, storage capacity, takes place by means of any Boolean formula over the etc [47]. The appropriate solution to extend the battery’s declared attributes set by any chosen set of authorities lifetime and increase the performance is to offload the where it does not need any central authority. This is also applications which demands processes to the centralized referred as Decentralizing attribute based encryption. server [48]. But, the offloading process even takes time in Xiang et al. proposed a secure outsourcing attribute shifting the computations to the server and creates delay encryption scheme with Checkability provision [23]. This and henceforth mobile edge computing evolved [48]. The scheme allows offloading of access policy and operations technological upgrade in the field of security has brought depending on the attributes in the key-issuing process to a blockchain wallet which is also called as a digital wallet. key generation service provider or decryption by a This digital wallet enables the user to manage bitcoin and decryption service provider. In [24], Xhafa, Feng, Zhang et ether. In e-wallets, an individual is allowed to store the al has made a scheme which invokes privacy aware crypto currencies whereas in blockchain wallet, user can attribute based sharing and works only within the manage bit coins as well as ether. The account creation in a limitations of a trusted domain. Tysowski and Hasan et al. block chain wallet is similar to the e-wallet which links the proposed attribute based encryption scheme for mobile account with a bank account. Whenever a user sends a applications. The responsibility of the owner is relieved request, a unique address is generated. On the other hand, here and instead the key generation mechanism is shared users can also send bitcoin or ether when they receive a between the mobile data owner and a trusted authority unique address. During the transaction, the crypto [25]. Another category of encryption is role-based currencies are being sent. This block chain wallet possesses encryption which integrates the techniques from three levels of security. First level security prevents the user cryptography to RBAC. This scheme allows the users with losing their access to the account, level 2 security is evolved certain roles assigned may only decrypt and view the to prevent the intruders gaining unauthorized access and original data [26]. Tiwari and Saklani et al. suggested a level 3 security makes the user to block the ToR requests. biometric based encryption and decryption scheme where Table. 4 deals with the inference of offloading and block master key generation will be done using either chain based security mechanisms that can be utilised for fully/partial hash portion of the finger prints of both sender mobile applications. and receiver [27].

3.1.1. Advanced cryptographic encryption techniques Some of the advanced cryptographic techniques to encrypt the message are as follows.

Table 3 Prognostic overview of encryption scheme Sl. Article referred Domain Methodology Merits Demerits No. Since two measurements of System allows for a certain the same biometric (e.g. an amount of error-tolerance in iris scan) will never be the identities. The document exactly the same, a certain Fuzzy Identity - can be stored on a simple amount of error tolerance is Advances in Fuzzy Identity-Based 1 Based Encryption untrusted storage server required when using such Cryptology Encryption [18] instead of relying on trusted measurements as keys [30]. server to perform It does not achieve Key authentication checks before Privacy; namely, it reveals delivering a document. the identity (public key) used in the encryption. The construction is only Ciphertext-Policy Ciphertext-policy attribute- Attributes are used to describe proved secure under the Advances in 2 Attribute-Based based encryption a user's credentials. generic group model. Cryptology Encryption [20] (CP-ABE) Several different users might match the decryption The system does not support a tree access Multi-authority Multiple authorities are Advances in Multi-authority Attribute structure. Unnecessarily 3 Attribute Based allowed to distribute Cryptology Based Encryption compromises the privacy of Encryption [31] attributes. the user.

It requires a designated central authority. The It is Collusion resistant. authority must be globally Authorities can function trustworthy, since its failure entirely independently. The will compromise the entire Decentralizing failure or corruption of some system. Spreading a central Advances in Distributed Central 4 Attribute-Based authorities will not affect the authority’s keys over several Cryptology Authority Encryption [22] operation of functioning, machines to alleviate uncorrupted authorities, performance pressures which makes the system more might simultaneously robust increase the risk of key exposure.

The access policy needs to Securely be sent along with the outsourced ABE Outsourcing Checkability is supported. Ciphertext explicitly in that Advances in construction which provides 5 Attribute-Based Achieves constant efficiency at decryptors must know how Cryptology checkability of the Encryption with both authority and user sides. they should combine their outsourced computation Checkability [23] attribute secret key components for decryption. If a Private Key Generator (PKG) is compromised, all Aligns well with the idea of messages protected over the cloud computing to allow the entire lifetime of the public- users with a platform of private key pair used by Identity-Based limited performance to that server are also Advances in Identity-Based Encryption 6 Cryptography for outsource their computational compromised. . Because the Cryptology (IBE) Cloud Security [19] tasks to more powerful Private Key Generator servers. Lightweight achieved (PKG) generates private on the user side keys for users, it may decrypt and/or sign any message without authorization. An Efficient Key- The scheme can achieve fine- Encryptor cannot decide Policy Attribute- Advances in Key-policy attribute-based grained access control and who can decrypt the 7 Based Encryption Cryptology encryption (KP-ABE) more flexibility to control encrypted data. It can only Scheme with users than ABE scheme. choose descriptive attributes

Constant Ciphertext for the data, it is unsuitable Length [32] in some application because a data owner has to trust the key issuer. In practice, it is unsuitable Hierarchical to implement. Since all It assures high performance attribute-based Hierarchical attribute-based attributes in one conjunctive and full delegation. It can encryption and encryption scheme (HABE) clause in this scheme may Computers & share data for users in the 8 scalable user &proxy re-encryption (PRE) be administered by the same Security cloud in an enterprise revocation for and lazy re-encryption domain authority, the same environment . sharing data in (LRE) attribute may be

cloud servers [33] administered by multiple domain authorities. Privacy-Aware The access policy is hidden Attribute-Based Multi-authority Ciphertext- Overhead involved in and hence user access privacy 9 PHR Sharing with Supercomputing policy ABE scheme with managing the distributed is protected. Unauthorized User Accountability user accountability [24] authorities. users can be traced. in Cloud Computing Data owner is solely responsible for providing It allows an organization to Achieving Secure role-based encryption (RBE) access to shared data, also store data securely in a public Role-Based Access Information scheme that integrates the requires constant cloud, while maintaining the 10 Control on Forensics and cryptographic techniques availability of data owner. sensitive information related Encrypted Data in Security with RBAC(Role Based Affects mobility of data to the organization’s structure Cloud Storage Access Control) [26] owner and adds in a private cloud. computation burden on mobile device. Hybrid Attribute- Optimized for mobile users, Based Encryption Reduces communication and and Re-Encryption Hybrid Attribute-Based No provision of backup 11 Cloud Computing computation cost, for Scalable Mobile Encryption (H-ABE) [25] manager. computationally very difficult Applications in to crack. Clouds The access policy needs to Advantages of secret sharing An expressive and be sent along with the Ciphertext-Policy Attribute- over integers opposed to provably secure cipher text explicitly in that Information Based Encryption, based on secret sharing over finite 12 Ciphertext-Policy decryptors must know how Sciences a Linear Integer Secret groups or fields in LSSS. In Attribute-Based they should combine their Sharing Scheme (LISS) [34] LISS, the secret sharing cost is Encryption attribute secret key less. components for decryption. The attributes are organized in a matrix where the users having higher level. Attributes can delegate their access rights Ciphertext-policy to the users at a lower level. hierarchical Ciphertext-policy These features enable a CP- Cloud computing Lacks a description of the 13 attribute-based hierarchical ABE (CP-HABE) HABE system to host a large encryption structures of access control. encryption with [35] number of users from different short cipher texts organizations by delegating keys, e.g., enabling efficient data sharing among hierarchically organized large groups. Re-Encryption- Based Key Constant user revocation Management Store data securely, works results in updating of keys Proxy based Re- Dynamic data re-encryption 14 Towards Secure and efficiently in case of user thus denied access to Encryption [36] Scalable Mobile revocation. authorized users during Applications in ongoing process. Clouds Functional System is (semantically) A circuit representation Encryption for Inner Public Key Negated spatial encryption secure under chosen key takes the worst case running 15 Product: Achieving Cryptography [37] attack. Fine-grained access time on every input. The Constant-Size control to the data along with input length of the function 1761 IJSTR©2019 www.ijstr.org INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 8, ISSUE 10, OCTOBER 2019 ISSN 2277-8616

Ciphertexts with a Low communication round is a-priori bounded. Adaptive Security or complexity mechanism. Support for Negation The depth of the access trees Ciphertext-policy attribute Construction can support d under which messages can based encryption scheme access structures which can be be encrypted is defined in Bounded Ciphertext having a security proof Public Key represented by a bounded size the setup phase. Thus, the 16 Policy Attribute based on a number theoretic Cryptography access tree with threshold user who wants to encrypt a Based Encryption assumption and supporting gates as its nodes. message is restricted to use advanced access structures only an access tree which [20] has the depth d’ ≤ d. Ciphertext-Policy The first cipher text-policy Attribute-Based Expensive decryption. Efficient, expressive, and attribute-based encryption Encryption: An Ciphertext and public Public Key provably secure ciphertext- systems that are efficient, 17 Expressive, parameters size have been Cryptography policy attribute-based expressive, and provably Efficient, and increased in the DBDH encryption system secure under concrete Provably Secure Assumption[20]. assumptions. Realization [34] The parameters of cipher Attribute-based text and private key sizes encryption for fine- This KP-ABE system naturally add encryption and Public Key Key-Policy Attribute-Based 18 grained access offers a targeted broadcast decryption complexity blow Cryptography Encryption (KP-ABE) [38] control of encrypted system. up (in the worst case) by an data n 3.42 factor limiting its usefulness in practice. The size of the Ciphertext Provably Secure It provides Selective Data and secret key increases Cloud Computing 19 Ciphertext Policy CP-ABE scheme [39] Sharing Group Key linearly with the total and Security ABE Management number of attributes in the system. Secure and Efficient Ensures the security, Data Sharing in Cost for equipment is authentication and efficient Cloud Using Hybrid Hybrid Patient Controlled higher. Cloud Computing data sharing in the cloud 20 Patient Controlled Biometric Encryption Vulnerable to noise and and Security environment. Biometric Scheme (HPCBES) distortion brought on by Double encryption process Encryption Scheme dirt and twists enhances the security [40] Multivariate Authentication and authentication based Capable to protect against the Large keys and the Encryption Scheme Cloud Computing security model for internet security breach attacks on the 21 uncertainty about their for Data Privacy in and Security of things healthcare databases. security. IoT Healthcare Monitoring [41] Challenges for practical Feasibility of More reliable because it has implementation (e.g. Deploying Biometric Biometric Biometric encryption (BE) features of difficult to forget, appropriate request 22 Encryption in encryption [42] lose, share and forge. scheduling, efficient match Mobile Cloud algorithm, secure storage of Computing templates and secret keys). Requires a centralized server. IBE's centralized Identity Based approach implies that some Encryption and keys must be created and Biometric secure data access scheme held in escrow and are Authentication Advances in based on identity-based Feasible and secure for data therefore at greater risk of 23 Scheme for Secure Cryptology encryption and biometric access in cloud computing disclosure. Data Access in authentication Requires a secure channel Cloud Computing between a sender or [19] recipient and the IBE server

for transmitting the private key. Multiple Biometric Advances in Multiple Biometric Security Limited authentication More biometric reference 24 Security in Cloud Cryptology [43] capability in order to avoid data, has to be stored for 1762 IJSTR©2019 www.ijstr.org INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 8, ISSUE 10, OCTOBER 2019 ISSN 2277-8616

Computing unauthorized access. each subject registered with a multi-biometric system. Role of Biometric Availability of data by Cryptography in Advances in Legal issues and Privacy 25 Biometric Cryptography overcoming many existing Cloud Computing Cryptology concerns problem like denial of services [44] Ensuring attribute privacy protection Supports efficient attribute Involves many bilinear and fast decryption matching. pairings in decryption phase 26 Network Security match-then-decrypt [45] for outsourced data and suffers a security security in mobile weakness cloud computing An efficient and secure privacy- preserving Efficient and Secure Privacy- Approach For Preserving approach based Data privacy ensures and Large keys and the Advances in 27 outsourced data of on probabilistic public key computation, Communication uncertainty about their Cryptology resource constrained encryption and ranked overheads in reduction. security. mobile devices in multi- keyword search cloud computing [46]

Table 4 Parasitic overview of offloading and block chain based security mechanisms Sl. No. Article Referred Methodology Inference (s) Demerits The method provides fault The lag is in anonymous 1. Decentralized and Trustworthy Consensus mechanism to avoid tolerance, decentralization, authentication, privacy in Mobile Crowd sourcing [55] forks, Mobile crowd sourcing effective MCS chain Lag in software security, Solution to weakest chain in the Risks within the mobile 2. Mobile Security: End Users [56] vulnerability due to link ecosystem is analyzed uninvited third party 3. Mobile edge computing [57] Block chain technology Resource management, security Lag in security analysis Improvised security, Security modeling and efficient Snooping, 4. Security overhead model less overload, computation offloading [58] offloading risks low execution time Block chain meets edge computing Economic approach for mobile 5. Resource management Lack of proof-for-work [59] computing Security, resiliency and efficiency 6. Block chain Innovations [60] Block chain technology Cyber crime, fraud of the systems Tamper-Resistant Mobile Health Network fault, 7. Tamper-resistant technology Tamper-proof Using Blockchain [61] artificial fault The Blockchain Model of Privacy preserving smart 8. Decentralized smart contract It lacks transactional privacy Cryptography [62] contracts Using Blockchain to Protect Automated access control Security breaches which 9. Decentralizing Privacy Personal Data [63] manager compromise user’s privacy Blockchain as a Software Software connector improves It lags in architectural 10. Software connector Connector [64] security, privacy and scalability decision Securing User Identity It provides longevity, agility, and 11. and Transactions Symbiotically Permissioned Blockchain It lags in user privacy incremental adoption [65] 12. Offloading IDS computation [66] Signature matching intrusion The system improvised Performance decreases detection conventional snort when load increases It faced lag in good 13. Partial mobile application FSP saves battery lifetime and Free sequence protocol mechanisms to evaluate the offloading [67] enhances performance effect of offloading Mobile offloading game against Q-learning based mobile Reduces the attack rate of smart It was vulnerable to smart 14. smart attacks [68] offloading strategy hackers and programmable radio 1763 IJSTR©2019 www.ijstr.org INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 8, ISSUE 10, OCTOBER 2019 ISSN 2277-8616

Achieved privacy and trust ECOS: mobile application Enterprise centric offloading worthiness, decoupled Lag in security constraints, 15. offloading [69] framework offloading and accommodated fairness offload at a scale

Reinforcement Learning Based Offloading based on Q-network It improves detection speed, Needs improvement in 16. Mobile Offloading [70] technique utility and accuracy. malware analysis

Mobile cloud offloading for Offloading based on Q-learning It improves the utility under Requires fast processing of 17. malware detections with learning method dynamic network bandwidths large data [71]

Table 5 Effects of the security threats and attacks and its impending solutions Security mechanism Nature of the threat/attack Target Entity Effects Solution(s) involved 1.Forged payment Modification or Payment through mobile Certificateless signature in Modification 2.Privacy of the honest Impersonation [1] wallet Digital Signature Standard customer may be lost Secure file deletion including overwrite based Receovery of supposedly Flash memory of mobile 1.Recovery of private data Privacy secure deletion and deleted erased data [50] device from flash image encryption based secure deletion Unintentional installation of To gain privilege over root Mobile application Integrity Inclusion of signature malicious code [51] access Trap a user to disclose the Phishing attacks Mobile device Privacy Usage of SSL certificate private information 1.Disclose server Intellectual information in the information Reverse Engineering Integrity To add server security mobile 2. Perform attacks towards back-end systems Tampering the mobile Information present in the Mode of the root kit should payment applications by Mobile OS Security root of the device will be be protected using using root kits [52] disclosed commands Sensitive data in the Spoofing Mobile application Privacy mobile device will be revealed Man in the Middle attack Impersonalisation of the Integrity of the customer Integrity Strong encryption with SSL [76] user The communication Relay attack against NFC Data connectivity Authentication channel will get affected Irreversible encryption enabled POS [17] through the NFC Information present in the Compromise of payment Customer’s reputation Integrity root of the device will be Strong encryption systems disclosed Information present in the Compromise of data Virtual Private Network can e-wallet payment Security root of the device will be connectivity [75] be a solution disclosed Appears to be a virtual OWASP can be a preferable Repudiation attacks [53] Payment through wallet Security wallet and steal the solution information Compromise of servers Customer’s wallet Privacy Appears to be a virtual SSL security

wallet and steal the information Customer centric awareness Denial of payment Reputation of the customer Customer and POS Accountability on neglecting the denial of settlement services will get endangered payment Session maintenance The money in the wallet is Payment fraud [73] Customer Confidentiality protocol can be targeted implemented Advanced persistent threats Device will face a lag in the Usage of Network Access Mobile device Security (APTs) [54] response Control mechanism Resource from the server Securing the IP gateway, DDoS attack Payment gateway Confidentiality will not be reached Anteater system

4. Mobile wallet security attacks and threats reliable. The installation of such malware may download and its remedial measures attacks influence into the mobile device. Mobile wallet, despite of its user friendliness faces a lot many security challenges. This section deals about the Uploading malware on POS terminal: The way in which possible threats and intrusion towards the mobile system the attacker can obtain remote access when the point of sale [54][77]. There are plenty of existing threats and identified (POS) malware is installed on the terminal. It obtains the solutions which can help us to review the nature of the information about the mobile wallet data that transact threat and its vulnerability. Threats may appear in the through the card readers. mobile wallet in many forms including mobile wallet application, mobile device, mobile wallet users, acquirers, Man-in-the-middle attack: Attackers attempt to invade the merchants, payment service providers, card issuers, poor network connections like lack of firewalls and attack payment network providers, etc. against the point of sale’s terminal.

4.1. Threat model of mobile wallets Relay Attack: Relay attack is a known attack with the The possible area of attacks/threats in a mobile wallet is installation of relay software that can relay commands discussed in this section. Threat deals with the boundary between the secure element and card emulator installed limitations and its intrusion in the model discussed here within the device. Apart from these, there are numerous [49]. Table. 5 suggest the remedial measures for the threats threats and attacks involved in the mobile wallet and attacks in mobile wallet applications. technology including the compromise of software running on contactless terminals, payment gateways, POS servers, Social Engineering: Social Engineering deals with the token services, token service provider services, payment information available in the public domain where attackers settlement services, payment authorization process, data can send fraudulent payments just like the intended user. connectivity and repudiation, etc. The same data may be sold in the market for a price and gain an identity of the original user [12][44]. 4.2. Preventive security measures for a mobile wallet Installation of malware and nature of operating system: It is always recommended to be alert and acquire Many a times, attackers handle the technique of installing preventive measures in the field of security. The various malware and re-direct the user to insecure wifi access, fake preventive measures that can be adopted rather than facing access points and malicious uniform resource locators (urls) the critical threats and attacks in mobile era are discussed and use this information for payment through mobile here. wallets. Operating System’s access also plays a key role in  Awareness about the new updated security protecting the application from the invaders. Attackers systems point out the sensitive data available within our device and  Usage of unauthorized public hotspots should be may spoof the application. avoided  Always update the application in the mobile device Phishing attack: Phishing is a simple means to trap the user in order to keep the device updated and secured to reveal original information incorporated within a mobile  Usage of strong passwords and remote lock device and then carry out attacks.  Inculcation of security with the validation of biometric data Interception: The access to the root may be obtained at  Uninstall rogue application from the mobile device times by downloading the malware which seems to be once identified 1765 IJSTR©2019 www.ijstr.org INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 8, ISSUE 10, OCTOBER 2019 ISSN 2277-8616

 White-box cryptography is recommended 5.3. Scope for development  Keep the point of sale (POS) software up-to-date  During the transaction through the mobile wallet,  Deploy strong firewalls and restrict unauthorized the session during the time lapse to receive the access to POS OTP in the wallets should be secure in order to  Patching may be done between the hardware and guarantee the payment channel and payment software component of POI terminal mode secure.  Ensure high security standards for payment  The legal compliance upon the mobile wallets processing systems should be made common and be used by all the  Deploy the agents for detecting malware, data organisations since this could be a problem for the leakage and fraud detection in the wallets newbie’s who enter into the market of mobile  Require certificate less signature to verify the wallet. payment process  Some of the major risk factors such as leakage of  Enforce fewer privileges and deploy anti-DoS data, undetected malware, etc may be due to (Denial of service) measures for critical servers. contactless payment option. Due to this financial breach, the market may lose many of the trusted 5. Future prospects of mobile wallets customers who opt for mobile wallets. In the long run, mobile wallets may reach their peak by the  The perception of the user should be changed in huge involvement of users, due to its user friendliness and such a way that there should be some trust in the ease of access [75]. When the sensitive information present mobile wallet which could be an alternative for the in the mobile wallet is concerned, lots of new policy payment through credit cards. adoptions are expected to arrive in place to hold the  Trust, fear, safety measures are the most prominent security mechanisms such as authentication, authorization, concern of a customer to choose a mobile wallet. integrity, confidentiality and privacy [78][79]. Some of the Many of recent surveys have plotted that the trust latest technologies which need to be reviewed and put in in mobile wallet by the customers, increase in the market will add an extra mile to the mobile wallets. fear of losing their devices and safety towards making payment through the e-wallets has to be 5.1. Unified payment interface in e-wallets re-considered. Unified payment interface (UPI) [74] is an attractive feature that enables direct transfer from user’s bank account to 6 Conclusions make payments using the e-wallet. Millions of users are E-wallet applications were very much comfortable for the currently using the e-wallet in the recent days, but they user to make transaction easily and in simple. In this paper, have its own limitations. One such featured limitation is a study on the various encryption schemes available to interoperability. The transfer of money between the sender provide security, ways to offload the computation to the and recipient was from the same bank account initially. resourceful servers, need for latest technology have been Henceforth, it was an obstacle that the transfer of money discussed in detail. The widespread concept of e-wallet has cannot be made between wallet to bank and vice versa. In been owned by too many corporate sectors with their own future, solutions to resolve interoperability through UPI flavours which had given handful of benefits. But, there along with strong security in all the e-wallets can be were enough number of security concerns to be aware of by designed. every individual in this world. The study of the various security threats breaches have been discussed and 5.2. Block chain based e-wallets narrowed down with the futuristic scope to be There is a high demand in the market for the OS based implemented and arrive at better wallets is done. With the mobile wallets including ApplePay, AndroidPay which has consideration of the challenges to be improvised, a brand gone all through the world. Despite of this, brand-oriented new flavour of e-wallet application can be designed. wallets such as Starbucks, WalmartPay are experiencing significant growth amidst the users. Alongside, the digital wallets can be used as a platform to interact on the block References chain [72-74]. Alike in digital wallet, e-wallets should also [1] Z. Qin, J. Sun, A. Wahaballa, W. Zheng, H. Xiong, be provided with a way to store, trade and handle the and Z. Qin, ‚A secure and privacy-preserving assets such as crypto currencies as they do for normal mobile wallet with outsourced verification in cloud exchange of payment. The concern of the customer towards computing,‛ Comput. Stand. Interfaces, vol. 54, no. the privacy and security on mobile wallets should subside P1, pp. 55–60, Nov. 2017. fully with the intervention of block chain technology which [2] M. Olsen, J. Hedman, and R. Vatrapu, ‚E-wallet can make transactions easier at any time, in any currency Properties,‛ in Proceedings of the 2011 10th and with any business agencies. International Conference on Mobile Business: ICMB 1766 IJSTR©2019 www.ijstr.org INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 8, ISSUE 10, OCTOBER 2019 ISSN 2277-8616

2011, 2011, pp. 158–165. Heidelberg, 2010, pp. 35–49. [3] R. Batra and N. Kalra, ‚ARE DIGITAL WALLETS [18] A. Sahai and B. Waters, ‚Fuzzy Identity-Based THE NEW CURRENCY?,‛ 2016. Encryption,‛ Springer, Berlin, Heidelberg, 2005, pp. [4] D. Shibin and G. J. W. Kathrine, ‚A comprehensive 457–473. overview on secure offloading in mobile cloud [19] H. Cheng, C. Rong, Z.-H. Tan, and Q. Zeng, Identity computing,‛ in 2017 4th International Conference based Encryption and Biometric Authentication on Electronics and Communication Systems Scheme for Secure Data Access in Cloud (ICECS), 2017, pp. 121–124. Computing, vol. 21, no. 2. Technology Exchange, [5] Y. Liao, Y. He, F. Li, and S. Zhou, ‚Analysis of a 1991. mobile payment protocol with outsourced [20] J. Bethencourt, A. Sahai, and B. Waters, ‚Ciphertext- verification in cloud server and the improvement,‛ Policy Attribute-Based Encryption,‛ in 2007 IEEE Comput. Stand. Interfaces, vol. 56, pp. 101–106, Feb. Symposium on Security and Privacy (SP ’07), 2007, 2018. pp. 321–334. [6] D. Shibin and J. W. Kathrine, ‚A Secure and Hybrid [21] K. Fan, H. Xu, L. Gao, H. Li, and Y. Yang, ‚Efficient Approach for Key Escrow Problem and to Enhance and privacy preserving access control scheme for Authentic Mobile Wallets,‛ Springer, Singapore, fog-enabled IoT,‛ Futur. Gener. Comput. Syst., vol. 2019, pp. 81–89. 99, pp. 134–142, Oct. 2019. [7] M. S. Ackerman and D. T. Davis, ‚Privacy and [22] A. Lewko and B. Waters, ‚Decentralizing Attribute- Security Issues in E-Commerce.‛ Based Encryption,‛ Springer, Berlin, Heidelberg, [8] X. Dai and J. Grundy, ‚Three Kinds of E-wallets for 2011, pp. 568–588. a NetPay Micro-Payment System,‛ Springer, Berlin, [23] J. Li, X. Huang, J. Li, X. Chen, and Y. Xiang, Heidelberg, 2004, pp. 66–77. ‚Securely Outsourcing Attribute-Based Encryption [9] E. Barker, M. Smid, D. Branstad, and S. Chokhani, with Checkability,‛ IEEE Trans. Parallel Distrib. ‚NIST Special Publication 800-130 A Framework for Syst., vol. 25, no. 8, pp. 2201–2210, Aug. 2014. Designing Cryptographic Key Management [24] F. Xhafa, J. Feng, Y. Zhang, X. Chen, and J. Li, Systems.‛ ‚Privacy-aware attribute-based PHR sharing with [10] R. Upadhyaya and A. Jain, ‚Cyber ethics and cyber user accountability in cloud computing,‛ J. crime: A deep dwelved study into legality, Supercomput., vol. 71, no. 5, pp. 1607–1619, May ransomware, underground web and bitcoin wallet,‛ 2015. in 2016 International Conference on Computing, [25] P. K. Tysowski and M. A. Hasan, ‚Hybrid Attribute- Communication and Automation (ICCCA), 2016, and Re-Encryption-Based Key Management for pp. 143–148. Secure and Scalable Mobile Applications in [11] T. Caldwell, ‚Locking down the e-wallet,‛ Comput. Clouds,‛ IEEE Trans. Cloud Comput., vol. 1, no. 2, Fraud Secur., vol. 2012, no. 4, pp. 5–8, Apr. 2012. pp. 172–186, 2013. [12] M. Olsen, J. Hedman, and R. Vatrapu, ‚e-wallet [26] L. Zhou, V. Varadharajan, and M. Hitchens, Prototypes,‛ Springer, Berlin, Heidelberg, 2011, pp. ‚Achieving Secure Role-Based Access Control on 223–236. Encrypted Data in Cloud Storage,‛ IEEE Trans. Inf. [13] M. Olsen, J. Hedman, and R. Vatrapu, ‚Designing Forensics Secur., vol. 8, no. 12, pp. 1947–1960, Dec. digital payment artifacts,‛ in Proceedings of the 2013. 14th Annual International Conference on Electronic [27] L. Sun, H. Wang, and E. Bertino, ‚Role-based access Commerce - ICEC ’12, 2012, pp. 161–168. control to outsourced data in cloud computing,‛ [14] K. Marinova, ‚MOBILE WALLET-FUNCTIONS, Proc. Twenty-Fourth Australas. Database Conf. - COMPONENTS AND ARCHITECTURE,‛ 2017. Vol. 137, pp. 119–128, 2013. [15] M. Wu, M. Wu, R. C. Miller, and G. Little, ‚Web [28] D. Kotz, R. Gray, S. Nog, D. Rus, S. Chawla, and G. wallet: Preventing phishing attacks by revealing Cybenko, ‚AGENT TCL: targeting the needs of user intentions,‛ Proc. Symp. USABLE Priv. Secur. mobile computers,‛ IEEE Internet Comput., vol. 1, (SOUPS, vol. 149, pp. 102--113, 2006. no. 4, pp. 58–67, 1997. [16] M. Roland, J. Langer, and J. Scharinger, ‚Applying [29] R. P. Goldberg, ‚Survey of virtual machine relay attacks to Google Wallet,‛ in 2013 5th research,‛ Computer (Long. Beach. Calif)., vol. 7, International Workshop on Near Field no. 6, pp. 34–45, Jun. 1974. Communication (NFC), 2013, pp. 1–6. [30] Girish and Phaneendra HD, ‚Identity-Based [17] L. Francis, G. Hancke, K. Mayes, and K. Cryptography and Comparison with traditional Markantonakis, ‚Practical NFC Peer-to-Peer Relay Public key Encryption: A Survey.‛ Attack Using Mobile Phones,‛ Springer, Berlin, [31] M. Chase, ‚Multi-authority Attribute Based

Encryption,‛ in Theory of Cryptography, Berlin, and H. S. Abdul-Kader, ‚Modern Encryption Heidelberg: Springer Berlin Heidelberg, 2007, pp. Techniques for Cloud Computing Randomness and 515–534. Performance Testing,‛ Int. Conf. Commun. Inf. [32] C.-J. Wang and J.-F. Luo, ‚A Key-policy Attribute- Technol. , pp. 800–805, 2014. based Encryption Scheme with Constant Size [45] Y. Zhang, X. Chen, J. Li, D. S. Wong, H. Li, and I. Ciphertext,‛ in 2012 Eighth International You, ‚Ensuring attribute privacy protection and fast Conference on Computational Intelligence and decryption for outsourced data security in mobile Security, 2012, pp. 447–451. cloud computing,‛ Inf. Sci. (Ny)., vol. 379, pp. 42– [33] G. Wang, Q. Liu, J. Wu, and M. Guo, ‚Hierarchical 61, Feb. 2017. attribute-based encryption and scalable user [46] S. K. Pasupuleti, S. Ramalingam, and R. Buyya, ‚An revocation for sharing data in cloud servers,‛ efficient and secure privacy-preserving approach Comput. Secur., vol. 30, no. 5, pp. 320–331, Jul. 2011. for outsourced data of resource constrained mobile [34] B. Waters, ‚Ciphertext-Policy Attribute-Based devices in cloud computing,‛ J. Netw. Comput. Encryption: An Expressive, Efficient, and Provably Appl., vol. 64, pp. 12–22, Apr. 2016. Secure Realization,‛ Springer, Berlin, Heidelberg, [47] K. Kumar, J. Liu, Y.-H. Lu, and B. Bhargava, ‚A 2011, pp. 53–70. Survey of Computation Offloading for Mobile [35] H. Deng et al., ‚Ciphertext-policy hierarchical Systems,‛ Mob. Networks Appl., vol. 18, no. 1, pp. attribute-based encryption with short ciphertexts,‛ 129–140, Feb. 2013. Inf. Sci. (Ny)., vol. 275, pp. 370–384, Aug. 2014. [48] P. Mach and Z. Becvar, ‚Mobile Edge Computing: A [36] E. Novak, ‚Security and Privacy for Ubiquitous Survey on Architecture and Computation Mobile Devices,‛ Diss. Theses, Masters Proj., Oct. Offloading,‛ IEEE Commun. Surv. Tutorials, vol. 19, 2016. no. 3, pp. 1628–1656, 2017. [37] N. Attrapadung and B. Libert, ‚Functional [49] M. Bosamia, ‚Mobile Wallet Payments Recent Encryption for Inner Product: Achieving Constant- Potential Threats and Vulnerabilities with its Size Ciphertexts with Adaptive Security or Support possible security Measures,‛ 2017. for Negation,‛ Springer, Berlin, Heidelberg, 2010, [50] L. Yang, T. Wei, F. Zhang, and J. Ma, ‚SADUS: pp. 384–402. Secure data deletion in user space for mobile [38] V. Goyal, O. Pandey, A. Sahai, and B. Waters, devices,‛ Comput. Secur., vol. 77, pp. 612–626, Aug. ‚Attribute-based encryption for fine-grained access 2018. control of encrypted data,‛ in Proceedings of the [51] S. Wessel, M. Huber, F. Stumpf, and C. Eckert, 13th ACM conference on Computer and ‚Improving mobile device security with operating communications security - CCS ’06, 2006, p. 89. system-level virtualization,‛ Comput. Secur., vol. [39] L. Cheung and C. Newport, ‚Provably secure 52, pp. 207–220, Jul. 2015. ciphertext policy ABE,‛ in Proceedings of the 14th [52] P. G. Schierz, O. Schilke, and B. W. Wirtz, ACM conference on Computer and communications ‚Understanding consumer acceptance of mobile security - CCS ’07, 2007, p. 456. payment services: An empirical analysis,‛ Electron. [40] A. Bastia, M. Parhi, B. K. Pattanayak, and M. R. Commer. Res. Appl., vol. 9, no. 3, pp. 209–216, May Patra, ‚Service Composition Using Efficient Multi- 2010. agents in Cloud Computing Environment,‛ [53] J. L. Hernandez-Ardieta, A. I. Gonzalez-Tablas, J. M. Springer, New Delhi, 2015, pp. 357–370. de Fuentes, and B. Ramos, ‚A taxonomy and survey [41] J. H. Llego, D. H. P. Singh, E. N. P. Singh, and E. of attacks on digital signatures,‛ Comput. Secur., Mamta, Multivariate Authentication and Encryption vol. 34, pp. 67–112, May 2013. Scheme for Data Privacy in IoT Healthcare [54] C. Cinar, M. Alkan, M. Dorterler, and I. Alper Monitoring, vol. 2, no. 8. 2016. Dogru, ‚A Study on Advanced Persistent Threat,‛ in [42] K. Zhao, H. Jin, D. Zou, G. Chen, and W. Dai, 2018 3rd International Conference on Computer ‚Feasibility of Deploying Biometric Encryption in Science and Engineering (UBMK), 2018, pp. 116– Mobile Cloud Computing,‛ in 2013 8th ChinaGrid 121. Annual Conference, 2013, pp. 28–33. [55] Feng, Wei, and Zheng Yan. ‚MCS-Chain: [43] H. A. Dinesha and V. K. Agrawal, ‚Multi-level Decentralized and Trustworthy Mobile authentication technique for accessing cloud Crowdsourcing Based on Blockchain.‛ Future services,‛ in 2012 International Conference on Generation Computer Systems 95 (2019): 649-666. Computing, Communication and Applications, [56] Lau, L. ‚Mobile Security: End Users Are the 2012, pp. 1–4. Weakest Link in the System.‛ Mobile Security and [44] S. El-Etriby, E. Meslhy, H. A. Abd, E. M. Mohamed, Privacy: Advances, Challenges and Future Research

Directions. Elsevier Inc., 2016. 57-66. 2016-September. Institute of Electrical and [57] Roman, Rodrigo, Javier Lopez, and Masahiro Electronics Engineers Inc., 2016. 403–408. Mambo. ‚Mobile Edge Computing, Fog et Al.: A [69] Gember, Aaron, Christopher Dragga, and Aditya Survey and Analysis of Security Threats and Akella. ‚ECOS: Leveraging Software-Defined Challenges.‛ Future Generation Computer Systems Networks to Support Mobile Application 78 (2018): 680-698. Offloading.‛ Proceedings of the eighth [58] Huang, Binbin et al. ‚Security Modeling and ACM/IEEE…i(2012): 199–210. Efficient Computation Offloading for Service [70] Wan, Xiaoyue et al. ‚Reinforcement Learning Based Workflow in Mobile Edge Computing.‛ Future Mobile Offloading for Cloud-Based Malware Generation Computer Systems 97 (2019): 755-774. Detection.‛ 2017 IEEE Global Communications [59] Xiong, Zehui et al. ‚When Mobile Blockchain Meets Conference, GLOBECOM 2017 - Proceedings. Vol. Edge Computing.‛ IEEE Communications 2018-January. Institute of Electrical and Electronics Magazine 56.8 (2018): 33–39. Engineers Inc., 2018. 1–6. [60] Ahram, Tareq et al. ‚Blockchain Technology [71] Li, Yanda et al. ‚Mobile Cloud Offloading for Innovations.‛ 2017 IEEE Technology and Malware Detections with Learning.‛ Proceedings - Engineering Management Society Conference, IEEE INFOCOM. Vol. 2015-August. Institute of TEMSCON 2017. Institute of Electrical and Electrical and Electronics Engineers Inc., 2015. 197– Electronics Engineers Inc., 2017. 137-141. 201. [61] Ichikawa, Daisuke, Makiko Kashiyama, and Taro [72] Shin, Dong Hee. ‚Towards an Understanding of the Ueno. ‚Tamper-Resistant Mobile Health Using Consumer Acceptance of Mobile Blockchain Technology.‛ JMIR mHealth and Wallet.‛ Computers in Human Behavior 25.6 (2009): uHealth 5.7 (2017): e111. 1343–1354. [62] Kosba, Ahmed et al. ‚Hawk: The Blockchain Model [73] Zhao, H, and S Muftic. ‚The Concept of Secure of Cryptography and Privacy-Preserving Smart Mobile Wallet.‛ World Congress on Internet Contracts.‛ Proceedings - 2016 IEEE Symposium on Security, WorldCIS-2011 (2011): 54–58. Security and Privacy, SP 2016. Institute of Electrical [74] Caldwell, Tracey. ‚Locking down the E- and Electronics Engineers Inc., 2016. 839–858. Wallet.‛ Computer Fraud and Security 2012.4 [63] Zyskind, Guy, Oz Nathan, and Alex Sandy (2012): 5–8. Pentland. ‚Decentralizing Privacy: Using [75] Roland, Michael, Josef Langer, and Josef Scharinger. Blockchain to Protect Personal Data.‛ Proceedings - ‚Practical Attack Scenarios on Secure Element- 2015 IEEE Security and Privacy Workshops, SPW Enabled Mobile Devices.‛ Proceedings - 4th 2015. Institute of Electrical and Electronics International Workshop on Near Field Engineers Inc., 2015. 180-184. Communication, NFC 2012. N.p., 2012. 19–24. [64] Xu, Xiwei et al. ‚The Blockchain as a Software [76] Upadhayaya, Abhay. ‚Electronic Commerce and E- Connector.‛ Proceedings - 2016 13th Working Wallet.‛ International Journal of Recent Research IEEE/IFIP Conference on Software Architecture, and Review 1 (2012): 37–41. WICSA 2016. Institute of Electrical and Electronics [77] Seetharaman, A et al. ‚Factors Influencing Engineers Inc., 2016. 182-191. Behavioural Intention to Use the Mobile Wallet in [65] Kravitz, David W., and Jason Cooper. ‚Securing Singapore.‛ Applied Economics and Business User Identity and Transactions Symbiotically: IoT Research 7.2 (2017): 116–136. Meets Blockchain.‛ GIoTS 2017 - Global Internet of [78] Aydin, Gokhan. ‚Adoption of Mobile Payment Things Summit, Proceedings. Institute of Electrical Systems: A Study on Mobile and Electronics Engineers Inc., 2017. Wallets.‛ Pressacademia 5.1 (2016): 73–73. [66] Jacob, Nigel, and Carla Brodley. ‚Offloading IDS [79] Kumar, Anup, Amit Adlakaha, and Kampan Computation to the GPU.‛ Proceedings - Annual Mukherjee. ‚The Effect of Perceived Security and Computer Security Applications Conference, Grievance Redressal on Continuance Intention to ACSAC. N.p., 2006. 371–380. Use M-Wallets in a Developing [67] Saab, Salwa Adriana et al. ‚Partial Mobile Country.‛ International Journal of Bank Application Offloading to the Cloud for Energy- Marketing 36.7 (2018): 1170–1189. Efficiency with Security Measures.‛ Sustainable Computing: Informatics and Systems 8 (2015): 38– 46. [68] Xiao, Liang et al. ‚Mobile Offloading Game against Smart Attacks.‛ Proceedings - IEEE INFOCOM. Vol.