Formally analyzed m-coupon protocol with confirmation code (MCWCC)


Yildirim K., Dalkilic G., DURU N.

TURKISH JOURNAL OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCES, vol.27, no.1, pp.484-498, 2019 (SCI-Expanded) identifier identifier

Abstract

There are many marketing methods used to attract customers' attention and customers search for special discounts and conduct research to get products cheaper. Using discount coupons is one of the widely used methods for obtaining discounts. With the development of technology, classical paper-based discount coupons become e-coupons and then turn into mobile coupons (m-coupons). It is inevitable that retailers will use m-coupon technology to attract customers while mobile devices are used in daily life. As a result, m-coupon technology is a promising technology. One of the significant problems with using m-coupons is security. Here it is necessary to ensure the safety of the seller's and retailer's data and to prevent unnecessary loss of income. In this study, a new m-coupon protocol is proposed and analyzed against well-known attacks: impersonation, man-in-the-middle, eavesdropping, replay, data modification, unauthorized coupon copying/generation, and multiple cash-in attacks. Then, to show that both the client and the retailer's data are at the highest level of security, the protocol is subjected to security analysis with a powerful protocol analysis tool, Scyther. Thus, the proposed protocol is proved to meet all safety criteria. To the best of our knowledge, this protocol is the first m-coupon protocol for which formal security analysis is conducted by the protocol's developers.