Financial transaction through smart mobile devices is an attractive feature in today's modern wireless network era. Despite having various advantages, privacy and security are always challenging in such services. A novel hybrid security scheme based on physical layer signature and cryptography has been proposed to provide a secured authentication scheme preserving user's privacy, for the application of mobile payments. This scheme provides two levels of authentication, privacy preserving location authentication and device authentication. User's privacy is preserved by encrypting the identity of the user by physical layer encryption based on user's location. Physical layer signatures such as channel state information and carrier frequency offset are used for physical layer encryption. In conventional techniques, Media Access Control (MAC) address is used for initial authentication and they are shared without encryption. In this proposed technique, MAC is encrypted using the secret key derived from physical layer signatures using Singular Value Decomposition (SVD) to preserve privacy. Since secret key, generated using SVD, is location specific and varies with respect to the location, it is used for the location authentication. User authentication, required for mobile payment, is realised using asymmetric key cryptography technique. Since, physical layer security is used for privacy preserving location authentication in addition to the conventional cryptographic methods, the proposed method provides significant improvement in the security. The performance of the proposed method has been analysed in terms of information leakage to adversary, bit error rate performance, and transaction time in comparison with existing method which uses cryptography and provides only device authentication for mobile payment. The proposed technique gives better performance than existing technique in terms of privacy and authentication for mobile payment.
