The Design of E-Traveler’s Check with Efficiency and Mutual Authentication Chair Professor Chin-Chen Chang Feng Chia University National Chung Cheng University National Tsing Hua University http://msn.iecs.fcu.edu.tw/~ccc

Outline Introduction Proposed scheme Discussions Conclusions

Introduction (1/5) Why do we need the traveler’s check？ Some risks in abroad travel Case 1 Freeze! Give me some money or costly goods. Don’t kill me! I give you all my own money. traveler robber

Introduction (2/5) Case 2 Where is my wallet? Shopping shop Walk fast traveler traveler traveler wallet

Introduction (3/5) Malicious guys may forge people’s credit cards I want to buy some goods. OK! Thank you. Forgery credit card Malicious man Sales man We need traveler’s check to mitigate possible risks

Introduction (4/5) Traditional traveler’s check Deposit equivalent payment to bank issuing checks Need to sign the traveler’s check and show their passport to the bank

Introduction (5/5) Two problems Forging the traveler’s check or the passport Impersonating the legal check holder

Proposed scheme (1/7) Low computations Mutual authentication

Proposed scheme (2/7) Registration Phase money Bank Traveler (User) (The check center) E-traveler’s check

Proposed scheme (3/7) Payment Phase E-traveler’s check Traveler (User) communicate Traveler (User) Bank (The check center) Hotel (The e-traveler’s check organization) cash

Proposed scheme (4/7) Notations IDi：identity of user i IDcc：identity of check center IDeco：identity of e-traveler’s check organization PWi：password of user i MONi：total money in the e-traveler’s check CASi：the cash that the user wants to cash the e-traveler’s check K1：the shared key between user and check center K2： the shared key between check center and e-traveler’s check organization T：timestamp EK：symmetric encryption with the secret key K

Proposed scheme (5/7) User bank Registration Phase Smart card Secure channel

Proposed scheme (6/7) Payment Phase Database User hotel bank

Proposed scheme (7/7) Payment Phase Database hotel bank User

Discussions (1/2) Requirements: The e-traveler’s check must have a unique identity The e-traveler’s check can only be generated by the check-issuing bank or the authorized organization with the applicant Only the legal check holder can have the e-traveler’s check cashed The check-issuing bank, the check-cashing organization, and the e-traveler’s check holder can authenticate one another

The e-traveler check organization Chang and Chang’s scheme* Discussions (2/2) Ui The e-traveler check organization (e.g. hotel) The check center (e.g. bank) Chang and Chang’s scheme* Our scheme EPK( ) ：the public key encryption with PK Π：the multi-multiplication operation H( ) ：one-way hash function EK( ) ：the symmetric encryption with secret key K ⊕：XOR *: Chang, Y. F. and Chang, C. C., “E-traveler’s Checks with Reciprocal Authentication,” Journal of Electronic Commerce Research, Vol. 5, No. 2, pp. 128-135, 2004.

Conclusions Simple and efficient Mutual authentication