Practical E-Payment Scheme

Slides:

Advertisements

Similar presentations

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

Advertisements

Digital Cash Mehdi Bazargan Fall 2004.

CSC 774 Advanced Network Security

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

PAYWORD, MICROMINT -TWO MICROPAYMENT SCHEMES PROJECT OF CS 265 SPRING, 2004 WRITTEN BY JIAN DAI.

Computer Science Dr. Peng NingCSC 774 Advanced Network Security1 Topic 3.2: Micro Payments.

1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.

Copyright 1996 RSA Data Security, Inc. All rights reserved.Revised 1/1/96 PayWord and MicroMint: Two Simple MicroPayment Schemes Ronald L. Rivest (MIT)

Slide 1 Vitaly Shmatikov CS 378 Digital Cash. slide 2 Digital Cash: Properties uDigital “payment message” with properties of cash uUnforgeable Users cannot.

Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.

Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

Micro-Payment Protocols and Systems Speaker: Jerry Gao Ph.D. San Jose State University URL:

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

1 A practical off-line digital money system with partially blind signatures based on the discrete logarithm problem From: IEICE TRANS. FUNDAMENTALS, VOL.E83-A,No.1.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 4 Data Authentication Part II.

Computer Science Public Key Management Lecture 5.

Lecture 8 Digital Signatures. This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature.

An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal.

Topic 22: Digital Schemes (2)

Micropayments Revisited Background for Peppercoin scheme By Willer Travassos.

Authors:Weimin Lang, Zongkai Yang, Gan Liu, Wenqing Cheng and Yunmeng Tan Source:Ninth International Symposium on Computers and Communications 2004, Proceedings.

Authors:Ching-Nung Yang and Hsu-Tun Teng Source:IEEE International Conference on E- Commerce, 2003(CEC 2003), June 2003, Pages: 45 – 48 Date:2005/01/20.

Information Security -- Part II Public-Key Encryption and Hash Functions Frank Yeong-Sung Lin Information Management Department National Taiwan University.

Cryptography and Network Security (CS435) Part Eight (Key Management)

MSRC: (M)icropayment (S)cheme with Ability to (R)eturn (C)hanges Source: Journal of Information Science and Engineering in review Presenter: Tsuei-Hung.

Yu-Li Lin and Chien-Lung Hsu Department of Information Management, Chang-Gung University Information Science(SCI) Reporter: Tzer-Long Chen.

PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.

Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.

1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,

Prepared by Dr. Lamiaa Elshenawy

A new provably secure certificateless short signature scheme Authors: K.Y. Choi, J.H. Park, D.H. Lee Source: Comput. Math. Appl. (IF:1.472) Vol. 61, 2011,

A Simple Traceable Pseudonym Certificate System for RSA-based PKI SCGroup Jinhae Kim.

Key Management Network Systems Security Mort Anvari.

Secure untraceable off-line electronic cash system Sharif University of Technology Scientia Iranica Volume 20, Issue 3, Pp. 637–646, June 2013 Baseri,

1 An Ordered Multi-Proxy Multi-Signature Scheme Authors: Min-Shiang Hwang, Shiang-Feng Tzeng, Shu-Fen Chiou Speaker: Shu-Fen Chiou.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

COM 5336 Lecture 8 Digital Signatures

TOMIN: Trustworthy Mobile Cash with Expiration-date Attached Author: Rafael Martínez-Peláez and Francisco Rico-Novella. Source: Journal of Software, 2010,

Certificateless Threshold Ring Signature Source: Information Sciences 179(2009) Author: Shuang Chang, Duncan S. Wong, Yi Mu, Zhenfeng Zhang Presenter:

Cryptography and Network Security Chapter 13

A Secure Authentication Scheme with Anonymity for Wireless Communications IEEE COMMUNICATIONS LETTERS, VOL. 12, NO. 10, OCTOBER 2008 Chia-Chun Wu, Wei-Bin.

Elliptic Curve Public Key Cryptography Why ? ● ECC offers greater security for a given key size. ● The smaller key size also makes possible much more compact.

KNAPSACK公開金鑰密碼學 Algorithms FINITE DEFINITENESS INPUT/OUTPUT GENERALITY

Theft-protected Proprietary Certificates

Source: The Journal of Systems and Software, Vol. 73, 2004, pp.507–514

An Introduction to Pairing Based Cryptography

Key Substitution Attacks on Some Provably Secure Signature Schemes

Author : Guilin Wang Source : Information Processing Letters

第四章數位簽章.

第四章數位簽章.

Cryptanalysis on Mu–Varadharajan's e-voting schemes

A secure and traceable E-DRM system based on mobile device

Certificateless signature revisited

CS480 Cryptography and Information Security

Public Key Encryption and Digital Signatures

Efficient Anonymous Cash Using the Hash Chain Member:劉岱穎，吳展奇，林智揚

IEEE TRANSACTIONS ON INFORMATION THEORY, JULY 1985

Identity-based deniable authentication protocol

A flexible date-attachment scheme on e-cash

Chair Professor Chin-Chen Chang Feng Chia University

An Introduction to Pairing Based Cryptography

Efficient CRT-Based RSA Cryptosystems

The Application of Elliptic Curves Cryptography in Embedded Systems

Key Management Network Systems Security

Date:2011/09/28 報告人：向峻霈出處: Ren-Chiun Wang Wen-Shenq Juang

Introduction to Cryptography

LAB 3: Digital Signature

Presentation transcript:

Practical E-Payment Scheme Author: Mohammad Al-Fayoumi, Sattar Aboud, and Mustafa Al-Fayoumi. Source: International Journal of Computer Science Issues, 2010, Vol. 7, No. 3, pp.18-23. Presenter: Tsuei-Hung Sun (孫翠鴻) Date: 2010/12/17

Outline Introduction Motivation Scheme Security Analysis Performance Evaluation Advantage vs. Weakness Comment

Introduction PayWord Protocol Credit-base Off-line scheme R. Rivest, A. Shamir, 1996, “PayWord and MicroMint: two simple micropayment schemes,” Proceedings of the International Workshop on Security Protocols, LNCS Vol. 1189, pp. 69-87. Introduction PayWord Protocol Credit-base Off-line scheme Using RSA public key cryptography and hash chain. Decreasing the number of on-line connections between Bank and Merchant. 因為他不是每筆交易完就去跟Bank換錢,而是在一天交易結束後,直接拿最後一次更新的 Index payword去換,所已Customer 跟 Merchant 之間的交易並不需要每次都到Bank在回來,才完成交易 seed 的是代表全部的 random number xi, i=1,…,n 滿足 xi = h(xi+1) root: x0

PayWord Protocol Customer Bank Merchant MU = (IDM,CU,w0, EC,IM)PVU (PKU,PVU) Generates hash chain = (w0, w1, …, wn) wi = h(wi+1), i = n-1, n-2, …, 0 MU = (IDM,CU,w0, EC,IM)PVU CU = (IDB,IDU,AU,PKU,EU,IU)PVB P = (wi,i) Payword chain 是由 Customer 產生的 IU: certificate serial number, credit limits to be applied per vendor, information on how to contact the broker, broker/vendor terms and conditions Bank (PKB,PVB) Merchant MU,P = (wi,i) CU: Customer‘s certificate published by the Bank. IDB: Bank’s ID. IDU: Customer’s ID. AU: Customer’s delivery address. EU: Expiration date. IU: Other information about Customer. MU: Customer’s commitment for Merchant. IDM: Merchant identity. W0: Root of payword chain. EC: Present date. IM: Merchant’s information.

Motivation Each payword chain is spent only to a specific Merchant. Customer need to generate hash chain as many as the number of merchants he want to trade with. Not providing anonymity for Customer. Proposing a new blind signature scheme using discrete logarithm problem. 因為每個Payword chain 都是有指定廠商使用的,所跟幾個廠商交易就要有幾個 payword chain,並且記錄最後一個index

Scheme Bank Customer Select 1. prime integer p and generator g 2. private key d, 1 < d < p-2 3. random integer z < p-2 Select random integer v and u. Compute y = gd mod p e, f Publish (y,g,p) and keep d in secret. z Pick a random integer c. Find a Find a-1, j Verify Signature (e,w,x) e: represents an upper limit of cash that the user can use.

Security Analysis Forgery Detection Short public key attack It is almost unfeasible to forge Customer’s payment without knowing Bank’s private key d. It is computationally intractable to obtain Bank’s private key without solving the discrete logarithm problem. Short public key attack Every signature is being randomized by certain random numbers. 所以attack沒辦法偽造Customer的簽章

Performance Evaluation Table 1: Computations of efficacy in blinding scheme Protocol Name Blinding Scheme The pay-word protocol 5Th + 9Ta + 5Tm Proposed protocol 4Th + 8Ta + 4Tm Th: Calculation time for hash function operation Ta: Calculation time for addition in modular multiplication Tm: Calculation time for multiplication modular exponentiation

Advantage vs. Weakness Advantage Weakness More efficient than the payword protocol. It is fast to verify the signature. Guarantee the payment is untraceable. Weakness Using discrete logarithm is still takes more computing time. More complex than the payword protocol. 可能會造成顧客的負擔，因為顧客的計算量很多

Comment The payword chain is generated by Customer. The cash can be verified with both Bank’s and Customer’s information. The scheme only reduce a little computing time but it bring more parameters and step than the payword protocol. The offline payword protocol bring fewer cost then online one. 所以銀行只需要做盲簽章就行了，不用在去弄hash chain 因為離線方式商家只需一天一次全不提交給銀行去兌現，不像上線需一直重複的驗證並贖回