IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2004 -

Slides:

Advertisements

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Advertisements

Internet payment systems

Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Cash Mehdi Bazargan Fall 2004.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

1 fairCASH: Concepts and Framework Yen Choon Ching Institute of Computer Science, University of Kiel, Germany Ver Sept 2008.

Recoverable and Untraceable E-Cash Dr. Joseph K. Liu The Chinese University of HongKong.

Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.

Public Key Management and X.509 Certificates

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.

ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 11 Electronic Cash.

Slide 1 Vitaly Shmatikov CS 378 Digital Cash. slide 2 Digital Cash: Properties uDigital “payment message” with properties of cash uUnforgeable Users cannot.

Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

FIT3105 Smart card based authentication and identity management Lecture 4.

Proactive Secure Mobile Digital Signatures Work in progress. Ivan Damgård and Gert Læssøe Mikkelsen University of Aarhus.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

Digital Cash Damodar Nagapuram. Overview ► Monetary Freedom ► Digital Cash and its importance ► Achieving Digital Cash ► Disadvantages with digital cash.

1 A practical off-line digital money system with partially blind signatures based on the discrete logarithm problem From: IEICE TRANS. FUNDAMENTALS, VOL.E83-A,No.1.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

Module 8 – Anonymous Digital Cash Blind Signatures DigiCash coins.

ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS eCommerce Technology Lecture 9 Micropayments I.

“Electronic Payment System”

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

E-Money / Digital Cash Lin Huang. Money / Digital Cash What is Money –Coins, Bill – can’t exist on two places at one time –Bearer bonds: immediate cashable.

Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.

IHP Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt (Oder) Germany ©

EPS (Electronic payment system) is an online business process used for fund transfer using electronic means, i.e  Personal computers  services  Mobile.

Strong Cryptographic Infrastructure and its Applications Dr Lucas Hui Center for Information Security & Cryptography Department of Computer Science & Information.

Chapter 10: Authentication Guide to Computer Network Security.

Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

Secure Electronic Transaction (SET)

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Ad Hoc Networks Curtis Bolser Miguel Turner Kiel Murray.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Lecture 8 e-money. Today Secure Electronic Transaction (SET) CyberCash On line payment system using e-money ECash NetCash MilliCent CyberCoin.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Topic 22: Digital Schemes (2)

Chapter 18: Doing Business on the Internet Business Data Communications, 4e.

Chapter 18: Doing Business on the Internet Business Data Communications, 4e.

Clemente-Cuervo et al. A PDA Implementation of an Off-line e-Cash Protocol.

Digital Cash. p2. OUTLINE  Properties  Scheme  Initialization  Creating a Coin  Spending the Coin  Depositing the Coin  Fraud Control  Anonymity.

ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST

IHP Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt (Oder) Germany ©

Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme

IHP Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt (Oder) Germany ©

Security fundamentals Topic 5 Using a Public Key Infrastructure.

A Simple Traceable Pseudonym Certificate System for RSA-based PKI SCGroup Jinhae Kim.

Electronic Cash R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.

King Mongkut’s University of Technology Network Security 8. Password Authentication Methods Prof. Reuven Aviv, Jan Password Authentication1.

Electronic Payment Systems Presented by Rufus Knight Veronica Ogle Chris Sullivan As eCommerce grows, so does our need to understand current methods of.

Secure untraceable off-line electronic cash system Sharif University of Technology Scientia Iranica Volume 20, Issue 3, Pp. 637–646, June 2013 Baseri,

SPEAKER: HONG-JI WEI DATE: Efficient and Secure Anonymous Authentication Scheme with Roaming Used in Mobile Networks.

BZUPAGES.COM E-cash Payment System A company, DigiCash, has pioneered the use of electronic cash or e-cash. Anonymity of the buyer is the key feature of.

TOMIN: Trustworthy Mobile Cash with Expiration-date Attached Author: Rafael Martínez-Peláez and Francisco Rico-Novella. Source: Journal of Software, 2010,

多媒體網路安全實驗室 Private Information Retrieval Scheme Combined with E- Payment in Querying Valuable Information Date： Reporter: Chien-Wen Huang 出處:

IHP Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt (Oder) Germany ©

Content Introduction History What is Digital Signature Why Digital Signature Basic Requirements How the Technology Works Approaches.

 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.

1 E-cash Model Ecash Bank Client Wallet Merchant Software stores coins makes payments accepts payments Goods, Receipt Pay coins sells items accepts payments.

 Introduction  History  What is Digital Signature  Why Digital Signature  Basic Requirements  How the Technology Works  Approaches.

Presentation transcript:

IHP Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt (Oder) Germany © All rights reserved MONETA: An Anonymity Providing Lightweight Payment System for Mobile Devices Krzysztof Piotrowski, Peter Langendörfer, Damian Kulikowski

IHP Im Technologiepark Frankfurt (Oder) Germany © All rights reserved Outline Motivation System characteristics System overview Protocol Conclusions

IHP Im Technologiepark Frankfurt (Oder) Germany © All rights reserved Motivation Design an e-cash system with the following features: Anonymous Lightweight Secure for all parties Off-line Impossible to provide all these features together in a full range – compromise needed.

IHP Im Technologiepark Frankfurt (Oder) Germany © All rights reserved System characteristics Only one type of indivisible coin one cent coin Limited anonymity based on pseudonyms revocable in case of double spending Coin created completely by the user and signed in blind Chaum blind signature Eavesdropping proof / Money theft proof Straight money path BANK  USER  SERVICE  BANK Limited transferability USER_1  BANK  USER_2 Off-line

IHP Im Technologiepark Frankfurt (Oder) Germany © All rights reserved Lightweight Combined asymmetric security architecture makes our system lightweight and provides a high level of security. Identity revealing approach based on ECC to reduce effort. ECC priv. ECC pub. RSA pub. RSA priv. ECC priv. RSA pub. ECC pub. RSA priv. CLIENT INFRASTRUCTURE + ECC key pair RSA key pair

IHP Im Technologiepark Frankfurt (Oder) Germany © All rights reserved Parties of the system MONETA Certificate Authority - the trusted party - acts as a judge in case of problems - registers clients (users) and service providers (services) Bank - allowed to issue e-cash tokens Client - generates the money flow (the most important party) - withdraws money from the bank and uses it to pay the service Service Provider - supplies the client with services (goods) and get paid for it

IHP Im Technologiepark Frankfurt (Oder) Germany © All rights reserved User’s identities ANR - Account number in the bank - identifies each bank user - assigned by the bank while creating the account - links directly to user’s real life identity UID - User ID in the system - identifies each system user - obtained from MCA during registration - kind of pseudonym - can be changed from time to time To prevent money tracking it is important to keep these two identities impossible to link.

IHP Im Technologiepark Frankfurt (Oder) Germany © All rights reserved Hidden identity – creation To provide revocable anonymity we use the hidden identity approach: The bank chooses an elliptic curve (EC) and a point P on this curve The bank reveals this information to all interested parties The user chooses three random numbers s, b 1 and b 2 for each coin Calculates four EC points (A, B, C and D) A = (ANR s) * P, B = b 1 * P, C = s * P, D = b 2 * P These points form the hidden identity data The user stores numbers s, b 1 and b 2 along with the coin.

IHP Im Technologiepark Frankfurt (Oder) Germany © All rights reserved Hidden identity – verification During the payment the service challenges the user with a number x The user responds with a pair of values calculated as follows: f(x) = ANR s x + b 1 g(x) = s x + b 2 The service verifies client’s response: f(x) * P = A * x + B g(x) * P = C * x + D The service stores the response and uses it during the refund procedure

IHP Im Technologiepark Frankfurt (Oder) Germany © All rights reserved Hidden identity – double spending detection If bank received one coin more than once it can calculate the spender’s ANR using responses it got from services: f(x 1 ), g(x 1 ) - first response pair f(x 2 ), g(x 2 ) - second response pair f(x 1 ) - f(x 2 ) ANR = g(x 1 ) - g(x 2 ) If the responses are equal then this calculation does not work, but this means that the service tried to refund one coin twice.

IHP Im Technologiepark Frankfurt (Oder) Germany © All rights reserved The structure of the coin BankID A, B, C and D DATE HashUID SIGNATURE BankID - identifies the bank that issued the coin A, B, C and D - hidden identity data (four EC points) DATE - the creation date of the coin HashUID - hash value of UID, DATE and points A, B, C and D SIGNATURE - the issuer’s signature

IHP Im Technologiepark Frankfurt (Oder) Germany © All rights reserved The protocol 1. Withdrawal 2. Payment 3. Service refund 4. Client refund

IHP Im Technologiepark Frankfurt (Oder) Germany © All rights reserved Mutual authentication Performed before each part of the protocol Based on exchange of certain information: Withdrawal Client - PIN Bank - Account’s SECRET Payment Client and service prove their ownership of the certificate Refund Client or service - PIN Bank - Account’s SECRET

IHP Im Technologiepark Frankfurt (Oder) Germany © All rights reserved Withdrawal BANK MESSAGE CLIENT AMOUNT_ACK Hc_SEND NEM_ERR ? EXCEPTION HANDLING DOES THE USER HAVE ENOUGH MONEY ON THE ACCOUNT ? Y N ? Y N ARE THE SIGNATURES (COINS) OK? AMOUNT_ SEND (AMOUNT) (AMOUNT of Hc’) SIG_SEND FROM AUTHENTICATION TERMINATE CONNECTION WD_DONE SIG_ERR (AMOUNT of SIG’) CREATE AMOUNT OF COINS, FOR EACH: - CHOOSE s, b 1 and b 2, - CALCULATE POINTS, - HASH_ID = H(POINTS, UID, TIME), - CALCULATE Hc = H(COIN WITHOUT SIGNATURE), - BLIND Hc: Hc’ = BLIND(Hc). UNBLIND THE SIGNATURES: SIG = UNBLIND(SIG’); CREATE COMPLETE COINS BY ADDING THE SIGNATURES; TEST THE SIGNATURES (COINS). SIGN ALL Hc’ VALUES: SIG’ = SIGN(Hc’); WITHDRAW MONEY FROM USER’S ACCOUNT (INDEXES)

IHP Im Technologiepark Frankfurt (Oder) Germany © All rights reserved Payment SERVICE MESSAGE CLIENT CHALL_SEND RES_INFO RES_SEND COIN_INFO COIN_SEND ? (CHALLENGE) COIN ACCEPTED? CALCULATE RESPONSE: RESf = f(CHALLENGE), RESg = g(CHALLENGE) (RESf, RESg) EXCEPTION HANDLING Y N (RECEIPT) CHOOSE CHALLENGE MOVE COIN FROM WALLET TO BUFFER_WALLET (COIN) ? Y N USER AND COIN VALID? UPDATE STATUS (STATUS) ? Y N RESPONSE OK? UPDATE STATUS PUT COIN INTO BUFFER_WALLET DECREASE PRICE ? RESPONSE ACCEPTED? DECREASE PRICE EXCEPTION HANDLING Y N ? Y N PRICE == 0 ? FROM AUTHENTICATION PAY_DONE TRANSFER_DONE REMOVE COINS FROM BUFFER_WALLET MOVE COINS FROM BUFFER_WALLET TO WALLET TERMINATE CONNECTION (GOODS) (RECEIPT)

IHP Im Technologiepark Frankfurt (Oder) Germany © All rights reserved Refund Similar to payment - client refund the bank sends a challenge - client responds - service refund the service sends all data collected during payment procedure

IHP Im Technologiepark Frankfurt (Oder) Germany © All rights reserved Results and conclusions Significant reduction of computational effort on the client side With the factor in range between 2 and 5+ Pure software solution - no hardware observers needed Suitable for any network electronic commerce purpose Implemented in Java Payment module for our location aware middleware PLASMA Potential improvements: Diverse values Divisibility Coin size reduction Enhanced certificate management

IHP Im Technologiepark Frankfurt (Oder) Germany © All rights reserved The End THANK YOU FOR YOUR ATTENTION