Presentation is loading. Please wait.

Presentation is loading. Please wait.

IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2004 -

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2004 -"— Presentation transcript:

1 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2004 - All rights reserved MONETA: An Anonymity Providing Lightweight Payment System for Mobile Devices Krzysztof Piotrowski, Peter Langendörfer, Damian Kulikowski

2 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2004 - All rights reserved Outline Motivation System characteristics System overview Protocol Conclusions

3 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2004 - All rights reserved Motivation Design an e-cash system with the following features: Anonymous Lightweight Secure for all parties Off-line Impossible to provide all these features together in a full range – compromise needed.

4 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2004 - All rights reserved System characteristics Only one type of indivisible coin one cent coin Limited anonymity based on pseudonyms revocable in case of double spending Coin created completely by the user and signed in blind Chaum blind signature Eavesdropping proof / Money theft proof Straight money path BANK  USER  SERVICE  BANK Limited transferability USER_1  BANK  USER_2 Off-line

5 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2004 - All rights reserved Lightweight Combined asymmetric security architecture makes our system lightweight and provides a high level of security. Identity revealing approach based on ECC to reduce effort. ECC priv. ECC pub. RSA pub. RSA priv. ECC priv. RSA pub. ECC pub. RSA priv. CLIENT INFRASTRUCTURE + ECC key pair RSA key pair

6 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2004 - All rights reserved Parties of the system MONETA Certificate Authority - the trusted party - acts as a judge in case of problems - registers clients (users) and service providers (services) Bank - allowed to issue e-cash tokens Client - generates the money flow (the most important party) - withdraws money from the bank and uses it to pay the service Service Provider - supplies the client with services (goods) and get paid for it

7 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2004 - All rights reserved User’s identities ANR - Account number in the bank - identifies each bank user - assigned by the bank while creating the account - links directly to user’s real life identity UID - User ID in the system - identifies each system user - obtained from MCA during registration - kind of pseudonym - can be changed from time to time To prevent money tracking it is important to keep these two identities impossible to link.

8 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2004 - All rights reserved Hidden identity – creation To provide revocable anonymity we use the hidden identity approach: The bank chooses an elliptic curve (EC) and a point P on this curve The bank reveals this information to all interested parties The user chooses three random numbers s, b 1 and b 2 for each coin Calculates four EC points (A, B, C and D) A = (ANR s) * P, B = b 1 * P, C = s * P, D = b 2 * P These points form the hidden identity data The user stores numbers s, b 1 and b 2 along with the coin.

9 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2004 - All rights reserved Hidden identity – verification During the payment the service challenges the user with a number x The user responds with a pair of values calculated as follows: f(x) = ANR s x + b 1 g(x) = s x + b 2 The service verifies client’s response: f(x) * P = A * x + B g(x) * P = C * x + D The service stores the response and uses it during the refund procedure

10 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2004 - All rights reserved Hidden identity – double spending detection If bank received one coin more than once it can calculate the spender’s ANR using responses it got from services: f(x 1 ), g(x 1 ) - first response pair f(x 2 ), g(x 2 ) - second response pair f(x 1 ) - f(x 2 ) ANR = g(x 1 ) - g(x 2 ) If the responses are equal then this calculation does not work, but this means that the service tried to refund one coin twice.

11 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2004 - All rights reserved The structure of the coin BankID A, B, C and D DATE HashUID SIGNATURE BankID - identifies the bank that issued the coin A, B, C and D - hidden identity data (four EC points) DATE - the creation date of the coin HashUID - hash value of UID, DATE and points A, B, C and D SIGNATURE - the issuer’s signature

12 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2004 - All rights reserved The protocol 1. Withdrawal 2. Payment 3. Service refund 4. Client refund

13 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2004 - All rights reserved Mutual authentication Performed before each part of the protocol Based on exchange of certain information: Withdrawal Client - PIN Bank - Account’s SECRET Payment Client and service prove their ownership of the certificate Refund Client or service - PIN Bank - Account’s SECRET

14 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2004 - All rights reserved Withdrawal BANK MESSAGE CLIENT AMOUNT_ACK Hc_SEND NEM_ERR ? EXCEPTION HANDLING DOES THE USER HAVE ENOUGH MONEY ON THE ACCOUNT ? Y N ? Y N ARE THE SIGNATURES (COINS) OK? AMOUNT_ SEND (AMOUNT) (AMOUNT of Hc’) SIG_SEND FROM AUTHENTICATION TERMINATE CONNECTION WD_DONE SIG_ERR (AMOUNT of SIG’) CREATE AMOUNT OF COINS, FOR EACH: - CHOOSE s, b 1 and b 2, - CALCULATE POINTS, - HASH_ID = H(POINTS, UID, TIME), - CALCULATE Hc = H(COIN WITHOUT SIGNATURE), - BLIND Hc: Hc’ = BLIND(Hc). UNBLIND THE SIGNATURES: SIG = UNBLIND(SIG’); CREATE COMPLETE COINS BY ADDING THE SIGNATURES; TEST THE SIGNATURES (COINS). SIGN ALL Hc’ VALUES: SIG’ = SIGN(Hc’); WITHDRAW MONEY FROM USER’S ACCOUNT (INDEXES)

15 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2004 - All rights reserved Payment SERVICE MESSAGE CLIENT CHALL_SEND RES_INFO RES_SEND COIN_INFO COIN_SEND ? (CHALLENGE) COIN ACCEPTED? CALCULATE RESPONSE: RESf = f(CHALLENGE), RESg = g(CHALLENGE) (RESf, RESg) EXCEPTION HANDLING Y N (RECEIPT) CHOOSE CHALLENGE MOVE COIN FROM WALLET TO BUFFER_WALLET (COIN) ? Y N USER AND COIN VALID? UPDATE STATUS (STATUS) ? Y N RESPONSE OK? UPDATE STATUS PUT COIN INTO BUFFER_WALLET DECREASE PRICE ? RESPONSE ACCEPTED? DECREASE PRICE EXCEPTION HANDLING Y N ? Y N PRICE == 0 ? FROM AUTHENTICATION PAY_DONE TRANSFER_DONE REMOVE COINS FROM BUFFER_WALLET MOVE COINS FROM BUFFER_WALLET TO WALLET TERMINATE CONNECTION (GOODS) (RECEIPT)

16 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2004 - All rights reserved Refund Similar to payment - client refund the bank sends a challenge - client responds - service refund the service sends all data collected during payment procedure

17 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2004 - All rights reserved Results and conclusions Significant reduction of computational effort on the client side With the factor in range between 2 and 5+ Pure software solution - no hardware observers needed Suitable for any network electronic commerce purpose Implemented in Java Payment module for our location aware middleware PLASMA Potential improvements: Diverse values Divisibility Coin size reduction Enhanced certificate management

18 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2004 - All rights reserved The End THANK YOU FOR YOUR ATTENTION

Download ppt "IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2004 -"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Internet payment systems

Internet payment systems
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Digital Cash Mehdi Bazargan Fall 2004.

Digital Cash Mehdi Bazargan Fall 2004.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
1 fairCASH: Concepts and Framework Yen Choon Ching Institute of Computer Science, University of Kiel, Germany Ver 3.1 15 Sept 2008.

1 fairCASH: Concepts and Framework Yen Choon Ching Institute of Computer Science, University of Kiel, Germany Ver Sept 2008.
Recoverable and Untraceable E-Cash Dr. Joseph K. Liu The Chinese University of HongKong.

Recoverable and Untraceable E-Cash Dr. Joseph K. Liu The Chinese University of HongKong.
Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.

Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.

Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.
20-763 ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 11 Electronic Cash.

ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 11 Electronic Cash.
Slide 1 Vitaly Shmatikov CS 378 Digital Cash. slide 2 Digital Cash: Properties uDigital “payment message” with properties of cash uUnforgeable Users cannot.

Slide 1 Vitaly Shmatikov CS 378 Digital Cash. slide 2 Digital Cash: Properties uDigital “payment message” with properties of cash uUnforgeable Users cannot.
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.

Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Proactive Secure Mobile Digital Signatures Work in progress. Ivan Damgård and Gert Læssøe Mikkelsen University of Aarhus.

Proactive Secure Mobile Digital Signatures Work in progress. Ivan Damgård and Gert Læssøe Mikkelsen University of Aarhus.

Similar presentations

Ads by Google