Presentation is loading. Please wait.

Presentation is loading. Please wait.

MSRC: (M)icropayment (S)cheme with Ability to (R)eturn (C)hanges Source: Journal of Information Science and Engineering in review Presenter: Tsuei-Hung.

Published byThomasina Weaver Modified over 8 years ago

Similar presentations

Presentation on theme: "MSRC: (M)icropayment (S)cheme with Ability to (R)eturn (C)hanges Source: Journal of Information Science and Engineering in review Presenter: Tsuei-Hung."— Presentation transcript:

1 MSRC: (M)icropayment (S)cheme with Ability to (R)eturn (C)hanges Source: Journal of Information Science and Engineering in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/11/26

2 2 Outline  Introduction  Motivation  Scheme  Security analysis  Comparison  Advantage vs. weakness  Comment

3 3 Introduction  Payword Credit-based Chains of hash values  Ex. A=(a 0,a 1,…,a n ) where a i = h(a i+1 ), i = n-1, n-2, …, 0.  Every chain has a face value d.  a 0 is used as an anchor for verification. PayWord Certificate R. Rivest, A. Shamir, 1996, “PayWord and MicroMint: two simple micropayment schemes,” Proceedings of the International Workshop on Security Protocols, LNCS Vol. 1189, pp. 69-87.

4 4 Introduction  Micropayment Scheme Using Single-PayWord Chain (MSSC) Only one denomination.  Micropayment Scheme Using Multi-PayWord Chains (MSMC) Multiple denomination. Combining several single-payword chains with different denomination values. Using to reduce the length of hash chain and the hash operations of verification.

5 5 Micropayment Scheme Using Single-Payword Chain (MSSC) PSR = {ID C, n, ID V } PSR: Payment-chain service request. PK: Public key. PV: Private key. ID: Identity. n: Payord chain of length. d A : Face value. a 0 : An initially anchors used to verify A-chain. Generates A = (a 0, a 1, …, a n ) satisfies a i = h(a i+1 ), i = n-1, n-2, …, 0 total money = n x d A Pay (a m, m) Replace anchor a 0 by a m. Verifies a m is legal or not. If legal, deposits (m x d A ) to Vendor’s account and store a m, If not, reject transaction. Customer (PK C, PV C,ID C ) Broker (PK B, PV B,ID B ) Vendor (PK V, PV V,ID V )

6 6 Micropayment Scheme Using Multi-Payword Chains (MSMC) PSR = {ID C,n,ID V } d A < d B A = (a 0, a 1, …, a n ), satisfies a i = h(a i+1 ), i = n-1, n-2, …, 0 B = (b 0, b 1, …, b n ), satisfies b j = h(b j+1 ), j = n-1, n-2, …, 0 Chain A total money = n x d A Chain B total money = n x d B replace anchor a 0 by a m, b 0 by b M. Verifies a m, b M are legal or not. If legal, deposits (M x d B + m x d A ) to Vendor’s account and store a m, b M. If not, reject transaction. Pay (b M, M) (a m, m) Customer (PK C, PV C,ID C ) Broker (PK B, PV B,ID B ) Vendor (PK V, PV V,ID V )

7 7 Motivation  Problems of MSMC Find the minimum hash chain in a payment. Equally spend every single chain.  This paper propose three approaches to handle above two problems and supporting the ability of returning changes.

8 8 Scheme  Three approaches methods MSRC-I: counter-mode encryption. MSRC-II: hashing function. MSRC-III: keyed hashing function.

9 9 MSRC-I: Counter-Mode Encryption (1/2) PSR = {ID C,n,r,ID V } Customer (PK C, PV C,ID C ) Broker (PK B, PV B,ID B ) Vendor (PK V, PV V,ID V ) E K : Counter-mode encryption using a secret key K. M x d B : Customer pay total money. n: Length of payment chain. r: Length of return-change chain. m x d A : Vendor return money., a i = h(a i+1 ), i = n-1, n-2, …, 0, b j = h(b j+1 ), j = n-1, n-2, …, 0

10 10 MSRC-I: Counter-Mode Encryption (2/2) Customer (PK C, PV C,ID C ) Broker (PK B, PV B,ID B ) Vendor (PK V, PV V,ID V ) Verifies a’ n+m, b M are legal or not. If legal, deposits (M x d B + m x d A ) to Vendor’ account and store a’ n+m, b M. If not, reject transaction. Return Than can get chain (a n+1,…a n+m ) and worth (m x d A ) dollars. Replace anchor b 0 by b M. Pay (b M, M)

11 11 MSRC-II: Hash Function (1/2) PSR = {ID C,n,r,ID V } Customer (PK C, PV C,ID C ) Broker (PK B, PV B,ID B ) Vendor (PK V, PV V,ID V )

12 12 Customer (PK C, PV C,ID C ) Broker (PK B, PV B,ID B ) Vendor (PK V, PV V,ID V ) Return MSRC-II: Hash Function (2/2) Than can get chain (a n+1,a’ n+1 ),…,(a n+m,a’ n+m ) and worth (m x d A ) dollars. Verifies a’ n+m, b M are legal or not. If legal, deposits (M x d B + m x d A ) to Vendor’ account and store. If not, reject transaction. Replace anchor b 0 by b M. K: secret key for keyed hash function Pay (b M, M)

13 13 MSRC-III: Keyed Hash Function (1/2) PSR = {ID C,n,r,ID V } Customer (PK C, PV C,ID C ) Broker (PK B, PV B,ID B ) Vendor (PK V, PV V,ID V ), a i = h K (a i+1 ), i = n+r-1, n+r-2, …, 0, b j = h(b j+1 ), j = n-1, n-2, …, 0

14 14 MSRC-III: Keyed Hash Function (2/2) Customer (PK C, PV C,ID C ) Broker (PK B, PV B,ID B ) Vendor (PK V, PV V,ID V ) Verifies a’ n+m+1, b M are legal or not. If legal, deposits (M x d B ) to Vendor’ account and store. If not, reject transaction. Than can get chain (a n+1,…a n+m ) and worth (m x d A ) dollars. Replace anchor b 0 by b M. Pay (b M, M) Return

15 15 Security analysis  Counterfeit attack Attacker: Returned change a' n+i and a n+i. Customer: Change a' n+i and a n+i.  Reuse attack Customer: Double spending and over-spending. Vendor: Double returning and over-returning.  Redemption attack Vendor: Anchor a i and (a i,a’ i ).

16 16 Comparison Fig. The chains of returned changes for our MSRC.

17 17 Comparison H: The operation of a hash function h(.). H’: Operation of a keyed hash function h K (.). D: Counter-mode decryption. d: Denomination. M: Vendor verifying the payment (b j,M). m: Customer verifying and obtaining the returned changes. Table. Comparison of micropayment schemes

18 18 Advantage vs. weakness  Advantage It can be implemented on mobile devices feasibly. The return change is useful for avoid some special pay word chain be exhausted. All three mode are well protect, and the overhead of these mode are not very heavy, so Customer can choose one is better for him or her.  Weakness Customer may need to maintain many kind of pay word chains.

19 19 Comment  If the kind of face value of e-coin are many, that will be come a burden of Customer, Broker, and Vendor.  This is very inconvenient to trade only once, because Customer and Vendor need to redeem them cash after transaction.  Customer still using return changes after it expired that may incur collusion attack.  The largest denomination may incur some attack, because it didn’t have any protect.

20 20 Reference  HMAC http://en.wikipedia.org/wiki/HMAC http://en.wikipedia.org/wiki/HMAC  HMAC 演算法 http://www.mis.csu.edu.tw/tsnien/Teach_Manu/F8745/F8745_HTML/chap6/chap6- 6.htm http://www.mis.csu.edu.tw/tsnien/Teach_Manu/F8745/F8745_HTML/chap6/chap6- 6.htm  CCMP http://www.tech-faq.com/ccmp-counter-mode-with-cipher-block-chaining- message-authentication-code-protocol.html http://www.tech-faq.com/ccmp-counter-mode-with-cipher-block-chaining- message-authentication-code-protocol.html  Preimage attack http://en.wikipedia.org/wiki/Preimage_attack http://en.wikipedia.org/wiki/Preimage_attack

21 21 Appendix  HMAC (Hash-based Message Authentication Code): a specific construction for calculating a message authentication code (MAC) involving a cryptographic hash function in combination with a secret key. As with any MAC.  CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol): Counter Mode (CM): providing data privacy. Cipher Block Chaining Message Authentication Code (CBC-MAC): provides data integrity and authentication.  Preimage attack: on a cryptographic hash is an attempt to find a message that has a specific hash value.

22 22  PayWord Certificate containing the broker's name, the user's name and IP-address, the user's public key, the expiration date, and other information.

23 23  Aggressive mode: Getting the less hash operations, using this when the payword chains are used up.  Balance mode: Getting average hash operations, using different payword chains to avoid the depletion of a specific payword chain. [17] C. N. Yang and H. T. Teng, 2003, “An efficient method for finding minimum hash chain of multi-payword chains in micropayment,” Proceedings of the IEEE International Conference on E-Commerce, pp. 45-48.

Download ppt "MSRC: (M)icropayment (S)cheme with Ability to (R)eturn (C)hanges Source: Journal of Information Science and Engineering in review Presenter: Tsuei-Hung."

Similar presentations

Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.

Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
PAYWORD, MICROMINT -TWO MICROPAYMENT SCHEMES PROJECT OF CS 265 SPRING, 2004 WRITTEN BY JIAN DAI.

PAYWORD, MICROMINT -TWO MICROPAYMENT SCHEMES PROJECT OF CS 265 SPRING, 2004 WRITTEN BY JIAN DAI.
Computer Science Dr. Peng NingCSC 774 Advanced Network Security1 Topic 3.2: Micro Payments.

Computer Science Dr. Peng NingCSC 774 Advanced Network Security1 Topic 3.2: Micro Payments.
1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.

1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Copyright 1996 RSA Data Security, Inc. All rights reserved.Revised 1/1/96 PayWord and MicroMint: Two Simple MicroPayment Schemes Ronald L. Rivest (MIT)

Copyright 1996 RSA Data Security, Inc. All rights reserved.Revised 1/1/96 PayWord and MicroMint: Two Simple MicroPayment Schemes Ronald L. Rivest (MIT)
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Micro-Payment Protocols and Systems Speaker: Jerry Gao Ph.D. San Jose State University URL:

Micro-Payment Protocols and Systems Speaker: Jerry Gao Ph.D. San Jose State University URL:
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)

Cryptography Basic (cont)
An Authentication Scheme for Mobil Satellite Communication Systems Advisor: Prof. Jen-Chang Liu Graduate Student: Yi-Ching Chen( 陳怡靜 92321527) Date: 2004/05/26.

An Authentication Scheme for Mobil Satellite Communication Systems Advisor: Prof. Jen-Chang Liu Graduate Student: Yi-Ching Chen( 陳怡靜 ) Date: 2004/05/26.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Electronic Check Payment Protocols and Systems

Electronic Check Payment Protocols and Systems
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Similar presentations

Ads by Google