electronic cash bahman radjabalipour ositadimma maxwell ejelike school of computer science...
Post on 19-Dec-2015
221 views
TRANSCRIPT
Electronic Cash
Bahman RadjabalipourOsitadimma Maxwell EjelikeSchool of Computer Science
University of WindsorApril 2006
Contents
Introduction “What is money?” "Research on electronic payment model“ "A new electronic cash model” “PayCash: a secure efficient Internet
payment system.” Conclusion
Paper 1
WHAT IS MONEY?
Ray Byler, Ph.D.
Assistant Professor of Computer Science
Lyon College
Batesville, Arkansas 72501
Introduction
Most of the money that exists today doesn't exist as greenbacks, but as 1's and 0's in some computer.
Any monetary system, digital or otherwise, must be based on trust.
Reliability of that system The belief that others will accept the system
Areas of Concern
Convertibility and Flexibility connection to other monetary schemes Converting electronic dollars to electronic coins
Privacy Will government be able to track everything that
users earn and spend governments determine banking rules and
regulations Acceptability Cost
Background Terms
Public-key Encryption Diffie-Helman encryption Messages encrypted with the public key can only
be decrypted with the private key and vice-versa RSA Encryption
Crated by Rivest, Shamir, and Adleman less communications overhead less secure
Digital Certificates For verifying a public key
Minting Digital MoneyImportant Digital Money Schemes 1. Ecash2. Internet Keyed Payments Protocol (iKP)3. Micro Payment Transfer Protocol (MPTP)4. CyberCash5. NetCheque6. NetCash.
Ecash
Creation of Dr. David Chaum Diffie-Hellman public-private key Proprietary rather than an open system Did not have a payment limit to limit customer
loss Ecash had been used by Mark Twain Bank
Ecash: Minting Process
Ecash coin begins life as a 100-digit random number chosen by a user software package
The user transmits this number to the bank/mint along with the denomination requested.
The bank/mint verifies that the number is not already in use,
Validates the number by encoding the number with the private key
Debits the user's account Transmits the validated number back to the user,
who records the coin on his hard disk.
Ecash: Minting Process (cntd) Bank tracks the “serial number” of each coin that it
issues to ensure that a coin is not used twice Merchant must immediately check with the bank to
verify the coins for each and every transaction This is computationally expensive for buying
something like a newspaper Blind Signatures: a bank can verify that a coin is
good, but cannot identify to whom it was issued.
iKP - Internet Keyed Payments Protocol Proposed open standard by IBM Securing electronic commercial transactions Based on RSA public-key cryptography Users with no prior relationship iKP is designed to work with all Internet
communications channels (e.g. http, shttp, email) encryption is limited to sensitive data such as
account numbers and PINs The potential for credit card fraud is reduced by only
transmitting account numbers between buyers and banks, sellers never see the account numbers
iKP: weaknesses
Privacy: All payments can be traced There is no support for small real-time
payments
SET (Secure Electronic Transaction) Based on iKP developed by a consortium led by
MasterCard and Visa Primarily deals with credit card payments Uses RSA for signatures Private-key encryption: DES
Micro Payment Transfer Protocol (MPTP) Closely linked to the proposed iKP standard Is designed for payments that are too small to
justify the overhead of iKP MPTP processes can mostly be done off-line Makes no distinction between merchant and
customer MPTP is based on Lamport's S/Key
authentication mechanism (rfc1731)
CyberCash
Proprietary scheme It is designed to work with credit cards,
electronic checks, and electronic cash It is presently implemented for credit cards It is currently used by CyberCash
Corporation, Xerox, Point Scandinavia AS, and the Bank of America, and is certified by most major credit cards.
NetCheque and NetCash
invented by Clifford Neuman, Information Sciences Institute (ISI), University of Southern California (USC)
Based on the Kerberos security software system
Funded by ARPA (Advanced Research Projects Agency)
NetCheque software is free for personal, non-commercial or limited commercial use.
Paper 2
Research on Electronic Payment Model
Bo Meng
Qianxing Xiong
College of Computer Science and Technology
Wuhan University of Technology
Introduction
This paper introduces the 3e payment model.
The 3e payment model includes: electronic credit card payment model electronic cash payment model electronic check payment model
Introduction
Every electronic commerce system generally includes three parts:
1. data communication system: online procedure to establish business
2. logistics system: delivers products
3. electronic payment system.
JW (Janson and Waidner) Model In JW model the electronic payment system
is classified into: cash-like payment system cheque-like Payment System.
Both types of payment systems are direct payment systems, i.e., a payment requires an interaction between buyer and seller.
JW Model (cntd)
There are also indirect payment systems where either buyer or seller initiates the payment without having the other party (seller or buyer, respectively) involved online.
NA (N.Asokan) Model
In N.Asokan model two criterions are used to classify the electronic payment system direct or indirect communication The second criterion is the relationship between the time
the payment initiator consider the payment as finished, and the time the value is actually taken from the payer.
N. Asokan model includes four payment models: direct cash-like system direct cheque-like system indirect push system indirect pull system.
3e Payment Model
Based on the previous two models 3e model includes:
Electronic credit card payment model Electronic cash Payment model Electronic check Payment model
Electronic credit card payment model
Electronic Cash payment model
Electronic check Payment model
Comparison of 3e Payment Model
Properties Of Online Payment Protocols Security:
message integrity data confidentiality
Accountability Atomicity:
money atomicity goods atomicity Certified delivery
Anonymity Non-repudiation: provides proof of the integrity and
origin of data Fairness
Paper3
A New Electronic Cash Model
Written By Xiaosong Hou, Chik How Tan
Introduction
The paper presented a customer generated electronic cash model that offers unique trade-off between credit card and traditional off-line electronic cash systems
It addressed the problem of Online Transactions with Credit Cards as well as issues with current electronic payment systems
It applied the concept of Group Signatures, in the New Electronic Payment System.
Group Signature
Introduced by Chaum and Heijst in 1991 Type of Digital signatures that allows registered
group member to produce a digital signature on a message
Consists of four procedures Setup Sign Verify Open
Group Signature Contd
Security Requirements for secured Group Signatures Correctness Anonymity Unforgeability Unlinkability Exculpability Traceability
The New Electronic Payment Model.
Four Entities Involved Bank,Group registration manager, maintains the accounts
of all customers and registers new customers. The clearing house, Group revocation manager, clears the transactions between the shop and
the customer. The customer, group member, can make payment by
signing the transaction message using his/her private membership key.
The shop can verify the signature using the group public key published by the bank
Transactions in the New Electronic Payment Model Account Opening Transaction. Customer opens account in the bank and obtain a valid
membership certificate and a secret Payment Transaction. Shop prepares payment message that contains transaction
information, such as date, time, shop ID, currency and amount. Customer pays by signing the transaction message using his/her private membership key. The shop verifies the correctness of the customer’s payment signature, using the group public key published by the bank.
Transactions in the New Electronic Payment Model Contd. Deposit Transaction. The shop deposits the collected payment messages to the clearing
house. The clearing house, verifies the validity of the deposited payment transcripts, and sends the bank periodic summaries of settlement of funds. All transactions and settlement records are kept as evidence for audit and security purposes.
Tracing Transaction. The bank knows the linkage between the account number and the
customer identity, while the clearing house knows the linkage between the account number and the payment history, therefore, if and only if a Tracing Order (TO) is issued from the Judge, the clearing house can cooperate with the bank to achieve fair tracing.
Building Blocks
It was derived from zero-knowledge proofs of a piece of information, and are denoted as ‘ZKP’ for short.
ZKP { (a) : y1 = ga1^ y2 = ga
2}
Proposed Electronic System
Bank Parameters The bank chooses two large random prime numbers p and q of
the form p = 2p_+1 and q = 2q_+1 where p and q_ are prime numbers as well. The bank publishes n = pq and keeps p and q secret, then defines a subgroup of Z n ∗ and chooses two numbers z, h from this subgroup.
The Parameters of the Clearing House The secret key of the clearing house is x and the public key of
the clearing house is y = gx. Then a collision free hash function H is published
Proposed Electronic System Contd.
Opening AccountThe customer chooses two random prime numbers e and en, then he/she computes em = een and zm = zen. The bank computes u = zm 1/em and sends u to the customer, who checks that z = ue. The bank stores (u, em, zm) and the customer’s identity in the bank’s customer database.The customer keeps (u, e) as his/her membership key
Payment Protocols The shop first generates a transaction message of payment for the customer to
sign: m =H(ShopID,Date, Time, Amount,Currency). The customer chooses an integer w and computes a =gw, b = uyw and d = gehw. Then the customer chooses r1, r2 and r3, and computes t1 = br1(1/y)r2 , t2 =
ar1(1/g)r2, t3 =gr3 , t4 = gr1hr3 . After computation of c =H(g||h||y||z||a||b||d||t1///t2//t3//t4//m), the customer computes s1 = r1 − c(e − 2l1 ), s2 = r2 − cew, and s3 = r3 − cw.
Proposed Electronic System Contd. The signature of m is (c, s1, s2, s3, a, b, d). The shop verifies the signature using the equation c
=H(g||h||y||z||a||b||d||zcbs1−c2l1 /ys2||as1−c2l1 /gs2||acgs3||dcgs1−c2l1 hs3||m).
The shop accepts the signature on the transaction message as a valid payment signature if the above stated equation holds
Deposit Protocol The clearing house computes the identity code u = b/ax
Proposed Electronic System Contd. Deposit Protocol
The clearing house computes the identity code u = b/ax
Security Analysis
Anonymity: logga equals to logy
(b/b´ )
Unforgeability: Only registered members signs signatures Unlinkability: To find if two signed transaction messages (c, s1, s2, s3,
a, b, d) and (c´, s1´, s2´, s3´, a´, b´, d´ ) are from the same customer will be
logy(a/a´ )= logy(b/b´ )= logy(d/d´ )
Non-framing: Since it is hard to compute the discrete logarithm of z to the base u, which known by customer, bank, clearing house and some customers cannot collude to sign name of non-involved customer
Paper 4
PayCash: A Secure Efficient Internet Payment
System
Written By Jon M. Peha and Ildar M. Khamitov
Introduction
The paper describes PayCash, an Internet payment system that was designed to offer strong security and privacy protection.
This system creates verifiable records of all transactions that cannot be forged or undetectably altered by the party sending funds, the party receiving funds, or even by the operator of the payment system.
Flexible enough to accommodate privacy and security laws that differ from nation to nation.
It can be use by business-to-consumer, peer-to-peer funds transfers among consumers and among Businesses, and transfers from one agent of a licensed international funds transfer company to another.
STATUS QUO
Most Online transactions are done with Credit Cards Credit card Frauds Privacy is compromised with spam emails and
telemarketing calls Cost of transferring a payment can exceed the cost
of the product itself.
DESIGN GOALS OF EFFECTIVE PAYMENT SYSTEM Tamper-proof records: Privacy Protection: Flexible anonymity policies: Protection from password guessing Protection from outside observers:
PAYCASH DESIGN GOALS Support for disconnected users: Wide range of payments: Multiple currencies: Scalability
THE SUITABILITY OF CHAUM’SELECTRONIC COINS
THE SUITABILITY OF CHAUM’SELECTRONIC COINS Digital strings that can be transferred anonymously from person
to person just like cash. a coin with serial number X is defined by{ X, g-1(f(X)) }, where f(.)
and g(.) are functions that are easy to calculate and hard to invert.
Only payment system’s agent (which we call the Payment Authorizer) can “mint” a coin because only this agent can apply the function g-1(.)
The agent must mint the coin with serial number X without learning X or f(X).
LIMITATION OF CHAUM’S COIN.
A serious limitation of this scheme is the absence of tamper-proof transaction records.
Supporting a wide range of payments is also problematic.
List of all spent coins must be maintained, and frequently searched.
PAYCASH APPROACH
Producing Tamper-Proof Records All transaction records are digitally signed, and integrated into
the payment system itself to create tamperproof records Customer generates a pair of public and private keys, P and S
for this signature. Coin is { P, g-1(f(P)) }.P is both serial number and public key. To
transfer one coin, the user sends {record, Sign(S,record), P, g-1(f(P)) }.
Record is a description of the transaction, including recipient of the funds, timestamp, and any other information, or at least a hash of the function
CONDITION FOR VALID PAYMENT. Payment has not already been made with serial
number C. The coin has been properly minted with the g(.)
function i.e. f(C)=g(D), The digital signature is correct, i.e. Verify(C, B) = A, The recipient of the funds transfer corresponds with
the one listed in record A.
Protocol for Contract
Consumer sends information to merchant to be placed in contract Merchant composes contract, digitally signs it, sends result back to
consumer. Consumer includes a hash of the signed contract in record,
constructs payment as described above, and sends it to merchant. Merchant sends message to the Payment Authorizer to make sure
the payment is valid. Payment authorizer checks the signature, makes sure that the
serial number has not been spent already, updates records, and informs the merchant that the payment succeeded.
The merchant informs the consumer that the payment succeeded.
Making Payments of Different Amounts For each serial number P, the payment system agent keeps
track of the total amount of money m(P) that has been spent so far.
For K coins and value c, N ≥ k + m(P)/c. The same serial number can be minted multiple times with g-1(.) Define a Paybook(N,P), of N coins with serial number P as
Paybook(N,P), = {N, P, g-N(f(P)) } Where N is non-negative integer,g-0=x, and g-N(x)=g-1(g-(N-1)(x))
MULTI-COIN PAYMENT
Set:{record, Sign(S,record), PayBook(n,P) } ={record, Sign(S,record), n, P, g-n(f(P)) }
Transaction records include amount q A payment {record, sign, n, P, Y} of amount q is valid if the following
conditions are met. The Payment Authorizer verifies that the paybook is valid, i.e. f(P) =
gn(Y). If this condition is not met, or if the paybook is empty (n=0), then the payment is rejected.
The payment Authorizer verifies that the digital signature is correct, i.e. Verify(P, sign) = record. If not,the payment is rejected.
The Payment Authorizer checks its table to determine the amount of money m(P) associated with this paybook that has already been spent. If no paybook has been seen before with serial number P, then a new one is created with m(P)=0.
If there are insufficient funds, i.e. nc < q+m(P), then the payment is rejected. Otherwise, the payment is authorized, and m(P) is increased by q.
CONCLUSIONS
Security: Any successful digital money system will probably have to rely on public-key cryptography
Disadvantages of most electronic cash systems: Lack of insurance Overhead costs Database size
References
[1] Xiaosong Hou; Chik How Tan, "A new electronic cash model," Information Technology: Coding and Computing, 2005. ITCC 2005. International Conference on , vol.1, no.pp. 374- 379 Vol. 1, 4-6 April 2005
[2] Bo Meng; Qianxing Xiong, "Research on electronic payment model," Computer Supported Cooperative Work in Design, 2004. Proceedings. The 8th International Conference on , vol.1, no.pp. 597- 602 Vol.1, 26-28 May 2004
[3] Byler, R. What is money?. In Proceedings of the 2nd Annual Conference on Mid-South College Computing (Little Rock, Arkansas, April 02 - 03, 2004). ACM International Conference Proceeding Series, vol. 61. Mid-South College Computing Conference, Little Rock, Arkansas, 200-209. 2004.
[4] Peha, J. M. and Khamitov, I. M. PayCash: a secure efficient Internet payment system. In Proceedings of the 5th international Conference on Electronic Commerce (Pittsburgh, Pennsylvania, September 30 - October 03, 2003). ICEC '03, vol. 50. ACM Press, New York, NY, 125-130. 2003.