Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Efficient, Secure & Delegable Micro-Payment System Vishwas Patil School of Technology and Computer.

Published byKari Overfield Modified over 9 years ago

Similar presentations

Presentation on theme: "An Efficient, Secure & Delegable Micro-Payment System Vishwas Patil School of Technology and Computer."— Presentation transcript:

1 An Efficient, Secure & Delegable Micro-Payment System Vishwas Patil vtp@tifr.res.in http://www.ecom.tifr.res.in/~vtp School of Technology and Computer Science Tata Institute of Fundamental Research, Mumbai.

2 Vishwas Patil, TIFR.2/17 Outline of the Presentation Micro-Payments Importance and Applications Trade-offs between efficiency, security, privacy One-Way functions PayWord and others TESLA & SPKI / SDSI Our Proposal Inducing delegation into the system Protocol Analysis Security Risk Performance

3 Vishwas Patil, TIFR.3/17Micro-Payments Low intrinsic financial value Aim:- keep the cost of each transaction to a minimum possible value over aggregates so that the over-cost of such transactions can be proportionally reduced Current Approaches:- Advertisements Bulk subscriptions Identification of the user based on IP addresses and/or cookies etc. Existing Protocols for micro-payments:- PayWord, MilliCent, NetCard, NetBill, i KP On-line (costly) vs. Off-line (double-spending)

4 Vishwas Patil, TIFR.4/17 One-Way functions Def n. A mathematical function that converts a variable-length i/p to fixed-length o/p (called a hash value ), and it is hard to generate the original i/p string that hashes to a particular value (  one-way ) So, a one-way hash function is a mapping h from some set of words into itself such that: Given a word x, it is easy to compute h(x) Given a word y, it is not feasible to compute a word x such that y = h(x) A good one-way hash function is collision-free

5 Vishwas Patil, TIFR.5/17PayWord Credit-based off-line micro-payment scheme optimized for sequences of micro-payments The thrust of this scheme lies in minimizing the number of public- key operations required per payment and to achieve exceptional efficiency. It’s a tripartite mechanism involving BankB VendorV UserU payword is the smallest monetary unit it is vendor-specific and user-specific a chain of paywords w 1 … w n is generated using a one-way hash function h i.e. w i = h(w i+1 )

6 Vishwas Patil, TIFR.6/17 PayWord … Relationship between B, V, and U B  U U obtains C U = {B, U, A U, K U, E, I U } 1/Kb U  V U generates payword chain w 1 … w n with root w 0 U registers with V by sending M = {V, C U, w 0, D, I M } 1/Ku P = ( w i, i ) is the payment from U to V V  B V sends redemption messages to B at regular intervals

7 Vishwas Patil, TIFR.7/17 TESLA (Time Efficient Stream Loss-Tolerant Authentication) TESLA provides source authentication Sender and receiver of the data are loosely time-synchronized and uses an optional data-buffer for storage of packets temporarily TESLA-sender makes use of one-way hash chain values as encryption keys or keys for computation of MAC over the packets And the sender discloses the keys after a pre-determined time interval Also, because of delayed key disclosure one can achieve data confidentiality for sufficient time-period (thus gives us the temporary effect of asymmetric cryptography!) But cannot provide non-repudiation!

8 Vishwas Patil, TIFR.8/17 SPKI / SDSI (Simple PKI / Simple Distributed Security Infrastructure) It a distributed PKI in which every public-key enjoys the freedom of naming and authorization delegation locally, forming a functional trusted island (it’s a bottom-up design approach) Functional islands of this infrastructure can narrate other functional islands in local name/authorization bindings and serve each other their local name/authorization definitions as and when requested Features like grouping of principals and threshold certificates make the system expressive, manageable, and flexible Separation of name bindings from authorizations and allowing principals to further delegate the authorizations have distinct advantages over traditional PKIs (e.g. privacy, decentralization of authorizations etc.)

9 Vishwas Patil, TIFR.9/17 Design of our micro-payment system Aim:- To design a micro-payment scheme which is off-line, vendor-specific, secure, efficient, and allows a user to delegate its spending capability Design:- We chose PayWord, which is an efficient, off-line, vendor-specific and user-specific micro-payment scheme To allow a user to delegate the spending capability, we had to make the primitive monetary unit ( payword ) vendor-specific ( not user-specific) This modification to PayWord invites double-spending and theft of the payword s We employed TESLA to provide source-authentication and confidentiality to the payword s in transit And, SPKI provides the PKI services and delegation capability

10 Vishwas Patil, TIFR.10/17 Protocol stages

11 Vishwas Patil, TIFR.11/17 Multi-seed payword chains

12 Vishwas Patil, TIFR.12/17 Additional Protocol stages (when delegation is involved) User U, who owns 4 different payword chains, is delegating parts of the chain to Agent, Agent1, and Agent2; specifying their spending range Special care has to be taken while delegating the payword chains in parts; they have to be spent in the reverse order of their generation

13 Vishwas Patil, TIFR.13/17 Analysis (Security) Cryptographic support Asymmetric -> Symmetric TESLA Non-repudiation etc. SPKI Use of readily available self-authenticating hash values for data confidentiality and integrity Thus, we avoid separate encryption key generation and its distribution

14 Vishwas Patil, TIFR.14/17 Analysis (Risk) Use of same key for encryption and MAC computation might lead to cryptographic weaknesses of the protocol But we are interested in providing confidentiality to the paywords in transit V loosely time-synchronizes itself with U in TESLA framework, however it does not know the propagation delay of the time- synchronization request packet To remain of safer side, we take the full round-trip time of the packet Even if V loses one of the valid incoming payword packet, it can own its value on successfully receiving the next payword packet because of payword chain’s self-authenticating nature Therefore, V accepts such risk arising due to network errors TESLA buffer constraints Let the sender buffer the packets

15 Vishwas Patil, TIFR.15/17 Analysis (Performance) E – one unit encryption D – one unit decryption Fragmentation of payword chains Delegation of each payword sub-chain involves a pair of asymmetric key operation and such number of operations are linearly proportional to the depth of delegation

16 Vishwas Patil, TIFR.16/17Conclusion Its off-line, vendor-specific Secure Delegable Efficient Gives autonomy of spending An enabler for various e-commerce (Internet) applications

17 Vishwas Patil, TIFR.17/17References PayWord and MicroMint: Two Simple Micropayment Schemes, Ronald Rivest and Adi Shamir. In Security Protocols Workshop, pp.69-87, 1996. The TESLA Broadcast Authentication Protocol, Adrian Perig, Ran Canetti, J.D. Tygar, Dawn Song, In RSA CryptoBytes, 5, 2002. Certificate Chain Discovery in SPKI/SDSI, Dwaine Clarke, Jean- Emile Elien, Carl Ellison, Matt Fredette, Alexander Morcos, and Ronald Rivest, In Journal of Computer Security, 9(4), 2001. Password Authentication in Insecure Communication, Leslie Lamport, In Communications of ACM, 24(11): 770-772, 1981.

Download ppt "An Efficient, Secure & Delegable Micro-Payment System Vishwas Patil School of Technology and Computer."

Similar presentations

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
PAYWORD, MICROMINT -TWO MICROPAYMENT SCHEMES PROJECT OF CS 265 SPRING, 2004 WRITTEN BY JIAN DAI.

PAYWORD, MICROMINT -TWO MICROPAYMENT SCHEMES PROJECT OF CS 265 SPRING, 2004 WRITTEN BY JIAN DAI.
Computer Science Dr. Peng NingCSC 774 Advanced Network Security1 Topic 3.2: Micro Payments.

Computer Science Dr. Peng NingCSC 774 Advanced Network Security1 Topic 3.2: Micro Payments.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Copyright 1996 RSA Data Security, Inc. All rights reserved.Revised 1/1/96 PayWord and MicroMint: Two Simple MicroPayment Schemes Ronald L. Rivest (MIT)

Copyright 1996 RSA Data Security, Inc. All rights reserved.Revised 1/1/96 PayWord and MicroMint: Two Simple MicroPayment Schemes Ronald L. Rivest (MIT)
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Micro-Payment Protocols and Systems Speaker: Jerry Gao Ph.D. San Jose State University URL:

Micro-Payment Protocols and Systems Speaker: Jerry Gao Ph.D. San Jose State University URL:
Cryptography Basic (cont)

Cryptography Basic (cont)
Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,

Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Timed Efficient Stream Loss-Tolerant Authentication. (RFC 4082) Habib Moukalled 1/29/08.

Timed Efficient Stream Loss-Tolerant Authentication. (RFC 4082) Habib Moukalled 1/29/08.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.

SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.

Similar presentations

Ads by Google