Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal.

Published byConstance Willis Modified over 9 years ago

Similar presentations

Presentation on theme: "An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal."— Presentation transcript:

1 An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal of Innovative Computing, Information and Control, 2009, Vol. 5, No. 9, pp. 2881–2891. Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2011/3/11

2 Outline Introduction Motivation Scheme Security Analysis Performance Evaluation Advantage vs. Drawback Comment

3 Introduction(1/6) Micro Payment Transfer Protocol (MPTP) stipulate some related security risks that need to be consider as follow: –Credit liability –Abused credit –Counterfeiting –Unauthorized withdrawal –Double spending

4 Introduction(2/6) PayWord Scheme Bank (ID B,PK B,SK B )Customer (ID C,SK C ) Vendor (ID V ) request C Verify C C If correct, select random value w n Generates hash chain (w n,w n-1,...w 0 ) w i = h(w i+1 ), i = n-1,...,0 M C C : Customer’s certification A C : Customer’s delivery address E: Expiration date PK C : Customer’s public key I C : Other information of the certificate. SK B : Bank’s private key M: Customer’s commitment D: Current date R. Rivest and A. Shamir, “PayWord and MicroMint: Two sample micropayment schemes,” Lecture Notes in Computer Science, Vol. 1189, pp.69-87, 1997.

5 Introduction(3/6) PayWord Scheme (cont.) Verify M and C C Bank (ID B,PK B,SK B )Customer (ID C,SK C ) Vendor (ID V ) M If correct, store M wi,iwi,i Verify (w i,i) If and Store (w i,i) When i = nw n,n,M Verify M and If correct, store(w n,n) and pay the money into Vendor’s account.

6 Introduction(4/6) The Advantage of PayWord –Using hash chain to lower computational cost –No need to settle with the bank for each transaction. The Drawback of PayWord –Customer’s consumption is no limited. –No trusted Certificate Authority (CA) –Bank falsification attack –Certificate abuse attack

7 Introduction(5/6) Adachi et al. Scheme N. Adachi, S. Aoki, Y. Komano, and K. Ohta, “Solutions to security problems of rivest and Shamir’s PayWord scheme,” IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, vol.E88-A, no.1, pp.195-202, 2005. Bank (ID B,PK B,SK B )Customer (ID C,SK C ) Vendor (ID V ) Generates hash chain (w n,w n-1,...w 0 ) w i = h(w i+1 ), i = n-1,...,0 w x : Hash value n: Length of hash chain. M: Customer’s commitment ID V : Vendor ID. E: Expiration date SK C : Customer’s private key C C : Customer’s certificate. I: Any additional information. SKB: Bank’s private key. ID C,M Select random none r v ID C,M,r v Validation M and customer’s credit. (Withdraws) C Verify C C and M If correct, store C C

8 Introduction(6/6) Bank (ID B,PK B,SK B )Customer (ID C,SK C ) Vendor (ID V ) Verify C C and M Valid message wi,iwi,i Verify (w i,i) If and Store (w i,i) When i = nw n,n,C C Verify C C and If correct, store(w n,n) and pay the money into Vendor’s account. Adachi et al. Scheme (cont.) If correct, store C C

9 Motivation Adachi et al.’s Drawback –It changes the PayWord scheme to a prepaid type. –It still need public key signatures –The overhead of build and maintain a CA –It may suffer from an unauthenticated settlement attack. Goal –Minimizing the transaction cost –Avoiding credit be abused –Can be applied to the low computational ability environment. –Reduce the bank settlement risk

10 Scheme(1/4) Customer (PW C,ID C,K C,B,n,h(PW C )) Vendor (PW V,ID V,K V,B,n,h(PW V )) PW: Password ID: Identify K: Shared key. N: nonce value r: random number g: A primitive element with order P−1 in GF(P) P: A large prime number. Generates hash chain (w n,w n-1,...w 0 ) w i = h(w i+1 ), i = n-1,...,0 (Using Smart Card) String1 Generate N C Bank (K C,B,K V,B )

11 Scheme(2/4) Bank (K C,B,K V,B ) Customer (PW C,ID C,K C,B,n,h(PW C )) Vendor (PW V,ID V,K V,B,n,h(PW V )) Generate N V (Using Smart Card) Verify String1 If correct, store M, transaction partner, root w 0 Verify String2 Check PW V, ID C

12 Scheme(3/4) Customer (PW C,ID C,K C,B,n,h(PW C )) Vendor (PW V,ID V,K V,B,n,h(PW V )) Decrypt Check N V +1 Store ID C,SK,M,I C Generate h(M,SK) Decrypt Check N C +1 Verify If correct, store ID V,SK Bank (K C,B,K V,B )

13 Scheme(4/4) Customer (PW C,ID C,K C,B,n,h(PW C )) Vendor (PW V,ID V,K V,B,n,h(PW V )) Check If, store(w i,i) When i = n Decrypt Check PW V and If correct, store(w n,n) and pay the money into Vendor’s account. Bank (K C,B,K V,B )

14 Security Analysis Credit Abuse Attack Counterfeiting PayWord Bank Falsification Attack Unauthorized Withdrawal Double Spending Replay Attack

15 Performance Evaluation Prepaid No

16 Advantage vs. Drawback Advantage –Low power consumption –It can resist several attack. –All w i are secret over the Internet, and each transmission message has to be authenticated. Drawback –Bank has to pre-share the secret keys to customer and the vender.

17 Comment It didn’t consider about the exponentiation cost of session key. It may not need the smart card to do this protocol. It didn’t have comparison of storage. It is not convenient to used on mobile phone or PDA. This scheme need additional hardware (ex. smart card, reader) and middleware to handle the transactions.

18 Comment (cont.) PayWord Scheme Adchi et al.’s Scheme Proposed Scheme Bankw i, i M, ID V, w 0, w i, i Customerw n, hash chain M, N C, r C, R C, ID V, SK, VendorM, w i, ir v,C C, w i, iN V, r V, R V, ID C, SK, M, I C, w i, i The comparison of storage of scheme

19 Introduction(2/5) PayWord –Postpaid scheme –Using one-way hash value as a payment R. Rivest and A. Shamir, “PayWord and MicroMint: Two sample micropayment schemes,” Lecture Notes in Computer Science, Vol. 1189, pp.69-87, 1997. Customer VendorBank 3. Sign commitment 4. P = (w i,i) 5. commitment, (w i,i) 2. Sign certificate (include customer’s public key and credit limit) 2.Generates hash chain (w n,w n-1,...w 0 ) w i = h(w i+1 ), i = n-1,...,0 1. request

Download ppt "An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal."

Similar presentations

Internet payment systems

Internet payment systems
Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.

Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.
多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.
Chapter 6 E-commerce Payment Systems. Traditional Payment Systems Cash Checking Transfers Credit Card Accounts Stored Value Accounts Accumulating Balance.

Chapter 6 E-commerce Payment Systems. Traditional Payment Systems Cash Checking Transfers Credit Card Accounts Stored Value Accounts Accumulating Balance.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Electronic Payment Systems Speaker: Jerry Gao Ph.D. San Jose State University URL: May,

Electronic Payment Systems Speaker: Jerry Gao Ph.D. San Jose State University URL: May,
PAYWORD, MICROMINT -TWO MICROPAYMENT SCHEMES PROJECT OF CS 265 SPRING, 2004 WRITTEN BY JIAN DAI.

PAYWORD, MICROMINT -TWO MICROPAYMENT SCHEMES PROJECT OF CS 265 SPRING, 2004 WRITTEN BY JIAN DAI.
Computer Science Dr. Peng NingCSC 774 Advanced Network Security1 Topic 3.2: Micro Payments.

Computer Science Dr. Peng NingCSC 774 Advanced Network Security1 Topic 3.2: Micro Payments.
Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.

Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.
1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.

1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.
Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.

Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.
Copyright 1996 RSA Data Security, Inc. All rights reserved.Revised 1/1/96 PayWord and MicroMint: Two Simple MicroPayment Schemes Ronald L. Rivest (MIT)

Copyright 1996 RSA Data Security, Inc. All rights reserved.Revised 1/1/96 PayWord and MicroMint: Two Simple MicroPayment Schemes Ronald L. Rivest (MIT)
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.

Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
ELECTRONIC PAYMENT SYSTEMS 20-763 SPRING 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 9: Micropayments I.

ELECTRONIC PAYMENT SYSTEMS SPRING 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 9: Micropayments I.
Micro-Payment Protocols and Systems Speaker: Jerry Gao Ph.D. San Jose State University URL:

Micro-Payment Protocols and Systems Speaker: Jerry Gao Ph.D. San Jose State University URL:
1 Formal Specification and Verification of a Micropayment Protocol Alex X. Liu The University of Texas at Austin, U.S.A. October 13, 2004 Co-author: Mohamed.

1 Formal Specification and Verification of a Micropayment Protocol Alex X. Liu The University of Texas at Austin, U.S.A. October 13, 2004 Co-author: Mohamed.
20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS eCommerce Technology 20-763 Lecture 10 Micropayments I.

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS eCommerce Technology Lecture 10 Micropayments I.

Similar presentations

Ads by Google