多媒體網路安全實驗室 Private Information Retrieval Scheme Combined with E- Payment in Querying Valuable Information Date: Reporter: Chien-Wen Huang 出處: Innovative Computing, Information and Control (ICICIC), 2009 Fourth International Conference on Innovative Computing, Information and Control (ICICIC), 2009 Fourth International Conference on
多媒體網路安全實驗室 Outline Introduction 1 Electronic Cash Approach 2 The Proposed Scheme 33 The Security Analysis of the Proposed Scheme 44 Conclusions 35 2
多媒體網路安全實驗室 Introduction Formally, private information retrieval (PIR) was a general problem of private retrieval of the i- item out of an n item database stored at the server. SC(a temper-proof device):It prevents information from revealing to anyone or administrator of the server and makes every legal user of the server have their own privacy. 3
多媒體網路安全實驗室 Electronic Cash Approach Untraceable e-CASH payment system presented by Chaum is designed according to RSA public-key system. A.Initializing the bank announces (e, n) and one-way hash function H(), but regards p, q, d as a secret. Suppose the electronic cash issued by bank is w dollars. both the customers and the merchants taking part in e-CASH payment system must have accounts in the bank. 4
多媒體網路安全實驗室 B. Withdrawing The customer wants to withdraw money w dollars from the bank account. is delivered to the bank for signing. the bank will withdraw w dollars from customer’s account,and sign α to get blinded cash t to customer. After receiving the blinded cash, the customer computes (c, m) is the available e-CASH. 5
多媒體網路安全實驗室 C.Ordering Before the customer orders some products or has electronic service from online merchant. the merchant will first verify customer’s ID and then give a bill to the customer asking for his signature to confirm the transaction.(makes sure the transaction is valid) 6
多媒體網路安全實驗室 D.Paying When database server charges money to customers, they can pay withdrawn e-CASH (c, m) to the merchant. After receiving e-CASH from customers, the merchant will verify the validity of e-CASH and execute double-spending checking. 7
多媒體網路安全實驗室 THE PROPOSED SCHEME 8
多媒體網路安全實驗室 Database 1:stores the roster,ID and personal information of all membership. Database 2 is a special database (patent or pharmaceutical database) and stores their integrated information(Bi) and price. Database 3: stores encrypted customers’ identification (ID'), e-cash paid by customers, buying information (Bi) and the encrypted buying information (C'). 9
多媒體網路安全實驗室 the following notation is used in the description -PK SC : the public key of SC -SK SC : the secret key of SC -PK C : the public key of the customer -SK C : the secret key of the customer -ID: the customer’s identification -ID': the encrypted customer’s identification(by Hash function) 10
多媒體網路安全實驗室 -M: the secure message of customer’s identification and buying information -M': the secure message of customer’s identification and buying price created by SC. -C: the secure message of payment created by customers -C': customers pay for the encrypted patent B i 11
多媒體網路安全實驗室 -B i : the information of customer’s buying -B: the entire information database -D: the digest of B i -Price: the price of customer’s buying B i -e-Cash: electronic cash based on blind signature 12
多媒體網路安全實驗室 A. Initialization Phase 1.Customers previously skim over the digest and price of buying information database B. 2.The customer produces a pair of keys (PK C,SK C ) and SC produces a pair of keys (PK SC,SK SC ). B. Authentication and Purchase Phase 1.The customer uses public key 2.The customer delivers encrypted M to SC. 3.SC receives M,and 13
多媒體網路安全實驗室 4.SC verifies the customer’s ID from Database 1, collates the ID of all the membership and temporarily stores the qualified customers’ID. 5.SC computes Hash function operation 6.SC gets the buying information and price from Database 2. The qualified B i and price will temporarily store in SC. 7.SC: to customer. 8.Customer: 14
多媒體網路安全實驗室 C. Payment Phase 1.Customer: uses the public key PK SC of SC to encrypt 2.The customer delivers C to SC 3.The SC receives and decrypts C 4.SC will check its validity and whether it is doublespending to the bank.If the eCASH is no problem,the payment phase is finished. 15
多媒體網路安全實驗室 D. End Phase 1.SC: 2.SC transfers C' to the customer and saves(ID', C', eCASH) of the customer in Database 3. 3.the customer obtains C’ and decrypts it. 4.Then the deal of buying information is over. 16
多媒體網路安全實驗室 THE SECURITY ANALYSIS OF THE PROPOSED SCHEME A. The Analysis in the Authentication Phase The information which transfers between SC and the customer is encrypted by the public-key cryptography. Because the identity authentication process of the customer is processed in SC,it can protect the user privacy in the authentication phase. SC gets all the ID from Database 1 and compare to the customer’s ID,Because all the ID of the legal customers are caught into SC(no one including the server knows which customer wants to buy information.) 17
多媒體網路安全實驗室 B. The Analysis in the Purchase Phase SC gets all the information in B and the price to compare with Bi and Price. Then, keep the match information in SC Because all information is caught into SC, no one including the server knows what the customer buys. 18
多媒體網路安全實驗室 C. The Analysis in the Payment Phase 1.SC will check its validity and whether it is double- spending to the bank.The bank can only confirm that the eCASH is approved by the bank or not. 2.For reaching the goal of non-repudiation in the deal SC saves (ID', C', eCASH) into Database 3. the secret information C' is encrypted by PK C So,everyone including the server does not know B i. 19
多媒體網路安全實驗室 CONCLUSIONS The proposed scheme solves the flaw in the previous PIR schemes which did not consider the e-payment need. To keep the privacy protection property of PIR schemes, we choose an e-cash scheme using a blind signature. Let the customer choose a random number r as a blinding factor for protecting his privacy. 20
多媒體網路安全實驗室