Computer Science Dr. Peng NingCSC 774 Advanced Network Security1 Topic 3.2: Micro Payments.

Slides:



Advertisements
Similar presentations
Ari Juels RSA Laboratories Executable Financial Instruments and MicroMint on the Cheap with Markus Jakobsson Bell Laboratories.
Advertisements

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
Computer Science Dr. Peng NingCSC 774 Advanced Network Security1 Topic 3.1: NetBill.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 4.2 BiBa.
Secure Multiparty Computations on Bitcoin
CSC 774 Advanced Network Security
CSC 774 Advanced Network Security
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 3.3: Fair Exchange.
Digital Signatures and Hash Functions. Digital Signatures.
PAYWORD, MICROMINT -TWO MICROPAYMENT SCHEMES PROJECT OF CS 265 SPRING, 2004 WRITTEN BY JIAN DAI.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Preparation for In-class Presentations.
Copyright 1996 RSA Data Security, Inc. All rights reserved.Revised 1/1/96 PayWord and MicroMint: Two Simple MicroPayment Schemes Ronald L. Rivest (MIT)
Slide 1 Vitaly Shmatikov CS 378 Digital Cash. slide 2 Digital Cash: Properties uDigital “payment message” with properties of cash uUnforgeable Users cannot.
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.
IHP Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt (Oder) Germany ©
ELECTRONIC PAYMENT SYSTEMS SPRING 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 9: Micropayments I.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
Micro-Payment Protocols and Systems Speaker: Jerry Gao Ph.D. San Jose State University URL:
ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 10 Micropayments II.
1 Formal Specification and Verification of a Micropayment Protocol Alex X. Liu The University of Texas at Austin, U.S.A. October 13, 2004 Co-author: Mohamed.
Electronic Check Payment Protocols and Systems
Unlinkable Secret Handshakes and Key-Private Group Key Management Schemes Author: Stanislaw Jarecki and Xiaomin Liu University of California, Irvine From:
ELECTRONIC PAYMENT SYSTEMS SPRING 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 9: Micropayments II.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS eCommerce Technology Lecture 10 Micropayments II.
Computer Science 1 CSC 774 Advanced Network Security Dr. Peng Ning
Electronic Payment Systems. Transaction reconciliation –Cash or check.
Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.
Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson Bell Laboratories.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.
Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning1 CSC 774 Advanced Network Security Topic 4. Broadcast Authentication.
Security Introduction Class February Overview  Security Properties  Security Primitives  Sample Protocols.
CS555Topic 211 Cryptography CS 555 Topic 21: Digital Schemes (1)
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
Secure Electronic Transaction (SET)
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal.
Lecture 8 e-money. Today Secure Electronic Transaction (SET) CyberCash On line payment system using e-money ECash NetCash MilliCent CyberCoin.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Micropayments Revisited Background for Peppercoin scheme By Willer Travassos.
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
TM MilliCent Scrip, Security and Secrets TM Dr. Mark S. Manasse DIGITAL Systems Research Center, Palo Alto
MSRC: (M)icropayment (S)cheme with Ability to (R)eturn (C)hanges Source: Journal of Information Science and Engineering in review Presenter: Tsuei-Hung.
Micro-Payment Payment method for very small amount of money. Based on cumulative transactions. Players, i.e.: ‣ CyberCoin (typically $0.25-$10) ‣ PayWord.
Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.
Module 9 Micropayment systems. Properties of micropayment systems Micropayments do not have a real-world cash equivalent – cash cannot be divided into.
Prepared by Dr. Lamiaa Elshenawy
Micropayments Revisited Ronald L. Rivest (with Silvio Micali) MIT Laboratory for Computer Science RSA Conference 2002.
Chapter 4 - X.509 Authentication TE-405 Network Security and Management Fall Dr. Faisal Kakar
Electronic Cash R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
TOMIN: Trustworthy Mobile Cash with Expiration-date Attached Author: Rafael Martínez-Peláez and Francisco Rico-Novella. Source: Journal of Software, 2010,
多媒體網路安全實驗室 Private Information Retrieval Scheme Combined with E- Payment in Querying Valuable Information Date: Reporter: Chien-Wen Huang 出處:
Multi-Vendor PayWord with Payment Approval Andrea Huszti University of Debrecen Debrecen, Hungary.
1 Original Message Scrambled Message Public Key receiver Internet Scrambled+Signed Message Original Message Private Key receiver The Process of Sending.
Mar 18, 2003Mårten Trolin1 Agenda Parts that need to be secured Card authentication Key management.
Chapter 4 a - X.509 Authentication
Information Security message M one-way hash fingerprint f = H(M)
Practical E-Payment Scheme
Information Security message M one-way hash fingerprint f = H(M)
Information Security message M one-way hash fingerprint f = H(M)
Presentation transcript:

Computer Science Dr. Peng NingCSC 774 Advanced Network Security1 Topic 3.2: Micro Payments

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security2 Outline Micropayment systems –Make small purchase over the Internet Two simple micropayment schemes –PayWord –MicroMint

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security3 PayWord and MicroMint Main goal –Minimize the number of public key operations –Use hash operations instead whenever possible Hash functions are –100 times faster than RSA signature verification –10,000 times faster than RSA signature generation BrokerUser Vendor authorize pay redeem

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security4 PayWord Overview –Credit based scheme –Based on chains of paywords (hash values) –Broker gives a certificate to user to allow him/her to make paywords –User authenticates a complete chain to the vendor with a single public-key signature –User successively reveals each payword in the chain to make micropayment –Vendor gets money through broker.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security5 PayWord (Cont’d) User-Broker relationship –User U establishes an account with broker B Credit card number, expiration date, etc. –Broker B gives user U a certificate Expiration date Credit limit per vendor Contact information of broker B … –The certificate: B will redeem authentic paywords produced by U turned in before the given expiration date. Essentially allows U to produce paywords.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security6 PayWord (Cont’d) User-Vendor relationships –Randomly choose w n, and compute the paywords –User U sends Vender V her commitment M={V, C U, w 0, D, I M } SK U –Commitment is vendor-specific and user-specific w0w0 w2w2 wnwn w1w1 … h hhh h: one-way hash function

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security7 PayWord (Cont’d) Payment –A payment P from U to V –P = (w i, i) –U spends her paywords in order –Variable-size payment Example: U has just paid (w 3, 3). What should U send to V if she wants to pay 3 more cents? (_____, _____)

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security8 PayWord (Cont’d) Vendor-Broker relationship –For each User U, Vender V needs to send Broker B The commitment C U The last payment P=(w l, l) received from U –Broker verifies C U and each payment P=(w l, l) –Questions: What’s the cost of verifying P=(w l, l) ? –__________________ What property(ies) of the hash function is used in PayWord? –___________________

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security9 MicroMint Overview –No public key operations –For unrelated low-value payments –Broker produces MicroMint coins A coin is a bit string whose validity can be checked by anyone –Users purchase the coins –Users give the coins to vendors as payments –Vendors return coins to broker in turn for payments by other means.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security10 MicroMint (Cont’d) Coins –Each coin is represented by a k-way collision that has distinct x i ’s. –The number of x-values that must be examined before one expects to see the first k-way collision is approximately 2 n(k-1)/k, where n is the number of bits in y. x1x1 x2x2 y xkxk … h h h h(x 1 )=h(x 2 )=…=h(x k )=y (x 1, x 2, …, x k ): k-way collision

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security11 MicroMint (Cont’d) Minting coins –Equivalent to throwing balls into 2 n bins Randomly select x, and compute y=h(x). –Throw approximately k*2 n balls Roughly 1/2 of the bins have at least k balls. x h y=h(x)

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security12 MicroMint (Cont’d) Minting coins –Question: If there are more than k x’s in the same bin, can we make more than one coin out of it? ________________ –Balance computational and storage requirements Good coins: a coin is good only when the high-order t bits are equal to a given value. Reduce the storage requirements Slow down the generation process –Tosses k*2 n balls, but get (1/2)*2 (n-t) coins.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security13 MicroMint (Cont’d) Selling coins –Broker B remembers what coins User U gets Making payments –Vendor V can verify each coin Redemption –Vendor returns the coins to the broker –Broker checks coins and pays the vendor Only pay for coins that have not been previously returned.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security14 MicroMint (Cont’d) Double spending –Broker can detect doubly-spent coin –Broker can identify from which vendors he received such coins –Broker can link the doubly-spent coins with each user

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.