Presentation is loading. Please wait.

Presentation is loading. Please wait.

Multi-Vendor PayWord with Payment Approval Andrea Huszti University of Debrecen Debrecen, Hungary.

Published byJulia Gardner Modified over 9 years ago

Similar presentations

Presentation on theme: "Multi-Vendor PayWord with Payment Approval Andrea Huszti University of Debrecen Debrecen, Hungary."— Presentation transcript:

1 Multi-Vendor PayWord with Payment Approval Andrea Huszti University of Debrecen Debrecen, Hungary

2 Contents Micropayments vs. macropayments PayWord Security requirements Modeling modified PayWord Applied pi calculus, ProVerif Security analysis

3 Micropayments vs. macropayments Micropayments: consequence of Internet applications charge small amount (<$1 or <$10) one song, one article, on-line games etc. content and service providers Minimize financial costs

4 Micropayments vs. macropayments SSL – based e-payment: – Minimal transaction fee: 20-30 cents per purchases – 2-6% fee per purchases – Monthly fee – Installation fee (once) Cannot be used for micropayments Cost of disputes and charge backs: price + transaction fees + penalty (>$150 Payment Technologies for E-commerce) for the vendor in case of micropayments

5 Micropayments Our goal is to increase security level of PayWord, minimize disputes, charge backs or to avoid attacks that ruin the reputation of the vendor. Computational costs should be minimized ---> no public key cryptography Payment approval

6 PayWord - Preparation User (U) – Broker (B) relationship – U B : U, PKU – B U : Sign SKB (B,U,PKU,E,Inf) = C U (PayWord certificate) User (U) – Vendor (V) relationship – U: w n, w n-1, w n-2, …, w 1, w 0 - payword hash chain w i =H(w i+1 ) – U V: Sign SKU (V,C U, w 0,D) = M U

7 PayWord - Payments – U V: (w 1,1) – U V: (w 2,2) – U V: (w 3,3) … – U V: (w n,n)  Short term relationship  fast (no public key crypto)  off-line (no broker is on-line) Verification: H i (w i )=w 0 H i-j (w i )=w j if j<i (store w i )

8 PayWord – Pay-off Vendor (V) – Broker (B) relationship – V B: Sign SKU (V,C U, w 0,D), (w l,l) Security requirements – Secrecy of payment information – Unreusability (double-spending prevention) – Payment authorization – Payment approval

9 Multi-Vendor PayWord Semi-onlineOn-line databaseBlack list broker is on-line, whenever a customer changes vendors expensive each vendor has access a vendor reads and modifies data for every transaction expensive brokers maintain a list of users who did not pay for products, services do not prevent first violations M. Payeras-Capella, J. L. Ferrer-Gomila, L. Huguet-Rotger, LNCS, (2003) M. Hosseinkhani, E. Tarameshloo, M. Shajari, CIS (2010) C.T. Wang, C.C. Chang, C.H. Lin, ECR, (2002) H. Wang, J. Ma, J. Sun, ECS, (2009) Idea: PayWord certificate protects against double-spending

10 Multi-Vendor PayWord with Payment Approval Participants: User (U), Vendors (V 1, …,V j ), Broker (B) User: 1.Generates two random values: w n (=w j,k j ), v 2. w i,l = U can spend at most k i paywords at V i w j,k j,...,w j,0, w j-1,k j-1,...,w j-1,0, …,w 1,0 H(w i,l+1 ), if 0≤l<k i H(Enc v (w i+1,0 )), if l=k i

11 Multi-Vendor PayWord with Payment Approval: Preparation User Broker K random AEnc B (Sign U (K, hostU, hostB)), hostU n random BConnectstoU(hostU,hostB,K,n) Enc K (n,hostU) UAcceptsB(hostU,hostB,K,n) Enc K (CardInf, hostU, n, w j,0, hostV j, …,w 1,0, hostV 1 ) ValidCertificate(hostU,hostB,K,n) Sign B (hostB, hostU, E, I, w j,0, hostV j, …,w 1,0, hostV 1 ) BAcceptsU(hostU,hostB,K,n)

12 Payment authorization Guarantees a proof for the vendor, that there is sufficient fund on the user’s account. : 1.Broker authentication 2.Consumer authentication 3.Certificate Secure payment authorization is achieved, if the certificate is undeniable.

13 Secrecy of payment information Confidential payment information is not revealed for adversaries. Unreusability If the same coin is spent more than once, then the identity of the second spender should be detected.

14 Multi-Vendor PayWord with Payment Approval: Payments User Vendor i KV random s, hostV i s random V i AcceptsMU(hostU,hostV i ) V i ReadytoPurchase(hostU,hostV i ) Sign U (PwCert, D, s, AEnc V i (KV)) Enc KV (page l ) V i AcceptsPayment l (hostU,hostV i )UV i EndsPayment l (hostU,hostV i ) OrderInf l, MAC H(KV) (OrderInf l,w i,l,l) w i,l,l

15 Payment approval Generates a proof for the vendor that a consumer agrees to pay a certain amount of money for a particular product. 1.User authentication 2.Vendor authentication 3.Order information 4.Price information Secure payment approval is achieved, if the proof is undeniable. proof

16 Multi-Vendor PayWord with Payment Approval: Pay-off Vendor i Broker Sign U (PwCert, D, s, Enc V i (VK)), (w i,l,l), hostV i

17 Applied pi calculus Σ: a set of function symbols L,M,N, T,U,V ::= terms – a, b, c, … name – x, y, z variable – f(M 1 1, …,M l ) function application P,Q,R ::= processes – 0 null process – P|Q parallel composition – !P replication – νn.P name restriction (new) – if M = N then P else Q conditional – u(x).P message input – u.P message output A,B ::= extended processes – P plain process – A|B parallel composition – νu.A restriction – {M/x} active substitution

18 ProVerif for analyzing cryptographic protocols automatically handles input files encoded in applied pi we can formalize cryptographic primitives Proves: – Reachability  secrecy – Correspondence assertions  authenticity

19 Equation theory Fun H/1. – hash function Fun Mac/2. – Mac function Fun senc/2. – symmetric encryption Reduc sdec(senc(x,y),y)=x Fun pk/1. – keygeneration Fun penc/2. –asymmetric encryption Reduc pdec(penc(x,pk(y)),y)=x Fun sign/2. – digital signature with message recovery Reduc checksign(sign(m,k),pk(k))=m

20 ProVerif queries Reachability: – query attacker : m. Correspondance assertions: – F ==> H : if F holds, then H also holds – Important stages: events – query ev : a(x; y) ==> ev : b(y; z) – query evinj : a(x; y) ==> evinj : b(y; z)

21 Queries Payment Authorization: query evinj: ValidCeritficate (x,y,z,t) ==> evinj: BconnectstoU(x,y,z,t). query evinj: BacceptsU(x,y,z,t) ==>(evinj: UacceptsB(x,y,z,t) ) ==> evinj: BconnectstoU(x,y,z,t)). proof: Sign B (hostB, hostU, E, I, w j,0, hostV j, …,w 1,0, hostV 1 ) Secrecy of PI: query attacker:CardInf.

22 Multi-Vendor PayWord with Payment Approval: Preparation User Broker K random AEnc B (Sign U (K, hostU, hostB)), hostU n random BConnectstoU(hostU,hostB,K,n) Enc K (n,hostU) UAcceptsB(hostU,hostB,K,n) Enc K (CardInf, hostU, n, w j,0, hostV j, …,w 1,0, hostV 1 ) ValidCertificate(hostU,hostB,K,n) Sign B (hostB, hostU, E, I, w j,0, hostV j, …,w 1,0, hostV 1 ) BAcceptsU(hostU,hostB,K,n)

23 Queries Payment Approval: query evinj: V i AcceptsPayment(x,y) ==> evinj: V i ReadytoPurchase(x,y) query evinj: UV i EndsPayment(x,y) ==> evinj: V i AcceptsMU(x,y) proof: MAC H(KV) (OrderInf l,w i,l,l)

24 Multi-Vendor PayWord with Payment Approval: Payments User Vendor i KV random s, hostV i s random V i AcceptsMU(hostU,hostV i ) V i ReadytoPurchase(hostU,hostV i ) Sign U (PwCert, D, s, AEnc V i (KV)) Enc KV (page l ) V i AcceptsPayment l (hostU,hostV i )UV i EndsPayment l (hostU,hostV i ) OrderInf l, MAC H(KV) (OrderInf l,w i,l,l) w i,l,l

25 Thank you for your attention!

Download ppt "Multi-Vendor PayWord with Payment Approval Andrea Huszti University of Debrecen Debrecen, Hungary."

Similar presentations

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
PAYWORD, MICROMINT -TWO MICROPAYMENT SCHEMES PROJECT OF CS 265 SPRING, 2004 WRITTEN BY JIAN DAI.

PAYWORD, MICROMINT -TWO MICROPAYMENT SCHEMES PROJECT OF CS 265 SPRING, 2004 WRITTEN BY JIAN DAI.
Computer Science Dr. Peng NingCSC 774 Advanced Network Security1 Topic 3.2: Micro Payments.

Computer Science Dr. Peng NingCSC 774 Advanced Network Security1 Topic 3.2: Micro Payments.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Copyright 1996 RSA Data Security, Inc. All rights reserved.Revised 1/1/96 PayWord and MicroMint: Two Simple MicroPayment Schemes Ronald L. Rivest (MIT)

Copyright 1996 RSA Data Security, Inc. All rights reserved.Revised 1/1/96 PayWord and MicroMint: Two Simple MicroPayment Schemes Ronald L. Rivest (MIT)
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.

Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
Payment Methods Prepared By William Cheung COMP3610 (Fall 2001) CS, HKBU.

Payment Methods Prepared By William Cheung COMP3610 (Fall 2001) CS, HKBU.
ELECTRONIC PAYMENT SYSTEMS 20-763 SPRING 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 9: Micropayments I.

ELECTRONIC PAYMENT SYSTEMS SPRING 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 9: Micropayments I.
SET – Secure Electronic Transaction Setting The Stage For Safe Internet Shopping -Jignesh Shah- -Riyaz Malbari-

SET – Secure Electronic Transaction Setting The Stage For Safe Internet Shopping -Jignesh Shah- -Riyaz Malbari-
Micro-Payment Protocols and Systems Speaker: Jerry Gao Ph.D. San Jose State University URL:

Micro-Payment Protocols and Systems Speaker: Jerry Gao Ph.D. San Jose State University URL:
20-763 ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 10 Micropayments II.

ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 10 Micropayments II.
1 Formal Specification and Verification of a Micropayment Protocol Alex X. Liu The University of Texas at Austin, U.S.A. October 13, 2004 Co-author: Mohamed.

1 Formal Specification and Verification of a Micropayment Protocol Alex X. Liu The University of Texas at Austin, U.S.A. October 13, 2004 Co-author: Mohamed.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.

Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

Similar presentations

Ads by Google