580 likes | 959 Views
Electronic Cash. Bahman Radjabalipour Ositadimma Maxwell Ejelike School of Computer Science University of Windsor April 2006. Contents. Introduction “What is money?” "Research on electronic payment model“ "A new electronic cash model”
E N D
Electronic Cash Bahman Radjabalipour Ositadimma Maxwell Ejelike School of Computer Science University of Windsor April 2006
Contents • Introduction • “What is money?” • "Research on electronic payment model“ • "A new electronic cash model” • “PayCash: a secure efficient Internet payment system.” • Conclusion
Paper 1 WHAT IS MONEY? Ray Byler, Ph.D. Assistant Professor of Computer Science Lyon College Batesville, Arkansas 72501
Introduction • Most of the money that exists today doesn't exist as greenbacks, but as 1's and 0's in some computer. • Any monetary system, digital or otherwise, must be based on trust. • Reliability of that system • The belief that others will accept the system
Areas of Concern • Convertibility and Flexibility • connection to other monetary schemes • Converting electronic dollars to electronic coins • Privacy • Will government be able to track everything that users earn and spend • governments determine banking rules and regulations • Acceptability • Cost
Background Terms • Public-key Encryption • Diffie-Helman encryption • Messages encrypted with the public key can only be decrypted with the private key and vice-versa • RSA Encryption • Crated by Rivest, Shamir, and Adleman • less communications overhead • less secure • Digital Certificates • For verifying a public key
Minting Digital MoneyImportant Digital Money Schemes • Ecash • Internet Keyed Payments Protocol (iKP) • Micro Payment Transfer Protocol (MPTP) • CyberCash • NetCheque • NetCash.
Ecash • Creation of Dr. David Chaum • Diffie-Hellman public-private key • Proprietary rather than an open system • Did not have a payment limit to limit customer loss • Ecash had been used by Mark Twain Bank
Ecash: Minting Process • Ecash coin begins life as a 100-digit random number chosen by a user software package • The user transmits this number to the bank/mint along with the denomination requested. • The bank/mint verifies that the number is not already in use, • Validates the number by encoding the number with the private key • Debits the user's account • Transmits the validated number back to the user, who records the coin on his hard disk.
Ecash: Minting Process (cntd) • Bank tracks the “serial number” of each coin that it issues to ensure that a coin is not used twice • Merchant must immediately check with the bank to verify the coins for each and every transaction • This is computationally expensive for buying something like a newspaper • Blind Signatures: a bank can verify that a coin is good, but cannot identify to whom it was issued.
iKP - Internet Keyed Payments Protocol • Proposed open standard by IBM • Securing electronic commercial transactions • Based on RSA public-key cryptography • Users with no prior relationship • iKP is designed to work with all Internet communications channels (e.g. http, shttp, email) • encryption is limited to sensitive data such as account numbers and PINs • The potential for credit card fraud is reduced by only transmitting account numbers between buyers and banks, sellers never see the account numbers
iKP: weaknesses • Privacy: All payments can be traced • There is no support for small real-time payments
SET (Secure Electronic Transaction) • Based on iKP • developed by a consortium led by MasterCard and Visa • Primarily deals with credit card payments • Uses RSA for signatures • Private-key encryption: DES
Micro Payment Transfer Protocol (MPTP) • Closely linked to the proposed iKP standard • Is designed for payments that are too small to justify the overhead of iKP • MPTP processes can mostly be done off-line • Makes no distinction between merchant and customer • MPTP is based on Lamport's S/Key authentication mechanism (rfc1731)
CyberCash • Proprietary scheme • It is designed to work with credit cards, electronic checks, and electronic cash • It is presently implemented for credit cards • It is currently used by CyberCash Corporation, Xerox, Point Scandinavia AS, and the Bank of America, and is certified by most major credit cards.
NetCheque and NetCash • invented by Clifford Neuman, Information Sciences Institute (ISI), University of Southern California (USC) • Based on the Kerberos security software system • Funded by ARPA (Advanced Research Projects Agency) • NetCheque software is free for personal, non-commercial or limited commercial use.
Paper 2 Research on Electronic Payment Model Bo Meng Qianxing Xiong College of Computer Science and Technology Wuhan University of Technology
Introduction This paper introduces the 3e payment model. The 3e payment model includes: • electronic credit card payment model • electronic cash payment model • electronic check payment model
Introduction Every electronic commerce system generally includes three parts: • data communication system: online procedure to establish business • logistics system: delivers products • electronic payment system.
JW (Janson and Waidner) Model • In JW model the electronic payment system is classified into: • cash-like payment system • cheque-like Payment System. • Both types of payment systems are direct payment systems, i.e., a payment requires an interaction between buyer and seller.
JW Model (cntd) • There are also indirect payment systems where either buyer or seller initiates the payment without having the other party (seller or buyer, respectively) involved online.
NA (N.Asokan) Model • In N.Asokan model two criterions are used to classify the electronic payment system • direct or indirect communication • The second criterion is the relationship between the time the payment initiator consider the payment as finished, and the time the value is actually taken from the payer. • N. Asokan model includes four payment models: • direct cash-like system • direct cheque-like system • indirect push system • indirect pull system.
3e Payment Model • Based on the previous two models • 3e model includes: • Electronic credit card payment model • Electronic cash Payment model • Electronic check Payment model
Properties Of Online Payment Protocols • Security: • message integrity • data confidentiality • Accountability • Atomicity: • money atomicity • goods atomicity • Certified delivery • Anonymity • Non-repudiation: provides proof of the integrity and origin of data • Fairness
Paper3 A New Electronic Cash Model Written By Xiaosong Hou, Chik How Tan
Introduction • The paper presented a customer generated electronic cash model that offers unique trade-off between credit card and traditional off-line electronic cash systems • It addressed the problem of Online Transactions with Credit Cards as well as issues with current electronic payment systems • It applied the concept of Group Signatures, in the New Electronic Payment System.
Group Signature • Introduced by Chaum and Heijst in 1991 • Type of Digital signatures that allows registered group member to produce a digital signature on a message • Consists of four procedures • Setup • Sign • Verify • Open
Group Signature Contd • Security Requirements for secured Group Signatures • Correctness • Anonymity • Unforgeability • Unlinkability • Exculpability • Traceability
The New Electronic Payment Model. • Four Entities Involved • Bank,Group registration manager, maintains the accounts of all customers and registers new customers. • The clearing house, Group revocation manager, clears the transactions between the shop and the customer. • The customer, group member, can make payment by signing the transaction message using his/her private membership key. • The shop can verify the signature using the group public key published by the bank
Transactions in the New Electronic Payment Model • Account Opening Transaction. Customer opens account in the bank and obtain a valid membership certificate and a secret • Payment Transaction. Shop prepares payment message that contains transaction information, such as date, time, shop ID, currency and amount. Customer pays by signing the transaction message using his/her private membership key. The shop verifies the correctness of the customer’s payment signature, using the group public key published by the bank.
Transactions in the New Electronic Payment Model Contd. • Deposit Transaction. The shop deposits the collected payment messages to the clearing house. The clearing house, verifies the validity of the deposited payment transcripts, and sends the bank periodic summaries of settlement of funds. All transactions and settlement records are kept as evidence for audit and security purposes. • Tracing Transaction. The bank knows the linkage between the account number and the customer identity, while the clearing house knows the linkage between the account number and the payment history, therefore, if and only if a Tracing Order (TO) is issued from the Judge, the clearing house can cooperate with the bank to achieve fair tracing.
Building Blocks • It was derived from zero-knowledge proofs of a piece of information, and are denoted as ‘ZKP’ for short. • ZKP { (a) : y1 = ga1^ y2 = ga2}
Proposed Electronic System • Bank Parameters • The bank chooses two large random prime numbers p and q of the form p = 2p_+1 and q = 2q_+1 where p and q_ are prime numbers as well. The bank publishes n = pq and keeps p and q secret, then defines a subgroup of Z∗n and chooses two numbers z, h from this subgroup. • The Parameters of the Clearing House • The secret key of the clearing house is x and the public key of the clearing house is y = gx. Then a collision free hash function H is published
Proposed Electronic System Contd. • Opening AccountThe customer chooses two random prime numbers e and en, then he/she computes em = een and zm = zen. The bank computes u = zm 1/emand sends u to the customer, who checks that z = ue. The bank stores (u, em, zm) and the customer’s identity in the bank’s customer database.The customer keeps (u, e) as his/her membership key • Payment Protocols • The shop first generates a transaction message of payment for the customer to sign: m =H(ShopID,Date, Time, Amount,Currency). • The customer chooses an integer w and computes a =gw, b = uywand d = gehw. • Then the customer chooses r1, r2 and r3, and computes t1 = br1(1/y)r2 , t2 = ar1(1/g)r2, t3 =gr3 , t4 = gr1hr3 . After computation of c =H(g||h||y||z||a||b||d||t1///t2//t3//t4//m), the customer computes s1 = r1 − c(e − 2l1 ), s2 = r2 − cew, and s3 = r3 − cw.
Proposed Electronic System Contd. • The signature of m is (c, s1, s2, s3, a, b, d). • The shop verifies the signature using the equation c =H(g||h||y||z||a||b||d||zcbs1−c2l1/ys2||as1−c2l1/gs2||acgs3||dcgs1−c2l1hs3||m). • The shop accepts the signature on the transaction message as a valid payment signature if the above stated equation holds • Deposit Protocol • The clearing house computes the identity code u = b/ax
Proposed Electronic System Contd. • Deposit Protocol • The clearing house computes the identity code u = b/ax
Security Analysis • Anonymity: loggaequals to logy(b/b´ ) • Unforgeability: Only registered members signs signatures • Unlinkability: To find if two signed transaction messages (c, s1, s2, s3, a, b, d) and (c´, s1´, s2´, s3´, a´, b´, d´ ) are from the same customer will be logy(a/a´ )= logy(b/b´ )= logy(d/d´ ) • Non-framing: Since it is hard to compute the discrete logarithm of z to the base u, which known by customer, bank, clearing house and some customers cannot collude to sign name of non-involved customer
Paper 4 PayCash: A Secure Efficient Internet Payment System Written By Jon M. Peha and Ildar M. Khamitov
Introduction • The paper describes PayCash, an Internet payment system that was designed to offer strong security and privacy protection. • This system creates verifiable records of all transactions that cannot be forged or undetectably altered by the party sending funds, the party receiving funds, or even by the operator of the payment system. • Flexible enough to accommodate privacy and security laws that differ from nation to nation. • It can be use by business-to-consumer, peer-to-peer funds transfers among consumers and among Businesses, and transfers from one agent of a licensed international funds transfer company to another.
STATUS QUO • Most Online transactions are done with Credit Cards • Credit card Frauds • Privacy is compromised with spam emails and telemarketing calls • Cost of transferring a payment can exceed the cost of the product itself.
DESIGN GOALS OF EFFECTIVE PAYMENT SYSTEM • Tamper-proof records: • Privacy Protection: • Flexible anonymity policies: • Protection from password guessing • Protection from outside observers: PAYCASH DESIGN GOALS • Support for disconnected users: • Wide range of payments: • Multiple currencies: • Scalability
THE SUITABILITY OF CHAUM’SELECTRONIC COINS • Digital strings that can be transferred anonymously from person to person just like cash. • a coin with serial number X is defined by{ X, g-1(f(X)) }, where f(.) and g(.) are functions that are easy to calculate and hard to invert. • Only payment system’s agent (which we call the Payment Authorizer) can “mint” a coin because only this agent can apply the function g-1(.) • The agent must mint the coin with serial number X without learning X or f(X).
LIMITATION OF CHAUM’S COIN. • A serious limitation of this scheme is the absence of tamper-proof transaction records. • Supporting a wide range of payments is also problematic. • List of all spent coins must be maintained, and frequently searched.
PAYCASH APPROACH • Producing Tamper-Proof Records • All transaction records are digitally signed, and integrated into the payment system itself to create tamperproof records • Customer generates a pair of public and private keys, P and S for this signature. • Coin is { P, g-1(f(P)) }.P is both serial number and public key. To transfer one coin, the user sends {record, Sign(S,record), P, g-1(f(P)) }. • Record is a description of the transaction, including recipient of the funds, timestamp, and any other information, or at least a hash of the function
CONDITION FOR VALID PAYMENT. • Payment has not already been made with serial number C. • The coin has been properly minted with the g(.) function i.e. f(C)=g(D), • The digital signature is correct, i.e. Verify(C, B) = A, • The recipient of the funds transfer corresponds with the one listed in record A.