100 likes | 261 Views
A New Efficient Micropayment Scheme Against Overspanding. Outline. Introduction PayWord Scheme New Scheme Example Performance Analysis Comments. Introduction. Types On-line system Protect customers from Double Spending & Overspending Ex. Millicent. Off-line system More efficient
E N D
Outline • Introduction • PayWord Scheme • New Scheme • Example • Performance Analysis • Comments
Introduction • Types • On-line system • Protect customers from Double Spending & Overspending • Ex. Millicent. • Off-line system • More efficient • Ex. PayWord • Adachi et al.(2003) • Customer certificate abuse attack => Cannot prevent double spending & Overspending • New scheme • Based on probabilistic polling • Loss shared by bank and merchant
Adachi et al. scheme • Title: The Security Problems of Rivest and Shamir's PayWord Scheme • Authors: Adachi, N., Aoki, S., Komano, Y. and Ohta, K. • Source: IEEE International Conference on E-Commerce, 2003(CEC 2003), 24-27 June 2003, Pages: 20 – 23 • When a customer exceeds his credit • Bank take full charge • Bank and shop share the damage • Attacks: • Customer certificate abuse attack • Use the same cetificate at another shop and exceed the credit • Bank falsification attack • Bank damage the shops
PayWord Scheme Bank(B) Customer(C) Store(S) 1.Request E: Expired dateInfo: Information 2.CC={IB,IC,AddrC,PKC,E,Info}SKB 3.Verify CC 4. Random wnw0=hn(wn) wi-1=h(wi) 5.M={IS,CC,w0,D,n}SKC 6.Verify M,CC 7.Order, (i,wi) 8. hi(wi)?=w0 9.Goods/Service 10. (i,wi),M 11.Verify M,CC 12.Update DB ※ Payword n: {w0,w1, w2, …, wn}
New Scheme(1/3) Stage Customer(C) Bank(B) MC =10: Credit limitXC =0: Counter of polling messageLC ={.}: Merchants records Bank Initialization PC={MC ,XC ,LC}={10,0,{.}} Registration CertC={IDB,IDC,AC,PKC,Expiry,Add}SKB Withdraw Order Request fC=K/MC=5/10 =0.2 Random wnw0=Hn(wn)wi-1=H(wi) CertC={IDB,IDC,AC,PKC,Expiry,fC}SKB K=2: Expect # of polling (eg.2-10)T=5: Threshold value for suspecting (eg.5-30)
New Scheme(2/3) VC=4: Dollar value of the payment Stage Bank(B) Customer(C) Merchant(M) Commit={IDM,CertC,w0,VC,Expiry,Add}SKC Payment VC×fC >1 Halt VerifyLC← M Commit VC×fC≦1 Acknowledgement IF XC<T=5 Otherwise Accept Broadcast to LC Halt (i,wi) w0=hi(wi) IDC,VC XC=XC+1 Based on p=VC×fC=VC×K/MC=4×0.2≦1 Acknowledgement IF XC<T Otherwise Accept Broadcast to LC Halt Goods/Service
New Scheme(3/3) Stage Bank(B) Customer(C) Merchant(M) (i,wi),Commit Deposit Compute ZCper day IF ZC>MCTHEN Freeze C’s account Loss shared by B and Mall LC: MC×XM/XC ZC: Total value of the payments of C on a day XM: The number of M report
Performance Analysis • Security • No Forgery & Invalid spending => RSA cryptography & H() • Overspending => Probabilistic polling • Fairness • Bank shares loss with merchant • More fair than PayWord • Efficiency • Modest increase communication overhead • Computational cost almost the same as PayWord • Restricted Anonymity • IDC is not the real identity => M cannot determine
Comments • 結合 On-line & Off-line system的優點 • 利用機率來進行 on-line check • Performance問題 • Polling • Broadcast to LC • Bank 須紀錄LC(Store List)