Clemente-Cuervo et al. A PDA Implementation of an Off-line e-Cash Protocol.
-
Upload
cody-jeffrey-walsh -
Category
Documents
-
view
214 -
download
0
Transcript of Clemente-Cuervo et al. A PDA Implementation of an Off-line e-Cash Protocol.
Clemente-Cuervo et al.
A PDA Implementation of an Off-line e-Cash
Protocol
Clemente-Cuervo et al.
E-cash basic definitions
Clemente-Cuervo et al.
Features of the Standard Cash
• Banknotes:Provides anonymity
They are valid virtually everywhere
The legitimate owner is the one who carries them
Portability of great amounts of money is difficult/risky
All transactions must be performed personally
Clemente-Cuervo et al.
• Credit/Debit Cards:transactions of big quantities of money are possible
They are portable and secure →People trust them.
Electronic transactions are possible
They can be used for getting banknotes
A legitimate owner must authenticate him/herself
They do not provide anonymity
The Bank must authorize the transaction via electronic connection → on-line protocols are required
Credit/Debit Cards Features
Clemente-Cuervo et al.
Alternative: E-cash
• Goals– To substitute standard banknotes– To provide more flexibility than credit/debit
cards• Requirements
– anonymity – Non-traceable protocols – fairness– divisibility– transferability – Off-line protocols– accountability
Clemente-Cuervo et al.
E-cash: Previous Works (1/2)
• In 1982, David Chaum proposed a way to make electronic
payments anonymously, introducing the concept of e-
cash.
• However the main drawback of the e-cash concept is that
electronic money could be copied and reused (double
spending problem).
• In ‘88, Chaum, Fiat and Naor proposed an off-line protocol.
• In ’91, Okamoto and Otha proposed that an ideal e-cash
system should have the following properties:
independence, security, privacy, off-line payment,
transferability, divisibility.
Clemente-Cuervo et al.
E-cash: Previous Works (2/2)
• In 1993, S. Brands proposed a new protocol, whose security lies in the Schnorr digital signatures and prime finite field arithmetic.
• In 1996, Frankel, Tsiounnis and Yung [11], [12] proposed the concept of Fair Off-line e-Cash. There, an entity called the Authority was used to guarantee the anonymity of a purchaser as long as he/she makes legal transactions. If a purchaser tries to commit fraud, the Bank could request the tracing of a coin or the tracing of the owner of a coin.
• Many other systems have been proposed recently…
Clemente-Cuervo et al.
Comparison Table of e-cash Protocols
Clemente-Cuervo et al.
Protocol Description
Clemente-Cuervo et al.
E-cash Model
Clemente-Cuervo et al.
Model and Protocols
Our system consists of four entities, namely, • The Bank.• The Purchaser; • The Store;• The AuthorityAnd the scheme consists of five sub-protocols:1. Initialization Process2. Withdrawing protocol3. Payment/purchasing protocol4. Deposit/collection protocol5. Owner/coin tracing protocol
Clemente-Cuervo et al.
Initialization Process
Clemente-Cuervo et al.
Coin Generation
A coin is represented as a six-tuple:{A, B, z, a, b, r}, Where:• A, B contain user information (encrypted)• z, a, b contain coin information required •for verification (encrypted)•r Bank signature (under the Schnorr scheme)
Clemente-Cuervo et al.
Coin Signature
Clemente-Cuervo et al.
Design and Implementation
Clemente-Cuervo et al.
The Mobile e-cash system
Clemente-Cuervo et al.
Architectural Design
Clemente-Cuervo et al.
PDA Specification
Sharp Zaurus 5600
Operating System Linux
Processor Intel XScale @ 400MHz
Memory 128MB SDRAM;48MB ROM
Clemente-Cuervo et al.
Withdraw protocol using a key of 128 bits
Clemente-Cuervo et al.
Cryptographic Operations per Protocol
Protocol Crypto Operations Bandwidth
Withdrawal 15 exponentiations, 2 inverses
1.7KB
Payment 6 exponentiations, 1 inverse
2.5KB
Deposit None 1.9KB
Tracing 1 exponentiation, 1 inverse
657B
Clemente-Cuervo et al.
Withdraw protocol using a key of 128 bits
Clemente-Cuervo et al.
Withdraw protocol using a key of 256 bits
Clemente-Cuervo et al.
Withdraw protocol using a key of 512 bits
Clemente-Cuervo et al.
Conclusion
We present the implementation of a fair e-cash protocol
especially designed for mobile wireless environments,
with the following features:
• Our protocol attempts to offer a reasonable balance
between anonymity; and the possibility of revoking that
anonymity under special circumstances.
• For that, our system considers two protocols especially
designed for tracing purposes: a coin tracing and an
owner tracing protocol;
• Our system was written in Java and it was implemented
in a wireless environment with PDA mobile devices.