Authors: Weimin Lang, Zongkai Yang, Gan Liu, Wenqing Cheng and Yunmeng Tan

Source: Ninth International Symposium on Computers and Communications 2004, Proceedings on ISCC 2004, Volume 1, 28 June - 1 July 2004, Pages 50–55

Date: 2005/05/05

Presenter: Jung-wen Lo( 駱榮問 )

A New Efficient Micropayment Scheme Again

st Overspanding

2

Outline Introduction PayWord Scheme New Scheme Example Performance Analysis Comments

3

Introduction Types

On-line system Protect customers from Double Spending & Overspending Ex. Millicent.

Off-line system More efficient Ex. PayWord

Adachi et al.(2003) Customer certificate abuse attack=> Cannot prevent double spending & Overspending

New scheme Based on probabilistic polling Loss shared by bank and merchant

4

Adachi et al. schemeAdachi et al. scheme• Title: The Security Problems of Rivest and Shamir's Pay

Word Scheme• Authors: Adachi, N., Aoki, S., Komano, Y. and Ohta, K.• Source: IEEE International Conference on E-

Commerce, 2003(CEC 2003), 24-27 June 2003, Pages: 20 – 23

• When a customer exceeds his credit– Bank take full charge– Bank and shop share the damage

• Attacks:– Customer certificate abuse attack

• Use the same cetificate at another shop and exceed the credit

– Bank falsification attack• Bank damage the shops

5

PayWord SchemePayWord SchemeCustomer(C)Bank(B) Store(S)

1.Request

6.Verify M,CC

2.CC={IB,IC,AddrC,PKC,E,Info}SKB

E: Expired dateInfo: Information3.Verify CC

4. Random wn

w0=hn(wn) wi-1=h(wi)

5.M={IS,CC,w0,D,n}SKC

7.Order, (i,wi) 8. hi(wi)?=w0

9.Goods/Service

10. (i,wi),M11.Verify M,CC

12.Update DB ※ Payword n: {w0,w1, w2, …, wn}

6

New Scheme(1/3)Bank(B) Customer(C)

CertC={IDB,IDC,AC,PKC,Expiry,Add}SKB

PC={MC ,XC ,LC} ={10,0,{.}}

Stage

Bank Initialization

Registration

Withdraw

MC =10 : Credit limitXC =0 : Counter of polling messageLC ={.} : Merchants records

Order RequestfC=K/MC

=5/10 =0.2 CertC={IDB,IDC,AC,PKC,Expiry,fC}SKB

Random wn

w0=Hn(wn)wi-1=H(wi)

K=2 : Expect # of polling (eg.2-10)T=5: Threshold value for suspecting (eg.5-30)

7

New Scheme(2/3)Bank(B) Customer(C)

Commit={IDM,CertC,w0,VC,Expiry,Add}SKC

Merchant(M)Stage

Payment

IDC,VCXC=XC+1

IF XC<T=5

Otherwise

VerifyLC← M

(i,wi) w0=hi(wi)

VC×fC 1≦Commit

Acknowledgement

Broadcast to LC Halt

Accept

VC=4: Dollar value of the payment

IF XC<T

Otherwise

Acknowledgement

Broadcast to LC Halt

Accept

Goods/Service

Based on p=VC×fC

=VC×K/MC

=4×0.2

1≦

VC×fC >1 Halt

8

New Scheme(3/3)Bank(B) Customer(C) Merchant(M)Stage

Deposit

Loss shared by B and Mall LC: MC×XM/XC

Compute ZC per day

IF ZC>MC

THEN Freeze C’s account

(i,wi),Commit

ZC: Total value of the payments of C on a day

XM: The number of M report

9

Performance Analysis Security

No Forgery & Invalid spending => RSA cryptography & H() Overspending => Probabilistic polling

Fairness Bank shares loss with merchant More fair than PayWord

Efficiency Modest increase communication overhead Computational cost almost the same as PayWord

Restricted Anonymity IDC is not the real identity => M cannot determine

10

Comments

結合 On-line & Off-line system 的優點 利用機率來進行 on-line check

Performance 問題 Polling Broadcast to LC

Bank 須紀錄 LC(Store List)