Computers, Electronics and Communication Devices Development Strategy_Arb
Authors:Weimin Lang, Zongkai Yang, Gan Liu, Wenqing Cheng and Yunmeng Tan Source:Ninth International...
-
Upload
gervase-collins -
Category
Documents
-
view
212 -
download
0
Transcript of Authors:Weimin Lang, Zongkai Yang, Gan Liu, Wenqing Cheng and Yunmeng Tan Source:Ninth International...
Authors: Weimin Lang, Zongkai Yang, Gan Liu, Wenqing Cheng and Yunmeng Tan
Source: Ninth International Symposium on Computers and Communications 2004, Proceedings on ISCC 2004, Volume 1, 28 June - 1 July 2004, Pages 50–55
Date: 2005/05/05
Presenter: Jung-wen Lo( 駱榮問 )
A New Efficient Micropayment Scheme Again
st Overspanding
2
Outline Introduction PayWord Scheme New Scheme Example Performance Analysis Comments
3
Introduction Types
On-line system Protect customers from Double Spending & Overspending Ex. Millicent.
Off-line system More efficient Ex. PayWord
Adachi et al.(2003) Customer certificate abuse attack=> Cannot prevent double spending & Overspending
New scheme Based on probabilistic polling Loss shared by bank and merchant
4
Adachi et al. schemeAdachi et al. scheme• Title: The Security Problems of Rivest and Shamir's Pay
Word Scheme• Authors: Adachi, N., Aoki, S., Komano, Y. and Ohta, K.• Source: IEEE International Conference on E-
Commerce, 2003(CEC 2003), 24-27 June 2003, Pages: 20 – 23
• When a customer exceeds his credit– Bank take full charge– Bank and shop share the damage
• Attacks:– Customer certificate abuse attack
• Use the same cetificate at another shop and exceed the credit
– Bank falsification attack• Bank damage the shops
5
PayWord SchemePayWord SchemeCustomer(C)Bank(B) Store(S)
1.Request
6.Verify M,CC
2.CC={IB,IC,AddrC,PKC,E,Info}SKB
E: Expired dateInfo: Information3.Verify CC
4. Random wn
w0=hn(wn) wi-1=h(wi)
5.M={IS,CC,w0,D,n}SKC
7.Order, (i,wi) 8. hi(wi)?=w0
9.Goods/Service
10. (i,wi),M11.Verify M,CC
12.Update DB ※ Payword n: {w0,w1, w2, …, wn}
6
New Scheme(1/3)Bank(B) Customer(C)
CertC={IDB,IDC,AC,PKC,Expiry,Add}SKB
PC={MC ,XC ,LC} ={10,0,{.}}
Stage
Bank Initialization
Registration
Withdraw
MC =10 : Credit limitXC =0 : Counter of polling messageLC ={.} : Merchants records
Order RequestfC=K/MC
=5/10 =0.2 CertC={IDB,IDC,AC,PKC,Expiry,fC}SKB
Random wn
w0=Hn(wn)wi-1=H(wi)
K=2 : Expect # of polling (eg.2-10)T=5: Threshold value for suspecting (eg.5-30)
7
New Scheme(2/3)Bank(B) Customer(C)
Commit={IDM,CertC,w0,VC,Expiry,Add}SKC
Merchant(M)Stage
Payment
IDC,VCXC=XC+1
IF XC<T=5
Otherwise
VerifyLC← M
(i,wi) w0=hi(wi)
VC×fC 1≦Commit
Acknowledgement
Broadcast to LC Halt
Accept
VC=4: Dollar value of the payment
IF XC<T
Otherwise
Acknowledgement
Broadcast to LC Halt
Accept
Goods/Service
Based on p=VC×fC
=VC×K/MC
=4×0.2
1≦
VC×fC >1 Halt
8
New Scheme(3/3)Bank(B) Customer(C) Merchant(M)Stage
Deposit
Loss shared by B and Mall LC: MC×XM/XC
Compute ZC per day
IF ZC>MC
THEN Freeze C’s account
(i,wi),Commit
ZC: Total value of the payments of C on a day
XM: The number of M report
9
Performance Analysis Security
No Forgery & Invalid spending => RSA cryptography & H() Overspending => Probabilistic polling
Fairness Bank shares loss with merchant More fair than PayWord
Efficiency Modest increase communication overhead Computational cost almost the same as PayWord
Restricted Anonymity IDC is not the real identity => M cannot determine
10
Comments
結合 On-line & Off-line system 的優點 利用機率來進行 on-line check
Performance 問題 Polling Broadcast to LC
Bank 須紀錄 LC(Store List)