1 / 18

An Authenticated Payword Scheme without Public Key Cryptosystems

This paper presents an authenticated Payword scheme designed for micro-payment systems, aiming to mitigate common security risks such as credit liability, unauthorized withdrawals, and double spending. The proposed scheme eliminates the need for public key infrastructure, reducing computational costs and transaction overhead while enhancing security. Key features include the generation of hash chains for transaction validation and resistance against various attacks like counterfeiting and credit abuse. Performance evaluations demonstrate the scheme's advantages and drawbacks, paving the way for its practical implementation in low-power environments.

mindy
Download Presentation

An Authenticated Payword Scheme without Public Key Cryptosystems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal of Innovative Computing, Information and Control, 2009, Vol. 5, No. 9, pp. 2881–2891. Presenter: Tsuei-Hung Sun (孫翠鴻) Date:2011/3/11

  2. Outline • Introduction • Motivation • Scheme • Security Analysis • Performance Evaluation • Advantage vs. Drawback • Comment

  3. Introduction(1/6) • Micro Payment Transfer Protocol (MPTP) stipulate some related security risks that need to be consider as follow: • Credit liability • Abused credit • Counterfeiting • Unauthorized withdrawal • Double spending

  4. Introduction(2/6) R. Rivest and A. Shamir, “PayWord and MicroMint: Two sample micropayment schemes,” Lecture Notes in Computer Science, Vol. 1189, pp.69-87, 1997. • PayWord Scheme Vendor (IDV) Bank (IDB,PKB,SKB) Customer (IDC,SKC) request CC Verify CC If correct, select random value wn Generates hash chain (wn,wn-1,...w0) wi = h(wi+1), i = n-1,...,0 M CC: Customer’s certification AC: Customer’s delivery address E: Expiration date PKC: Customer’s public key IC: Other information of the certificate. SKB: Bank’s private key M: Customer’s commitment D: Current date

  5. Introduction(3/6) • PayWord Scheme (cont.) Vendor (IDV) Bank (IDB,PKB,SKB) Customer (IDC,SKC) M Verify M and CC If correct, store M wi,i Verify (wi,i) If and Store (wi,i) wn,n,M When i=n Verify Mand If correct, store(wn,n) and pay the money into Vendor’s account.

  6. Introduction(4/6) • The Advantage of PayWord • Using hash chain to lower computational cost • No need to settle with the bank for each transaction. • The Drawback of PayWord • Customer’s consumption is no limited. • No trusted Certificate Authority (CA) • Bank falsification attack • Certificate abuse attack

  7. Introduction(5/6) N. Adachi, S. Aoki, Y. Komano, and K. Ohta, “Solutions to security problems of rivest and Shamir’s PayWord scheme,” IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, vol.E88-A, no.1, pp.195-202, 2005. • Adachi et al. Scheme Vendor (IDV) Bank (IDB,PKB,SKB) Customer (IDC,SKC) Generates hash chain (wn,wn-1,...w0) wi = h(wi+1), i = n-1,...,0 IDC,M Select random none rv IDC,M,rv Validation M and customer’s credit. (Withdraws) CC Verify CC and M If correct, store CC wx: Hash value n: Length of hash chain. M: Customer’s commitment IDV: Vendor ID. E: Expiration date SKC: Customer’s private key CC: Customer’s certificate. I: Any additional information. SKB: Bank’s private key.

  8. Introduction(6/6) • Adachi et al. Scheme (cont.) Vendor (IDV) Bank (IDB,PKB,SKB) Customer (IDC,SKC) Verify CC and M If correct, store CC Valid message wi,i Verify (wi,i) If and Store (wi,i) wn,n,CC When i=n Verify CC and If correct, store(wn,n) and pay the money into Vendor’s account.

  9. Motivation • Adachi et al.’s Drawback • It changes the PayWord scheme to a prepaid type. • It still need public key signatures • The overhead of build and maintain a CA • It may suffer from an unauthenticated settlement attack. • Goal • Minimizing the transaction cost • Avoiding credit be abused • Can be applied to the low computational ability environment. • Reduce the bank settlement risk

  10. Scheme(1/4) Bank (KC,B,KV,B) Customer(PWC,IDC,KC,B,n,h(PWC)) Vendor (PWV,IDV,KV,B,n,h(PWV)) Generates hash chain (wn,wn-1,...w0) wi = h(wi+1), i = n-1,...,0 (Using Smart Card) Generate NC String1 PW: Password ID: Identify K: Shared key. N: nonce value r: random number g: A primitive elementwith order P−1 in GF(P)P: A large prime number.

  11. Scheme(2/4) Bank (KC,B,KV,B) Customer(PWC,IDC,KC,B,n,h(PWC)) Vendor (PWV,IDV,KV,B,n,h(PWV)) (Using Smart Card) Generate NV Verify String1 If correct, store M, transaction partner, root w0 Verify String2 Check PWV, IDC

  12. Scheme(3/4) Bank (KC,B,KV,B) Customer(PWC,IDC,KC,B,n,h(PWC)) Vendor (PWV,IDV,KV,B,n,h(PWV)) Decrypt Check NV+1 Store IDC,SK,M,IC Generate h(M,SK) Decrypt Check NC+1 Verify If correct, store IDV,SK

  13. Scheme(4/4) Bank (KC,B,KV,B) Customer(PWC,IDC,KC,B,n,h(PWC)) Vendor (PWV,IDV,KV,B,n,h(PWV)) Check If , store(wi,i) When i=n Decrypt Check PWV and If correct, store(wn,n) and pay the money into Vendor’s account.

  14. Security Analysis • Credit Abuse Attack • Counterfeiting PayWord • Bank Falsification Attack • Unauthorized Withdrawal • Double Spending • Replay Attack

  15. Performance Evaluation No Prepaid

  16. Advantage vs. Drawback • Advantage • Low power consumption • It can resist several attack. • All wi are secret over the Internet, and each transmission message has to be authenticated. • Drawback • Bank has to pre-share the secret keys to customer and the vender.

  17. Comment • It didn’t consider about the exponentiation cost of session key. • It may not need the smart card to do this protocol. • It didn’t have comparison of storage. • It is not convenient to used on mobile phone or PDA. • This scheme need additional hardware (ex. smart card, reader) and middleware to handle the transactions.

  18. Comment (cont.) • The comparison of storage of scheme

More Related