FORCE - Fully Off-line secuRe CrEdits for Mobile Micro Payments

Vanesa Daza, Roberto Di Pietro, Flavio Lombardi, Matteo Signorini

Abstract

Payment schemes based on mobile devices are expected to supersede traditional electronic payment approaches in the next few years. However, current solutions are limited in that protocols require at least one of the two parties to be on-line, i.e. connected either to a trusted third party or to a shared database. Indeed, in cases where customer and vendor are persistently or intermittently disconnected from the network, any on-line payment is not possible. This paper introduces FORCE, a novel mobile micro payment approach where all involved parties can be fully off-line. Our solution improves over state-of-the-art approaches in terms of payment flexibility and security. In fact, FORCE relies solely on local data to perform the requested operations. Present paper describes FORCE architecture, components and protocols. Further, a thorough analysis of its functional and security properties is provided showing its effectiveness and viability.

References

  1. Aigner, M., Dominikus, S., and Feldhofer, M. (2007). A System of Secure Virtual Coupons Using NFC Technology. In IEEE PerComW'07, pages 362-366. IEEE.
  2. Chaurasia, B. K. and Verma, S. (2014). Secure pay while on move toll collection using {VANET}. Computer Standards & Interfaces, 36(2):403-411.
  3. Chen, W., Hancke, G., Mayes, K., Lien, Y., and Chiu, J.-H. (2010). Using 3G network components to enable NFC mobile transactions and authentication. In IEEE PIC 7810, volume 1, pages 441 -448.
  4. Choi, P. and Kim, D. K. (2012). Design of security enhanced TPM chip against invasive physical attacks. In IEEE ISCAS 7812, pages 1787-1790.
  5. Coskun, V., Ok, K., and Ozdenizci, B. (2012). Near Field Communication: From Theory to Practice. Wiley Publishing, 1st edition.
  6. Dai, X., Ayoade, O., and Grundy, J. (2006). Off-line micropayment protocol for multiple vendors in mobile commerce. PDCAT 7806, pages 197-202, Washington, DC, USA. IEEE Computer Society.
  7. Dodis, Y., Ostrovsky, R., Reyzin, L., and Smith, A. (2008). Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM J. Comput., 38(1):97-139.
  8. Dominikus, S. and Aigner, M. (2007). mcoupons: An application for near field communication (nfc). AINAW 7807, pages 421-428, Washington, DC, USA. IEEE Computer Society.
  9. Golovashych, S. (2005). The technology of identification and authentication of financial transactions. from smart cards to NFC-terminals. In IEEE IDAACS 7805, pages 407-412.
  10. Griffin, W. P., Raghunathan, A., and Roy, K. (2012). Clip: Circuit level ic protection through direct injection of process variations. IEEE Trans. Very Large Scale Integr. Syst., 20(5):791-803.
  11. Juang, W.-S. (2013). An efficient and practical fair buyeranonymity exchange scheme using bilinear pairings. In Asia JCIS, pages 19-26.
  12. Kadambi, K. S., Li, J., and Karp, A. H. (2009). Near-field communication-based secure mobile payment service. In ICEC 7809. ACM.
  13. Lewandowska, J. http://www.frost.com/prod/servlet/pressrelease.pag?docid=274238535.
  14. Lim, D., Lee, J. W., Gassend, B., Suh, G. E., van Dijk, M., and Devadas, S. (2005). Extracting secret keys from integrated circuits. IEEE Trans. Very Large Scale Integr. Syst., 13(10):1200-1205.
  15. Maes, R., Tuyls, P., and Verbauwhede, I. (2009). Lowoverhead implementation of a soft decision helper data algorithm for SRAM PUFs. CHES 7809, pages 332-347, Berlin, Heidelberg. Springer-Verlag.
  16. Martins, S. and Yang, Y. (2011). Introduction to bitcoins: a pseudo-anonymous electronic currency system. CASCON 7811, pages 349-350, Riverton, NJ, USA. IBM Corp.
  17. Nishide, T. and Sakurai, K. (2011). Security of offline anonymous electronic cash systems against insider attacks by untrusted authorities revisited. INCOS 7811, pages 656-661, Washington, DC, USA. IEEE Computer Society.
  18. Patil, V. and Shyamasundar, R. K. (2004). An efficient, secure and delegable micro-payment system. EEE 7804, pages 394-404, Washington, DC, USA. IEEE Computer Society.
  19. Popescu, C. and Oros, H. (2007). An off-line electronic cash system based on bilinear pairings. In EURASIP 7807, pages 438-440.
  20. Ravikanth, P. S. (2001). Physical one-way functions. PhD thesis, Massachusetts Institute of Technology. B. J. E. V. (2006).
  21. cation using a read-once http://www.google.com/patents/US7059533.
  22. cessed: 2013-07-30.
  23. Rivest, R. L. (1996). Payword and micromint: two simple micropayment schemes. In CryptoBytes, pages 69-87.
  24. Salama, M. A., El-Bendary, N., and Hassanien, A. E. (2011). Towards secure mobile agent based e-cash system. In 1st Intl. Workshop on Security and Privacy Preserving in e-Societies, pages 1-6, New York, NY, USA. ACM.
  25. Sekhar, V. C. and Mrudula, S. (2012). A complete secure customer centric anonymous payment in a digital ecosystem. ICCEET 7812.
  26. Srivastava, A., Kundu, A., Sural, S., and Majumdar, A. (2008). Credit card fraud detection using hidden markov model. IEEE Transactions on Dependable and Secure Computing, 5(1):37-48.
  27. Vasco, M. G., Heidarvand, S., and Villar, J. (2010). Anonymous subscription schemes: A flexible construction for on-line services access. In SECRYPT 7810, pages 1-12.
  28. Wang, C. and Lu, R. (2008). An ID-based transferable off-line e-cash system with revokable anonymity. In Intl. Symp. on Electronic Commerce and Security 7808, pages 758-762.
  29. Wang, C., Sun, H., Zhang, H., and Jin, Z. (2013). An improved off-line electronic cash scheme. In ICCIS 7813, pages 438-441.
  30. Yu, M.-D. M., M'Raihi, D., Sowell, R., and Devadas, S. (2011). Lightweight and secure PUF key storage using limits of machine learning. CHES'11, pages 358-373, Berlin, Heidelberg. Springer-Verlag.
  31. Zhan-gang, W. and Zhen-kai, W. (2009). A secure off-line electronic cash scheme based on ECDLP. In ETCS 7809, volume 2, pages 30-33.
  32. Zhou, X. (2008). Threshold cryptosystem based fair off-line e-cash. In IITA 7808, volume 3, pages 692-696.
Download


Paper Citation


in Harvard Style

Daza V., Di Pietro R., Lombardi F. and Signorini M. (2014). FORCE - Fully Off-line secuRe CrEdits for Mobile Micro Payments . In Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014) ISBN 978-989-758-045-1, pages 125-136. DOI: 10.5220/0005053201250136


in Bibtex Style

@conference{secrypt14,
author={Vanesa Daza and Roberto Di Pietro and Flavio Lombardi and Matteo Signorini},
title={FORCE - Fully Off-line secuRe CrEdits for Mobile Micro Payments},
booktitle={Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)},
year={2014},
pages={125-136},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005053201250136},
isbn={978-989-758-045-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)
TI - FORCE - Fully Off-line secuRe CrEdits for Mobile Micro Payments
SN - 978-989-758-045-1
AU - Daza V.
AU - Di Pietro R.
AU - Lombardi F.
AU - Signorini M.
PY - 2014
SP - 125
EP - 136
DO - 10.5220/0005053201250136