skip to main content
research-article

Anonymous Split E-Cash—Toward Mobile Anonymous Payments

Published:09 September 2015Publication History
Skip Abstract Section

Abstract

Anonymous E-Cash was first introduced in 1982 as a digital, privacy-preserving alternative to physical cash. A lot of research has since then been devoted to extend and improve its properties, leading to the appearance of multiple schemes. Despite this progress, the practical feasibility of E-Cash systems is still today an open question. Payment tokens are typically portable hardware devices in smart card form, resource constrained due to their size, and therefore not suited to support largely complex protocols such as E-Cash. Migrating to more powerful mobile platforms, for instance, smartphones, seems a natural alternative. However, this implies moving computations from trusted and dedicated execution environments to generic multiapplication platforms, which may result in security vulnerabilities. In this work, we propose a new anonymous E-Cash system to overcome this limitation. Motivated by existing payment schemes based on MTM (Mobile Trusted Module) architectures, we consider at design time a model in which user payment tokens are composed of two modules: an untrusted but powerful execution platform (e.g., smartphone) and a trusted but constrained platform (e.g., secure element). We show how the protocol’s computational complexity can be relaxed by a secure split of computations: nonsensitive operations are delegated to the powerful platform, while sensitive computations are kept in a secure environment. We provide a full construction of our proposed Anonymous Split E-Cash scheme and show that it fully complies with the main properties of an ideal E-Cash system. Finally, we test its performance by implementing it on an Android smartphone equipped with a Java-Card-compatible secure element.

References

  1. Federal Information Processing Standards Publication 197. 2001. Specification for the Advanced Encryption Standard (AES). Retrieved from http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.Google ScholarGoogle Scholar
  2. Josep Balasch. 2008. Smart Card Implementation of Anonymous Credentials. Master’s thesis. Katholieke Universiteit Leuven (KU Leuven).Google ScholarGoogle Scholar
  3. Lejla Batina, Jaap-Henk Hoepman, Bart Jacobs, Wojciech Mostowski, and Pim Vullers. 2010. Developing efficient blinded attribute certificates on smart cards via pairings. In Smart Card Research and Advanced Application (CARDIS’10) (Lecture Notes in Computer Science), Dieter Gollmann, Jean-Louis Lanet, and Julien Iguchi-Cartigny (Eds.), Vol. 6035. Springer, 209--222. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Patrik Bichsel, Jan Camenisch, Thomas Groß, and Victor Shoup. 2009. Anonymous credentials on a standard Java Card. In Conference on Computer and Communications Security (CCS’09), Ehab Al-Shaer, Somesh Jha, and Angelos D. Keromytis (Eds.). ACM, 600--610. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Stefan Brands. 1994. Untraceable Off-line Cash in Wallets with Observers (Extended Abstract). In Advances in Cryptology (CRYPTO’93) (LNCS), Douglas R. Stinson (Ed.), Vol. 773. Springer, 302--318. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Stefan Brands. 2000. Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. Master’s thesis. MIT Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Ernest F. Brickell, Jan Camenisch, and Liqun Chen. 2004. Direct anonymous attestation. In ACM Conference on Computer and Communications Security. 132--145. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Jan Camenisch and Els Van Herreweghen. 2002. Design and implementation of the idemix anonymous credential system. In Conference on Computer and Communications Security (CCS’02), Vijayalakshmi Atluri (Ed.). ACM, 21--30. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Jan Camenisch, Susan Hohenberger, and Anna Lysyanskaya. 2005. Compact E-Cash. In Advances in Cryptology (EUROCRYPT’05) (LNCS), Ronald Cramer (Ed.), Vol. 3494. Springer, 302--321. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Jan Camenisch, Anja Lehmann, Gregory Neven, and Alfredo Rial. 2014. Privacy-preserving auditing for attribute-based credentials. In Computer Security (ESORICS’14). Springer, 109--127.Google ScholarGoogle Scholar
  11. Jan Camenisch and Anna Lysyanskaya. 2001. An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In Advances in Cryptology (EUROCRYPT’01), International Conference on the Theory and Application of Cryptographic Techniques, Innsbruck, Austria, May 6-10, 2001, Proceeding (Lecture Notes in Computer Science), Birgit Pfitzmann (Ed.), Vol. 2045. Springer, 93--118. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Jan Camenisch, Anna Lysyanskaya, and Mira Meyerovich. 2007. Endorsed E-Cash. In IEEE Symposium on Security and Privacy. IEEE Computer Society, 101--115. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Sébastien Canard and Aline Gouget. 2007. Divisible E-Cash systems can be truly anonymous. In Advances in Cryptology (EUROCRYPT’07) (LNCS), Moni Naor (Ed.), Vol. 4515. Springer, 482--497. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Sébastien Canard and Aline Gouget. 2008. Anonymity in transferable E-cash. In ACNS (Lecture Notes in Computer Science), Steven M. Bellovin, Rosario Gennaro, Angelos D. Keromytis, and Moti Yung (Eds.), Vol. 5037. 207--223. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Sébastien Canard, Aline Gouget, and Jacques Traoré. 2008. Improvement of efficiency in (unconditional) anonymous transferable E-Cash. In Financial Cryptography (Lecture Notes in Computer Science), Gene Tsudik (Ed.), Vol. 5143. Springer, 202--214. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. David Chaum. 1983. Blind signatures for untraceable payments. In Advances in Cryptology: Proceedings of CRYPTO’82, David Chaum, Ronald L. Rivest, and Alan T. Sherman (Eds.). Plenum Press, 199--203.Google ScholarGoogle ScholarCross RefCross Ref
  17. Chipknip. 2014. An offline smartcard payment system. Retrieved from http://www.chipknip.nl.Google ScholarGoogle Scholar
  18. Efrén Clemente-Cuervo, Francisco Rodríguez-Henríquez, Daniel Ortiz Arroyo, and Levent Ertaul. 2007. A PDA implementation of an off-line E-Cash protocol. In Proceedings of the 2007 International Conference on Security and Management (SAM’07), Selim Aissi and Hamid R. Arabnia (Eds.). CSREA Press, 452--458.Google ScholarGoogle Scholar
  19. Common Criteria. 2014. Homepage. Retreived from: http://www.commoncriteriaportal.org.Google ScholarGoogle Scholar
  20. Ivan Damgård and Eiichiro Fujisaki. 2002. A statistically-hiding integer commitment scheme based on groups with hidden order. In ASIACRYPT. 125--142. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. David Derler, Klaus Potzmader, Johannes Winter, and Kurt Dietrich. 2011. Anonymous ticketing for NFC-enabled mobile phones. In Trusted Systems (INTRUST’11) (Lecture Notes in Computer Science), Liqun Chen, Moti Yung, and Liehuang Zhu (Eds.), Vol. 7222. Springer, 66--83. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Yevgeniy Dodis and Aleksandr Yampolskiy. 2005. A verifiable random function with short proofs and keys. In Public Key Cryptography. 416--431. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. EMVCo. 2014. The EMV standards body. Retrieved from http://www.emvco.com.Google ScholarGoogle Scholar
  24. Geldkarte. 2014. An offline smartcard payment system. Retrieved from http://www.geldkarte.de.Google ScholarGoogle Scholar
  25. Gesine Hinterwälder, Christof Paar, and Wayne P. Burleson. 2013a. Privacy preserving payments on computational RFID devices with application in intelligent transportation systems. In Radio Frequency Identification. Security and Privacy Issues (RFIDSec’12) (Lecture Notes in Computer Science), Jaap-Henk Hoepman and Ingrid Verbauwhede (Eds.), Vol. 7739. Springer, 109--122. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Gesine Hinterwälder, Christian T. Zenger, Foteini Baldimtsi, Anna Lysyanskaya, Christof Paar, and Wayne P. Burleson. 2013b. Efficient E-Cash in practice: NFC-based payments for public transportation systems. In Privacy Enhancing Technologies (PETS’13) (Lecture Notes in Computer Science), Emiliano De Cristofaro and Matthew Wright (Eds.), Vol. 7981. Springer, 40--59.Google ScholarGoogle Scholar
  27. Benjamin Ransford, Kevin Fu, Hong Zhang, Jeremy Gummeson. 2011. Moo: A Batteryless Computational RFID and Sensing Platform. Technical Report. University of Massachusetts Computer Science.Google ScholarGoogle Scholar
  28. ISO 7816-3. 2006. Smart card standard: Cards with contacts. Electrical interface and transmission protocols. (last updated: 2006).Google ScholarGoogle Scholar
  29. ISO 7816-4. 2005. Smart card standard: Organization, security and commands for interchange. (last updated: 2005).Google ScholarGoogle Scholar
  30. Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential power analysis. In Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO’99). Springer-Verlag, 388--397. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Alfred J. Menezes, Scott A. Vanstone, and Paul C. Van Oorschot. 1996. Handbook of Applied Cryptography. CRC Press, Boca Raton, FL. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Wojciech Mostowski and Pim Vullers. 2011. Efficient U-prove implementation for anonymous credentials on smart cards. In Security and Privacy in Communication Networks (SecureComm’11) (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering), Muttukrishnan Rajarajan, Fred Piper, Haining Wang, and George Kesidis (Eds.), Vol. 96. Springer, 243--260.Google ScholarGoogle Scholar
  33. Tatsuaki Okamoto. 1995. An efficient divisible electronic cash scheme. In CRYPTO (Lecture Notes in Computer Science), Don Coppersmith (Ed.), Vol. 963. Springer, 438--451. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. PROTON. 2014. An offline smartcard payment system. Retrieved from http://mypaymentsolution.be/index/en_US/5118014/5126207/Proton.htm.Google ScholarGoogle Scholar
  35. SEEK. 2014. Secure Element Evaluation Kit for the Android platform. Retrieved from http://code.google.com/p/seek-for-android.Google ScholarGoogle Scholar
  36. Michal Sterckx, Benedikt Gierlichs, Bart Preneel, and Ingrid Verbauwhede. 2009. Efficient implementation of anonymous credentials on Java Card smart cards. In 1st IEEE International Workshop on Information Forensics and Security (WIFS’09). IEEE, 106--110.Google ScholarGoogle ScholarCross RefCross Ref
  37. Eric R. Verheul. 2001. Self-blindable credential certificates from the Weil pairing. In Advances in Cryptology (ASIACRYPT’01) (Lecture Notes in Computer Science), Colin Boyd (Ed.), Vol. 2248. Springer, 533--551. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Visa payWave. 2014. Mobile payments. Retrieved from https://developer.visa.com/paywavemobile.Google ScholarGoogle Scholar

Index Terms

  1. Anonymous Split E-Cash—Toward Mobile Anonymous Payments

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!