Upload
naoki-shibata
View
78
Download
1
Embed Size (px)
Citation preview
An Endorsement-Based Mobile Payment System for a
Disaster Area
Babatunde Ojetunde †1, Naoki Shibata †1, Juntao Gao †1, Minoru Ito †1
†1 Nara Institute of Science and Technology, Nara, Japan
2
An Endorsement-based Mobile Payment System for a Disaster Area
Overview
No Cash
A payment system in a disaster area is essential forpeople to buy necessities as
– Groceries, Medical supplies, Clothing
An infrastructureless payment system is required
– Mobile payment system based on MANETs
This is due to non-availability of network infrastructure
No Bank access
3
An Endorsement-based Mobile Payment System for a Disaster Area
Payment System Challenges in MANETs
• Dynamic topology
• Disconnected network
• It takes two days to communicate with the bank
MANETs Issues
• Authentication issues
• Impersonation
• Double spending
• Resetting phone
Fraudulent Transactions
• Merchant needs to trust users
• No central authorityTrust Issues
4
An Endorsement-based Mobile Payment System for a Disaster Area
Related Work
Many researches have been conducted on payment systems
Decentralized electronic cash with no central control [1]
Privacy of users [1]
Reducing computational overheads [2]
[1] S. Nakamoto, Bitcoin: A peer-to-peer electronic system, 2008.
[2] Z. Hu, and Y. Liu and X. Hu and J. Li: "Anonymous micropayments authentication (AMA) in mobile data
network", INFOCOM 2004.
Most of the existing payment systems require communication infrastructure
5
An Endorsement-based Mobile Payment System for a Disaster Area
Online Payment System without Disaster
The merchant and the customer agree to start the transaction• Both of them register on provider platform
• A customer sends transaction order to the merchant
• The merchant forwards payment information to the bank
• The bank deducts the money from the customer’s account (or creditcard)
• The merchant supplies the item to the customer
Bank
Customer Merchant
We propose an infrasturctureless mobile payment system
6
An Endorsement-based Mobile Payment System for a Disaster Area
Limitations of Existing Payment Systems in Disaster Areas
The bank will not have money to deduct from the customer
• The merchant will lose money
It takes at least two days for a message to get to the bank
No means of confirming customer’s account balance
• Network infrastructure is not available
• Customer collects his/her money before the bank deducts money for items purchase
Since there is no bank to guarantee transactions, we need a
MANETs based guarantee mechanism (Endorsement)
7
An Endorsement-based Mobile Payment System for a Disaster Area
Outline
Overview Payment System Challenges in MANETs
Related Work
Online Payment System without Disaster
Limitations of Existing Payment Systems in Disaster Areas
Proposed Endorsement-based Mobile Payment System Main Contribution
Transaction using Endorsement-based Mechanism
Schemes to Prevent Attacks
Conclusion
8
An Endorsement-based Mobile Payment System for a Disaster Area
Main Contributions
Mobile payment system for disaster areas
• Allow people in disaster areas to shop without cellular network
Endorsement-based mechanism to guarantee payment of transactions• Need no connection to the bank to work
Provide secure transaction
• Detecting double spending during the transaction
• Checking user’s account balance by surrounding nodes
• Detecting impersonation
Protecting privacy
• Using temporary identity
• Scrambling the temporary identity
9
An Endorsement-based Mobile Payment System for a Disaster Area
Transaction using Endorsement-Based Mechanism 1/4
All users are required to register with a Bank inadvance
Registration process
The Bank issues digital certificates to all users atregistration• Merchant
• Endorser
• Bank
We assume that all users except the bank are in thedisaster area
The bank signs the user’s photo with its digitalsignature
• The digitally signed photo is used for authentication
10
An Endorsement-based Mobile Payment System for a Disaster Area
Transaction using Endorsement-Based Mechanism 2/4
MerchantCustomer A
1. Send transaction order “ I want to buy an apple
from you”
2. Verify the customer using pre-digitally signed picture
Endorsers
3. Create and forward Billing Form“Customer A wants to buy $2 apple. Do you guarantee the transaction?”
4. Authenticate the merchant and create an endorsement form
“I guaranteed customer A purchase of $2 apple”
The merchant and the customer physically meetand agrees to start a transaction before hand
We assume that the endorsers are close to thecustomer and the merchant
11
An Endorsement-based Mobile Payment System for a Disaster Area
Transaction using Endorsement-Based Mechanism 3/4
7. Send transaction confirmation to customer
and endorsers
Deliver items to customer
MerchantCustomer A
BankEndorsers
5. Forward the forms to the Bank
“Customer A bought an apple at
$2”
6. It takes two days to
communicate with the bank
12
An Endorsement-based Mobile Payment System for a Disaster Area
Transaction using Endorsement-Based Mechanism 4/4
MerchantCustomer A
BankEndorsers
8. Deduct responding money from the customer’s account“Deduct $2 from customer A’s
account”
9. Bank pays merchant
“Pay merchant $2”
10. Deduct money from endorsers
“Deduct $2 from endorsers”
Send acknowledgement to
Merchant, Customer and EndorserThe endorser may have no money or collude with a customer
• Mechanism to check endorser balance
13
An Endorsement-based Mobile Payment System for a Disaster Area
Outline
Overview
Proposed Endorsement-based Mobile Payment System
Schemes to Prevent AttacksCollusion AttackDouble Spending/Reset and Recovery AttackNon-availability of EndorsersLocation Changing Attack
Conclusion
14
An Endorsement-based Mobile Payment System for a Disaster Area
Problem 1 - Collusion Attack
There is no means of confirming endorsers account balance
The customer and the endorsers can collude to do fraud
• Customer A has no money
• Endorsers have no money
Endorsers will endorse many transactions without paying
15
An Endorsement-based Mobile Payment System for a Disaster Area
Solution - Preventing Collusion
BankEndorsers
e-coin(eT1)
Endorser
ID
e-coin
Identifier &
Digital
Signature
Hello
Message
Interval
Predefine
Expiration
Date
e-coin
ValueBlank
To prevent collusion, we introduced e-coin to check endorser’s bank balance
• To buy an e-coin, an endorser deposits some money
The bank creates for an endorser unique e-coins
Endorser attaches e-coin to the endorsement message
– An endorsement without e-coin is rejected
16
An Endorsement-based Mobile Payment System for a Disaster Area
Problem 2 - Double Spending/Reset and Recovery Attack
A dishonest endorser may decide to spend same e-coin twice for different transactions
To double spend an e-coin, a dishonest user can either:
• Duplicate the e-coin
• Forge the e-coin
A reset and recovery attack is when a user,• Back-ups all data• Resets phone to default state• Recovers all data already used• Reuses already endorsed transaction order or endorsement
message for new transaction
To prevent double spending a merchant needs to check the log of past transactions of the endorser
• However, it requires a lot of communication overhead
Merchant 1
Payment
Method
ID: eT3
Merchant 2
Endorse
r
17
An Endorsement-based Mobile Payment System for a Disaster Area
Solution - Preventing Double Spending/Reset and Recovery Attack 1/3
An event chain is a successive application of a cryptographic hash function on a piece of an event log (called block)
Unlike Bitcoin block chain, the event chain does not require proof of work
An endorser calculates the hash value in the last block and sends to neighboring users
Previous block
(1)GPS
Timee-coin
New Event
Signature
Initial Block (0)
Hash
Block 0
Event Chain
Block 1 Current Block
GPS
Timee-coin
New Event
Signature
Previous Block (1)
Hash
Current Block
Current
Transaction Log
Hash
18
An Endorsement-based Mobile Payment System for a Disaster Area
Solution - Preventing Double Spending/Reset and Recovery Attack 2/3
Previous block
(1)
Current
Transaction Log
Hash
User
UserUser
UserUser
Endorsemen
t Message
Event
chain
E-coin
Message
Endorsemen
t Message
Event
chain
E-coin
Message
GPS
Timee-coin
New Event
Signature
Initial Block (0)
Hash
GPS
Timee-coin
New Event
Signature
Previous Block (1)
Hash
Current Block
GPS
Timee-coin
New Event
Signature
Hash
Endorse
r
The past event of a customer can be verified by any monitoring user
The event chain is invalidated, if
a new event is not added within a
predetermined length of time
19
An Endorsement-based Mobile Payment System for a Disaster Area
Solution - Preventing Double Spending/Reset and Recovery Attack 3/3
The merchant can also validate the event chain
• Check the signature of the monitoring user
• Check the entire event chain of all previous transaction order
• Check the e-coin expiration date
• Check the endorsement message location information (e.g. the timestamp and GPS)
20
An Endorsement-based Mobile Payment System for a Disaster Area
Problem 3 – Non-availability of Endorsers
If endorsers are not available
• Frequent change in topology of networks
Endorsers
What
Happen?
This can lead to
• Transaction delay
• The merchant may reject the transaction order
21
An Endorsement-based Mobile Payment System for a Disaster Area
Solution – Chains of Endorsers
A customer can have more than one endorser
If one endorser is not available another endorser can endorse the transaction
• The liability for the item is shared among endorsers
To motivate endorsers to participate
• Some part of the transaction amount awarded to endorsers (e.g. 3% of the transaction cost)
The bank creates an endorsement tree during registration• Each endorser ID is mapped to a
customer
• This could also prevent self-endorsement
22
An Endorsement-based Mobile Payment System for a Disaster Area
Outline
Overview
Proposed Endorsement-based Mobile Payment System
Schemes to Prevent Attacks
Conclusion
23
An Endorsement-based Mobile Payment System for a Disaster Area
Conclusion
We proposed a new mobile payment system whichadopts infrastructureless mobile ad-hoc networks(MANETs)
• To allow users to purchase necessities in a disaster area.
The proposed system provides solutions to securemobile payment transaction in a disaster area• By Preventing
Double spending
Fraud
Collusion
Reset and recovery attacks
Impersonation of users
24
An Endorsement-based Mobile Payment System for a Disaster Area
Babatunde Ojetunde, Naoki Shibata, Juntao Gao, and Minoru
Ito : An Endorsement Based Mobile Payment System for A
Disaster Area, in Proc. of The 29th IEEE International
Conference on Advanced Information Networking and
Applications (AINA-2015) , pp.482-489, Mar. 2015.
DOI:10.1109/AINA.2015.225
[ PDF ]