Advanced Cryptographic Protocols

1
Advanced Cryptographic Protocols

• Lecture 12
• Supakorn Kungpisdan
• supakorn_at_mut.ac.th

2
Outlines

• Payment Protocols
• Account-based Payment Protocols
• Token-based Payment Protocols

3
Electronic Payment Model

• Primitive transactions
• Payment
• Value Subtraction
• Value Claim

Issuer
Acquirer
Payment Gateway
Value subtraction
Value claim
Payment
Merchant
Client
4
E-Payment Model (cont.)
5
Types of Payment Systems
6
Types of Payment Systems (cont.)

• Account-based payment systems
• Represented by the transfer between accounts
• Credit-card, debit-card, or electronic check
• PayPal, Amexs PayFlow, SET, iKP, NetChex
• Requires payment authorization from banks in
  every transaction
• Suitable for high-value transactions
• Token-based payment systems
• Represented by electronic money
• Micropayment, electronic coins, or electronic
  cash
• CyberCash, PayWord, Millicent
• No payment authorization required in every
  transaction
• Suitable for low-value transactions

7
Outlines

• Payment Protocols
• Account-based Payment Protocols
• Token-based Payment Protocols

8
(No Transcript)
9
Outlines

• Payment Protocols
• Account-based Payment Protocols
• Token-based Payment Protocols

10
Micropayment

• Represented by electronic money
• Lightweight compared to credit-card payment in
  terms of cryptographic operations
• No payment authorization required in every
  transaction
• Suitable for Low-value payment transactions e.g.
  from 1 cents to 2 dollars
• Prepaid and Postpaid micropayment

11
PayWord
Bank
7. Billing
1 Certificate request
2. PayWord Certificate
6. Redeem coins
4. Certificate verification, first payment
3. Generate coins
5. Repeated payment
Merchant
Client
12
PayWord (cont.)

• Postpaid micropayment protocol based on
  public-key operations.
• Three parties are involved in the system client,
  merchant, and bank.
• The bank issues the client a PayWord certificate
  containing an authorized amount CL

13
PayWord (cont.)

• Client generates a set of coins c0, ..., cn,
  where n CL, which is specific to the merchant.
• The set of coins is generated as follows
• ci h(ci1), where i 1, ..., n
• 3. In the first payment, the client sends the
  merchant a commitment
• commitment certificate, c0

14
PayWord (cont.)

• 4. In each payment, the client sends the coin ci
  to the merchant.
• The merchant can infer the value of the coin i by
  applying a number of hash operations to ci as
  follows c0 hi(ci).
• 6. At the end of the month, the merchant sends
  the highest value of ci together with the
  commitment (containing c0) to the bank.

15
PayFair
Bank
Money Deduct
5
1
2
Request amount
Verification response
Coupon verification
4
Prepaid coupon
3
Coupon verification
Client
Merchant
6
Payment
16
PayFair

• A prepaid micropayment protocol which deploys
  symmetric-key operations and hash functions.
• The bank returns the message containing a payment
  token N, RNSK, RN random number, N serial
  number
• The client generates a set of coins wi, i 0, ,
  n
• wi h(wi1)

17
PayFair (cont.)

• For each payment,

18
Limitations of PayWord PayFair

• PayWord,
• High Computation at the client due to asymmetric
  cryptographic operation
• Payment information (price of goods) is revealed
  to other parties.
• PayFair,
• The prepaid coupon is merchant-specific when
  used.
• The client has to contact the bank for issuing a
  new prepaid coupon every time she runs out of
  credits.
• The bank is able to impersonate as any client to
  make a payment to a merchant.
• The client cannot refund un-used coins and
  coupons.

19
Kungpisdans Approach

• Lightweight protocol
• Provide a general-purposed prepaid card able to
  make payments to many merchant.
• Extend validity period of a prepaid coupon
• Enhance the ability to identify the originator of
  the message (to prevent impersonation).
• All private information must be kept secret.
• Offer the ability to refund and cancel prepaid
  card

20
Setup Protocol
Bank
Deduct money
1 bank coupon request
3. Create coins
2. Bank coupon
Client
Bank coupon
Merchant
M1
Merchant coupon for M1
Remaining bank coupon
21
Payment Initialization Protocol
Bank
Deposit to M1s account
4. Coupon verification
5. M1s coupon
6. Updated bank coupon
Client
Merchant
Merchant coupon for M1

M1
Remaining bank coupon
22
Payment Protocol
Bank
Client
6
Merchant
Payment
M1
Merchant coupon for M1
23
Extra Credit Request Protocol
Bank
10. Updated bank coupon
9. Approval
8. Authorization request
Client
Remaining bank coupon

Merchant
Remaining bank coupon
M1
7. Extra credit request
Requested value
24
Coupon Cancellation Protocol
Bank
Deposit to the clients account
12. Cancellation response
11. Bank coupon cancellation request
Client
Remaining bank coupon
Merchant
M1
25
Coin Return Protocol
Bank
Deduct From M1s account
16. Updated bank coupon
15. Approval

14. Authorization request
Client
Remaining M1s coupon
Merchant

M1
13. Coin return request
Remaining bank coupon

Requested value
26
Extension to Postpaid Micropayment
Bank
7. Billing
1 Certificate request
2. Bank coupon
6. Redeem coins
4. Bank coupon verification, first payment
3. Generate coins
5. Repeated payment
Client
Merchant
27
Question?

• Next
• Group discussion

28
Group Discussion

• Work in a group of 6 students
• Design an Internet bill payment protocol based on
  any cryptographic operations
• Symmetric encryption, Public-key encryption, Hash
  functions and MACs
• Must have the following process
• Client and merchant (biller) registration
• The client can add a merchant
• The client can make a payment to the merchant
• Give a demo by the end of the class