Results 1 -
7 of
7
Efficient e-cash in practice: Nfc-based payments for public transportation systems
- In PETS
, 2013
"... Abstract. Near field communication (NFC) is a recent popular technology that will facilitate many aspects of payments with mobile tokens. In the domain of public transportation payment systems electronic payments have many benefits, including improved throughput, new capabilities (congestion-based p ..."
Abstract
-
Cited by 3 (2 self)
- Add to MetaCart
(Show Context)
Abstract. Near field communication (NFC) is a recent popular technology that will facilitate many aspects of payments with mobile tokens. In the domain of public transportation payment systems electronic payments have many benefits, including improved throughput, new capabilities (congestion-based pricing etc.) and user convenience. A common concern when using electronic payments is that a user’s privacy is sacrificed. However, cryptographic e-cash schemes provide provable guarantees for both security and user privacy. Even though e-cash protocols have been proposed three decades ago, there are relatively few actual implementations, since their computation complexity makes an execution on lightweight devices rather difficult. This paper presents an efficient implementation of Brands [11] and ACL [4] e-cash schemes on an NFC smartphone: the BlackBerry Bold 9900. Due to their efficiency during the spending phase, when compared to other schemes, and the fact that payments can be verified offline, these schemes are especially suited for, but not limited to, use in public transport. Additionally, the encoding of validated attributes (e.g. a user’s age range, zip code etc.) is possible in the coins being withdrawn, which allows for additional features such as variable pricing (e.g. reduced fare for senior customers) and privacy-preserving data collection. We present a subtle technique to make use of the ECDHKeyAgreement class that is available in the BlackBerry API (and in the API of other systems) and show how the schemes can be implemented efficiently to satisfy the tight timing imposed by the transportation setting. 1
Towards a full-featured implementation of attribute based credentials on smart cards
, 2014
"... Attribute-based Credentials (ABCs) allow citizens to prove certain properties about themselves without necessarily revealing their full identity. Smart cards are an at-tractive container for such credentials, for security and privacy reasons. But their limited processing power and random access st ..."
Abstract
-
Cited by 3 (2 self)
- Add to MetaCart
(Show Context)
Attribute-based Credentials (ABCs) allow citizens to prove certain properties about themselves without necessarily revealing their full identity. Smart cards are an at-tractive container for such credentials, for security and privacy reasons. But their limited processing power and random access storage capacity pose a severe challenge. Recently, we, the IRMA team, managed to fully implement a limited subset of the Idemix ABC system on a smart card, with acceptable running times. In this paper we extend this functionality by overcoming the main hurdle: limited RAM. We implement an efficient extended Pseudo-Random Number Generator (PRNG) for recomputing pseudorandom-ness and reconstructing variables. Using this we implement Idemix standard and domain pseudonyms, AND proofs based on prime-encoded attributes, and equality proofs of rep-resentation modulo a composite, together with terminal verification and secure messaging. In contrast to prior work that only addressed the verification of one credential with only one attribute (particularly, the master secret), we can now perform multi-credential proofs on credentials of 5 attributes and complex proofs in reasonable time. We provide a detailed performance analysis and compare our results to other approaches.
Efficient E-cash with Attributes on MULTOS
"... Abstract. Ever since its invention in the 1980s, e-cash has been considered a promising solution for privacy-preserving electronic payments. However, the computational capabilities, required for the processing of e-cash protocols, are demanding. Only recent works show the feasibility of implementing ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract. Ever since its invention in the 1980s, e-cash has been considered a promising solution for privacy-preserving electronic payments. However, the computational capabilities, required for the processing of e-cash protocols, are demanding. Only recent works show the feasibility of implementing e-cash on constrained platforms. A particularly challenging, while at the same time ex-tremely attractive platform, are smartcards. Smartcards are, next to magnetic stripe cards, the dominant platform used to execute electronic payments, and they enjoy wide user acceptance. In this paper we present an implementation of two e-cash schemes on MULTOS smartcards. We base the schemes on elliptic curve cryptography, which is supported by the API of the platform of choice. Our re-sults are promising: When relying on a 160-bit elliptic curve, spending a coin, which encodes two attributes that are not revealed, can be executed in less than 800 ms with both considered schemes.
Road-to-Vehicle Communications with Time-Dependent Anonymity: A Light Weight Construction and its Experimental Results
, 2015
"... This paper describes techniques that enable vehicles to collect local information (such as road con-ditions and traffic information) and report it via road-to-vehicle communications. To exclude malicious data, the collected information is signed by each vehicle. In this communications system, the lo ..."
Abstract
- Add to MetaCart
(Show Context)
This paper describes techniques that enable vehicles to collect local information (such as road con-ditions and traffic information) and report it via road-to-vehicle communications. To exclude malicious data, the collected information is signed by each vehicle. In this communications system, the location privacy of vehicles must be maintained. However, simultaneously linkable information (such as travel routes) is also important. That is, no such linkable information can be collected when full anonymity is guaranteed through the use of cryptographic tools such as group signatures. Similarly, continuous linkability (via pseudonyms, for example) may also cause problem from the viewpoint of privacy. In this paper, we propose a road-to-vehicle communication system with relaxed anonymity by con-sidering time-dependent linking properties via group signatures with time-token dependent linking (GS-TDL). These techniques are used to construct an anonymous time-dependent authentication system via GS-TDL. Briefly, a vehicle is unlinkable unless it generates multiple signatures at the same time period. In addition, we describe vulnerability in the anonymous authentication system proposed by Wu, Domingo-Ferrer and González-Nicolás (IEEE T. Vehicular Technology 2010), where an unauthorized individual can create a valid group signature without using signing key. Moreover, our GS-TDL scheme supports verifier-local revocation (VLR), which maintains constant signing and verification costs by using the linkable part of signatures. These appear to be related to independent interests. Finally, we provide our experimental results (using the TEPLA library) and confirm that our system is feasible in practice. 1
Microsoft Research
, 2014
"... Cloud computing sparked interest in Verifiable Computation protocols, which allow a weak client to securely outsource com-putations to remote parties. Recent work has dramatically re-duced the client’s cost to verify the correctness of results, but the overhead to produce proofs largely remains impr ..."
Abstract
- Add to MetaCart
(Show Context)
Cloud computing sparked interest in Verifiable Computation protocols, which allow a weak client to securely outsource com-putations to remote parties. Recent work has dramatically re-duced the client’s cost to verify the correctness of results, but the overhead to produce proofs largely remains impractical. Geppetto introduces complementary techniques for reducing prover overhead and increasing prover flexibility. With Multi-QAPs, Geppetto reduces the cost of sharing state between com-putations (e.g., for MapReduce) or within a single computa-tion by up to two orders of magnitude. Via a careful instantia-tion of cryptographic primitives, Geppetto also brings down the cost of verifying outsourced cryptographic computations (e.g., verifiably computing on signed data); together with Geppetto’s notion of bounded proof bootstrapping, Geppetto improves on prior bootstrapped systems by five orders of magnitude, albeit at some cost in universality. Geppetto also supports qualitatively new properties like verifying the correct execution of propri-etary (i.e., secret) algorithms. Finally, Geppetto’s use of energy-saving circuits brings the prover’s costs more in line with the program’s actual (rather than worst-case) execution time. Geppetto is implemented in a full-fledged, scalable compiler that consumes LLVM code generated from a variety of apps, as well as a large cryptographic library. 1
A Privacy-Preserving NFC Mobile Pass for Transport Systems
"... The emergence of the NFC (Near Field Communication) technology brings new capacities to the next generation of smartphones, but also new security and privacy challenges. Indeed through its contactless interactions with external entities, the smartphone of an individual will become an essential authe ..."
Abstract
- Add to MetaCart
(Show Context)
The emergence of the NFC (Near Field Communication) technology brings new capacities to the next generation of smartphones, but also new security and privacy challenges. Indeed through its contactless interactions with external entities, the smartphone of an individual will become an essential authentication tool for service providers such as transport operators. However, from the point of view of the user, carrying a part of the service through his smartphone could be a threat for his privacy. Indeed, an external attacker or the service provider himself could be tempted to track the actions of the user. In this paper, we propose a privacy-preserving contactless mobile service, in which a user’s identity cannot be linked to his actions when using the transport system. The security of our proposition relies on the combination of a secure element in the smartphone and on a privacy-enhancing cryptographic protocol based on a variant of group signatures. In addition, although a user should remain anonymous and his actions unlinkable in his daily journeys, we designed a technique for lifting his anonymity in extreme circumstances. In order to guarantee the usability of our solution, we implemented a prototype demonstrating that our solution meets the major functional requirements for real transport systems: namely that the mobile pass can be validated at a gate in less than 300 ms, and this even if the battery of the smartphone is exhausted.
Attribute-Based Versions of
"... Abstract. We design in this paper the first attribute-based cryptosystems that work in the classical Discrete Logarithm, pairing-free, setting. The attribute-based signature scheme can be seen as an extension of Schnorr signatures, with adaptive security relying on the Discrete Logarithm Assumption, ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract. We design in this paper the first attribute-based cryptosystems that work in the classical Discrete Logarithm, pairing-free, setting. The attribute-based signature scheme can be seen as an extension of Schnorr signatures, with adaptive security relying on the Discrete Logarithm Assumption, in the random oracle model. The attribute-based encryption schemes can be seen as extensions of ElGamal cryptosystem, with adaptive security relying on the Decisional Diffie-Hellman Assumption, in the standard model. The proposed schemes are secure only in a bounded model: the systems admit L secret keys, at most, for a bound L that must be fixed in the setup of the systems. The efficiency of the cryptosystems, later, depends on this bound L. Although this is an important drawback that can limit the applicability of the proposed schemes in some real-life applications, it turns out that the bounded security of our key-policy attribute-based encryption scheme (in particular, with L = 1) is enough to implement the generic transformation of Parno, Raykova and Vaikuntanathan at TCC’2012. As a direct result, we obtain a protocol for the verifiable delegation of computation of boolean functions, which does not employ pairings or lattices, and whose adaptive security relies on the Decisional Diffie-Hellman Assumption.
