Upload
vijay-pasupathinathan
View
152
Download
1
Embed Size (px)
DESCRIPTION
Citation preview
CEC2005,July2005
Privacy EnhancedElectronic Cheque System
(PEEC)
Vijayakrishnan. P
with
Prof. Josef Pieprzyk and Dr. Hua Xiong Wang
Centre for Advanced Computing - Algorithms and Cryptography
Department of Computing,
Macquarie University, Australia
Privacy Enhanced Electronic Cheque System – p.1/19
CEC2005,July2005
ContentsElectronic cheques
Related Work
FSTC’s eCheck
Issues in FSTC’s eCheck
Privacy Enhanced E-cheque(PEEC)
Characteristics of PEEC
Privacy Enhanced Electronic Cheque System – p.2/19
CEC2005,July2005
Electronic Cheques -An overview
- Typically, E-cheques mirror Paper cheques- A payment type for high value transactions- Post-pay method of payment
Privacy Enhanced Electronic Cheque System – p.3/19
CEC2005,July2005
Electronic Cheques -An overview
- Typically, E-cheques mirror Paper cheques- A payment type for high value transactions- Post-pay method of paymentAdvantages- Extra Services anonymity, unlinkability- Multiple account draws and deposits- Supports multiple signatures
Privacy Enhanced Electronic Cheque System – p.3/19
CEC2005,July2005
Related WorkBased on traditional paper cheques [FSTC,NetCheque, MANDATE]
Privacy Enhanced Electronic Cheque System – p.4/19
CEC2005,July2005
Related WorkBased on traditional paper cheques [FSTC,NetCheque, MANDATE]
Server based [NetBill, PayNow]
Privacy Enhanced Electronic Cheque System – p.4/19
CEC2005,July2005
Related WorkBased on traditional paper cheques [FSTC,NetCheque, MANDATE]
Server based [NetBill, PayNow]
Modified version of e-Cash [Brands, Chaum]
Privacy Enhanced Electronic Cheque System – p.4/19
CEC2005,July2005
Related WorkBased on traditional paper cheques [FSTC,NetCheque, MANDATE]
Server based [NetBill, PayNow]
Modified version of e-Cash [Brands, Chaum]
Need to revisit
- Introduction of Check 21 US federal law, Oct2004.
- Development of FSTC’s eCheck system.Privacy Enhanced Electronic Cheque System – p.4/19
CEC2005,July2005
E-Cheque Working
Issuer
PayeePayer
Acquirer
(Substitute eCheck)
1. Invoice
2. Signed eCheck
3. EndorsedeCheck
4. eCheck presentment
(Interbank settlement)
5. Account Statment
Privacy Enhanced Electronic Cheque System – p.5/19
CEC2005,July2005
FSTC eCheck Project
Backing from major financial institutions andgoverment agencies. (Around 100 members)
Electronic payment instrument for Internet.Compatable with interactive web transactionsor e-mail.
Same legal framework as paper cheques.
Savings in transactional and processing cost.
Privacy Enhanced Electronic Cheque System – p.6/19
CEC2005,July2005
FSTC eCheckStructure
Two core components - FSML and SDML(XML block structures)<fsml-doc docname="C" type="check">
<action> <blkname>C1 ... </action>
<check> <blkname>C2 ... </check>
<signature> <blkname>C3 ... </signature>
<account> <blkname>C4 ... </account>
<cert> <blkname>C5 ... </cert>
<attachment> <blkname>C6 ... </attachment> (optional)
<signature> <blkname>C7 ... </signature>
<cert> <blkname>C8 ... </cert>
</fsml-doc>
Privacy Enhanced Electronic Cheque System – p.7/19
CEC2005,July2005
FSTC eCheckStructure
Two core components - FSML and SDML(XML block structures)<fsml-doc docname="C" type="check">
<action> <blkname>C1 ... </action>
<check> <blkname>C2 ... </check>
<signature> <blkname>C3 ... </signature>
<account> <blkname>C4 ... </account>
<cert> <blkname>C5 ... </cert>
<attachment> <blkname>C6 ... </attachment> (optional)
<signature> <blkname>C7 ... </signature>
<cert> <blkname>C8 ... </cert>
</fsml-doc>
Documents attached when endorsed.
Privacy Enhanced Electronic Cheque System – p.7/19
CEC2005,July2005
Issues with FSTCeCheck
No data confidentiality of payer information.
Privacy Enhanced Electronic Cheque System – p.8/19
CEC2005,July2005
Issues with FSTCeCheck
No data confidentiality of payer information.
No privacy for payer account details in aneCheck.
Privacy Enhanced Electronic Cheque System – p.8/19
CEC2005,July2005
Issues with FSTCeCheck
No data confidentiality of payer information.
No privacy for payer account details in aneCheck.
Smart card security and non-repudiation oftransactional proof.
Privacy Enhanced Electronic Cheque System – p.8/19
CEC2005,July2005
Issues with FSTCeCheck
No data confidentiality of payer information.
No privacy for payer account details in aneCheck.
Smart card security and non-repudiation oftransactional proof.
Traceablility of transactional information. w.r.tTTP.
Privacy Enhanced Electronic Cheque System – p.8/19
CEC2005,July2005
Issues with FSTCeCheck
No data confidentiality of payer information.
No privacy for payer account details in aneCheck.
Smart card security and non-repudiation oftransactional proof.
Traceablility of transactional information. w.r.tTTP.
Smart card logging problem. [FSTC](http://www.echeck.org/)
Privacy Enhanced Electronic Cheque System – p.8/19
CEC2005,July2005
PEECA post pay method.
Privacy Enhanced Electronic Cheque System – p.9/19
CEC2005,July2005
PEECA post pay method.
Works with exisiting legal and financeinfrastrucutre
Privacy Enhanced Electronic Cheque System – p.9/19
CEC2005,July2005
PEECA post pay method.
Works with exisiting legal and financeinfrastrucutre
Provide better privacy features.
Privacy Enhanced Electronic Cheque System – p.9/19
CEC2005,July2005
PEECA post pay method.
Works with exisiting legal and financeinfrastrucutre
Provide better privacy features.
Protocols:
Setup phase
Registration - payer and payee
Payment
DepositPrivacy Enhanced Electronic Cheque System – p.9/19
CEC2005,July2005
PEEC - SetupBank B setup
Bank B chooses primes p and q such that|p − 1| = δ + k for a specified constant δ, andp = γq + 1, for a specified integer γ.
Privacy Enhanced Electronic Cheque System – p.10/19
CEC2005,July2005
PEEC - SetupBank B setup
Bank B chooses primes p and q such that|p − 1| = δ + k for a specified constant δ, andp = γq + 1, for a specified integer γ.
A unique subgroup Gq of prime order q of themultiplicative group Z∗
p and generators g0, g1,g2 of Gq are defined.
Privacy Enhanced Electronic Cheque System – p.10/19
CEC2005,July2005
PEEC - SetupBank B setup
Bank B chooses primes p and q such that|p − 1| = δ + k for a specified constant δ, andp = γq + 1, for a specified integer γ.
A unique subgroup Gq of prime order q of themultiplicative group Z∗
p and generators g0, g1,g2 of Gq are defined.
Hash functions H(.) from a family ofcollision-free hash functions are defined.
Privacy Enhanced Electronic Cheque System – p.10/19
CEC2005,July2005
PEEC - BankSetup. . .
Bank also generates a secret key XB ∈R Zq
and corresponding public keys h = gXB
0 ,h1 = gXB
1 , h2 = gXB
2 .The Bank also chooses a value n thatrepresents the number of PEE-cheques in aPEE-cheque book.
Privacy Enhanced Electronic Cheque System – p.11/19
CEC2005,July2005
PEEC - BankSetup. . .
Bank also generates a secret key XB ∈R Zq
and corresponding public keys h = gXB
0 ,h1 = gXB
1 , h2 = gXB
2 .The Bank also chooses a value n thatrepresents the number of PEE-cheques in aPEE-cheque book.
p, q, H(.), (g0, g1, g2) are published along withh, h1 and h2 .
Privacy Enhanced Electronic Cheque System – p.11/19
CEC2005,July2005
PEEC - Payer andPayee Setup
Payer U setup
Each payer U has to intitally register with theBank B. The payer generates a public key I = gu1
1
where u1 ∈ Gq such that gu1
1 g2 6= 1.
Privacy Enhanced Electronic Cheque System – p.12/19
CEC2005,July2005
PEEC - Payer andPayee Setup
Payer U setup
Each payer U has to intitally register with theBank B. The payer generates a public key I = gu1
1
where u1 ∈ Gq such that gu1
1 g2 6= 1.
Payee M setup
Similar to the payer, each payee M intitally regis-
ter with the Bank B to obtain a certified public key
P = gXP
1 where XP ∈ Gq.Privacy Enhanced Electronic Cheque System – p.12/19
CEC2005,July2005
PEEC - RegistrationProtocol
Payer U Bank B
I = gu11
I→
k, [k1, k2, .kj ., kn], t ∈R Zq
∀ n: E′
i = H(Igbactgi)
∀ n: SE
′
i
= E′
iXB + kj mod q
y = gt1 ; Y = Iy
SY = Y XB + k2 mod qY,SY ,y,t,←
[E′
i,...,E
′
i+n],
←[S
E′
i
,...,SE
′
i+n
]
←
VerifySign(SY
′ )
∀ n: VerifySign(SE
′
i
)Privacy Enhanced Electronic Cheque System – p.13/19
CEC2005,July2005
PEEC - PaymentProtocol
Payer U PayeeM
{amt,d/t,MName}SM←
s, w ∈R Zq
A = Y s ; A1 = gu1s1 , A2 = ys
O = H(d/t||MName||amt)
r = u1s2t−O.u1.s
r′
= r.s
r′,A1,A2,A,O→
E′
i,S
E′
i
,Y,SY ,SUE
′
i→
O′
= H(d/t||MName||amt)
VerifySign(SY ) ; A?= A1A2
A?= AO
′
1 Y r′
VerifySign(SU ′ )
Privacy Enhanced Electronic Cheque System – p.14/19
CEC2005,July2005
PEEC - DepositProtocol
PayeeM Bank B
k3 ∈R Zq
SMO′ = O′XM + k3 mod q
amt,d/t,MName,O′
→
SMO′ ,r′,SY ,Y,→
SIE′
i
,E′
i,A,A1,A2
→
O′′ = H(d/t||MName||amt)
O′′ ?= O′ ?
= O
VerifySign(SY ), VerifySign(SIE′
i
)
VerifySign(SMOrder′)
VerifySign(SY ) ; A?= A1A2
(I, bact, i) = ObtainIdbasenum(Y )
VerifyY value(i, Y, I)Privacy Enhanced Electronic Cheque System – p.15/19
CEC2005,July2005
PEEC -Characteristics
Security(a) There exists no polynomial-time algorithm tosolve the discrete log problem,(b) Schnorr signatures are unforgeable and(c) Hash functions are cryptographically secure.
Privacy Enhanced Electronic Cheque System – p.16/19
CEC2005,July2005
PEEC -Characteristics
Security(a) There exists no polynomial-time algorithm tosolve the discrete log problem,(b) Schnorr signatures are unforgeable and(c) Hash functions are cryptographically secure.Privacy- The payer’s identity remains protected by an anonymous identity.- No communication with the bank to create an anonymous identity A- There is a provable linkage between the original identity and the anonymous identity.
- The anonymous identity is guaranteed to be secure as long as the linkage value t re-
mains known only to the payer and the bank.
Privacy Enhanced Electronic Cheque System – p.16/19
CEC2005,July2005
PEEC -Characteristics
Authentication- Based on public key verification.- The proof for anonymous identity is essential a Schnorr identification protocol in anon-interactive setting.- From Schnorr identification and the payer’s signature on the PEE-cheque presented tothe payee, authentication of the payer is guaranteed.- The Bank authenticates the payee by verifying the digital signature on the Order′ thatis sent by the payee during the deposit protocol.- The authentication of the payee towards the payer and the bank is based on verificationof the payee’s public key identityM.
Privacy Enhanced Electronic Cheque System – p.17/19
CEC2005,July2005
PEEC -Characteristics
Authentication- Based on public key verification.- The proof for anonymous identity is essential a Schnorr identification protocol in anon-interactive setting.- From Schnorr identification and the payer’s signature on the PEE-cheque presented tothe payee, authentication of the payer is guaranteed.- The Bank authenticates the payee by verifying the digital signature on the Order′ thatis sent by the payee during the deposit protocol.- The authentication of the payee towards the payer and the bank is based on verificationof the payee’s public key identityM.
Unforgeability- Every e-cheque created by the bank uses a cryptographically secure hash function withinputs, payer’s identity I, payer’s unique bank account (bact) and a unique e-chequenumber generated by the bank (i).- The e-cheque is digitally signed.
- For a e-cheque to be forgeable by the payer, the payer must be able to forge the digitalPrivacy Enhanced Electronic Cheque System – p.17/19
CEC2005,July2005
PEEC - ExtensionMultiple Payers and Payees.
Privacy Enhanced Electronic Cheque System – p.18/19
CEC2005,July2005
PEEC - ExtensionMultiple Payers and Payees.
Multiple Account withdraws and deposits.
Privacy Enhanced Electronic Cheque System – p.18/19
CEC2005,July2005
PEEC - ExtensionMultiple Payers and Payees.
Multiple Account withdraws and deposits.
Mobile payments.
Privacy Enhanced Electronic Cheque System – p.18/19
CEC2005,July2005
PEEC - ExtensionMultiple Payers and Payees.
Multiple Account withdraws and deposits.
Mobile payments.
Point of sale payments.
Privacy Enhanced Electronic Cheque System – p.18/19