AgendaAgenda
Introduction.Introduction. Working.Working. Desired Properties.Desired Properties. Protocols for Digital Cash.Protocols for Digital Cash. Online modelOnline model Offline ModelOffline Model Security considerations.Security considerations.
IntroductionIntroduction
What is digital cash?What is digital cash? It is defined on the web as “digital cash It is defined on the web as “digital cash
is a digitally signed payment message is a digitally signed payment message that serves as a medium of exchange”that serves as a medium of exchange”
It is money represented as a binary It is money represented as a binary form of computer data.form of computer data.
Generally needs to be backed up by a Generally needs to be backed up by a trusted third party.trusted third party.
How does it work?How does it work?
Consider the following scenario.Consider the following scenario. Customer has an account in a bank.Customer has an account in a bank. Customer sends an encrypted mail to Customer sends an encrypted mail to
the bank requesting for money.the bank requesting for money. Bank has to authenticate the message Bank has to authenticate the message
and then debits the customers account.and then debits the customers account. It sends the customer the money which It sends the customer the money which
is an encrypted file containing a huge is an encrypted file containing a huge random number.random number.
How does it work? (Cont)How does it work? (Cont)
Customer can make purchases by Customer can make purchases by giving this file to the person or giving this file to the person or merchant that he is buying from.merchant that he is buying from.
The merchant then sends this file back The merchant then sends this file back to the bank which will credit his to the bank which will credit his account after verifying the file.account after verifying the file.
Desired Properties Desired Properties
Security.Security. Privacy.Privacy. Portability.Portability. Transferability.Transferability. Divisibility.Divisibility. Convenient to use.Convenient to use.
Digital Cash-ProtocolsDigital Cash-Protocols
There are 2 typesThere are 2 types Identified Digital Cash Protocol.Identified Digital Cash Protocol. Anonymous Electronic Money Protocol.Anonymous Electronic Money Protocol.
Identified Digital Cash Identified Digital Cash ProtocolProtocol
The steps involved in this protocol are The steps involved in this protocol are as follows.as follows. Customer sends digital money request to Customer sends digital money request to
the bank.the bank. Bank verifies the request and sends a Bank verifies the request and sends a
serial no along with the digital money.serial no along with the digital money. Customer purchases something and gives Customer purchases something and gives
the digital money to the merchant.the digital money to the merchant. Merchant sends the money to the bank and Merchant sends the money to the bank and
encashes it.encashes it.
Anonymous Electronic Anonymous Electronic Money ProtocolMoney Protocol
Here transaction is not traced back to the Here transaction is not traced back to the customer.customer.
The steps involved are as follows.The steps involved are as follows. Customer prepares m bank notes.Customer prepares m bank notes. Puts them in different envelopes with carbon Puts them in different envelopes with carbon
paper and seals them.paper and seals them. Bank opens m-1 envelops.Bank opens m-1 envelops. If all the notes have the same amount, then If all the notes have the same amount, then
bank signs the blind note and send it back to bank signs the blind note and send it back to the customer.the customer.
AEM Protocol (Cont)AEM Protocol (Cont)
Customer opens the envelope and uses Customer opens the envelope and uses the bank note to make a purchase.the bank note to make a purchase.
The seller checks the signature and The seller checks the signature and verifies the random number with the verifies the random number with the bank.bank.
If the random number is unique and If the random number is unique and then the seller accepts it.then the seller accepts it.
AEM Protocol (Cont)AEM Protocol (Cont)
Here the privacy of the customer is Here the privacy of the customer is protected as the bank does not know protected as the bank does not know the serial no of the bank note. the serial no of the bank note.
Security is an issue-double spending Security is an issue-double spending problem.problem.
Can be taken care of my storing the Can be taken care of my storing the serial no of bank notes in a DB.serial no of bank notes in a DB.
2 protocols can be derived from this.2 protocols can be derived from this. Online model.Online model. Offline model.Offline model.
Online Model.Online Model.
Bank is actively involved in the deal Bank is actively involved in the deal between customer and vendor.between customer and vendor.
Anonymous and untraceable cash Anonymous and untraceable cash provided.provided.
It has to maintain a database of It has to maintain a database of serial numbers.serial numbers.
Cannot reuse the serial numbers.Cannot reuse the serial numbers. Cheaper to implement.Cheaper to implement.
Offline modelOffline model Notes contain identity bit strings which Notes contain identity bit strings which
contain identifying information of customer.contain identifying information of customer. Information is split.Information is split. Same procedure as the AEM protocol is Same procedure as the AEM protocol is
followed and bank signs one of m bank notes followed and bank signs one of m bank notes and sends it back to the customer.and sends it back to the customer.
Identity string is also revealed to the bank.Identity string is also revealed to the bank. Customer spend the note. Vendor verifies Customer spend the note. Vendor verifies
the signature. Then asks customer to reveal the signature. Then asks customer to reveal one half of the identity string.one half of the identity string.
Offline modelOffline model
Vendor sends the note to the bank. Vendor sends the note to the bank. If there is a replication bank If there is a replication bank
compares the identity string with the compares the identity string with the one in the DB.one in the DB.
If it is the same-vendor trying to If it is the same-vendor trying to cheat.cheat.
If it is different-customer trying to If it is different-customer trying to cheat.cheat.
Offline model – E.G.Offline model – E.G.
To detect duplicate spending (Ref- [1]).To detect duplicate spending (Ref- [1]). Say User ID = 2510, Pad R =1500Say User ID = 2510, Pad R =1500 2510XOR1500 = 3090.2510XOR1500 = 3090. Identity string is a pair 1500 and Identity string is a pair 1500 and
3090(XOR to get User ID).3090(XOR to get User ID). Say user has 3 bank notes. Say user has 3 bank notes.
1500 XOR 3090 = 2510 (User ID)1500 XOR 3090 = 2510 (User ID) 4545 XOR 6159 = 2510 (User ID)4545 XOR 6159 = 2510 (User ID) 5878 XOR 7991 = 2510 (User ID)5878 XOR 7991 = 2510 (User ID)
Offline model – E.G. Offline model – E.G. (Cont)(Cont)
Say customer makes a copy of the notes Say customer makes a copy of the notes and spends the money. and spends the money.
Say user randomly provides one half of the Say user randomly provides one half of the string to the merchant every time he string to the merchant every time he spends the note.spends the note.
Merchant 1 Merchant 2Merchant 1 Merchant 2 0 3090 1500 00 3090 1500 0 4545 0 4545 04545 0 4545 0 5878 0 0 79925878 0 0 7992
Say the merchants now deposit this money in Say the merchants now deposit this money in the bank.the bank.
Offline model – E.G. Offline model – E.G. (Cont)(Cont)
Bank can detect fraud as follows.Bank can detect fraud as follows.Original note Duplicate NoteOriginal note Duplicate NoteUser ID User IDUser ID User ID 0 3090 1500 0 0 3090 1500 0 4545 0 4545 0 4545 0 4545 0 5878 0 0 7992 5878 0 0 7992 3090 XOR 1500 = 2510 (User ID revealed)3090 XOR 1500 = 2510 (User ID revealed) 5878 XOR 7992 = 2510 (User ID revealed)5878 XOR 7992 = 2510 (User ID revealed)Probability of catching the user is 1-(1/2)^n Probability of catching the user is 1-(1/2)^n
where n is number of identity strings.where n is number of identity strings.
Security ConsiderationsSecurity Considerations
Public Key cryptography-Uses Public Public Key cryptography-Uses Public and private keys. and private keys.
Use of Symmetric Key cryptography-Use of Symmetric Key cryptography-Uses a single key known to both Uses a single key known to both parties.parties.
Relationship between withdrawal, Relationship between withdrawal, payment and deposit.payment and deposit.
Authentication, Authorization and non-Authentication, Authorization and non-repudiation techniques.repudiation techniques.
Double spending method and framing.Double spending method and framing.
Security Considerations Security Considerations (Cont)(Cont)
Unlinkability and untraceability.Unlinkability and untraceability. Divisibility, transferability and Divisibility, transferability and
scalability.scalability. Acceptability and relilability.Acceptability and relilability.
DEMODEMO
JCASH and JBANKJCASH and JBANK JCASH is a program that works as an e JCASH is a program that works as an e
purse and works simultaneously as a purse and works simultaneously as a seller and buyer.seller and buyer.
JBANK is another program that acts like JBANK is another program that acts like a bank for JCASH e-purses.a bank for JCASH e-purses.
Program is an exe.Program is an exe.
DEMO (Cont)-JBANKDEMO (Cont)-JBANKUSER INTERFACE
Accounts has account number, current amt and name of owner.
Reports contain imp info during transactions
Functionalities accessed via file menu
DEMO (Cont)-JCASHDEMO (Cont)-JCASHOn launching the program
JCASH interface
ID Tab lets you choose the identity you want to transmit to the buyer.
Bank Tab is used to make a connection to the bank, in order to buy or deposit notes, or to check current available amt
DEMO (Cont)- JCASHDEMO (Cont)- JCASH
Connect to bank
Client get a report on completion of the transaction.
DEMO (Cont)- JCASHDEMO (Cont)- JCASH
Purse Tab- shows all the notes that are in the e-purse. Left click to select and right click to unselect a note.
After selecting the notes in the purse tab, the user can use the pay tab to pay the seller.
DEMO (Cont)- JCASHDEMO (Cont)- JCASH
Receive tab must be active in order to cash a payment. Click Open connection or directly on the lights to start the server. All incoming information is written to the Report box.
Demo (Cont)Demo (Cont)
Bank generates new pairs of keys and writes to a file called PubKey.txt
Alice generates several notes using public key of ht bank and puts it in diff envelops.
Bank records the envelopes and chooses randomly a number to designate which envelop she is going to sign.
Alice reveals all the information used to bind the notes except for one chosen by the bank
Bank check to see that the information is correct and signs the chosen envelop
MORE EXAMPLES
Alice uses its binding factor in order to unbind all the envelops and obtain the signed note. Gives note to Bob.Bob records the note and generates the challenge.
Alice reveals RIS (Random Identity String). Bob checks this information and accepts the note. Deposits it in the bank. Bank verifies the note and if the note has be deposited earlier.
ReferencesReferences
http://www.cs.bham.ac.uk/~mdr/teachhttp://www.cs.bham.ac.uk/~mdr/teaching/modules03/security/students/SS4/ing/modules03/security/students/SS4/DigitalCash.ppt#330DigitalCash.ppt#330 [1] [1]
http://www.it.kth.se/courses/2G1704/rhttp://www.it.kth.se/courses/2G1704/reports/ecash.pdfeports/ecash.pdf [2] [2]
http://www.aci.net/kalliste/digiprin.hthttp://www.aci.net/kalliste/digiprin.htmm [3] [3]
http://www.sitepoint.com/article/onlinhttp://www.sitepoint.com/article/online-payment-acceptance-4/2e-payment-acceptance-4/2 [4] [4]
http://www.aci.net/kalliste/dcguide.hthttp://www.aci.net/kalliste/dcguide.htmm [5] [5]