英国dissertation网-国际电子商务之安全电子支付协议-Secure E-payment Protocol

英国dissertation网提供国际商务留学生毕业dissertation：本文探讨了电子支付协议再电子商务领域的的公钥加密、签名方案与盲签名方案问题。绝大多数在过去十年中的信息传播已导致大规模开发在电子商务领域。例如，电子贸易和电子银行主要有两个互联网服务实现电子交易在世界任何地方。International Journal of Security, (IJS), Volume (3) : Issue(5) 85
Secure E-payment Protocol
Sattar J Aboud sattar_aboud2yahoo.com
Information Technology Advisor
Iraqi Council of Representatives
Baghdad-Iraq
Abstract
The vast spreading of information in the last decade has led to greatdevelopment in e-commerce. For instance, e-trade and e-bank are two main
Internet services that implement e-transaction from anyplace in the world. Thishelps merchant and bank to ease the financial transaction process and to giveuser friendly services at any time. However, the cost of workers ancommunications falls down considerably while the cost of trusted authority andprotecting information is increased. E-payment is now one of the most centralresearch areas in e-commerce, mainly regarding online and offline paymentscenarios. In this paper, we will discuss an important e-payment protocol namelyKim and Lee scheme examine its advantages and delimitations, whichencourages the author to develop more efficient scheme that keeping allcharacteristics intact without concession of the security robustness of theprotocol. The suggest protocol employs the idea of public key encryption schemeusing the thought of hash chain. We will compare the proposed protocol with Kimand Lee protocol and demonstrate that the proposed protocol offers moresecurity and efficiency, which makes the protocol workable for real worldservices.
Keywords: E-payment protocol, Public key cryptography, Signature scheme, Blind signature scheme,Over-spending, E-commerce

1. INTRODUCTION
With the increasing impact of intangible merchandise in worldwide economies and theirimmediate delivery at small cost, traditional paymentsystems tend to be more costly than themodern methods. Online processing can be worth of value smaller than the smallest value ofmoney inthe manual world. However, there are two methods of running e-payment systems.
1. Online payment: in which vendor checks the payment send by purchaser with a bank beforeserving the purchaser.
2. Offline payment: in which over spending must be detected, and consequently, no online linkto the bank is needed.
http://www.ukthesis.org/dissertation_sample/Australia_Dissertation_Sample/The e-payment schemes [1] can be sub-divided into two groups according to the onlineassumptions.#p#分页标题#e#
1. Payments by transaction method: in which single payment does not need previousarrangements between purchaser and vendor.
2. Payments by account method: in which purchaser and vendor should have system accountwith bank and certain type of agreement between both before carrying out the real payment
transaction.
Sattar J Aboud
International Journal of Security, (IJS), Volume (3) : Issue(5) 86
The payment by transaction can further be divided into two subgroups.
1. The credit card payment transaction: is tailored for large charge payment of some hundredsor even thousands of dollars. In contrast, net money transaction is usually low valuepayment with difficult transaction cost and online features, similar to the thought of the epaymenttransaction. The drawback of the credit card payment transaction is the fee oftransactions, particularly from the perspective of the vendor that have to pay some invoicesto the clearing house according to the contract agreement with them. This certainly will havestraight impact on the cost policy and the interest between the possible users.
2. The e-payment by small value transactions on service: This is acquiring certain interest fromthe area of research. A number of importantservices of e-payment are e-publishing andmultimedia service. In these services, due to the small transaction amount, the merchantacquires relatively shopping mall revenue from every transaction.
As a result, expensive calculations such as digital signature should be limited in order to reduce
the investments in software applications. In the recent years, e-payments [2] [3] [4] [5] offering arelatively key improvement in the online revenue malls. The foundation of e-payments is to takebenefit of the high level of viewers by present content for a low price. Other alternativeof thisthought is to rating fractions of cents for equally fractional contents sums. The main features in epaymentprotocol are less charges of payment amount and high occurrence of transactions onthe e-commerce system.
2. E-PAYMENT PROTOCOL REQUIREMENTS
The e-payment protocol encompasses three participants
1. User: The user (customer) purchases e-currency from the bank employing actual moneyby e-payment. The user can then utilize e-currency to carry out e-payment to buy goods.
2. Merchant: The merchant is the data storage which provides user with both services andinformation.
3. Bank: The bank is the trusted authority. It mediates between user and merchant in orderto ease the duties they carry out. In general, the bank acts like a broker offers the e-coinsfor the e-payments.While using e-currency, a shared set of characteristics for an e-payment protocol is:
1. Anonymity: e-cash must not supply any user with information; it means that it must beanonymous e-currency transaction.
2. Divisibility: e-cash can be sub-divided since the notes have a basic piece.
3. Transference: e-cash can be transferred to a trusted authority by providing the suitableamount of currency.#p#分页标题#e#
4. Over spending detection: e-cash must be used for only once.
The e-payments are stored and then converted to digital type. This will cause new difficultiesduring the developing secure e-payment protocol. The payment is simply be duplicated againstthe conventional physical paying methods. As the digital payment is characterized as simplesequences of bits, nothing in them stops them copying. When a security of the payment protocolis reliant on the method the payments are hidden from unknown. Every individual that can haveaccess to payments maybe utilize them numerous times. We notice that getting anonymous cash
transaction is an essential issue, and at the same time giving efficiency is another matter. In thispaper, we study a merchant Kim and Lee [6]; that gives anonymity characteristic using the ideaof blind signature scheme and hash chain. We then proposed a blind signature scheme that will
be used in the protocol for reaching better efficiency without concession its securitycharacteristics. Therefore, before discussion the rest of this paper, we will list the notation used.
U : User
M : Merchant
B : Bank
: E ID Identity of entity E , such that E Î{U,M,B}
Sattar J Aboud
International Journal of Security, (IJS), Volume (3) : Issue(5) 87
: E A Address of entity E
m : Message
Å : XOR
: E PK Public key of entity E
: E SK Private Key of entity E
K : Secret key of bank B
P : A generator point on elliptic curve
: E r Arbitrary number selected by entity E
: U C User certificate
: U CE User certificate expiry information
: U I User certificate serial number credit card information
OI : Order information (category, amount, etc)
: R EI Expiry information for redemption
h : Secure hash function
||: Concatenation
3.英国dissertation网提供国际商务留学生毕业dissertation：本文探讨了电子支付协议再电子商务领域的的公钥加密、签名方案与盲签名方案问题。 RELATED WORKS
In 1988 Chaum, Fiat and Naor proposed their protocol entitled untraceable electronic cash [7]which is relied on a single use token method. The user creates blinded e-bank currency note andpasses it to the bank to be signed using bank public key. The bank signs the currency note,subtracts the value from the user account, and returns the signed currency note back to the user.
The user removes the blind thing and utilizes it to buy goods from the super market. The supermarket checks the authenticity of the bank currency note using the bank public key and passes itto the bank where they are verified contrary to a list of currency note already used. The amount isdeposited into the supermarket account, the deposit approved, and the supermarket in turn emitsthe merchandise. In 1995, Glassman, Manasse, Abadi, Gauthier and Sobalvarro present theirprotocol entitled "The Millicent protocol for inexpensive electronic commerce"[8] which is adecentralized e-payment protocol, and it allow payments as low as 1/10 of a cent. It employs atype of e-coins. It is introduced to make the cost of committing a fraud, more than the cost of thereal transaction. It utilizes asymmetric encryption techniques for all information transactions.Millicent is a lightweight and secure scheme for e-commerce through the internet. It is developedto support to buy goods charging less than a cent. It is relied on decentralized validation of ecurrencyat the seller server without any further communication, costly encryption, or off-lineprocessing. Also, in 1997, Rivest suggested his protocol entitled "Electronic lottery tickets as epayments"#p#分页标题#e#
[9]. In this protocol there is a possibility to reduce the number of messages engagedwith every transaction. Also, the lottery ticket scheme is relied on the assumption that financialagents are risk neutral and will be satisfied with fair wagers. In 1998, Foo and Boyd proposedanother protocol called "A payment scheme using vouchers" [10]. The e-vouchers can bemoveable but the direct exchange between purchasers and vendors is impossible. As a result, afinancial agent is needed and this will raise the transactions charges of exchange. However,during the last decade several new e-payment protocols [11] [12] [13] have been suggested. Inthis section, we will discuss Kim and Lee protocol [6] which is an efficient and flexible protocol.
4. KIM AND LEE PROTOCOL
In 2003, Kim and Lee [6] proposed e-payment protocol that supports multiple merchants. The
protocol is divided into three schemes: certificate issuing scheme, payment scheme, and
redemption scheme.
Sattar J Aboud
International Journal of Security, (IJS), Volume (3) : Issue(5) 88Certificate Scheme
User U requests a certificate to a bank B by sending his secret information through a preestablishedsecure channel. The bank B passes U C , which guarantees to be justified and U Swhich will be employed for the root value in payment scheme later. Every user U creates hispublic and secret key pair ( , ) U U PK SK and passes U PK with U I that contains the maximumnumber of merchants N , the size of hash chain n with his credit card information to the bank B .
As a user certificate signed by a bank B , those who intend to employ this key should trust him.The bank B generates special information U T , which acts as a key factor of the root value. It isemployed to make clear that the new hash values created by the bank B are published to whom,because no individual except the bank B can generate it.
T h(U, r ,K) U B = , where K is the private key of the bank B
( | ( , ), 1,...,0) 1 S = s s = h s + T i = N − U i i i U , where i s is created by a shared user-bank private key.
The certificate U C , in which all the elements as well as the expiry date of the certificate U E are
signed by the bank B and pass to the user U with U S and a nonce U r .
U B U U U U U B C = (ID , ID ,PK ,T , I ,E )SK .
Payment Scheme
The root value of pay-words is merged with i s that obtained from the bank B , which enables theuserU to employ the rest of the unspent pay-words in chain for multiple payments to othermerchants. The user who obtains the certificate in preceding scheme can now generate paywordsand commitment. The commitment contains the identity of the merchant with whom a userintends to do commerce, the certificate, the root elements which are modified into wj , h(wj , sk ) ,the expiry date of the commitment M E and other data M I ,such that 0 £ j £ nemployed to setup rootvalue for other merchants. Then the userU signs the elements U U j k M M U M (V,C ,w ,h(w , s ),E , I )SK 0 =#p#分页标题#e#
To spend the remainder of the pay-words in chain, the user U must set the root value of paywordsto be spent in subsequently payment scheme with the merging of hash chain values
respectively created by a user U and the bank B . For instance, when it is supposed that a userU employed pay-words as many as wj-1 in preceding transactions and spent l pay-words at thepresent transaction with th k merchant, the root value of pay-words must be identical withh(wj , sk ) to be suitable for the payments. The user U can apply his pay-words to other merchants
up to the maximum transaction limit of N unless the last pay-word surpasses n w . The merchantkeeps the last received payment data of Pj +1 = (wj +1, j +1) and the commitment, and finishesthe payment scheme.
Redemption Scheme
Merchant must perform the redemption process with a bank B within a pre-agreed period of time.
The bank B verifies if the payment request of the merchant is correct or not by checking thecertificate.
First, the merchant orders for redemption to a bank B by passing the user U commitment andpayment parameter. From this information, the bank B checks his signature noticeable at thecertificate and redeems +1 Pj to an equivalent amount of money. We note that the bank B cancheck pay-words only from j w to j+1 w for that order. However, since the equivalent source valueis j+1 w , the only thing imposed to the bank B is that the last received pay-word j+1 w is identical
Sattar J AboudInternational Journal of Security, (IJS), Volume (3) : Issue(5) 89with j w by applying hash function l times. The bank B processes redemption orders frommerchants less than N before being overdue. Finally, the bank B completes the redemptionprocess when the last received value 1 w is less than the maximum value of the hash chains.
Remarks
The scheme supports multiple merchant payments and prevents overspending payment.Moreover, in pay-word system, whenever a customer wants to establish transactions with each
vendor, he has to obtain a certificate from a broker and create a series of pay-words, while acustomer is able to make transactions with different merchants by performing only one hashchain operation in Kim and Lee scheme. Nevertheless, we observe the following limitation on thisscheme:
• The system performance is reduced by necessarily frequent signing in each transaction;
• The customer has to keep different hash chains and corresponding indices; however theoverhead of merchants is relatively high. To securely deposit, the bank has to collect all paywordsbelonging to the same chain. It needs an additional storage space and wastesundetermined waiting time; and
• The dispute arises if the merchant forges transaction records or the customer double spends.
5. THE PROPOSED PROTOCOL
We will suggest an efficient protocol in this section, which gives more efficiency than its presentversion of the pay-word scheme; we describe a bit more on this protocol in order to make asimple comparison between both. Thus, gauging the efficiency and security of the protocol will bedescribed in section 6. However, the protocol is divided into four schemes, registration scheme,blind scheme, transaction scheme, and redemption scheme. Also, in this section, we willintroduce a blind scheme using RSA-typed blind signature [14]. We will show this improvementmakes the pay-word protocol more efficient and keeping all other characteristics consistent.#p#分页标题#e#
Blind Scheme
The user passes a withdrawal order to the bank prior to his order for any service from merchant.
The steps of the scheme are as follows:
Step 1: Bank
1.1. Select secretly and randomly two large prime p and q
1.2. Calculate modulus n p q B = *
1.3. Computeq (n) = ( p −1)(q −1)
1.4. Choose exponent key ewhere 1 < e <q (n) and gcd(e, (q (n)) = 1
1.5. Calculate private key w where e *w º 1modq (n)
1.6. Determine the public key ( , ) B e n and private key (w,q (n), p,q)
Step 2: User
2.1. Select arbitrary numbers r and u
2.2. Calculate * ( )( 1)mod ( ) 2
0 a r h x u n e = + q
2.3. Pass (b,a) to the bank
Note that information b can indicate the expiry date; the value of cash (higher limit) that the user
can employ that is the funds of every hash currency.
Step 3: Bank
3.1. Select an arbitrary number ( ) 1 x <q n
3.2. Pass 1 x to the user
Sattar J Aboud
International Journal of Security, (IJS), Volume (3) : Issue(5) 90
Step 4: User
4.1. Choose an arbitrary value 1 r
4.2. Calculate 2 1 b = r * r
4.3. Pass ( ) * ( )mod ( ) 2 1 b u x n e b = − q to the bank
Step 5: Bank
5.1. Calculate mod ( ) 1 b q n −
5.2. Compute ( ) * ( ( 1) * ) mod ( ) 2 2 2*
1 1 t h b a x n w w b q − = +
5.3. Pass ( , ) 1
1 t − b to the user
Step 6: User
6.1. Calculate ( * 1) * * ( ) ( * 1)( ) mod ( ) 1
2 1 1
1
1 1 c u x b u x u x n e b q = − = + = + −
6.2. Calculate * * ( ) mod ( ) 4
1
2
1 1 s = t r r q n
The parameter ( , . ) 1 1 b c s is the signature on message 0 x . Anybody can check this signature by
verifying if ( ) ( ) * ( 1) mod ( ) 2 2
1
2
1 0 s h b h x c n e º + q
6. DISCUSSIONS
In this section we will discuss both security and efficiency of the proposed protocol
6.1 Security
The proposed protocol withstands the following threats:
Forgery Detection
The user U gets the bank B signature on 0 x prior to any transaction. The blind signature isrelied on RSA scheme, which is extensively employed a secure signature scheme. Also, in orderto process an accurate redemption, the merchant M should have information of the paymenttransaction. It is almost unfeasible for any entity to forge the user U payment without knowing theprivate key UM K and UM K .
Thus, the opponent cannot forge signature. But to successfully achieve the verification of the
formula:
( )* ( ) *( 1) mod ( ) 2 2
1
2
1 0 s h b h x c n e º + q .An opponent has to calculate 1 s where w w w s h b h x c 2 2*
1
2*
1 0 º ( ) * ( ) *( +1)
modq (n) provided the results of h(b) , ( ) 0 h x and 1 c . However, it is computationally intractable to
obtain the value of w without factoringq (n) that is hard to solving such problem. In contrast#p#分页标题#e#
provided 1 s , h(b) and ( ) 0 h x it is intractable to calculate 1 c where ( * ( ) * ( ) ) 1mod ( ) 2 1/ 2
0
1
1
2
1 c s h b h x n e º − q − −
without factoringq (n) . Provided b and 1 c , the opponent is unable to obtain 2 s where
* ( ) * ( ) mod ( ) ' 2*
0
2*
2 1 0 s s h x h x n w w q − º without given w .Without factoringq (n) , it is hard to obtain 2 c
where ( ) ( * ( ) * ( ' ) ) 1mod ( ) 2 1/ 2
0
1
1
2
2 c s h b h x n e º − q − − . It is also hard to derive message '
0 x with
mod ( ) 0
'
0 x º x q n where ( ) ( )mod ( ) '
0 0 h x º h x q n . Thus, the opponent is unable to forge the signature.
Over Spending Prevention
英国dissertation网提供国际商务留学生毕业dissertation：本文探讨了电子支付协议再电子商务领域的的公钥加密、签名方案与盲签名方案问题。Sattar J Aboud
International Journal of Security, (IJS), Volume (3) : Issue(5) 91
The proposed protocol adopts the same transaction scheme of the pay-word [6]. The user Usends UM j d UM ( f , (b,c , s ), x , (x , z),c ,OI , Expire)K 1 1 0 to MerchantM prior to taking service fromMerchantM . The payment source UM f is identical to ( ( || )) j d UM h x Å c K . However, note thatthe d c , UM K will be different in each purchase. As a result, the bank B would be able to identifyover spent payment when the user U spends twice the payment.
Connectivity UnallowableFor any provided valid signature ( , , ) 1 1 b c s no one except the requester can connect the signatureto its preceding signing order. This means that the signer is incapable to get the connectionbetween the signature and its equivalent signing process order.
Multiple Payments
In the transaction scheme, the user U sends an order to the bank B to obtain UM K andgenerates the payment transaction ( ( || )) UM j d UM R = h x Å c K such that j x is the first unusedpayment in the sequence. As a result, each time if the user U makes a purchase UM R is not thesame that enables the user U to make payments with multiple merchants.
6.2 Efficiency
In the e-payment protocol, the profit acquired by a merchant is little in every transaction. It isunwise to check the transaction employing a complicated technique that leads the average costof the protocol more than the profit [15] [16] [17]. On the other hand, large calculation in epaymentis not wise. In order to gauge efficiency of the proposed protocol, we compare theenhanced blind scheme with the pay-word scheme [6]. The time complexity of the remainingscheme stays the same in both protocols. We employ the following notation to gauge theefficiency of the schemes.#p#分页标题#e#
h T : Calculation time for hash function operation
a T : Calculation time for point addition in elliptic curve or modular multiplication
m T : Calculation time for point multiplication in elliptic curve or modular exponentiation
e T : Calculation time for asymmetric key encryption
TABLE 1: Time complexity in blinding scheme
7. CONSLUSION & FUTURE WORK
In this paper, we described the characteristics of e-payment protocol and evaluate one of themost important e-payment protocols that relied on a hash chain [6]. The hash chain typedscheme gives anonymity security characteristic besides to other security features of e-paymentprotocol. The use of the blind signature scheme and one-way hash function makes the protocolmore efficient and it guarantees the payment untraceable. Though, we notice that the blindscheme of the protocol [6] takes significantly more computing time and we present an alternateblind scheme using the RSA signature scheme that gives more efficiency than the existingprotocol. While the enhanced protocol needs large key length, around 1024-bit, in comparisonwith 160-bit key with elliptic curve encryption scheme, but we think that time complexity andrapidity are two significant issues than storage cost, and in this situation, the proposed protocolProtocol Name Blinding SchemeThe pay-wordProtocolh a m e 5*T + 9*T + 5*T + 3*T
Proposed Protocol
h a m e 3*T + 7 *T + 3*T +1*T
Sattar J Aboud
International Journal of Security, (IJS), Volume (3) : Issue(5) 92will give major benefit to small value payments. The research work accomplished in this paperhas vast future prospects and can be extended towards a substantial protocol using hash functionso that the modular exponentiation and costly operation can be shunned and also similar securitydepth can be reached.
8. REFERENCES
[1] Y Mu, K Nguyen and V Varadharajan, "A fair electronic cash scheme", In Proceeding of theInternational Symposium in Electronic Commerce, LNCS 2040, Springer-Verlag, pp. 20–32,2001.
[2] N Someren, "The practical problems of implementing Micro mint", In proceeding of theInternational Conference of Financial Cryptography, LNCS 2339, Springer-Verlag, pp. 41-50,2001
[3] N Someren, A Odlyzko, R Rivest, T Jones and D Scot, "Does anyone really needmicropayments", In proceeding of the International Conference of Financial Cryptography,LNCS 2742, Springer-Verlag, pp. 69-76, 2003.
[4] C Wang, C Chang and C Lin, "A new micro-payment system using general pay-word chain.Electronic Commerce", Research Journal, 2(1-2): 159-168, 2002
[5] S Yen, L Ho and C Huang, "Internet micro-payment based on unbalanced one-way binarytree", In Proceeding the International Conference of Cryptec'99, 155-162, 1999.
[6] S Kim and W Lee, “A Pay-word-based micro-payment protocol supporting multiplepayments”, In Proceeding of the International Conference on Computer Communicationsand Networks, pp. 609-612, 2003.#p#分页标题#e#
[7] D Chaum, Fiat and M Naor, "Untraceable electronic cash", In Proceeding Advances inCryptology, LNCS 403, Springer-Verlag, pp. 319-327, 1988.
[8] S Glassman, M Manasse, M Abadi, P Gauthier and P Sobalvarro, "The Millicent protocol forinexpensive electronic commerce", In Proceeding of the International World Wide WebConference, pp. 603–618, O'Reilly, 1995.
[9] R Rivest, "Electronic lottery tickets as micropayments", In Proceeding of the International
Conference of Financial Cryptography, LNCS 1318, Springer-Verlag, pp. 307–314, 1997
[10] E Foo and C Boyd, "A payment scheme using vouchers", In Proceeding of the International
Conference of Financial Cryptography, LNCS 1465, Springer-Verlag, pp. 103-121, 1998.
[11] Baddeley M, "Using e-cash in the new economy: An economic analysis of micro-payment
systems", Journal of Electronic Commerce Research, 5 (4), 2004
[12] J Hubaux, and L Buttyan, "A micro-payment scheme encouraging collaboration in multi-hop
cellular networks", In Proceeding of Financial Cryptography, LNCS 2742, Springer-Verlag,
pp. 15–33, 2003.
[13] Koblitz N, "Elliptic Curve Cryptosystems", Mathematics of Computation, 48(2), 203-209,
1987.
[14] H Chien, J Jan and Y Tseng, "RSA-based partially blind signature with low computation", In
Proceeding of the International Conference in Parallel and Distributed Systems, pp. 385–
389, USA, 2001.
[15] Matthew N. Anyanwu, Lih-Yuan Deng & Dipankar Dasgupta, “Design of Cryptographically
Strong Generator by Transforming Linearly Generated Sequences”, International Journal of
Computer Science and Security, (IJCSS) Volume (3): Issue (3), 2009
[16] Anil Kapil and Sanjeev Rana, Identity-Based Key Management in MANETs using Public Key
Cryptography, International Journal of Security (IJS), Volume (3) : Issue (1), 2009
[17] Ankur Agarwal, System-Level Modeling of a Network-on-Chip, International Journal of
Computer Science and Security, (IJCSS) Volume (3): Issue (3), 2009