Documente Academic
Documente Profesional
Documente Cultură
Despoina Palaka
Information Processing Laboratory, Electrical and Computer Engineering Department
Aristotle University of Thessaloniki, 540 06 Thessaloniki, Greece
Email: palaka@iti.gr
Abstract: In this paper a novel payment system for Peer-to-Peer (P2P) commerce transactions is presented. It imple-
ments electronic cash-based transactions, between buyers and merchants. In this system, financial institutions
become partners in the e-commerce transaction, conducted by their customers over the Internet. The innova-
tion of the proposed system is the reduction of the involvement of the financial institutions to ancillary support
services. Moreover, the proposed system can be characterized as distributed allocation of provinces to mer-
chants, who are responsible for locally authorizing payments. Finally, it is optimized for repeated payments
to the same merchants.
1
enables merchants to locally authorize payments and
it uses Millicent’s (S. Glassman, 1995) main concept,
scrip, which is electronic cash issued by the bank or Customer Merchant
the merchant.
The rest of the paper is organized as follows. In the
following Section a short discussion about traditional
(client/server) payment systems and P2P ones, along
with some basic definitions and notation, is given. Se-
curity considerations regarding the SSL protocol are Internet Internet
2
payment security is very limited.
KA is a 192-bits long,
Financial Network symmetric key.
is a 1024-bits long, private
Customer's Merchant's K Pr
Bank Bank (asymmetric) key.
is a 1024-bits long, public
K Pu
(asymmetric) key.
Figure 2: P2P payment system Symmetric encryption
Enc KA (.) using the AES (Rijndael)
algorithm.
C Customer
Digital signature that uses
M Merchant
the SHA1 algorithm for
B Broker Sign KPr (.)
hashing and the RSA
algorithm for encrypting.
Figure 3: Parties
Asymmetric encryption
(using the RSA algorithm)
SignOnly K Pr (.) of a message digest
(http://gnutella.wego.com/), security guarantees produced by the SHA1
similar to centralized architectures are more difficult algorithm.
to be achieved in a distributed environment. More- Symmetric encryption
over, there is a widespread agreement that electronic (using the Rijndael
commerce means for secure electronic payments are algorithm) of the
needed. Indeed, the appeal of electronic commerce Enc K A (SignOnly KPr (.))
cipher-text produced by
without electronic payment is limited. Further, the SignOnly KPr (.)
insecure electronic payments are more likely to
impede, than to promote, electronic commerce. Thus function.
the premise of security for electronic payments is of Asymmetric encryption
the most importance. SSL is the de facto standard
PKEnc KPu (.)
using the RSA algorithm.
for secure (i.e., encrypted and integrity-protected)
communication on the web and it is integrated in X,Y X is concatenated with Y.
almost all web browsers and servers. SSL uses asym-
metric encryption but typically only the merchants
have public-keys and the customers are anonymous. Figure 4: Cryptographic Primitives
Encrypting bank account data with SSL is certainly
better than sending them in the clear, but the gain in
3
4 THE NOVEL PEER-TO-PEER 4.1 Obtain electronic cash from the
PROTOCOL bank (BrokerScrip)
4
4.2 Obtain electronic cash from the signatures of the messages sent by the customer and
merchant the merchant, and then record to a file the details of
the transaction).
Implemented on the JXTA (the term “JXTA” is
When a customer has electronic cash from the bank short for juxtapose, as in side by side. It is recogni-
and s/he wishes to purchase an item from a merchant, tion that P2P is juxtaposed to client-server or Web-
s/he needs to obtain electronic cash from the specific based computing, which is today’s traditional dis-
merchant (VendorScrip). If the value of the owned tributed computing model) platform, the proposed
BrokerScrip is bigger or equal to the one of the de- system does not require any special hardware and it
sirable VendorScrip, this transaction step is initiated can be implemented in any platform.
(Figure 8). Further, it offers some kind of divisibility by allow-
Note, that the requested VendorScrip can be used ing users to pay small valued products using high val-
for payments only to this specific merchant. The bro- ued scrip and returning the change as new scrip.
ker beyond the verification of the scrip, serves as an Regarding the role inversion the proposed system
observer of the transaction who records the details of has interchangeable roles; it allows users to assume
it. different roles (a user can act both as a merchant and
a customer), when convenient. However, it does not
4.3 Buy Item allow users to become the bank.
In terms of security, the proposed system ensures
If the customer wishes to purchase an item from a spe- user’s privacy by allowing anonymous purchases, se-
cific merchant and has the appropriate VendorScrip, curing transfers and protecting critical information.
this scrip can be sent to the merchant (Figure 7). The Furthermore, it provides the means to detect unautho-
merchant checks and validates the VendorScrip, s/he rized data modification using an auditing mechanism
reduces its value and sends a new VendorScrip (the so that errors or misuse can be detected.
change) to the customer. This interaction means that
the customer has paid the merchant. In this transac-
tion step both the customer and the merchant inform 6 SECURITY REQUIREMENTS
the broker that a transaction is about to take place or
has taken place, respectively. AND SECURITY ANALYSIS OF
THE SYSTEM
5
faulty scrip attack involves creation of scrip without
the correct structure and scrip forgery attack involves
forging the scrip’s data.
1. Double spending: scrip is concatenated with
M1
two secrets the MasterScripSecret and the Master- Customer Merchant
CustomerSecret (P. Daras, 2003). These secrets are
known only to the producer of the scrip. Each time M5
a scrip is used, its secrets are deleted from the pro-
ducer’s look up tables, ensuring that the scrip can- M3 M2 M4
not be re-spent.
2. Faulty scrip: each user of the payment proto- M0
col can act both as merchant and customer and s/he
is able to produce scrip, but this scrip can only be Broker
used to authorize payments with its producer (the
scrip carries the Producer’s ID).
C0 Initiate VendorScrip request
3. Scrip forgery: scrip consists of the scrip body,
which contains the information of the scrip and a X0 UID M
certificate, which is the signature of the scrip. Any M0 C 0 , UID C , Enc K 0(SignOnly K C(ID C )) , Enc K0
alteration of the information contained in the scrip (Sign K C(X0 )) , PKEnc K B (K 0 )
body can be detected by verifying the scrip’s cer-
tificate. C1 VendorScrip request
X 1 Br 0 , CS Br 0 , W V
X2 WV
7 CONCLUSIONS
M1 C 1 , UID C , Enc K 1(SignOnly K C(ID C )),
In this paper a new payment system is presented. Enc K 1(Sign K C(X1 )) , PKEnc K B (K 1 ) ,
This system is designed to be used in P2P networks. Enc K 2(Sign K C(X2 )) , PKEnc K M(K 2 )
In this system the broker’s participation is reduced in C2 Authorization request
order to reduce the “single point of failure” problem.
Further, the new system is compliant to all parties’ re- X3 WV
quirements involved in a transaction and offers confi- M2 C 2 , UID M , Enc K 3(SignOnly K M(ID M )),
dentiality and full anonymity to the customers. More- Enc K 3(Sign K M(X3 )) , PKEnc K B (K 3 ) ,
over, it establishes a framework for enabling secure Enc K 1(SignOnly K C(ID C )) , Enc K 1(Sign K C(X1)) ,
payment transactions. PKEnc K B (K 1)
C3 Change BrokerScrip
REFERENCES X4 Br 1 , CS Br 1
M3 C 3 , UID B , Enc K 4(Sign K B (X4 )) , PKEnc K C(K 4 )
A.O. Freier, P. Kariton, P. K. (1996). The ssl protocol: Ver-
sion 3.0. C4 Authorization response
Mastercard, V. (1997). Set 1.0 - se- X5 R
cure electronic transaction specification.
http://www.mastercard.com/set.html. M 4 C 4 , UID B , Sign KB (X5 )
P. Daras, D. Palaka, V. G. D. B. K. P. M. S. (2003). A novel C 5 VendorScrip response
peer-to-peer payment protocol. In Eurocon 2003, The
International Conference on Computer as a tool. Eu- X 6 V 0 ,CS V0
rocon 2003.
M 5 C 5 , UID M ,Enc K5(Sign KB (X 6)) ,
S. Glassman, M. Manasse, M. A. P. G. P. S. (1995). The mil-
licent protocol for inexpensive electronic commerce.
PKEnc K C(K5)
In Proceeding of the 4th International World Wide
Conference.
Wallich, P. (1999). Cyber view: How to steal millions in Figure 8: Obtain electronic cash from the merchant
champ change. In Sci. Amer., pp. 32-33. Sci. Amer.