NFC and mobile payments today

Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2011NFC (Near Field Communication) e pagamentos móveis são duas áreas que se tornaram muito populares ultimamente, ambas duplicaram o seu índice de volume de pesquisas medido pelo Google Trends no último ano. NFC é uma tecnologia de comunicação sem fios já disponível em alguns telemóveis, sendo que mais estão anunciados para breve, e os pagamentos móveis são um serviço cuja utilização se espera que cresça a um ritmo bastante acelerado nos próximos anos. Este crescimento já foi previsto antes, e as expectativas saíram goradas, mas pensa-se que a NFC seja a tecnologia que vai trazer os pagamentos móveis às massas. Esta tese foca-se nestas duas áreas e em como a NFC pode ser útil num protocolo para executar pagamentos móveis nos dias de hoje. Para isto, um novo protocolo chamado mTrocos é apresentado. Este possui várias características desejáveis tais como anonimato, alta segurança, boa usabilidade, a não dependência de bancos ou instituições financeiras tradicionais, o suporte para micro-pagamentos e não requer nenhum hardware especial. O seu desenho é baseado no conceito de dinheiro digital e em protocolos de estabelecimento de chaves ad-hoc. Estes últimos são úteis visto que a NFC é um meio sem fios que não oferece nenhuma segurança de raiz para além do seu curto alcance. É detalhada uma prova de conceito da implementação usando um telefone com o sistema operativo Android e um leitor NFC de secretária, provando que ela funciona usando apenas hardware comum disponível actualmente. No entanto, a API (Application Programming Interface) de NFC do Android revelou-se limitada, o que influenciou o desenho do mTrocos, e o impediu de fazer uso apenas da NFC para a troca das suas mensagens. Como parte da avaliação do protocolo, foram feitos testes com utilizadores que mostram que o mTrocos é fácil de usar e que é indicado para o cenário pensado: máquinas de venda automática. Outra conclusão a que se pode chegar é que a NFC é uma tecnologia que melhora a experiência de utilização e que vai ser de grande utilidade para o crescimento dos pagamentos móveis.NFC (Near Field Communication) and mobile payments are two areas that have received a significant amount of attention lately. NFC is a wireless communication technology already available on some mobile phones, with more to come in the near future, and mobile payments are a service whose usage is expected to grow at a significant rate in the coming years. This growth has been predicted before, and expectations have been let down, but NFC is thought to be the technology that will bring mobile payments to the masses. This thesis is focused on these two areas and how NFC can be of use in a protocol to conduct mobile payments. For this, a new protocol called mTrocos is presented that possesses several desirable characteristics such as anonymity, high security, good usability, unbanked, support for micropayments and no special hardware requirements. Its design is based on digital money concepts and ad-hoc key establishment protocols. The latter are useful because NFC is a wireless medium and offers no built-in security other than its limited range. A proof-of-concept implementation with an Android phone and a desktop NFC reader is detailed, proving that it works using only commodity equipment currently available. However, Android’s NFC API (Application Programming Interface) was found to be limited, which influenced the design of mTrocos, preventing it from relying only on NFC for the exchange of the messages. As part of the protocol’s evaluation, user tests were conducted which show that mTrocos is easy to use and that it is suited to the envisaged scenario: vending machines. Another conclusion is that NFC is a technology that improves the user experience and will be of great help for the growth of mobile payments

Finding Safety in Numbers with Secure Allegation Escrows

For fear of retribution, the victim of a crime may be willing to report it only if other victims of the same perpetrator also step forward. Common examples include 1) identifying oneself as the victim of sexual harassment, especially by a person in a position of authority or 2) accusing an influential politician, an authoritarian government, or ones own employer of corruption. To handle such situations, legal literature has proposed the concept of an allegation escrow: a neutral third-party that collects allegations anonymously, matches them against each other, and de-anonymizes allegers only after de-anonymity thresholds (in terms of number of co-allegers), pre-specified by the allegers, are reached. An allegation escrow can be realized as a single trusted third party; however, this party must be trusted to keep the identity of the alleger and content of the allegation private. To address this problem, this paper introduces Secure Allegation Escrows (SAE, pronounced "say"). A SAE is a group of parties with independent interests and motives, acting jointly as an escrow for collecting allegations from individuals, matching the allegations, and de-anonymizing the allegations when designated thresholds are reached. By design, SAEs provide a very strong property: No less than a majority of parties constituting a SAE can de-anonymize or disclose the content of an allegation without a sufficient number of matching allegations (even in collusion with any number of other allegers). Once a sufficient number of matching allegations exist, the join escrow discloses the allegation with the allegers' identities. We describe how SAEs can be constructed using a novel authentication protocol and a novel allegation matching and bucketing algorithm, provide formal proofs of the security of our constructions, and evaluate a prototype implementation, demonstrating feasibility in practice.Comment: To appear in NDSS 2020. New version includes improvements to writing and proof. The protocol is unchange

Adaptive Oblivious Transfer and Generalization

International audienceOblivious Transfer (OT) protocols were introduced in the seminal paper of Rabin, and allow a user to retrieve a given number of lines (usually one) in a database, without revealing which ones to the server. The server is ensured that only this given number of lines can be accessed per interaction, and so the others are protected; while the user is ensured that the server does not learn the numbers of the lines required. This primitive has a huge interest in practice, for example in secure multi-party computation, and directly echoes to Symmetrically Private Information Retrieval (SPIR). Recent Oblivious Transfer instantiations secure in the UC framework suf- fer from a drastic fallback. After the first query, there is no improvement on the global scheme complexity and so subsequent queries each have a global complexity of O(|DB|) meaning that there is no gain compared to running completely independent queries. In this paper, we propose a new protocol solving this issue, and allowing to have subsequent queries with a complexity of O(log(|DB|)), and prove the protocol security in the UC framework with adaptive corruptions and reliable erasures. As a second contribution, we show that the techniques we use for Obliv- ious Transfer can be generalized to a new framework we call Oblivi- ous Language-Based Envelope (OLBE). It is of practical interest since it seems more and more unrealistic to consider a database with uncontrolled access in access control scenarii. Our approach generalizes Oblivious Signature-Based Envelope, to handle more expressive credentials and requests from the user. Naturally, OLBE encompasses both OT and OSBE, but it also allows to achieve Oblivious Transfer with fine grain access over each line. For example, a user can access a line if and only if he possesses a certificate granting him access to such line. We show how to generically and efficiently instantiate such primitive, and prove them secure in the Universal Composability framework, with adaptive corruptions assuming reliable erasures. We provide the new UC ideal functionalities when needed, or we show that the existing ones fit in our new framework. The security of such designs allows to preserve both the secrecy of the database values and the user credentials. This symmetry allows to view our new approach as a generalization of the notion of Symmetrically PIR

A Novel Blind Signature Scheme Based On Discrete Logarithm Problem With Un-traceability

Blind Signatures are a special type of digital signatures which possess two special properties of blindness and untraceability, which are important for today’s real world applications that require authentication , integrity , security , anonymity and privacy. David Chaum[2] was the first to propose the concept of blind signatures. The scheme's security was based on the difficulty of solving the factoring problem [3, 4]. Two properties that are important for a blind signature scheme in order to be used in various modern applications are blindness and untraceability[2, 5, 6] . Blindness means that the signer is not able to know the contents of the message while signing it, which is achieved by disguising (or blinding) the message through various methods. Untraceability refers to preventing the signer from linking the blinded message it signs to a later unblinded version that it may be called upon to verify. Blind signatures based on discrete logarithm problem are still an area with much scope for research. We aim to propose a novel blind signature scheme with untraceability , based on the discrete logarithm problem

Design of Blind Signature Protocol Based upon DLP

Blind signature scheme is based on public key cryptosystem. Public-key cryptosystem is widely used these days for various security purposes. The use of public key cryptosystems received huge amount of attention. They are benecial in encipherment, authentication, non-repudiation as well as digital signature, which plays an essential role in electronic banking and nancial transactions. This project has proposed a new blind signature scheme based on ElGamal signature scheme. Blind signature schemes, rst introduced by David Chaum, allows a person to get a message signed by another party without revealing any information about the message to the other party. It is an extension of digital signature which can be implements using a number of common public key signing schemes, for instance RSA and ElGamal signature scheme. Blind signature is typically employed in privacy related protocols, where the signer and the requester are dierent person. In our project work we have taken an existing scheme based on ElGamal signature scheme as the reference scheme for comparison and proposed a new scheme. Aims of the proposed scheme is high security features and reduce the communication overhead, computation overhead, signature length. The proposed scheme aims to have lesser computation overhead and high security features than existing scheme [1, 2, 3, 5, 15, 16