11 research outputs found
SMAPs: Short Message Authentication Protocols
There is a long history of authentication protocols designed for ease of human use, which rely on users copying a short string of digits. Historical examples include telex test keys and early nuclear firing codes; familiar modern examples include prepayment meter codes and the 3-digit card verification values used in online shopping. In this paper, we show how security protocols that are designed for human readability and interaction can fail to provide adequate protection against simple attacks. To illustrate the problem, we discuss an offline payment protocol and explain various problems. We work through multiple iterations, or 'evolutions', of the protocol in order to get better tradeoffs between security and usability. We discuss the limitation of verifying such protocols using BAN logic. Our aim is to develop usable human-friendly protocols that can be used in constrained offline environments. We conclude that protocol designers need to be good curators of security state, and also pay attention to the interaction between online and offline functions. In fact, we suggest that delay-tolerant networking might be a future direction of evolution for protocol research
Recommended from our members
Digitally: Piloting offline payments for phones
Mobile payments support a range of services in many less developed countries including everyday payments, migrant remittances, credit, tax collection, and welfare benefits. These services depend entirely on the mobile phone network as their carrier, so they stop where the network does. This leaves millions of the very poorest people stranded - people living in remote areas where there is little to no network service. It also leaves urban users at the mercy of network congestion. We developed a prototype system, DigiTally, which lets users make offline payments by copying short strings of digits from one mobile handset to another. Offline payments are already used for electricity (both in prepayment meters and pay-as-you-go solar); can we extend them into a general-purpose payment system, to increase service resilience in the face of network congestion or outage, and provide service to currently excluded areas? We report the results of a preliminary study with an early prototype of DigiTally, tested on participants from a university in Nairobi (Kenya). The code-sharing process presented a possible usability challenge. To explore this and other aspects of an early prototype, DigiTally was introduced to Kenyan participants in order to resolve any major issues before a later field trial. We discuss the lessons learned from our field visits and initial evaluation; we hope that this contribution is helpful for researchers and policy makers interested in mobile payments and financial inclusion. We also present our findings and observations. We found that, although offline payments involve copying codes in both directions between the payer's phone and the payee's, the extra workload was acceptable to most users.This work was supported by a grant from the Bill & Melinda Gates Foundatio
The viability of mobile payments across South Africa, Kenya and Nigeria
As the global accessibility to the internet and mobile data and cellular systems is on the rise, the ability for the use of mobile devices in order to facilitate banking and to make payment across the African continent will increase. The question is then asked as to whether the African continent is ready for this technology and if it is not at this stage, will this ability to transact with a bank and a trusted method of payment ever be an option in Africa? This needs to be analysed and critically studied to determine whether Africa must invest in this technology and if so, when and how this investment should take place. The ability for the regular African consumer to access the wealth of knowledge that abounds over the internet is critical in order for the new mobile payment initiative to be a success. Education, infrastructure and ability to access this available technology will have long reaching effects in bringing Africa to the forefront in the global economy, while a move away from corporeal and historic tenders such as bartering systems, precious metals or cash, will be something new to the African continent and will need to be explored separately. In this study we will assess the readiness of the top three African economies, namely South Africa, Kenya and Nigeria of their current abilities to facilitate this technology and the barriers to entries and possible remedies to those if this is not the case
A bitcoin framework : an alternative payment system for marginalized areas of South Africa using low-end mobile phones
The emergence of the cryptocurrency Bitcoin, has invoked the need for developing financial systems that can be used to transfer digital value. This would serve as a solution to developing countries especially the challenged ones, when it comes to accommodating the financial needs of the disadvantaged people. Moreover, it facilitates access to financial services to allow them to transact with ease. Numerous companies have taken advantage of the prevalence of mobile phones and introduced financial platforms to provide financial inclusion to disadvantaged people. Financial institutions and Mobile Network Operators (MNO) have developed platforms such as cell phone banking services, mobile money, mobile wallets, and electronic wallets that can be used to provide affordable financial services. Although this is the case, alternative platforms that are affordable and accessible through mobile phones are still required. Therefore, this study proposes a Bitcoin framework that can be used as an alternative platform through low-end mobile phones to provide access to financial services to the disadvantaged people in marginalized areas. To prove the concept of the proposed Bitcoin framework, a Mobile Bitcoin Wallet System (MBWS) prototype was developed, which allows a person using a low-end mobile phone with no intervening technology such as Internet or Bluetooth, to access a Bitcoin wallet by sending a Short Message Service (SMS). This enables Bitcoin to be accessed more easily and affordably by the people. Thus the developed prototype conceptualizes an alternative payment system or a payment method that can augment the existing payment methods. The MBWS is evaluated to assess if it can offer the services that other platforms offer by being compared to a cell-phone banking service. It was deployed on a computer connected to the Internet to enable a connection to the Bitcoin network and access to the blockchain which records all the transactions that take place in Bitcoin. Although this system provides access to the Bitcoin wallet, for it to be applied to areas where people require an alternative payment system, it still needs to be enhanced for such use. This includes scaling the system and adding more functions to it
The study of blockchain towards its application to South African Social Security Agency (SASSA)
In recent years, there has been a rapid improvement in the way currencies are perceived, which has led to a rise in digital currencies commonly known as cryptocurrencies (because they are secured by the use of cryptography). Bitcoin was the _rst successful cryptocurrency which allowed users to transact directly with each other without the involvement of the third party (the bank). Bitcoin introduced a new technology known as the blockchain which is considered to be the ext-generation technology". Blockchain is a chronological database used to store all the transactions that have occurred since the inception of Bitcoin. A study of the Blockchain involving its application to the South African Social Security Agency (SASSA) is presented. This study assesses how the Blockchain functions. The Blockchain has been viewed as the next-generation technology. This study also assesses the application of the Blockchain to other systems other than cryptocurrencies or digital currencies. Recent studies in the literature have proposed applications of the Blockchain to other system (e.g. electronic voting, smart contracts, and intellectual property rights). Although these proposals have been put forward, none has been made speci_cally for SASSA. This study also presents the problems that the Blockchain has (e.g. scalability, security).Recent literature has tried to solve the problem of scalability, by introducing new protocols like mini-blockchain. In addition, this study presents the challenges that SASSA is currently having and it provides details about the attacks that could succeed in the system. The study presents the analysis of the blockchain for its application to SASSA; the analysis includes scalability, performance and security. Based on the analysis, it is shown that the blockchain is not compatible to be applied to SASSA. However, this study proposes a solution to some of the challenges SASSA is currently facing
ΠΠ°ΡΠΈΡΠ° ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΈ Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΠ΅ΠΌ ΠΈΠ½ΡΠ΅Π»Π»Π΅ΠΊΡΡΠ°Π»ΡΠ½ΡΡ ΠΊΠ°ΡΡ : ΡΡΠ΅Π±Π½ΠΎΠ΅ ΠΏΠΎΡΠΎΠ±ΠΈΠ΅
Π ΡΡΠ΅Π±Π½ΠΎΠΌ ΠΏΠΎΡΠΎΠ±ΠΈΠΈ Π΄Π°Π΅ΡΡΡ ΠΊΡΠ°ΡΠΊΠΎΠ΅ ΠΎΠΏΠΈΡΠ°Π½ΠΈΠ΅ ΡΠ°Π·Π»ΠΈΡΠ½ΡΡ
Π²ΠΈΠ΄ΠΎΠ² ΠΈΠ½ΡΠ΅Π»Π»Π΅ΠΊΡΡΠ°Π»ΡΠ½ΡΡ
ΠΊΠ°ΡΡ ΠΈ ΠΏΡΠΈΠ²ΠΎΠ΄ΠΈΡΡΡ ΠΎΠ±Π»Π°ΡΡΠΈ ΠΈΡ
ΠΏΡΠΈΠΌΠ΅Π½Π΅Π½ΠΈΡ. ΠΠ½ΡΠ΅Π»Π»Π΅ΠΊΡΡΠ°Π»ΡΠ½ΡΠ΅ ΠΊΠ°ΡΡΡ,ΠΈΠ»ΠΈ ΠΊΠ°ΡΡΡ Ρ ΠΈΠ½ΡΠ΅Π³ΡΠ°Π»ΡΠ½ΠΎΠΉ ΡΡ
Π΅ΠΌΠΎΠΉ, Π²ΠΊΠ»ΡΡΠ°ΡΡΠ΅ΠΉ ΠΌΠΈΠΊΡΠΎΠΏΡΠΎΡΠ΅ΡΡΠΎΡ (smart-card,microcomputer card), Π½Π°ΡΡΠ΄Ρ Ρ ΠΏΠ»Π°ΡΡΠΈΠΊΠΎΠ²ΡΠΌΠΈ ΠΊΠ°ΡΡΠ°ΠΌΠΈ Ρ ΠΌΠ°Π³Π½ΠΈΡΠ½ΠΎΠΉ ΠΏΠΎΠ»ΠΎΡΠΎΠΉ ΠΏΠΎΠ»ΡΡΠΈΠ»ΠΈ ΡΠΈΡΠΎΠΊΠΎΠ΅ ΡΠ°ΡΠΏΡΠΎΡΡΡΠ°Π½Π΅Π½ΠΈΠ΅, ΠΎΠ±Π»Π°Π΄Π°Ρ ΠΏΠΎ ΡΡΠ°Π²Π½Π΅Π½ΠΈΡ Ρ ΠΏΠΎΡΠ»Π΅Π΄Π½ΠΈΠΌΠΈ ΡΡΠ΄ΠΎΠΌ ΠΏΡΠ΅ΠΈΠΌΡΡΠ΅ΡΡΠ²,ΠΎΡΠ½ΠΎΠ²Π½ΠΎΠ΅ ΠΈΠ· ΠΊΠΎΡΠΎΡΡΡ
ΡΠ²ΡΠ·Π°Π½ΠΎ Ρ Π±ΠΎΠ»ΡΡΠ΅ΠΉ Π·Π°ΡΠΈΡΠ΅Π½Π½ΠΎΡΡΡΡ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΈ. ΠΠ±ΡΡΠΆΠ΄Π°ΡΡΡΡ ΠΎΡΠΎΠ±Π΅Π½Π½ΠΎΡΡΠΈ ΡΠ°Π·ΡΠ°Π±ΠΎΡΠΊΠΈ ΠΈ ΡΠ΅Π°Π»ΠΈΠ·Π°ΡΠΈΠΈ Π΄Π»Ρ ΡΡΠΈΡ
ΠΊΠ°ΡΡ ΡΠ°Π·Π»ΠΈΡΠ½ΡΡ
ΡΠΈΠΌΠΌΠ΅ΡΡΠΈΡΠ½ΡΡ
ΠΈ Π°ΡΠΈΠΌΠΌΠ΅ΡΡΠΈΡΠ½ΡΡ
ΠΊΡΠΈΠΏΡΠΎΠ³ΡΠ°ΡΠΈΡΠ΅ΡΠΊΠΈΡ
Π°Π»Π³ΠΎΡΠΈΡΠΌΠΎΠ². Π£ΡΠ΅Π±Π½ΠΎΠ΅ ΠΏΠΎΡΠΎΠ±ΠΈΠ΅ Π²Ρ
ΠΎΠ΄ΠΈΡ Π² ΡΠ΅ΡΠΈΡ ΠΏΠΎΡΠΎΠ±ΠΈΠΉ ΠΏΠΎ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΎΠ½Π½ΠΎΠΉ Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ ΠΈ ΡΠ°ΡΡΠΈΡΡΠ΅Ρ ΠΌΠ°ΡΠ΅ΡΠΈΠ°Π» ΠΏΠΎΡΠΎΠ±ΠΈΠΉ Β«ΠΡΠ½ΠΎΠ²Ρ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΎΠ½Π½ΠΎΠΉ Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈΒ», Β«Π‘ΠΎΠ²ΡΠ΅ΠΌΠ΅Π½Π½Π°Ρ ΠΏΡΠΈΠΊΠ»Π°Π΄Π½Π°Ρ ΠΊΡΠΈΠΏΡΠΎΠ³ΡΠ°ΡΠΈΡΒ»,Β«Π’Π΅Ρ
Π½ΠΈΡΠ΅ΡΠΊΠΈΠ΅ ΡΡΠ΅Π΄ΡΡΠ²Π° Π·Π°ΡΠΈΡΡ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΈΒ»
Recommended from our members
Resilient payment systems
There have been decades of attempts to evolve or revolutionise the traditional financial system, but not all such efforts have been transformative or even successful. From Chaumβs proposals in the 1980s for private payment systems to micropayments, previous attempts failed to take off for a variety of reasons, including non-existing markets, or issues pertaining to usability, scalability and performance, resilience against failure, and complexity of protocols.
Towards creating more resilient payment systems, we investigated issues related to security engineering in general, and payment systems in particular. We identified that network coverage, central points of failure, and attacks may cripple system performance. The premise of our research is that offline capabilities are required to produce resilience in critical systems.
We focus on issues related to network problems and attacks, system resilience, and scalability by introducing the ability to process payments offline without relying on the availability of network coverage; a lack of network coverage renders some payment services unusable for their customers. Decentralising payment verification, and outsourcing some operations to users, alleviates the burden of contacting centralised systems to process every transaction. Our secondary goal is to minimise the cost of providing payment systems, so providers can cut transaction fees. Moreover, by decentralising payment verification that can be performed offline, we increase system resilience, and seamlessly maintain offline operations until a system is back online. We also use tamper-resistant hardware to tackle usability issues, by minimising cognitive overhead and helping users to correctly handle critical data, minimising the risks of data theft and tampering.
We apply our research towards extending financial inclusion efforts, since the issues discussed above must be solved to extend mobile payments to the poorest demographics. More research is needed to integrate online payments, offline payments, and delay-tolerant networking. This research extends and enhances not only payment systems, but other electronically-enabled services from pay-as-you-go solar panels to agricultural subsidies and payments from aid donors. We hope that this thesis is helpful for researchers, protocol designers, and policy makers interested in creating resilient payment systems by assisting them in financial inclusion efforts
Cashless welfare payments and everyday life: a study of South Africa and Australia
This thesis investigates the emergence of cashless welfare payments (CWP) and their effect on everyday life. It argues that CWP create a space in everyday life in which social relations and social behaviours are restructured. This restructuring is considered as a process and consolidation of neoliberalisation. The precise form of CWP are contingent on the social and policy contexts in which they are embedded, the contradictory nature of neoliberalism, and crucially, the effects on the everyday lives being targeted and responses to this. In South Africa it has taken an inclusive form that has facilitated state-society social relations and enabled financial accumulation. In Australia it takes a disciplinary form that has sought to control consumption and encourage capitalist social relations.
The thesis draws on two main theoretical influences: βneoliberalisationβ as an understanding of the restructuring of contemporary welfare, and Henri Lefebvreβs theorisation of Everyday Life. The framework developed from these influences is used to analyse two case studies. Firstly, the South African βSASSA cardβ that was introduced in 2012, and distributed cards and bank accounts to people who received a social grant. Secondly, the Australian βCashless Debit Cardβ (CDC), which was introduced in specific sites across Australia from 2016. Data was gathered through a combination of semi-structured interviews, ethnographic observations and documentary and policy analysis.
This thesis contributes to academic knowledge in three central areas. Firstly, it offers a new example and interpretation to contribute to the field of everyday IPE. Drawing on Lefebvreβs approach, it demonstrates the value of the study of the everyday by offering a sociological, experiential dimension to contemporary welfare restructuring. It also deepens studies of neoliberalisation by addressing contingency at an everyday level and the variegated outcomes this produces. The second area is in the study of welfare. Empirically, the thesis draws attention to the importance of the mode of payment in shaping peopleβs lives, providing new empirical material on welfare systems in South Africa and Australia. Finally, it contributes to the study of everyday financialisation by drawing on social meanings of money, and offers new examples of the way linkages are developed between finance capital and welfare recipients
Keeping Fairness Alive : Design and formal verification of optimistic fair exchange protocols
Fokkink, W.J. [Promotor]Pol, J.C. van de [Promotor