AnBx - Security Protocols Design and Verification

Designing distributed protocols is challenging, as it requires actions at very different levels: from the choice of network-level mechanisms to protect the exchange of sensitive data, to the definition of structured interaction patterns to convey application-specific guarantees. Current security infrastructures provide very limited support for the specification of such guarantees. As a consequence, the high-level security properties of a protocol typically must often be hard-coded explicitly, in terms of low-level cryptographic notions and devices which clutter the design and undermine its scalability and robustness. To counter these problems, we propose an extended Alice & Bob notation for protocol narrations (AnBx) to be employed for a purely declarative modelling of distributed protocols. These abstractions provide a compact specification of the high-level security guarantees they convey, and help shield the design from the details of the underlying cryptographic infrastructure. We discuss an implementation of the abstractions based on a translation from the AnBx notation to the AnB language supported by the OFMC [1,2] verification tool. We show the practical effectiveness of our approach by revisiting the iKP e-payment protocols, and showing that the security goals achieved by our declarative specification outperform those offered by the original protocols

Security Protocol Specification and Verification with AnBx

Designing distributed protocols is complex and requires actions at very different levels: from the design of an interaction flow supporting the desired application-specific guarantees, to the selection of the most appropriate network-level protection mechanisms. To tame this complexity, we propose AnBx, a formal protocol specification language based on the popular Alice & Bob notation. AnBx offers channels as the main abstraction for communication, providing different authenticity and/or confidentiality guarantees for message transmission. AnBx extends existing proposals in the literature with a novel notion of forwarding channels, enforcing specific security guarantees from the message originator to the final recipient along a number of intermediate forwarding agents. We give a formal semantics of AnBx in terms of a state transition system expressed in the AVISPA Intermediate Format. We devise an ideal channel model and a possible cryptographic implementation, and we show that, under mild restrictions, the two representations coincide, thus making AnBx amenable to automated verification with different tools. We demonstrate the benefits of the declarative specification style distinctive of AnBx by revisiting the design of two existing e-payment protocols, iKP and SET

Codex Enables Secure Offline Micropayments

This paper introduces a new micropayment scheme, suitable for all kinds of transactions, and does not require online transactions for either the payer or payee. The designed method uses an encrypted data structure called Codex which self replicates to represent the current values of both the payer and the payee. The model, while providing fraud detection also guarantees payment & loss recovery

TAPI: Transactions for Accessing Public Infrastructure

This paper describes TAPI, an offline scheme intended for general Internet-based micropayments. TAPI, which extends and combines concepts from the KeyNote Microchecks and OTPCoins architectures, encodes risk management rules in bank-issued users' credentials which are in turn used to acquire small-valued payment tokens. The scheme has very low transaction overhead and can be tuned to use different risk strategies for different environments and clients

Design and security issues in strongbox systems for the internet

This paper presents and discusses some design and security issues surrounding electronic strongboxes as an electronic counterpart of physical strongboxes typically found in large traditional financial institutions. The concept of electronic strongboxes is briefly discussed, comparing against physical strongboxes. A basic system for electronic strongboxes is then provided and the functional and security requirements of the system\u27s components is presented

Internet payment system--: mechanism, applications & experimentation.

Ka-Lung Chong.Thesis (M.Phil.)--Chinese University of Hong Kong, 2000.Includes bibliographical references (leaves 80-83).Abstracts in English and Chinese.Abstract --- p.iAcknowledgments --- p.iiiChapter 1 --- Introduction & Motivation --- p.1Chapter 1.1 --- Introduction --- p.1Chapter 1.2 --- Internet Commerce --- p.3Chapter 1.3 --- Motivation --- p.6Chapter 1.4 --- Related Work --- p.7Chapter 1.4.1 --- Cryptographic Techniques --- p.7Chapter 1.4.2 --- Internet Payment Systems --- p.9Chapter 1.5 --- Contribution --- p.16Chapter 1.6 --- Outline of the Thesis --- p.17Chapter 2 --- A New Payment Model --- p.19Chapter 2.1 --- Model Description --- p.19Chapter 2.2 --- Characteristics of Our Model --- p.22Chapter 2.3 --- Model Architecture --- p.24Chapter 2.4 --- Comparison --- p.30Chapter 2.5 --- System Implementation --- p.30Chapter 2.5.1 --- Acquirer Interface --- p.31Chapter 2.5.2 --- Issuer Interface --- p.32Chapter 2.5.3 --- Merchant Interface --- p.32Chapter 2.5.4 --- Payment Gateway Interface --- p.33Chapter 2.5.5 --- Payment Cancellation Interface --- p.33Chapter 3 --- A E-Commerce Application - TravelNet --- p.35Chapter 3.1 --- System Architecture --- p.35Chapter 3.2 --- System Features --- p.38Chapter 3.3 --- System Snapshots --- p.39Chapter 4 --- Simulation --- p.44Chapter 4.1 --- Objective --- p.44Chapter 4.2 --- Simulation Flow --- p.45Chapter 4.3 --- Assumptions --- p.49Chapter 4.4 --- Simulation of Payment Systems --- p.50Chapter 5 --- Discussion of Security Concerns --- p.54Chapter 5.1 --- Threats to Internet Payment --- p.54Chapter 5.1.1 --- Eavesdropping --- p.55Chapter 5.1.2 --- Masquerading --- p.55Chapter 5.1.3 --- Message Tampering --- p.56Chapter 5.1.4 --- Replaying --- p.56Chapter 5.2 --- Aspects of A Secure Internet Payment System --- p.57Chapter 5.2.1 --- Authentication --- p.57Chapter 5.2.2 --- Confidentiality --- p.57Chapter 5.2.3 --- Integrity --- p.58Chapter 5.2.4 --- Non-Repudiation --- p.58Chapter 5.3 --- Our System Security --- p.58Chapter 5.4 --- TravelNet Application Security --- p.61Chapter 6 --- Discussion of Performance Evaluation --- p.64Chapter 6.1 --- Performance Concerns --- p.64Chapter 6.2 --- Experiments Conducted --- p.65Chapter 6.2.1 --- Description --- p.65Chapter 6.2.2 --- Analysis on the Results --- p.65Chapter 6.3 --- Simulation Analysis --- p.69Chapter 7 --- Conclusion & Future Work --- p.72Chapter A --- Experiment Specification --- p.74Chapter A.1 --- Configuration --- p.74Chapter A.2 --- Experiment Results --- p.74Chapter B --- Simulation Specification --- p.77Chapter B.1 --- Parameter Listing --- p.77Chapter B.2 --- Simulation Results --- p.77Bibliography --- p.8

A new architecture for secure two-party mobile payment transactions

xi, 229 leaves : ill. ; 29 cmThe evolution of wireless networks and mobile device technologies has increased concerns about performance and security of mobile systems. We propose a new secured applicationlevel architecture for a two-party mobile payment transaction that is carried out between a resource-limited mobile device and a resource-rich computer server over wireless networks. As an example of such transactions, the mobile banking transaction is focused on throughout this thesis. The proposed architecture, namely SA2pMP, employs a lightweight cryptography scheme (combining both a Public-key cryptography algorithm (ECDSA) and a Symmetric-key cryptography algorithm (AES)), a multi-factor authentication mechanism, and a transaction log strategy. The proposed architecture is designed to satisfy the four properties of confidentiality, authentication, integrity and non-repudiation that are required by any secure system. The architecture can be implemented on a Java ME enabled mobile device. The security API library can be reused in implementing other two-party mobile applications. The present study shows that SA2pMP is a unique lightweight security architecture providing comprehensive security for two-party mobile payment transactions. In addition, simulations demonstrate that SA2pMP can be installed in resource-limited mobile devices as a downloadable software application. The main contribution of the thesis is to suggest a design for a security architecture for two-party mobile payment transactions, for example, mobile banking. It suggests a four-layer model of mobile payment participants, based on Karnouskos (2004). This model clarifies how participants are involved in a mobile payment transaction. In addition, an improved model is suggested to guide security aspects of system design, which is based on an Onion Layer Framework (Wei, C.Liu, & Koong, 2006)

A Postpaid Micropayment Scheme with Revocable Customers' Anonymity

[[abstract]]A new postpaid micropayment scheme is first proposed to protect customers' anonymity and provides customers' convenience. Due to customers' anonymity, customers can anonymously transact with merchants and obtain the goods/services before being charged. This scheme satisfies three properties of anonymity. First, the customer's identity is protected by a pseudonym. Second, the adversary cannot figure anonymous customers out by tracing their payments. Third, there is a trusted authority to revoke customers' anonymity when some disputes happen. On the other hand, the postpaid function provides customers with the convenience of using the credit to buy goods/services.[[notice]]補正完畢[[journaltype]]國際[[incitationindex]]EI[[booktype]]紙本[[countrycodes]]TW