Abstract
Near field communication (NFC) is a recent popular technology that will facilitate many aspects of payments with mobile tokens. In the domain of public transportation payment systems electronic payments have many benefits, including improved throughput, new capabilities (congestion-based pricing etc.) and user convenience. A common concern when using electronic payments is that a user’s privacy is sacrificed. However, cryptographic e-cash schemes provide provable guarantees for both security and user privacy. Even though e-cash protocols have been proposed three decades ago, there are relatively few actual implementations, since their computation complexity makes an execution on lightweight devices rather difficult. This paper presents an efficient implementation of Brands [11] and ACL[4] e-cash schemes on an NFC smartphone: the BlackBerry Bold 9900. Due to their efficiency during the spending phase, when compared to other schemes, and the fact that payments can be verified offline, these schemes are especially suited for, but not limited to, use in public transport. Additionally, the encoding of validated attributes (e.g. a user’s age range, zip code etc.) is possible in the coins being withdrawn, which allows for additional features such as variable pricing (e.g. reduced fare for senior customers) and privacy-preserving data collection. We present a subtle technique to make use of the ECDHKeyAgreement class that is available in the BlackBerry API (and in the API of other systems) and show how the schemes can be implemented efficiently to satisfy the tight timing imposed by the transportation setting.
This work is supported by the NSF under CNS-0964641 and CNS-0964379. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the NSF.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Near Field Communication Forum (2008), http://www.nfc-forum.org/
Abe, M.: A Secure Three-Move Blind Signature Scheme for Polynomially Many Signatures. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 136–151. Springer, Heidelberg (2001)
Anderson, Z., Ryan, R., Chiesa, A.: The Anatomy of a Subway Hack: Breaking Crypto RFID’s and Magstripes of Ticketing Systems (2008)
Baldimtsi, F., Lysyanskaya, A.: Anonymous Credentials Light. IACR Cryptology ePrint Archive, 2012:298 (2012)
Baldimtsi, F., Lysyanskaya, A.: On The Security of One-Witness Blind Signature Schemes. IACR Cryptology ePrint Archive, 2012:197 (2012)
Batina, L., Hoepman, J.-H., Jacobs, B., Mostowski, W., Vullers, P.: Developing Efficient Blinded Attribute Certificates on Smart Cards via Pairings. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 209–222. Springer, Heidelberg (2010)
Belenkiy, M., Chase, M., Kohlweiss, M., Lysyanskaya, A.: Compact E-Cash and Simulatable VRFs Revisited. In: Shacham, H., Waters, B. (eds.) Pairing 2009. LNCS, vol. 5671, pp. 114–131. Springer, Heidelberg (2009)
Bichsel, P., Camenisch, J., Groß, T., Shoup, V.: Anonymous credentials on a standard java card. In: Al-Shaer, E., Jha, S., Keromytis, A.D. (eds.) ACM Conference on Computer and Communications Security, pp. 600–610. ACM (2009)
Blass, E.-O., Kurmus, A., Molva, R., Strufe, T.: PSP: private and secure payment with RFID. In: Al-Shaer, E., Paraboschi, S. (eds.) WPES, pp. 51–60. ACM (2009)
Bos, J.W., Kaihara, M.E., Kleinjung, T., Lenstra, A.K., Montgomery, P.L.: On the security of 1024-bit rsa and 160-bit elliptic curve cryptography. IACR Cryptology ePrint Archive, 2009:389 (2009)
Brands, S.: Untraceable Off-line Cash in Wallets with Observers (Extended Abstract). In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 302–318. Springer, Heidelberg (1994)
Camenisch, J., Hohenberger, S., Lysyanskaya, A.: Compact E-Cash. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 302–321. Springer, Heidelberg (2005)
Certicom Research. Standads for Efficient Cryptography (SEC) 2: Recommended Elliptic Curve Domain Parameters, version 1.0 edition (2000)
Chan, A.H., Frankel, Y., Tsiounis, Y.: Easy Come - Easy Go Divisible Cash. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 561–575. Springer, Heidelberg (1998)
Chaum, D.: Blind Signatures for Untraceable Payments. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) CRYPTO, pp. 199–203. Plenum Press, New York (1982)
Chaum, D., Fiat, A., Naor, M.: Untraceable Electronic Cash. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 319–327. Springer, Heidelberg (1990)
Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)
Clemente-Cuervo, E., Rodríguez-Henríquez, F., Arroyo, D.O., Ertaul, L.: A PDA Implementation of an Off-line e-Cash Protocol. In: Aissi, S., Arabnia, H.R. (eds.) Security and Management, pp. 452–458. CSREA Press (2007)
Derler, D., Potzmader, K., Winter, J., Dietrich, K.: Anonymous Ticketing for NFC-Enabled Mobile Phones. In: Chen, L., Yung, M., Zhu, L. (eds.) INTRUST 2011. LNCS, vol. 7222, pp. 66–83. Springer, Heidelberg (2012)
Garcia, F.D., de Koning Gans, G., Muijrers, R., van Rossum, P., Verdult, R., Schreur, R.W., Jacobs, B.: Dismantling MIFARE Classic. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 97–114. Springer, Heidelberg (2008)
Hankerson, D., Menezes, A.J., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer-Verlag New York, Inc., Secaucus (2003)
Haselsteiner, E., Breitfuß, K.: Security in Near Field Communication (NFC) - Strengths and Weaknesses (2006), http://events.iaik.tugraz.at/RFIDSec06/Program/papers/002
Heydt-Benjamin, T.S., Chae, H.-J., Defend, B., Fu, K.: Privacy for Public Transportation. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 1–19. Springer, Heidelberg (2006)
Hinterwälder, G., Paar, C., Burleson, W.P.: Privacy preserving payments on computational RFID devices with application in intelligent transportation systems. In: Hoepman, J.-H., Verbauwhede, I. (eds.) RFIDSec 2012. LNCS, vol. 7739, pp. 109–122. Springer, Heidelberg (2013)
Lysyanskaya, A.: Signature schemes and applications to cryptographic protocol design. PhD Thesis. Massachusetts Institute of Technology, AAI0804606 (2002)
M. B. T. A. (MBTA). MBTA ScoreCard (March 2013) [February 2013 Data], http://www.mbta.com/uploadedfiles/About_the_T/Score_Card/ScoreCard2013
Menezes, A., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press (1996)
Mulliner, C.: Vulnerability analysis and attacks on nfc-enabled mobile phones. In: ARES, pp. 695–700. IEEE Computer Society (2009)
Ohkubo, M., Abe, M.: Security of three-move blind signature schemes reconsidered. In: SCIS 2003, Symposium on Cryptography and Information Security, Japan (2003)
Pirker, M., Slamanig, D.: A Framework for Privacy-Preserving Mobile Payment on Security Enhanced ARM TrustZone Platforms. In: Min, G., Wu, Y., Liu, L.C., Jin, X., Jarvis, S.A., Al-Dubai, A.Y. (eds.) TrustCom, pp. 1155–1160. IEEE Computer Society (2012)
Rankl, W., Effing, W.: Smart Cards in Transportation Systems, pp. 869–891. John Wiley & Sons, Ltd. (2010)
Ribeiro, S.K., Kobayashi, S., Beuthe, M., Gasca, J., Greene, D., Lee, D.S., Muromachi, Y., Newton, P.J., Plotkin, S., Sperling, D., Wit, R., Zhou, P.J.: Transport and its infrastructure. Climate Change 2007: Mitigation. Contribution of Working Group III to the Fourth Assessment Report of the Intergovernmental Panel on Climate Change (2007)
Sadeghi, A.-R., Visconti, I., Wachsmann, C.: User Privacy in Transport Systems Based on RFID E-Tickets. In: Bettini, C., Jajodia, S., Samarati, P., Wang, X.S. (eds.) PiLBA. CEUR Workshop Proceedings, vol. 397. CEUR-WS.org (2008)
Schnorr, C.-P.: Efficient Identification and Signatures for Smart Cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, Heidelberg (1990)
United Nations New York. World Urbanization Prospects - The 2011 Revision (2012)
Verdult, R., Kooman, F.: Practical attacks on nfc enabled cell phones. In: 2011 3rd International Workshop on Near Field Communication (NFC), pp. 77–82 (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hinterwälder, G., Zenger, C.T., Baldimtsi, F., Lysyanskaya, A., Paar, C., Burleson, W.P. (2013). Efficient E-Cash in Practice: NFC-Based Payments for Public Transportation Systems. In: De Cristofaro, E., Wright, M. (eds) Privacy Enhancing Technologies. PETS 2013. Lecture Notes in Computer Science, vol 7981. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39077-7_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-39077-7_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39076-0
Online ISBN: 978-3-642-39077-7
eBook Packages: Computer ScienceComputer Science (R0)