PSP: Private and secure payment with RFID

Authors:
Erik-Oliver Blass;Anil Kurmus;Refik Molva;Thorsten Strufe
Affiliations:
College for Computer and Information Science, Northeastern University, 360 Huntington Avenue, 02115 Boston, USA;IBM Research - Zurich, Säumerstrasse 4 8803 Rüschlikon, Switzerland;EURECOM, Campus SophiaTech, 450 Route des Chappes, 06410 Biot, France;TU Darmstadt, Hochschulstraβe 10, 64289 Darmstadt, Germany
Venue:
Computer Communications
Year:
2013

Citing 27
Cited 0

Untraceable electronic cash

CRYPTO '88 Proceedings on Advances in cryptology
Untraceable off-line cash in wallet with observers

CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Micropayments Revisited

CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
Special Uses and Sbuses of the Fiat-Shamir Passport Protocol

CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
Keying Hash Functions for Message Authentication

CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
PayWord and MicroMint: Two Simple Micropayment Schemes

Proceedings of the International Workshop on Security Protocols
"Yoking-Proofs" for RFID Tags

PERCOMW '04 Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops
YA-TRAP: Yet Another Trivial RFID Authentication Protocol

PERCOMW '06 Proceedings of the 4th annual IEEE international conference on Pervasive Computing and Communications Workshops
An RFID Distance Bounding Protocol

SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Practical Attacks on Proximity Identification Systems (Short Paper)

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Mobile phone based RFID architecture for secure electronic Payments using RFID credit cards

ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Defining Strong Privacy for RFID

PERCOMW '07 Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications Workshops
SQUASH --- A New MAC with Provable Security Properties for Highly Constrained Devices Such as RFID Tags

Fast Software Encryption
Provably Secure Grouping-Proofs for RFID Tags

CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
rfidDOT: RFID delegation and ownership transfer made simple

Proceedings of the 4th international conference on Security and privacy in communication netowrks
Dismantling MIFARE Classic

ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
PSP: private and secure payment with RFID

Proceedings of the 8th ACM workshop on Privacy in the electronic society
Anonymizer-Enabled Security and Privacy for RFID

CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Cache-, hash- and space-efficient bloom filters

WEA'07 Proceedings of the 6th international conference on Experimental algorithms
On privacy models for RFID

ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Vulnerabilities in first-generation RFID-enabled credit cards

FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
The F_f-Family of Protocols for RFID-Privacy and Authentication

IEEE Transactions on Dependable and Secure Computing
Practical eavesdropping and skimming attacks on high-frequency RFID tokens

Journal of Computer Security - 2010 Workshop on RFID Security (RFIDSec'10 Asia)
Strong and robust RFID authentication enabling perfect ownership transfer

ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
New proofs for NMAC and HMAC: security without collision-resistance

CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Reducing time complexity in RFID systems

SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
Information confinement, privacy, and security in RFID systems

ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security

Quantified Score

Hi-index	0.24

Visualization

Abstract

RFID can be used for a variety of applications, e.g., to conveniently pay for public transportation. However, achieving security and privacy of payment is challenging due to the extreme resource restrictions of RFID tags. In this paper, we propose PSP - a secure, RFID-based protocol for privacy-preserving payment that supports multiple different payees. Similar to traditional electronic cash, the user of a tag can pay for a service using his tag and so called coins of a virtual currency. With PSP, tags do not need to store valid coins, but generate them on the fly. Using Bloom filters, readers can verify the validity of generated coins offline. PSP guarantees privacy such that neither payees nor an adversary can reveal the identity of a user or link subsequent payments. PSP is secure against invention and overspending of coins, and can reveal the identity of users trying to double spend coins. Still, PSP is lightweight: it requires only a hash function and few bytes of non-volatile memory on the tag.