PSP: private and secure payment with RFID

RFID can be used for a variety of applications, e.g., to conveniently pay for public transportation. However, achieving security and privacy of payment is challenging due to the extreme resource restrictions of RFID tags. In this paper, we propose PSP -- a secure, RFID-based protocol for privacy-preserving payment. Similar to traditional electronic cash, the user of a tag can pay access to a metro using his tag and so called coins of a virtual currency. With PSP, tags do not need to store valid coins, but generate them on the fly. Using Bloom filters, readers can verify the validity of generated coins offline. PSP guarantees privacy such that neither the metro nor an adversary can reveal the identity of a user or link subsequent payments. PSP is secure against invention and overspending of coins, and can reveal the identity of users trying to doublespend coins. Still, PSP is lightweight: it requires only a hash function and few bytes of non-volatile memory the tag.

[1]  Miss A.O. Penney (b) , 1974, The New Yale Book of Quotations.

[2]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[3]  Samy Bengio,et al.  Special Uses and Abuses of the Fiat-Shamir Passport Protocol , 1987, CRYPTO.

[4]  Amos Fiat,et al.  Untraceable Electronic Cash , 1990, CRYPTO.

[5]  Stefan A. Brands,et al.  Untraceable Off-line Cash in Wallet with Observers , 2002 .

[6]  Stefan BrandsCWI,et al.  Untraceable Oo-line Cash in Wallets with Observers , 1993 .

[7]  Adi Shamir,et al.  PayWord and MicroMint: Two Simple Micropayment Schemes , 1996, Security Protocols Workshop.

[8]  Martín Abadi,et al.  The Millicent Protocol for Inexpensive Electronic Commerce , 1995, World Wide Web J..

[9]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[10]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[11]  Silvio Micali,et al.  Micropayments Revisited , 2002, CT-RSA.

[12]  Andrei Broder,et al.  Network Applications of Bloom Filters: A Survey , 2004, Internet Math..

[13]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[14]  Ari Juels,et al.  "Yoking-proofs" for RFID tags , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[15]  Ronald L. Rivest,et al.  Peppercoin Micropayments , 2004, Financial Cryptography.

[16]  Markus G. Kuhn,et al.  An RFID Distance Bounding Protocol , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[17]  Stelvio Cimato,et al.  Encyclopedia of Cryptography and Security , 2005 .

[18]  Henk C. A. van Tilborg,et al.  Encyclopedia of Cryptography and Security, 2nd Ed , 2005 .

[19]  Philippe Oechslin,et al.  Reducing Time Complexity in RFID Systems , 2005, Selected Areas in Cryptography.

[20]  Gene Tsudik,et al.  YA-TRAP: yet another trivial RFID authentication protocol , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOMW'06).

[21]  Gerhard P. Hancke Practical attacks on proximity identification systems , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[22]  Howon Kim,et al.  Low power implementation of SHA-1 algorithm for RFID system , 2006, 2006 IEEE International Symposium on Consumer Electronics.

[23]  Ted Taekyoung Kwon,et al.  Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer , 2006, ICICS.

[24]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[25]  Roberto Di Pietro,et al.  Information Confinement, Privacy, and Security in RFID Systems , 2007, ESORICS.

[26]  Serge Vaudenay,et al.  On Privacy Models for RFID , 2007, ASIACRYPT.

[27]  Mike Burmester,et al.  Provably Secure Grouping-proofs for RFID tags , 2008, IACR Cryptol. ePrint Arch..

[28]  Kevin Fu,et al.  Vulnerabilities in First-Generation RFID-Enabled Credit Cards , 2007, Financial Cryptography.

[29]  Srividya Gopalan,et al.  Mobile phone based RFID architecture for secure electronic Payments using RFID credit cards , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[30]  Tassos Dimitriou rfidDOT: RFID delegation and ownership transfer made simple , 2008, SecureComm.

[31]  Bart Jacobs,et al.  Dismantling MIFARE Classic , 2008, ESORICS.

[32]  Adi Shamir SQUASH - A New MAC with Provable Security Properties for Highly Constrained Devices Such as RFID Tags , 2008, FSE.

[33]  Ahmad-Reza Sadeghi,et al.  Anonymizer-Enabled Security and Privacy for RFID , 2009, CANS.

[34]  Peter Sanders,et al.  Cache-, hash-, and space-efficient bloom filters , 2009, JEAL.

[35]  Guevara Noubir,et al.  The F_f-Family of Protocols for RFID-Privacy and Authentication , 2011, IEEE Transactions on Dependable and Secure Computing.

[36]  Gerhard P. Hancke,et al.  Practical eavesdropping and skimming attacks on high-frequency RFID tokens , 2011, J. Comput. Secur..