Privacy Preserving Payments on Computational RFID Devices with Application in Intelligent Transportation Systems

Electronic cash is a suitable solution for payment systems, in which the user's identity should not be revealed during the payment. This is for example the case for public transportation payment systems. One electronic cash scheme, efficient during the spending phase, was proposed by Brands'. This scheme, as all privacy-preserving payment schemes, is based on public-key cryptography. However, payment devices used in those systems need to be cheap and low-power, which restricts their computational performance. These two points conflict with the need for payments to be executed quickly, in order to avoid delays at the entrance points of the system. In this work we demonstrate that using sophisticated implementation techniques, it is possible to realize full-size e-cash schemes even on inexpensive payment tokens. We present a full implementation of Brands' offline cash scheme for the UMass Moo, a computational RFID-token. The spending protocol, which is the time critical part in transportation payment systems can be executed in 13 ms. This meets real-world application requirements. The reloading of the card, which is less time critical, as it is conducted offline, is time consuming. We discuss solutions to this problem.

[1]  Vincent Leith,et al.  The Rijndael Block Cipher , 2010 .

[2]  Matthieu Rivain,et al.  Fast and Regular Algorithms for Scalar Multiplication over Elliptic Curves , 2011, IACR Cryptol. ePrint Arch..

[3]  Kazumaro Aoki,et al.  SEC X.2: Recommended Elliptic Curve Domain Parameters , 2008 .

[4]  Bart Jacobs,et al.  Developing Efficient Blinded Attribute Certificates on Smart Cards via Pairings , 2010, CARDIS.

[5]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[6]  Ahmad-Reza Sadeghi,et al.  User Privacy in Transport Systems Based on RFID E-Tickets , 2008, PiLBA.

[7]  Michael Hutter,et al.  Elliptic Curve Cryptography on the WISP UHF RFID Tag , 2011, RFIDSec.

[8]  Hans Eberle,et al.  Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs , 2004, CHES.

[9]  Nicolas Meloni,et al.  New Point Addition Formulae for ECC Applications , 2007, WAIFI.

[10]  Jean-Louis Lanet,et al.  Smart Card Research and Advanced Application, 9th IFIP WG 8.8/11.2 International Conference, CARDIS 2010, Passau, Germany, April 14-16, 2010. Proceedings , 2010, CARDIS.

[11]  James P. Titus,et al.  Security and Privacy , 1967, 2022 IEEE Future Networks World Forum (FNWF).

[12]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[13]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[14]  Kevin Fu,et al.  Privacy for Public Transportation , 2006, Privacy Enhancing Technologies.

[15]  Benjamin Ransford,et al.  Moo : A Batteryless Computational RFID and Sensing Platform , 2011 .

[16]  Francisco Rodríguez-Henríquez,et al.  A PDA Implementation of an Off-line e-Cash Protocol , 2007, Security and Management.

[17]  Stefan A. Brands,et al.  Untraceable Off-line Cash in Wallet with Observers , 2002 .

[18]  Douglas R. Stinson,et al.  Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[19]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[20]  Jan Camenisch,et al.  Anonymous credentials on a standard java card , 2009, CCS.

[21]  R. Stephenson A and V , 1962, The British journal of ophthalmology.

[22]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[23]  Marc Joye,et al.  Cryptographic Hardware and Embedded Systems - CHES 2004 , 2004, Lecture Notes in Computer Science.

[24]  C. Small Arithmetic of Finite Fields , 1991 .

[25]  Arjen K. Lenstra,et al.  On the Security of 1024-bit RSA and 160-bit Elliptic Curve Cryptography , 2009, IACR Cryptol. ePrint Arch..