1. NCCU Academic Hub
  2. Publications
  3. College of Informatics
  4. Theses
  5. Item

Publications-Theses

Article View/Open

Publication Export

Google ScholarTM

NCCU Library

Citation Infomation

Related Publications in TAIR

題名 可預防雙重支付的離線小額匿名交易機制
Anonymous off-line micro-payment protocol with double spending prevention
作者 林承毅
貢獻者 左瑞麟
Tso, Ray Lin
林承毅
關鍵詞 雙重支付
NFC
離線交易
安全交易
Token
Double Spending
NFC
Off-line Payment
Secure Payment
Token
日期 2016
上傳時間 8-Feb-2017 16:42:41 (UTC+8)
摘要 近年來手機的普及率日漸增加,手機逐漸成為生活中不可或缺的工具,因此許多生活方式逐漸的偏向由手機端完成,例如:找路不需要再透過地圖,上網查資料不需要再透過電腦,人們逐漸地把實體錢包轉向利用手機支付的電子錢包,像是中國支付寶等支付系統。利用手機當作錢包已經是現今手機發展的主要方向,然而對於手機的安全支付議題也日漸重視,近年來有安全晶片的保護下使用者的手機安全也有一定程度的提升,但是在離線交易的情況下惡意使用者的操作依然是可以欺騙安全晶片並製造出雙重支付的問題。
2016年陳等人提出了一個基於NFC系統的匿名行動付款協定,然而該協定中必須要有銀行端的介入才能執行交易。在本論文中,我們基於陳等人的線上交易協定為基礎下發展了本篇論文的新交易協定,此交易協定可以適用於離線以及線上的環境。
離線環境下的雙重支付行為一直交易的過程中難以預防的攻擊,在本篇論文中我們透過安全晶片、符號化和本論文研究的雜湊鍊來預防雙重支付行為,且能保障使用者在交易過程中的匿名性。
As the coverage of mobile phone has been constantly increased in recent years, the mobile phones have become an indispensable tool in life. Many ways of lives are gradually done through the mobile terminals, for example: No longer need to find the way through the map or search information through the computer, people have also gradually turned to electronic payment via e-wallets instead of paying via physical wallets, such as AliPay in China. Adopting the mobile phone as a wallet is nowadays the main development direction of mobile phones. Meanwhile, people are paying more and more attention to the topics on the security of mobile payment than before. In recent years, under the protection of secure element, the security of users’ mobile phone has been enhanced to a certain extent. In the case of off-line transactions, malicious users are capable of fooling secure element and making double spending.
In 2016, Chen et al. proposed a NFC-Based anonymous mobile payment protocol. In that protocol the transaction can only be executed with the involvement of issuer. In this research, we introduce a new protocol which can support both on-line and off-line transactions. Our protocol is modified from that of Chen et al.’s idea.
In our protocol, to prevent a malicious user, we use a secure element which stores sensitive information that cannot be altered by the user. In this way, the cheating behavior of a malicious user can be prevented. On the other hand, by using the token techniques, the anonymity of a user can be achieved from the view of a merchant.
In this study, we focus on double spending which can make merchant a lot of cost at off-line transaction. We used hash chain to verify the correctness of transactions and prevent the double spending.
參考文獻 [1] E. J. Steffens, A. Nennker, Z. Ren, M. Yin & L. Schneider. "The SIM-based mobile wallet." In Proceedings of Intelligence in Next Generation Networks; International Conference on IEEE, 13th, ICIN, 2009, pp. 1-6.
[2] H. C. Cheng, J. W. Chen, T. Y. Chi & P. H. Chen. "A generic model for NFC-based mobile commerce." In Proceedings of Advanced Communication Technology; International Conference on IEEE, 11th, ICACT, 2009, pp. 2009-2014.
[3] M. Pasquet, J. Reynaud & C. Rosenberger. "Secure payment with NFC mobile phone in the smart touch project." In Proceedings of Collaborative Technologies and Systems; International Symposium on IEEE, CTS, 2008, pp. 121-126.
[4] J. C.Paillès, C. Gaber, V.Alimi & M. Pasquet. "Payment and privacy: a key for the development of NFC mobile." In Proceedings of Collaborative Technologies and Systems; International Symposium on IEEE, CTS, 2010, pp.378-385.
[5] L. Mainetti, L. Patrono & R. Vergallo. "IDA-Pay: an innovative micro-payment system based on NFC technology for Android mobile devices." In Proceedings of Software, Telecommunications and Computer Networks; International Conference on IEEE, 20th, SoftCOM, 2012, pp.1-6.
[6] ur. Rehman, Shafiq & J. Coughlan. "An efficient mobile payment system based on NFC technology." In Proceedings of World Academy of Science, Engineering and Technology; International Conference on World Academy of Science, Engineering and Technology, WASET, 2013, pp. 1701-1705.
[7] P. Urien & S. Piramuthu. "Securing NFC mobile services with cloud of secure elements" In Proceedings of Mobile Computing, Applications and Services; International Conference on Mobile Computing, Applications, and Services, MobiCASE, 2013, pp.322-331.
[8] P. Urien. "EMV-TLS, a secure payment protocol for NFC enabled mobiles." In Proceedings of Collaboration Technologies and Systems; International Conference on IEEE, CTS, 2014, pp.203-210.
[9] Apple Pay, https://zh.wikipedia.org/wiki/Apple_Pay, 2016
[10] Google Wallet, https://en.wikipedia.org/wiki/Google_Wallet, 2016
[11] EMV Payment Tokenization Specification – Technical Frameworkv1.0, https://www.emvco.com/download_agreement.aspx?id=945, 2014
[12] M. Blaze, J. Ioannidis & A. D. Keromytis. "Offline micropayments without trusted hardware." In Proceedings of Financial Cryptography; International Conference on Financial Cryptography, 5th, 2001, pp. 21-40.
[13] R. L. Rivest & A. Shamir. "Pay Word and MicroMint: two simple micropayment schemes." In Proceedings of Lecture Notes in Computer Science; International Workshop on Security Protocols, 1996, pp. 69-87
[14] X. Dai, O. Ayoade & J. Grundy. "Off-line micro-payment protocol for multiple vendors in mobile commerce." In Proceedings of Parallel and Distributed Computing, Applications and Technologies; International Conference on IEEE, 16th, PDCAT, 2006. pp. 197-202.
[15] A. Esmaeeli & M. Shajari. "Mvpayword: Secure and efficient payword-based micropayment scheme." In Proceedings of Applications of Digital Information and Web Technologies; International Conference on IEEE, 2th, ICADIWT, 2009, pp. 609-614.
[16] L. M. Fan & J. X. Liao. "Discrete micropayment protocol based on master-slave payword chain." In The Journal of China Universities of Posts and Telecommunications, 2007, pp. 58-84.
[17] C. I. Fan, Y. K. Liang & C. N. Wu. "An anonymous fair offline micropayment scheme." In Proceedings of Information Society; International Conference on IEEE, 2011, p. 377-381.
[18] S. Mendoza. "SamsungPay: Tokenized Numbers, Flaws and Issues."
https://www.blackhat.com/docs/us-16/materials/us-16-Mendoza-Samsung-Pay-Tokenized-Numbers-Flaws-And-Issues-wp.pdf, 2016, pp. 1-11
[19] Information technology - Telecommunications and information exchange between systems - Near Field Communication Interface and Protocol -2 (NFCIP-2), ISO/IEC 21481: 2012, 2012
[20] Android* 上的 NFC 應用程式開發https://software.intel.com/sites/landingpage/tw/nfc-application-development-on-android.php, 2015
[21] 蘇偉慶 & 黃建隆 "行動支付安全元件(Secure Element)之存取控制" 財金資訊季刊No.72, 2012, pp. 76.
[22] EMV. https://zh.wikipedia.org/wiki/EMV, 2016
[23] Luhn check digit, https://en.wikipedia.org/wiki/Luhn_algorithm, 2016
[24] M. H. Yang. "Security enhanced EMV-based mobile payment protocol." In The Scientific World Journal, 2014, pp. 1-19.
[25] 羅嘉寧 & 楊明豪 "基植於 NFC 系統之匿名行動付款協定" In Journal of Information, Technology and Society, 2014, pp. 19-32.
[26] 陳尚文, "基植於NFC系統之匿名行動付款協定之研究與改良" 政治大學資訊科學研究所學位論文, 2016
[27] R. Martínez-Peláez, F. Rico-Novella & C.Satizábal. "Mobile payment protocol for micropayments: withdrawal and payment anonymous." In Proceedings of New Technologies, Mobility and Security; International Conference on IEEE, 2008, pp. 1-5.
[28] Y. Chen, J. S. Chou, H. M. Sun & M. H. Cho. "A novel electronic cash system with trustee-based anonymity revocation from pairing." In The Journal of Electronic Commerce Research and Applications, 2011, pp. 673-682.
[29] S. K. Noh, S. R. Lee & D. Y. Choi. "Proposed m-payment system using near-field communication and based on WSN-enabled location-based services for m-commerce." In The Journal of Distributed Sensor Networks, 2014, pp. 1-9.
[30] F. Kerschbaum, H. W. Lim & I.Gudymenko. "Privacy-preserving billing for e-ticketing systems in public transportation." In Proceedings of the Workshop on privacy in the electronic society; International ACM Conference on Computer and Communications Security, 20th, ACMCSS, 2013, pp. 143-154
[31] G. Van Damme, K. M. Wouters, H. Karahan & B. Preneel. "Offline NFC payments with electronic vouchers." In Proceedings of the workshop on Networking, systems, and applications for mobile handhelds; International ACM Conference on the Special Interest Group on Data Communication, 1st, ACM SIGCOMM, 2009, pp. 25-30
[32] 洪聖翔, "相容 EMV 具雙向認證且適合離線及線上交易之行動付款協定."中原大學資訊工程研究所學位論文, 2013.
[33] 何宇承, "相容 EMV 具雙向認證之離線行動付款協定." 中原大學通訊工程碩士學位學程學位論文, 2015.
[34] EMVCo, EMV - Integrated Circuit Card Specifications for Payment Systems, Version 4.3 ed., EMVCo, LLC, 2011
[35] Web API For Accessing Secure Element v1.0,
https://globalplatform.github.io/WebApis-for-SE/doc/, 2016
[36] 離線支付, http://wiki.mbalib.com/zh-tw/%E7%A6%BB%E7%BA%BF%E6%94%AF%E4%BB%98, 2014
描述 碩士
國立政治大學
資訊科學學系
103753036
資料來源 http://thesis.lib.nccu.edu.tw/record/#G1037530361
資料類型 thesis
dc.contributor.advisor 左瑞麟zh_TW
dc.contributor.advisor Tso, Ray Linen_US
dc.contributor.author (Authors) 林承毅zh_TW
dc.creator (作者) 林承毅zh_TW
dc.date (日期) 2016en_US
dc.date.accessioned 8-Feb-2017 16:42:41 (UTC+8)-
dc.date.available 8-Feb-2017 16:42:41 (UTC+8)-
dc.date.issued (上傳時間) 8-Feb-2017 16:42:41 (UTC+8)-
dc.identifier (Other Identifiers) G1037530361en_US
dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/106438-
dc.description (描述) 碩士zh_TW
dc.description (描述) 國立政治大學zh_TW
dc.description (描述) 資訊科學學系zh_TW
dc.description (描述) 103753036zh_TW
dc.description.abstract (摘要) 近年來手機的普及率日漸增加,手機逐漸成為生活中不可或缺的工具,因此許多生活方式逐漸的偏向由手機端完成,例如:找路不需要再透過地圖,上網查資料不需要再透過電腦,人們逐漸地把實體錢包轉向利用手機支付的電子錢包,像是中國支付寶等支付系統。利用手機當作錢包已經是現今手機發展的主要方向,然而對於手機的安全支付議題也日漸重視,近年來有安全晶片的保護下使用者的手機安全也有一定程度的提升,但是在離線交易的情況下惡意使用者的操作依然是可以欺騙安全晶片並製造出雙重支付的問題。
2016年陳等人提出了一個基於NFC系統的匿名行動付款協定,然而該協定中必須要有銀行端的介入才能執行交易。在本論文中,我們基於陳等人的線上交易協定為基礎下發展了本篇論文的新交易協定,此交易協定可以適用於離線以及線上的環境。
離線環境下的雙重支付行為一直交易的過程中難以預防的攻擊,在本篇論文中我們透過安全晶片、符號化和本論文研究的雜湊鍊來預防雙重支付行為,且能保障使用者在交易過程中的匿名性。		zh_TW
dc.description.abstract (摘要) As the coverage of mobile phone has been constantly increased in recent years, the mobile phones have become an indispensable tool in life. Many ways of lives are gradually done through the mobile terminals, for example: No longer need to find the way through the map or search information through the computer, people have also gradually turned to electronic payment via e-wallets instead of paying via physical wallets, such as AliPay in China. Adopting the mobile phone as a wallet is nowadays the main development direction of mobile phones. Meanwhile, people are paying more and more attention to the topics on the security of mobile payment than before. In recent years, under the protection of secure element, the security of users’ mobile phone has been enhanced to a certain extent. In the case of off-line transactions, malicious users are capable of fooling secure element and making double spending.
In 2016, Chen et al. proposed a NFC-Based anonymous mobile payment protocol. In that protocol the transaction can only be executed with the involvement of issuer. In this research, we introduce a new protocol which can support both on-line and off-line transactions. Our protocol is modified from that of Chen et al.’s idea.
In our protocol, to prevent a malicious user, we use a secure element which stores sensitive information that cannot be altered by the user. In this way, the cheating behavior of a malicious user can be prevented. On the other hand, by using the token techniques, the anonymity of a user can be achieved from the view of a merchant.
In this study, we focus on double spending which can make merchant a lot of cost at off-line transaction. We used hash chain to verify the correctness of transactions and prevent the double spending.		en_US
dc.description.tableofcontents 1. Introduction 8
2. Background Knowledge 13
2.1 Near Field Communication (NFC) 13
2.2 Secure Element (SE) 13
2.3 EMV 14
2.4 Token Payment 15
2.5 Off-line Payment 15
2.6 Double-Spending 16
2.7 Token Payment 16
3. Related Works 18
3.1 He et al.’s EMV-based Offline Payment with Mutual Authentication 18
3.2 Chen’s an Improvement on NFC-Based Anonymous Mobile Payment Protocol 34
4. Architecture of the Proposed Scheme 45
4.1 Initialization Stage 46
4.2 Application for Virtual Credit Cards and Certificate Issuing Stage 49
4.3 Consumption Stage 59
4.4 Payout Request Stage 67
5. Security Analysis 69
5.1 Anonymity 69
5.2 Confidentiality 70
5.3 Prevention of Double Spending Attack 70
5.4 Prevention of Insider Attacks 73
5.5 Non-Repudiation 73
5.6 Comparison with Related Works and Protocol Limitation 74
6. EMV Compatible Instructions 76
7. Performance Analysis 82
8. Conclusion 83
9. References 84		zh_TW
dc.format.extent 2531465 bytes-
dc.format.mimetype application/pdf-
dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G1037530361en_US
dc.subject (關鍵詞) 雙重支付zh_TW
dc.subject (關鍵詞) NFCzh_TW
dc.subject (關鍵詞) 離線交易zh_TW
dc.subject (關鍵詞) 安全交易zh_TW
dc.subject (關鍵詞) Tokenzh_TW
dc.subject (關鍵詞) Double Spendingen_US
dc.subject (關鍵詞) NFCen_US
dc.subject (關鍵詞) Off-line Paymenten_US
dc.subject (關鍵詞) Secure Paymenten_US
dc.subject (關鍵詞) Tokenen_US
dc.title (題名) 可預防雙重支付的離線小額匿名交易機制zh_TW
dc.title (題名) Anonymous off-line micro-payment protocol with double spending preventionen_US
dc.type (資料類型) thesisen_US
dc.relation.reference (參考文獻) [1] E. J. Steffens, A. Nennker, Z. Ren, M. Yin & L. Schneider. "The SIM-based mobile wallet." In Proceedings of Intelligence in Next Generation Networks; International Conference on IEEE, 13th, ICIN, 2009, pp. 1-6.
[2] H. C. Cheng, J. W. Chen, T. Y. Chi & P. H. Chen. "A generic model for NFC-based mobile commerce." In Proceedings of Advanced Communication Technology; International Conference on IEEE, 11th, ICACT, 2009, pp. 2009-2014.
[3] M. Pasquet, J. Reynaud & C. Rosenberger. "Secure payment with NFC mobile phone in the smart touch project." In Proceedings of Collaborative Technologies and Systems; International Symposium on IEEE, CTS, 2008, pp. 121-126.
[4] J. C.Paillès, C. Gaber, V.Alimi & M. Pasquet. "Payment and privacy: a key for the development of NFC mobile." In Proceedings of Collaborative Technologies and Systems; International Symposium on IEEE, CTS, 2010, pp.378-385.
[5] L. Mainetti, L. Patrono & R. Vergallo. "IDA-Pay: an innovative micro-payment system based on NFC technology for Android mobile devices." In Proceedings of Software, Telecommunications and Computer Networks; International Conference on IEEE, 20th, SoftCOM, 2012, pp.1-6.
[6] ur. Rehman, Shafiq & J. Coughlan. "An efficient mobile payment system based on NFC technology." In Proceedings of World Academy of Science, Engineering and Technology; International Conference on World Academy of Science, Engineering and Technology, WASET, 2013, pp. 1701-1705.
[7] P. Urien & S. Piramuthu. "Securing NFC mobile services with cloud of secure elements" In Proceedings of Mobile Computing, Applications and Services; International Conference on Mobile Computing, Applications, and Services, MobiCASE, 2013, pp.322-331.
[8] P. Urien. "EMV-TLS, a secure payment protocol for NFC enabled mobiles." In Proceedings of Collaboration Technologies and Systems; International Conference on IEEE, CTS, 2014, pp.203-210.
[9] Apple Pay, https://zh.wikipedia.org/wiki/Apple_Pay, 2016
[10] Google Wallet, https://en.wikipedia.org/wiki/Google_Wallet, 2016
[11] EMV Payment Tokenization Specification – Technical Frameworkv1.0, https://www.emvco.com/download_agreement.aspx?id=945, 2014
[12] M. Blaze, J. Ioannidis & A. D. Keromytis. "Offline micropayments without trusted hardware." In Proceedings of Financial Cryptography; International Conference on Financial Cryptography, 5th, 2001, pp. 21-40.
[13] R. L. Rivest & A. Shamir. "Pay Word and MicroMint: two simple micropayment schemes." In Proceedings of Lecture Notes in Computer Science; International Workshop on Security Protocols, 1996, pp. 69-87
[14] X. Dai, O. Ayoade & J. Grundy. "Off-line micro-payment protocol for multiple vendors in mobile commerce." In Proceedings of Parallel and Distributed Computing, Applications and Technologies; International Conference on IEEE, 16th, PDCAT, 2006. pp. 197-202.
[15] A. Esmaeeli & M. Shajari. "Mvpayword: Secure and efficient payword-based micropayment scheme." In Proceedings of Applications of Digital Information and Web Technologies; International Conference on IEEE, 2th, ICADIWT, 2009, pp. 609-614.
[16] L. M. Fan & J. X. Liao. "Discrete micropayment protocol based on master-slave payword chain." In The Journal of China Universities of Posts and Telecommunications, 2007, pp. 58-84.
[17] C. I. Fan, Y. K. Liang & C. N. Wu. "An anonymous fair offline micropayment scheme." In Proceedings of Information Society; International Conference on IEEE, 2011, p. 377-381.
[18] S. Mendoza. "SamsungPay: Tokenized Numbers, Flaws and Issues."
https://www.blackhat.com/docs/us-16/materials/us-16-Mendoza-Samsung-Pay-Tokenized-Numbers-Flaws-And-Issues-wp.pdf, 2016, pp. 1-11
[19] Information technology - Telecommunications and information exchange between systems - Near Field Communication Interface and Protocol -2 (NFCIP-2), ISO/IEC 21481: 2012, 2012
[20] Android* 上的 NFC 應用程式開發https://software.intel.com/sites/landingpage/tw/nfc-application-development-on-android.php, 2015
[21] 蘇偉慶 & 黃建隆 "行動支付安全元件(Secure Element)之存取控制" 財金資訊季刊No.72, 2012, pp. 76.
[22] EMV. https://zh.wikipedia.org/wiki/EMV, 2016
[23] Luhn check digit, https://en.wikipedia.org/wiki/Luhn_algorithm, 2016
[24] M. H. Yang. "Security enhanced EMV-based mobile payment protocol." In The Scientific World Journal, 2014, pp. 1-19.
[25] 羅嘉寧 & 楊明豪 "基植於 NFC 系統之匿名行動付款協定" In Journal of Information, Technology and Society, 2014, pp. 19-32.
[26] 陳尚文, "基植於NFC系統之匿名行動付款協定之研究與改良" 政治大學資訊科學研究所學位論文, 2016
[27] R. Martínez-Peláez, F. Rico-Novella & C.Satizábal. "Mobile payment protocol for micropayments: withdrawal and payment anonymous." In Proceedings of New Technologies, Mobility and Security; International Conference on IEEE, 2008, pp. 1-5.
[28] Y. Chen, J. S. Chou, H. M. Sun & M. H. Cho. "A novel electronic cash system with trustee-based anonymity revocation from pairing." In The Journal of Electronic Commerce Research and Applications, 2011, pp. 673-682.
[29] S. K. Noh, S. R. Lee & D. Y. Choi. "Proposed m-payment system using near-field communication and based on WSN-enabled location-based services for m-commerce." In The Journal of Distributed Sensor Networks, 2014, pp. 1-9.
[30] F. Kerschbaum, H. W. Lim & I.Gudymenko. "Privacy-preserving billing for e-ticketing systems in public transportation." In Proceedings of the Workshop on privacy in the electronic society; International ACM Conference on Computer and Communications Security, 20th, ACMCSS, 2013, pp. 143-154
[31] G. Van Damme, K. M. Wouters, H. Karahan & B. Preneel. "Offline NFC payments with electronic vouchers." In Proceedings of the workshop on Networking, systems, and applications for mobile handhelds; International ACM Conference on the Special Interest Group on Data Communication, 1st, ACM SIGCOMM, 2009, pp. 25-30
[32] 洪聖翔, "相容 EMV 具雙向認證且適合離線及線上交易之行動付款協定."中原大學資訊工程研究所學位論文, 2013.
[33] 何宇承, "相容 EMV 具雙向認證之離線行動付款協定." 中原大學通訊工程碩士學位學程學位論文, 2015.
[34] EMVCo, EMV - Integrated Circuit Card Specifications for Payment Systems, Version 4.3 ed., EMVCo, LLC, 2011
[35] Web API For Accessing Secure Element v1.0,
https://globalplatform.github.io/WebApis-for-SE/doc/, 2016
[36] 離線支付, http://wiki.mbalib.com/zh-tw/%E7%A6%BB%E7%BA%BF%E6%94%AF%E4%BB%98, 2014		zh_TW