Skip to main content
SpringerLink
Log in

Efficient E-Cash in Practice: NFC-Based Payments for Public Transportation Systems

  • Conference paper
Privacy Enhancing Technologies (PETS 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7981))

Included in the following conference series:

Abstract

Near field communication (NFC) is a recent popular technology that will facilitate many aspects of payments with mobile tokens. In the domain of public transportation payment systems electronic payments have many benefits, including improved throughput, new capabilities (congestion-based pricing etc.) and user convenience. A common concern when using electronic payments is that a user’s privacy is sacrificed. However, cryptographic e-cash schemes provide provable guarantees for both security and user privacy. Even though e-cash protocols have been proposed three decades ago, there are relatively few actual implementations, since their computation complexity makes an execution on lightweight devices rather difficult. This paper presents an efficient implementation of Brands [11] and ACL[4] e-cash schemes on an NFC smartphone: the BlackBerry Bold 9900. Due to their efficiency during the spending phase, when compared to other schemes, and the fact that payments can be verified offline, these schemes are especially suited for, but not limited to, use in public transport. Additionally, the encoding of validated attributes (e.g. a user’s age range, zip code etc.) is possible in the coins being withdrawn, which allows for additional features such as variable pricing (e.g. reduced fare for senior customers) and privacy-preserving data collection. We present a subtle technique to make use of the ECDHKeyAgreement class that is available in the BlackBerry API (and in the API of other systems) and show how the schemes can be implemented efficiently to satisfy the tight timing imposed by the transportation setting.

This work is supported by the NSF under CNS-0964641 and CNS-0964379. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the NSF.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Near Field Communication Forum (2008), http://www.nfc-forum.org/

  2. Abe, M.: A Secure Three-Move Blind Signature Scheme for Polynomially Many Signatures. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 136–151. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  3. Anderson, Z., Ryan, R., Chiesa, A.: The Anatomy of a Subway Hack: Breaking Crypto RFID’s and Magstripes of Ticketing Systems (2008)

    Google Scholar 

  4. Baldimtsi, F., Lysyanskaya, A.: Anonymous Credentials Light. IACR Cryptology ePrint Archive, 2012:298 (2012)

    Google Scholar 

  5. Baldimtsi, F., Lysyanskaya, A.: On The Security of One-Witness Blind Signature Schemes. IACR Cryptology ePrint Archive, 2012:197 (2012)

    Google Scholar 

  6. Batina, L., Hoepman, J.-H., Jacobs, B., Mostowski, W., Vullers, P.: Developing Efficient Blinded Attribute Certificates on Smart Cards via Pairings. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 209–222. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  7. Belenkiy, M., Chase, M., Kohlweiss, M., Lysyanskaya, A.: Compact E-Cash and Simulatable VRFs Revisited. In: Shacham, H., Waters, B. (eds.) Pairing 2009. LNCS, vol. 5671, pp. 114–131. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  8. Bichsel, P., Camenisch, J., Groß, T., Shoup, V.: Anonymous credentials on a standard java card. In: Al-Shaer, E., Jha, S., Keromytis, A.D. (eds.) ACM Conference on Computer and Communications Security, pp. 600–610. ACM (2009)

    Google Scholar 

  9. Blass, E.-O., Kurmus, A., Molva, R., Strufe, T.: PSP: private and secure payment with RFID. In: Al-Shaer, E., Paraboschi, S. (eds.) WPES, pp. 51–60. ACM (2009)

    Google Scholar 

  10. Bos, J.W., Kaihara, M.E., Kleinjung, T., Lenstra, A.K., Montgomery, P.L.: On the security of 1024-bit rsa and 160-bit elliptic curve cryptography. IACR Cryptology ePrint Archive, 2009:389 (2009)

    Google Scholar 

  11. Brands, S.: Untraceable Off-line Cash in Wallets with Observers (Extended Abstract). In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 302–318. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

  12. Camenisch, J., Hohenberger, S., Lysyanskaya, A.: Compact E-Cash. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 302–321. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  13. Certicom Research. Standads for Efficient Cryptography (SEC) 2: Recommended Elliptic Curve Domain Parameters, version 1.0 edition (2000)

    Google Scholar 

  14. Chan, A.H., Frankel, Y., Tsiounis, Y.: Easy Come - Easy Go Divisible Cash. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 561–575. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  15. Chaum, D.: Blind Signatures for Untraceable Payments. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) CRYPTO, pp. 199–203. Plenum Press, New York (1982)

    Google Scholar 

  16. Chaum, D., Fiat, A., Naor, M.: Untraceable Electronic Cash. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 319–327. Springer, Heidelberg (1990)

    Chapter  Google Scholar 

  17. Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)

    Chapter  Google Scholar 

  18. Clemente-Cuervo, E., Rodríguez-Henríquez, F., Arroyo, D.O., Ertaul, L.: A PDA Implementation of an Off-line e-Cash Protocol. In: Aissi, S., Arabnia, H.R. (eds.) Security and Management, pp. 452–458. CSREA Press (2007)

    Google Scholar 

  19. Derler, D., Potzmader, K., Winter, J., Dietrich, K.: Anonymous Ticketing for NFC-Enabled Mobile Phones. In: Chen, L., Yung, M., Zhu, L. (eds.) INTRUST 2011. LNCS, vol. 7222, pp. 66–83. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  20. Garcia, F.D., de Koning Gans, G., Muijrers, R., van Rossum, P., Verdult, R., Schreur, R.W., Jacobs, B.: Dismantling MIFARE Classic. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 97–114. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  21. Hankerson, D., Menezes, A.J., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer-Verlag New York, Inc., Secaucus (2003)

    Google Scholar 

  22. Haselsteiner, E., Breitfuß, K.: Security in Near Field Communication (NFC) - Strengths and Weaknesses (2006), http://events.iaik.tugraz.at/RFIDSec06/Program/papers/002

  23. Heydt-Benjamin, T.S., Chae, H.-J., Defend, B., Fu, K.: Privacy for Public Transportation. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 1–19. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  24. Hinterwälder, G., Paar, C., Burleson, W.P.: Privacy preserving payments on computational RFID devices with application in intelligent transportation systems. In: Hoepman, J.-H., Verbauwhede, I. (eds.) RFIDSec 2012. LNCS, vol. 7739, pp. 109–122. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  25. Lysyanskaya, A.: Signature schemes and applications to cryptographic protocol design. PhD Thesis. Massachusetts Institute of Technology, AAI0804606 (2002)

    Google Scholar 

  26. M. B. T. A. (MBTA). MBTA ScoreCard (March 2013) [February 2013 Data], http://www.mbta.com/uploadedfiles/About_the_T/Score_Card/ScoreCard2013

  27. Menezes, A., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press (1996)

    Google Scholar 

  28. Mulliner, C.: Vulnerability analysis and attacks on nfc-enabled mobile phones. In: ARES, pp. 695–700. IEEE Computer Society (2009)

    Google Scholar 

  29. Ohkubo, M., Abe, M.: Security of three-move blind signature schemes reconsidered. In: SCIS 2003, Symposium on Cryptography and Information Security, Japan (2003)

    Google Scholar 

  30. Pirker, M., Slamanig, D.: A Framework for Privacy-Preserving Mobile Payment on Security Enhanced ARM TrustZone Platforms. In: Min, G., Wu, Y., Liu, L.C., Jin, X., Jarvis, S.A., Al-Dubai, A.Y. (eds.) TrustCom, pp. 1155–1160. IEEE Computer Society (2012)

    Google Scholar 

  31. Rankl, W., Effing, W.: Smart Cards in Transportation Systems, pp. 869–891. John Wiley & Sons, Ltd. (2010)

    Google Scholar 

  32. Ribeiro, S.K., Kobayashi, S., Beuthe, M., Gasca, J., Greene, D., Lee, D.S., Muromachi, Y., Newton, P.J., Plotkin, S., Sperling, D., Wit, R., Zhou, P.J.: Transport and its infrastructure. Climate Change 2007: Mitigation. Contribution of Working Group III to the Fourth Assessment Report of the Intergovernmental Panel on Climate Change (2007)

    Google Scholar 

  33. Sadeghi, A.-R., Visconti, I., Wachsmann, C.: User Privacy in Transport Systems Based on RFID E-Tickets. In: Bettini, C., Jajodia, S., Samarati, P., Wang, X.S. (eds.) PiLBA. CEUR Workshop Proceedings, vol. 397. CEUR-WS.org (2008)

    Google Scholar 

  34. Schnorr, C.-P.: Efficient Identification and Signatures for Smart Cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, Heidelberg (1990)

    Google Scholar 

  35. United Nations New York. World Urbanization Prospects - The 2011 Revision (2012)

    Google Scholar 

  36. Verdult, R., Kooman, F.: Practical attacks on nfc enabled cell phones. In: 2011 3rd International Workshop on Near Field Communication (NFC), pp. 77–82 (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Electrical and Computer Engineering, University of Massachusetts Amherst, USA

    Gesine Hinterwälder, Christian T. Zenger, Christof Paar & Wayne P. Burleson

  2. Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany

    Christian T. Zenger & Christof Paar

  3. Computer Science Department, Brown University, USA

    Foteini Baldimtsi & Anna Lysyanskaya

Authors
  1. Gesine Hinterwälder
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christian T. Zenger
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Foteini Baldimtsi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Anna Lysyanskaya
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Christof Paar
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Wayne P. Burleson
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Palo Alto Research Center (PARC), 3333 Coyote Hill Road, 94034, Palo Alto, CA, USA

    Emiliano De Cristofaro

  2. Department of Computer Science and Engineering, University of Texas at Arlington, 500 UTA Boulevard, 76019, Arlington, TX, USA

    Matthew Wright

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hinterwälder, G., Zenger, C.T., Baldimtsi, F., Lysyanskaya, A., Paar, C., Burleson, W.P. (2013). Efficient E-Cash in Practice: NFC-Based Payments for Public Transportation Systems. In: De Cristofaro, E., Wright, M. (eds) Privacy Enhancing Technologies. PETS 2013. Lecture Notes in Computer Science, vol 7981. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39077-7_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-39077-7_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-39076-0

  • Online ISBN: 978-3-642-39077-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation