Acquired Electronics360

Consumer Peripherals

Researchers Develop Secure Transactions for Electronic Payments

25 October 2017

Electronics payments are used every day. People use their cell phones to pay for things every day, from an Uber ride to using Apple pay for lunch. Most people don’t know that they are losing privacy every time they use their smart devices to pay for things. Researchers of Karlsruhe Institute of Technology (KIT) have developed a secure and anonymous system for daily use.

Paying public passenger transport tickets with a smartphone becomes increasingly popular. But is it secure? (Gabi Zachmann/KIT)Paying public passenger transport tickets with a smartphone becomes increasingly popular. But is it secure? (Gabi Zachmann/KIT)

Computer scientist Andy Rupp, member of the “Cryptography and Security” working group of KIT, is surprised at the lack of awareness about this issue, "I observed that only a few users are aware of the fact that by using such bonus or payment systems they disclose in detail how and what they consume or which routes they have taken."

In order to prevent manipulation of the account by dishonest users, customer data and account balances of payment and bonus systems are usually administrated with the help of a central database. In every payment transaction, the customer is identified and the details of her/his transaction are transmitted to the central database. The repeated identification process produces a data trace that might be misused by the provider or third parties.

The cryptography expert did not want to resign himself to this conflict of privacy and security. With Gunnar Hartung and Matthias Nagel of KIT and Max Hoffmann of Ruhr-Universität Bochum, he has now presented the basics of an “electronic purse” that works anonymously but prevents misuse at the same time.

The “black-box accumulation plus” (BBA+) protocol developed by them transfers all necessary account data to the card used or the smartphone and guarantees confidentially with the help of cryptographic methods. At the same time, BBA+ offers security guarantees for the operator of the bonus or payment system. The protocol guarantees a correct account balance and is mathematically constructed such that the identity of the user is disclosed as soon as the attempt is made to pay with a manipulated account.

The new protocol is a further development of an anonymous bonus card system that was also designed by the KIT research group. For collecting and redeeming points it required an internet connection to prevent misuse.

"Our new protocol guarantees privacy and security for customers during offline operation as well," Andy Rupp says. "This is needed for ensuring the payment system's suitability for daily use. Think of a subway turnstile or a toll bridge. There you may have no internet connection at all or it is very slow."

Its high efficiency makes the protocol suited for everyday use. During the first test runs, researchers could execute payments within about one second.

This research will be presented at the ACM CCS 2017 conference in the USA.

To contact the author of this article, email Siobhan.Treacy@ieeeglobalspec.com


Powered by CR4, the Engineering Community

Discussion – 0 comments

By posting a comment you confirm that you have read and accept our Posting Rules and Terms of Use.
Engineering Newsletter Signup
Get the Engineering360
Stay up to date on:
Features the top stories, latest news, charts, insights and more on the end-to-end electronics value chain.
Advertisement
Weekly Newsletter
Get news, research, and analysis
on the Electronics industry in your
inbox every week - for FREE
Sign up for our FREE eNewsletter
Advertisement

CALENDAR OF EVENTS

Date Event Location
30 Nov-01 Dec 2017 Helsinki, Finland
23-27 Apr 2018 Oklahoma City, Oklahoma
18-22 Jun 2018 Honolulu, Hawaii
Find Free Electronics Datasheets
Advertisement