Secure payment without leaving a trace

October 25, 2017

No matter whether payment of the public passenger transport ticket is made via a smartphone app or whether a prepaid card is used for the public swimming pool or a bonus card for the supermarket: Many people already open their "electronic purses" every day. However, most of them are not aware of the fact that by doing so, they largely lose privacy. Researchers of Karlsruhe Institute of Technology (KIT) have developed a secure and anonymous system for daily use. It will be presented at the ACM CCS 2017 conference in the USA.

Computer scientist Andy Rupp, member of the "Cryptography and Security" working group of KIT, is always surprised about lacking problem awareness: "I observed that only few users are aware of the fact that by using such bonus or payment systems they disclose in detail how and what they consume or which routes they have taken." To prevent manipulation of the accounts by dishonest users, customer data and account balances of payment and bonus systems are usually administrated with the help of a central database. In every payment transaction, the customer is identified and the details of her/his transaction are transmitted to the central database. This repeated identification process produces a data trace that might be misused by the provider or third parties.

The cryptography expert did not want to resign himself to this apparent conflict of privacy and security. Together with Gunnar Hartung and Matthias Nagel of KIT and Max Hoffmann of Ruhr-Universität Bochum, he has now presented the basics of an "electronic purse" that works anonymously, but prevents misuse at the same time. The "black-box accumulation plus" (BBA+) protocol developed by them transfers all necessary account data to the card used or the smartphone and guarantees their confidentiality with the help of cryptographic methods. At the same time, BBA+ offers security guarantees for the operator of the bonus or payment system: The protocol guarantees a correct account balance and is mathematically constructed such that the identity of the user is disclosed as soon as the attempt is made to pay with a manipulated account.

The new protocol is a further development of an anonymous bonus card system that was also designed by the KIT research group. For collecting and redeeming points, however, it required an internet connection to prevent misuse. "Our new protocol guarantees privacy and security for customers during offline operation as well," Andy Rupp says. "This is needed for ensuring the payment system's suitability for daily use. Think of a subway turnstile or a toll bridge. There you may have no internet connection at all or it is very slow." Also its high efficiency makes the protocol suited for everyday use: During first test runs, researchers executed payments within about one second.
-end-
More about research in this area: http://crypto.iti.kit.edu/index.php?id=cyphycrypt&L=2

https://homepage.ruhr-uni-bochum.de/andy.rupp/papers/bbap_ccs17.pdf

More about the conference: https://www.sigsac.org/ccs/CCS2017/agenda.html

More about the KIT Information · Systems · Technologies Center: http://www.kcist.kit.edu

For further information, please contact:

Martin Heidelberger, Editor, Phone: 49-721-608-21169, Email: martin.heidelberger@kit.edu

Being "The Research University in the Helmholtz Association," KIT creates and imparts knowledge for the society and the environment. It is the objective to make significant contributions to the global challenges in the fields of energy, mobility and information. For this, about 9,300 employees cooperate in a broad range of disciplines in natural sciences, engineering sciences, economics, and the humanities and social sciences. KIT prepares its 26,000 students for responsible tasks in society, industry, and science by offering research-based study programs. Innovation efforts at KIT build a bridge between important scientific findings and their application for the benefit of society, economic prosperity, and the preservation of our natural basis of life.

Since 2010, the KIT has been certified as a family-friendly university.

This press release is available on the internet at http://www.sek.kit.edu/english/press_office.php.

Karlsruher Institut für Technologie (KIT)

Related Smartphone Articles from Brightsurf:

Mobile smartphone technology is associated with better clinical outcomes for OHCA
Mobile smartphone technology can accelerate first responder dispatch and may be instrumental to improving out?of?hospital cardiac arrest (OCHA) survival.

New tool can diagnose strokes with a smartphone
A new tool created by researchers at Penn State and Houston Methodist Hospital could diagnose a stroke based on abnormalities in a patient's speech ability and facial muscular movements, and with the accuracy of an emergency room physician -- all within minutes from an interaction with a smartphone.

App analyzes coronavirus genome on a smartphone
A team led by Garvan's Dr Ira Deveson developed the app 'Genopo' that can analyse the coronavirus genome on a portable Android device.

Smartphone accelerometers could help in resistance workouts and rehabilitation protocols
Smartphone accelerometers are effective tools to measure key time-under-tension indicators of muscle training -- and could help in resistance-based workouts and rehabilitation protocols.

Parents' smartphone use does not harm parent/child relationships
Contrary to popular views, parental smartphone use is rarely associated with poor parenting, and more often than not, tends to be associated with warm and attached parenting.

The effects of smartphone use on parenting
Parents may worry that spending time on their smartphones has a negative impact on their relationships with their children.

Inexpensive retinal diagnostics via smartphone
Retinal damage due to diabetes is now considered the most common cause of blindness in working-age adults.

Nanosensor can alert a smartphone when plants are stressed
MIT engineers can closely track how plants respond to stresses such as injury, infection, and light damage using sensors made of carbon nanotubes.

Smartphone apps not accurate enough to spot all skin cancers
Smartphone apps that assess the risk of suspicious moles cannot be relied upon to detect all cases of skin cancer, finds a review of the evidence published by The BMJ today.

Detecting mental and physical stress via smartphone
The team led by Professor Enrico Caiani of the Department of Electronics, Information and Bioengineering at Politecnico di Milano, Italy, has shown that it is possible to use our smartphones without any other peripherals or wearables to accurately extract vital parameters, such as heart beat rate and stress level.

Read More: Smartphone News and Smartphone Current Events
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.