Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Cryptographic theory meets practice: efficient and privacy-preserving payments for public transport
Rupp A., Baldimtsi F., Hinterwälder G., Paar C.  ACM Transactions on Information and System Security 17 (3): 1-31, 2015. Type: Article
Date Reviewed: Sep 15 2015

Electronic devices for executing transactions in real time for applications such as transit systems and vending machines require safekeeping mechanisms for users. But how should customers who use low-cost devices with scarce storage securely perform transactions on systems with imperfect instantaneous processing power?

Rupp and colleagues offer cryptographic ideas for effectively preserving the privacy of customers who use devices with insufficient storage and processing time to carry out transactions in public transportation systems. Readers unfamiliar with the Diffie-Hellman key exchanges, the reliability of the discrete logarithm, the applications of zero-knowledge proofs, and Galois fields should browse the concepts of these security protocols in Trappe and Washington [1], prior to exploring the assumptions and proofs of the trustworthy algorithms for providing security in real-world application systems in this paper.

The authors present a privacy-preserving payment for public transportation system (P4TS) with voyage go-ahead voucher (VGAV), reimbursement estimation ticket (RET), and repayment token (RT) subsystems. The users in P4TS purchase tickets from an offline VGAV subsystem. The VGAV subsystem encodes the identification of each user on each ticket. Each user inserts a ticket into a reader at an access gate, applies a zero-knowledge proof to validate his/her identity to gain entrance into the P4TS, and receives a stamped RET that contains the date and time, reader identification, and message authentication code of the VGAV. At the exit gate, the user submits the RET and an RT to a reader. The reader computes the trip fare and transfers any balance to the RT for reimbursement at a vending machine.

Test results from the prototype implementation of the P4TS reveal that (1) the display of a VGAV and obtaining an RET can be efficiently executed on some devices; (2) the time to obtain a refund is more costly; and (3) buying trip tokens consumes more processing time due to the elliptic curve cryptography used in this project. Nevertheless, the performance of the P4TS has a constant runtime for all withdrawal and spending fares, as opposed to the linear time growth of the well-known Brands’s e-cash algorithm. Clearly, the paper presents reliable probabilistic algorithms and security protocols that enable users to enroll with the VGAV subsystem, use tokens, and receive accurate refunds from the P4TS. The authors provide convincing lemmas and formal proofs to illustrate the security of the VGAV, RET, and RT subsystems. I strongly encourage all database and user security experts to read and weigh in on the insightful and practical safekeeping ideas in this paper.

Reviewer:  Amos Olagunju Review #: CR143771 (1602-0169)
1) Trappe, W.; Washington, L. C. Introduction to cryptography with coding theory (2nd ed.). Pearson Prentice Hall, Upper Saddle River, NJ, 2006.
Bookmark and Share
  Reviewer Selected
Featured Reviewer
Electronic Commerce (K.4.4 )
Microcomputers (C.5.3 )
Public Policy Issues (K.4.1 )
Security and Protection (D.4.6 )
Would you recommend this review?
Other reviews under "Electronic Commerce": Date
The Bitcoin standard: the decentralized alternative to central banking
Ammous S.,  Wiley Publishing, Hoboken, NJ, 2018. 304 pp. Type: Book (978-1-119473-86-2)
Jul 9 2019
Building your online store with WordPress and WooCommerce: learn to leverage the critical role e-commerce plays in today’s competitive marketplace
Sims L.,  Apress, New York, NY, 2018. 200 pp. Type: Book (978-1-484238-45-5)
Jun 27 2019
Research and application of block chain technology in crowdsourcing platform
Peng F., Liu Y., Lu B.  ICEMC 2018 (Proceedings of the 2018 International Conference on E-business and Mobile Commerce, Chengdu, China,  May 21-23, 2018) 1-5, 2018. Type: Proceedings
Dec 11 2018

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright © 2000-2019 ThinkLoud, Inc.
Terms of Use
| Privacy Policy