Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Cryptographic theory meets practice: efficient and privacy-preserving payments for public transport
Rupp A., Baldimtsi F., Hinterwälder G., Paar C.  ACM Transactions on Information and System Security 17 (3): 1-31, 2015. Type: Article
Date Reviewed: Sep 15 2015

Electronic devices for executing transactions in real time for applications such as transit systems and vending machines require safekeeping mechanisms for users. But how should customers who use low-cost devices with scarce storage securely perform transactions on systems with imperfect instantaneous processing power?

Rupp and colleagues offer cryptographic ideas for effectively preserving the privacy of customers who use devices with insufficient storage and processing time to carry out transactions in public transportation systems. Readers unfamiliar with the Diffie-Hellman key exchanges, the reliability of the discrete logarithm, the applications of zero-knowledge proofs, and Galois fields should browse the concepts of these security protocols in Trappe and Washington [1], prior to exploring the assumptions and proofs of the trustworthy algorithms for providing security in real-world application systems in this paper.

The authors present a privacy-preserving payment for public transportation system (P4TS) with voyage go-ahead voucher (VGAV), reimbursement estimation ticket (RET), and repayment token (RT) subsystems. The users in P4TS purchase tickets from an offline VGAV subsystem. The VGAV subsystem encodes the identification of each user on each ticket. Each user inserts a ticket into a reader at an access gate, applies a zero-knowledge proof to validate his/her identity to gain entrance into the P4TS, and receives a stamped RET that contains the date and time, reader identification, and message authentication code of the VGAV. At the exit gate, the user submits the RET and an RT to a reader. The reader computes the trip fare and transfers any balance to the RT for reimbursement at a vending machine.

Test results from the prototype implementation of the P4TS reveal that (1) the display of a VGAV and obtaining an RET can be efficiently executed on some devices; (2) the time to obtain a refund is more costly; and (3) buying trip tokens consumes more processing time due to the elliptic curve cryptography used in this project. Nevertheless, the performance of the P4TS has a constant runtime for all withdrawal and spending fares, as opposed to the linear time growth of the well-known Brands’s e-cash algorithm. Clearly, the paper presents reliable probabilistic algorithms and security protocols that enable users to enroll with the VGAV subsystem, use tokens, and receive accurate refunds from the P4TS. The authors provide convincing lemmas and formal proofs to illustrate the security of the VGAV, RET, and RT subsystems. I strongly encourage all database and user security experts to read and weigh in on the insightful and practical safekeeping ideas in this paper.

Reviewer:  Amos Olagunju Review #: CR143771 (1602-0169)
1) Trappe, W.; Washington, L. C. Introduction to cryptography with coding theory (2nd ed.). Pearson Prentice Hall, Upper Saddle River, NJ, 2006.
Bookmark and Share
  Reviewer Selected
Featured Reviewer
 
 
Electronic Commerce (K.4.4 )
 
 
Microcomputers (C.5.3 )
 
 
Public Policy Issues (K.4.1 )
 
 
Security and Protection (D.4.6 )
 
Would you recommend this review?
yes
no
Other reviews under "Electronic Commerce": Date
State-of-art approaches for review spammer detection: a survey
Dewang R., Singh A.  Journal of Intelligent Information Systems 50(2): 231-264, 2018. Type: Article
Jun 27 2018
Profit maximization with sufficient customer satisfactions
Long C., Wong R., Wei V.  ACM Transactions on Knowledge Discovery from Data 12(2): 1-34, 2018. Type: Article
Jun 15 2018
Trust and reputation management systems: an e-business perspective
Trček D.,  Springer Publishing Company, Incorporated, New York, NY, 2018. 86 pp. Type: Book (978-3-319623-73-3)
Jun 14 2018
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright © 2000-2018 ThinkLoud, Inc.
Terms of Use
| Privacy Policy