Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Cryptographic theory meets practice: efficient and privacy-preserving payments for public transport
Rupp A., Baldimtsi F., Hinterwälder G., Paar C. ACM Transactions on Information and System Security17 (3):1-31,2015.Type:Article
Date Reviewed: Sep 15 2015

Electronic devices for executing transactions in real time for applications such as transit systems and vending machines require safekeeping mechanisms for users. But how should customers who use low-cost devices with scarce storage securely perform transactions on systems with imperfect instantaneous processing power?

Rupp and colleagues offer cryptographic ideas for effectively preserving the privacy of customers who use devices with insufficient storage and processing time to carry out transactions in public transportation systems. Readers unfamiliar with the Diffie-Hellman key exchanges, the reliability of the discrete logarithm, the applications of zero-knowledge proofs, and Galois fields should browse the concepts of these security protocols in Trappe and Washington [1], prior to exploring the assumptions and proofs of the trustworthy algorithms for providing security in real-world application systems in this paper.

The authors present a privacy-preserving payment for public transportation system (P4TS) with voyage go-ahead voucher (VGAV), reimbursement estimation ticket (RET), and repayment token (RT) subsystems. The users in P4TS purchase tickets from an offline VGAV subsystem. The VGAV subsystem encodes the identification of each user on each ticket. Each user inserts a ticket into a reader at an access gate, applies a zero-knowledge proof to validate his/her identity to gain entrance into the P4TS, and receives a stamped RET that contains the date and time, reader identification, and message authentication code of the VGAV. At the exit gate, the user submits the RET and an RT to a reader. The reader computes the trip fare and transfers any balance to the RT for reimbursement at a vending machine.

Test results from the prototype implementation of the P4TS reveal that (1) the display of a VGAV and obtaining an RET can be efficiently executed on some devices; (2) the time to obtain a refund is more costly; and (3) buying trip tokens consumes more processing time due to the elliptic curve cryptography used in this project. Nevertheless, the performance of the P4TS has a constant runtime for all withdrawal and spending fares, as opposed to the linear time growth of the well-known Brands’s e-cash algorithm. Clearly, the paper presents reliable probabilistic algorithms and security protocols that enable users to enroll with the VGAV subsystem, use tokens, and receive accurate refunds from the P4TS. The authors provide convincing lemmas and formal proofs to illustrate the security of the VGAV, RET, and RT subsystems. I strongly encourage all database and user security experts to read and weigh in on the insightful and practical safekeeping ideas in this paper.

Reviewer:  Amos Olagunju Review #: CR143771 (1602-0169)
1) Trappe, W.; Washington, L. C. Introduction to cryptography with coding theory (2nd ed.). Pearson Prentice Hall, Upper Saddle River, NJ, 2006.
Bookmark and Share
  Reviewer Selected
Featured Reviewer
Electronic Commerce (K.4.4 )
Microcomputers (C.5.3 )
Public Policy Issues (K.4.1 )
Security and Protection (D.4.6 )
Would you recommend this review?
Other reviews under "Electronic Commerce": Date
Do electronic marketplaces lower the price of goods?
Lee H. Communications of the ACM 41(1): 73-80, 1998. Type: Article
Feb 1 1999
On-line profits
Keen P., Ballance C., Harvard Business School Press, Boston, MA, 1997. Type: Book (9780875848211)
May 1 1998
Secure electronic transactions
Loeb L., Artech House, Inc., Norwood, MA, 1998. Type: Book (9780890069929)
Jul 1 1998

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy