Abstract
Electronic payment (e-payment) has been widely applied to electronic commerce and has especially attracted a large number of mobile users. However, current solutions often focus on protecting users’ money security without concerning the issue of users’ privacy leakage. In this paper, we propose AEP-M, a practical anonymous e-payment scheme specifically designed for mobile devices using TrustZone. On account of the limited resources on mobile devices and time constraints of electronic transactions, we construct our scheme based on efficient divisible e-cash system. Precisely, AEP-M allows users to withdraw a large coin of value \(2^{n}\) at once, and then spend it in several times by dividing it without revealing users’ identities to others, including banks and merchants. Users’ payments cannot be linked either. AEP-M utilizes bit-decomposition technique and pre-computation to further increase the flexibility and efficiency of spending phase for mobile users. As a consequence, the frequent online spending process just needs at most n exponentiations on elliptic curve on mobile devices. Moreover, we elaborately adapt AEP-M to TrustZone architecture for the sake of protecting users’ money and critical data. The methods about key derivation and sensitive data management relying on a root of trust from SRAM Physical Unclonable Function (PUF) are presented. We implement a prototype system and evaluate AEP-M using Barreto-Naehrig (BN) curve with 128-bit security level. The security analysis and experimental results indicate that our scheme could meet the practical requirement of mobile users in respects of security and efficiency.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Limited ARM: ARM security technology-building a secure system using TrustZone technology, April 2009
Camenisch, J.L., Hohenberger, S., Lysyanskaya, A.: Compact e-cash. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 302–321. Springer, Heidelberg (2005)
Canard, S., Gouget, A.: Divisible e-cash systems can be truly anonymous. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 482–497. Springer, Heidelberg (2007)
Canard, S., Pointcheval, D., Sanders, O., Traoré, J.: Divisible e-cash made practical. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 77–100. Springer, Heidelberg (2015)
Chaum, D.: Blind signatures for untraceable payments. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) Advances in Cryptology, pp. 199–203. Springer, New York (1983)
Guajardo, J., Kumar, S.S., Schrijen, G.J., Tuyls, P.: FPGA intrinsic PUFs and their use for IP protection. In: Paillier, P., Verbauwhede, I. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007)
Li, W., Li, H., Chen, H., Xia, Y.: AdAttester: secure online mobile advertisement attestation using TrustZone. In: Proceedings of MobiSys 2015, pp. 75–88. ACM (2015)
Lim, A.S.: Inter-consortia battles in mobile payments standardisation. Electron. Commer. Res. Appl. 7(2), 202–213 (2008)
Preibusch, S., Peetz, T., Acar, G., Berendt, B.: Purchase details leaked to PayPal (short paper). In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 217–226. Springer, Heidelberg (2015)
Reaves, B., Scaife, N., Bates, A., Traynor, P., Butler, K.R.B.: Mo(bile) money, mo(bile) problems: analysis of branchless banking applications in the developing world. In: Proceedings of the 24th USENIX Conference on Security Symposium (2015)
Rial, A.: Privacy-preserving e-commerce protocols. Ph.D. thesis, Faculty of Engineering Science, KU Leuven, March 2013
Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: 44th ACM/IEEE DAC 2007, pp. 9–14 (2007)
Sun, H., Sun, K., Wang, Y., Jing, J.: Trust OTP: transforming smartphones into secure one-time password tokens. In: Proceedings of CCS 2015, pp. 976–988. ACM (2015)
GlobalPlatform: Tee client API specification version 1.0 (2010)
Integrated Silicon Solution Inc, IS61LV6416-10TL. http://www.alldatasheet.com/datasheet-pdf/pdf/505020/ISSI/IS61LV6416-10TL.html
ISO/IEC: 15946–5: 2009 Information Technology-Security Techniques: Cryptographic Techniques based on Elliptic Curves: Part 5: Elliptic Curve Generation (2009)
Proxama (2015). http://www.proxama.com/platform/. Accessed 15 Oct 2015
Xilinx: Zynq-7000 all programmable soc zc702 evaluation kit. http://www.xilinx.com/products/boards-and-kits/EK-Z7-ZC702-G.htm
Yang, B., Feng, D., Qin, Y.: A lightweight anonymous mobile shopping scheme based on DAA for trusted mobile platform. In: IEEE TrustCom 2014, pp. 9–17. IEEE (2014)
Yang, B., Yang, K., Qin, Y., Zhang, Z., Feng, D.: DAA-TZ: an efficient DAA scheme for mobile devices using ARM TrustZone. In: Conti, M., Schunter, M., Askoxylakis, I. (eds.) TRUST 2015. LNCS, vol. 9229, pp. 209–227. Springer, Heidelberg (2015)
Yang, B., Yang, K., Zhang, Z., Qin, Y., Feng, D.: AEP-M: practical anonymous e-payment for mobile devices using ARM Trust Zone and divisible e-cash (full version). ePrint (2016)
Zhao, S., Zhang, Q., Hu, G., Qin, Y., Feng, D.: Providing root of trust for ARM trust zone using on-chip SRAM. In: Proceedings of TrustED 2014, pp. 25–36. ACM (2014)
Acknowledgment
This work was supported in part by grants from the National Natural Science Foundation of China (No. 91118006 and No. 61402455).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Yang, B., Yang, K., Zhang, Z., Qin, Y., Feng, D. (2016). AEP-M: Practical Anonymous E-Payment for Mobile Devices Using ARM TrustZone and Divisible E-Cash. In: Bishop, M., Nascimento, A. (eds) Information Security. ISC 2016. Lecture Notes in Computer Science(), vol 9866. Springer, Cham. https://doi.org/10.1007/978-3-319-45871-7_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-45871-7_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-45870-0
Online ISBN: 978-3-319-45871-7
eBook Packages: Computer ScienceComputer Science (R0)