Skip to main content
SpringerLink
Log in

AEP-M: Practical Anonymous E-Payment for Mobile Devices Using ARM TrustZone and Divisible E-Cash

  • Conference paper
  • First Online:
Information Security (ISC 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9866))

Included in the following conference series:

Abstract

Electronic payment (e-payment) has been widely applied to electronic commerce and has especially attracted a large number of mobile users. However, current solutions often focus on protecting users’ money security without concerning the issue of users’ privacy leakage. In this paper, we propose AEP-M, a practical anonymous e-payment scheme specifically designed for mobile devices using TrustZone. On account of the limited resources on mobile devices and time constraints of electronic transactions, we construct our scheme based on efficient divisible e-cash system. Precisely, AEP-M allows users to withdraw a large coin of value \(2^{n}\) at once, and then spend it in several times by dividing it without revealing users’ identities to others, including banks and merchants. Users’ payments cannot be linked either. AEP-M utilizes bit-decomposition technique and pre-computation to further increase the flexibility and efficiency of spending phase for mobile users. As a consequence, the frequent online spending process just needs at most n exponentiations on elliptic curve on mobile devices. Moreover, we elaborately adapt AEP-M to TrustZone architecture for the sake of protecting users’ money and critical data. The methods about key derivation and sensitive data management relying on a root of trust from SRAM Physical Unclonable Function (PUF) are presented. We implement a prototype system and evaluate AEP-M using Barreto-Naehrig (BN) curve with 128-bit security level. The security analysis and experimental results indicate that our scheme could meet the practical requirement of mobile users in respects of security and efficiency.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Limited ARM: ARM security technology-building a secure system using TrustZone technology, April 2009

    Google Scholar 

  2. Camenisch, J.L., Hohenberger, S., Lysyanskaya, A.: Compact e-cash. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 302–321. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  3. Canard, S., Gouget, A.: Divisible e-cash systems can be truly anonymous. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 482–497. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  4. Canard, S., Pointcheval, D., Sanders, O., Traoré, J.: Divisible e-cash made practical. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 77–100. Springer, Heidelberg (2015)

    Google Scholar 

  5. Chaum, D.: Blind signatures for untraceable payments. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) Advances in Cryptology, pp. 199–203. Springer, New York (1983)

    Chapter  Google Scholar 

  6. Guajardo, J., Kumar, S.S., Schrijen, G.J., Tuyls, P.: FPGA intrinsic PUFs and their use for IP protection. In: Paillier, P., Verbauwhede, I. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  7. Li, W., Li, H., Chen, H., Xia, Y.: AdAttester: secure online mobile advertisement attestation using TrustZone. In: Proceedings of MobiSys 2015, pp. 75–88. ACM (2015)

    Google Scholar 

  8. Lim, A.S.: Inter-consortia battles in mobile payments standardisation. Electron. Commer. Res. Appl. 7(2), 202–213 (2008)

    Article  Google Scholar 

  9. Preibusch, S., Peetz, T., Acar, G., Berendt, B.: Purchase details leaked to PayPal (short paper). In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 217–226. Springer, Heidelberg (2015)

    Chapter  Google Scholar 

  10. Reaves, B., Scaife, N., Bates, A., Traynor, P., Butler, K.R.B.: Mo(bile) money, mo(bile) problems: analysis of branchless banking applications in the developing world. In: Proceedings of the 24th USENIX Conference on Security Symposium (2015)

    Google Scholar 

  11. Rial, A.: Privacy-preserving e-commerce protocols. Ph.D. thesis, Faculty of Engineering Science, KU Leuven, March 2013

    Google Scholar 

  12. Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: 44th ACM/IEEE DAC 2007, pp. 9–14 (2007)

    Google Scholar 

  13. Sun, H., Sun, K., Wang, Y., Jing, J.: Trust OTP: transforming smartphones into secure one-time password tokens. In: Proceedings of CCS 2015, pp. 976–988. ACM (2015)

    Google Scholar 

  14. GlobalPlatform: Tee client API specification version 1.0 (2010)

    Google Scholar 

  15. Integrated Silicon Solution Inc, IS61LV6416-10TL. http://www.alldatasheet.com/datasheet-pdf/pdf/505020/ISSI/IS61LV6416-10TL.html

  16. ISO/IEC: 15946–5: 2009 Information Technology-Security Techniques: Cryptographic Techniques based on Elliptic Curves: Part 5: Elliptic Curve Generation (2009)

    Google Scholar 

  17. Proxama (2015). http://www.proxama.com/platform/. Accessed 15 Oct 2015

  18. Xilinx: Zynq-7000 all programmable soc zc702 evaluation kit. http://www.xilinx.com/products/boards-and-kits/EK-Z7-ZC702-G.htm

  19. Yang, B., Feng, D., Qin, Y.: A lightweight anonymous mobile shopping scheme based on DAA for trusted mobile platform. In: IEEE TrustCom 2014, pp. 9–17. IEEE (2014)

    Google Scholar 

  20. Yang, B., Yang, K., Qin, Y., Zhang, Z., Feng, D.: DAA-TZ: an efficient DAA scheme for mobile devices using ARM TrustZone. In: Conti, M., Schunter, M., Askoxylakis, I. (eds.) TRUST 2015. LNCS, vol. 9229, pp. 209–227. Springer, Heidelberg (2015)

    Chapter  Google Scholar 

  21. Yang, B., Yang, K., Zhang, Z., Qin, Y., Feng, D.: AEP-M: practical anonymous e-payment for mobile devices using ARM Trust Zone and divisible e-cash (full version). ePrint (2016)

    Google Scholar 

  22. Zhao, S., Zhang, Q., Hu, G., Qin, Y., Feng, D.: Providing root of trust for ARM trust zone using on-chip SRAM. In: Proceedings of TrustED 2014, pp. 25–36. ACM (2014)

    Google Scholar 

Download references

Acknowledgment

This work was supported in part by grants from the National Natural Science Foundation of China (No. 91118006 and No. 61402455).

Author information

Authors and Affiliations

  1. Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing, China

    Bo Yang, Kang Yang, Zhenfeng Zhang, Yu Qin & Dengguo Feng

  2. State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, Beijing, China

    Dengguo Feng

Authors
  1. Bo Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kang Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhenfeng Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yu Qin
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Dengguo Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kang Yang .

Editor information

Editors and Affiliations

  1. University of California , Davies, USA

    Matt Bishop

  2. University of Washington , Tacoma, Washington, USA

    Anderson C A Nascimento

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Yang, B., Yang, K., Zhang, Z., Qin, Y., Feng, D. (2016). AEP-M: Practical Anonymous E-Payment for Mobile Devices Using ARM TrustZone and Divisible E-Cash. In: Bishop, M., Nascimento, A. (eds) Information Security. ISC 2016. Lecture Notes in Computer Science(), vol 9866. Springer, Cham. https://doi.org/10.1007/978-3-319-45871-7_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-45871-7_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-45870-0

  • Online ISBN: 978-3-319-45871-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation