Macià Mut-Puigserver

A Secure Automatic Fare Collection System for Time-based or Distance-based Services with Revocable Anonymity for Users

Automatic Fare Collection (AFC) systems calculate the fare that the users must pay depending on the time of service (time-based) or the points of entrance and exit of the system (distance-based). The progressive introduction of Information and Communication Technologies (ICT) allows the use of electronic tickets, which helps to reduce costs and improve the control of the infrastructures. Nevertheless, these systems must be secure against possible fraud and they must also preserve users’ privacy. Therefore, we have studied the security requirements for the timebased and distance-based systems and we have proposed a protocol for each of the AFC systems. The protocols offer strong privacy for honest users, i.e., the service provider is not able to disclose the identity of its users and, moreover, different journeys of the same user are not linkable between them. However, anonymity for users could be revoked if they misbehave. The protocols have been implemented in the Android mobile platform and its performance has been evaluated in two Android smartphones. The results remark that protocols are suitable to be used on AFC system with a medium class mobile device although they offer a better experience with a high-class smartphone. The appearance in the market of more powerful mobile devices suggests a better usability of our proposal in a near future.

On the practicability of using group signatures on mobile devices: implementation and performance analysis on the android platform

A group signature is a convenient cryptographic primitive to tackle with authentication and privacy problems. In the literature, it is used as an underlying black box by several theoretical proposals of secure applications and services, such as e-cash schemes, automatic fare collection systems and so on. However, there is a lack of implementations of group signature proposals to test their applied efficiency instead of purely show their mathematical complexity analysis. In this paper, we present, to the best of our knowledge, the first complete implementation and performance analysis of two group signature schemes on mobile devices: the pairing-based group signature due to Boneh et al. (referenced as BBS scheme) and the state-of-the-art non-pairing group signature by Ateniese et al. (called ACJT scheme). We test both implementations and we analyze their performance on a conventional laptop and two Android smartphones, comparing the gathered results to provide some interesting insights about which security parameter configurations perform better. This implementation expects to be useful so as to gain practice to know which is the real impact of using group signatures to the performance of applications, especially those used on mobile devices.

Untraceable, anonymous and fair micropayment scheme

The development of new applications of electronic commerce (e-commerce) that require the payment of small amounts of money to purchase services or goods opens new challenges in the security and privacy fields. This kind of payments are called micropayments and they have to provide a tradeoff between efficiency and security requirements to pay low-value items. In this paper we present a new efficient and secure micropayment scheme which fulfils the security properties that guarantee no financial risk for merchants and the privacy of the customers. In addition, the proposed system defines a fair exchange between the micropayment and the desired good or service. In this fair exchange, the anonymity and untraceability of the customers are assured. Finally, customers can request a refund whether they are no more interested on the services offered by merchants.

Anonymous and Fair Micropayment Scheme with Protection against Coupon Theft

The development of new applications of electronic commerce (e-commerce) that require the payment of small amounts of money to purchase services or goods opens new challenges in the security and privacy fields. These payments are called micropayments and they provide a trade-off between efficiency and security requirements to pay low-value items. It is usual to assume low value fraud to achieve efficiency in micropayment systems. In this paper the authors present an improved version of an efficient and secure micropayment scheme which fulfils the security properties that guarantee no financial risk for merchants and the privacy of the customers. In addition, the proposed system defines a fair exchange between the coin and the desired good or service. In this fair exchange, the anonymity and untraceability of the customers are assured. Moreover, customers can request a refund whether they are no more interested on the services offered by merchants. As a novelty, an improvement of the scheme avoids customers to fraudulently use a refund operation to gain a little amount of money (called coupon). Thus, a new resolution subprotocol allows the merchant to avoid the loss of any single coupon.

Time-based low emission zones preserving drivers’ privacy

Abstract Nowadays, big cities try to fight high levels of pollution and traffic jams by limiting the access of vehicles to centric zones or Low-Emission Zones (LEZ). One of the most important drawbacks of LEZs is the citizens’ risk to be tracked by means of their interactions with the Electronic Road Pricing (ERP) system in use; another relevant problem is the significant error percentage on the detection of fraudulent drivers. The former shortcoming clearly affects the peace of mind of users regarding their privacy. The latter represents an important disadvantage for any entity willing to employ resources on managing a LEZ. In this article, a new ERP system specifically designed for cities with Low-Emission Zones is proposed. The new scheme is user-centric by design, in the sense that preserving the privacy of honest drivers is a fundamental objective. Regarding fraudulent drivers, the proposed system is able to detect them and revoke their anonymity.

Design and Performance Evaluation of Two Approaches to Obtain Anonymity in Transferable Electronic Ticketing Schemes

Electronic tickets demonstrate, without the use of paper, the possession of the right to access or use of a service. In this scenario, the security and privacy achieved in the paper-based system must be preserved in the electronic ticketing systems. In addition to these requirements, the transferability of a ticket from one user to another (without involving a third party) is very useful but also generates other issues to be solved in terms of security and privacy. For example, the users that transfer the same ticket twice must be identified (it is a fraud), but the rest of users have to preserve their privacy (anonymity). In this article we present two proposals of an electronic ticketing system with anonymity and transferability, based on the use of RSA signatures or group signatures, respectively, thus presenting different levels of complexity and anonymity. Moreover, we have implemented both proposals and its performance has been evaluated. The results of this evaluation are useful in order to prove the viability of the proposals even when complex cryptography is used. The strength of the anonymity and the execution costs are the parameters to take into account to choose the more adequate proposal for a specific application.

Electronic Ticketing: Requirements and Proposals Related to Transport

The use of electronic tickets (e-tickets) on mobile devices allow customers to book everywhere and use e-tickets immediately, and allows the companies to save resources and speed up management processes. Transport is one of the main sectors that use tickets in their standard activity. A wide variety of transport systems can benefit from the use of e-tickets. However, the use of e-tickets leads to various privacy abuses since anonymity of users is not always guaranteed and, therefore, users can be traced and profiles of usual movements can be created. In this chapter, we focus especially on the properties related to user privacy and we review and classify the main proposals in this area.

Electronic Road Pricing System for Low Emission Zones to Preserve Driver Privacy

At present, great cities try to prevent from high levels of pollution and traffic jam by restricting the access of vehicles to centric zones. They are also known as Low-Emission Zones (LEZ). Some of the most important issues of LEZs are the risk of losing privacy of the citizen who drives through the LEZ and a significant error percentage on detection of fraudulent drivers. In this article, an Electronic Road Pricing (ERP) system designed specifically for cities with Low-Emission Zones is proposed. The aim of this system is to detect fraud and to preserve driver privacy. In this case, revocable anonymity makes only fraudulent drivers lose their privacy.

mCITYPASS: Privacy-Preserving Secure Access to Federated Touristic Services with Mobile Devices

Destination cards are offered in many cities to provide tourists a simple and integrated way to access interest points and public transport. In the one hand, these systems, called citypasses, are usually inefficiently implemented on smartcards. In the other hand, existing e-ticketing proposals are general purpose systems or created for its application to transport services and they are not adapted to the requirements of a citypass system. In this paper we present an electronic ticketing system intended to be used for touristic services. Our proposal is the first one that can be implemented on portable devices, such as smartphones, and is flexible enough to include reusable and non-reusable services in the same citypass. The system has been designed taking into account all the security and privacy requirements described for electronic tickets, including the challenging ones (exculpability, reusability and unsplittability) obtaining a very secure and powerful system. The dispute resolution protocol assures that all the parts are protected against other part’s attacks. Finally, the system allows the user to use the system anonymously, so the privacy of the system is assured.

Privacy-preserving Electronic Road Pricing System for Multifare Low Emission Zones

Great cities try to prevent from high levels of pollution and traffic jams by restricting the access of vehicles to centric zones, also known as Low-Emission Zones (LEZ). Depending on the topology of the city and also on the traffic patterns and contamination levels, the LEZ can be divided in multiple zones with different prices, obtaining a Multifare Low Emission Zone. Multifare LEZs must manage not only entrances and departures but also changes of zone. Some of the most important issues of LEZs are the risk of losing privacy of the citizen who drive through the LEZ and a significant error percentage on detection of fraudulent drivers. In this article, an Electronic Road Pricing (ERP) system designed specifically for cities with multifare Low-Emission Zones is proposed. Its aim is to detect fraud and to preserve drivers privacy. Using revocable anonymity only fraudulent drivers lose their privacy.