Vishwas Patil

An efficient, secure and delegable micro-payment system

We propose a new efficient and secure micro-payment scheme, named e-coupons, which can provide the users the facility of delegating their spending capability to other users or their own devices like Laptop, PDA, Mobile Phone, and such service access points. The scheme has the promise of becoming an enabler for various Internet-based services involving unit-wise payment. We give flexibility to the users to manage their spending capability across various access points for a particular service without obtaining an authorization for each and every access point from a facilitating bank. This flexibility which is not present in the existing micro-payment schemes is essential for accessing ubiquitous e-services and other Internet-based applications. The facility of delegation introduces a slight overhead in respect of the proof or verification of the delegated authorization and security provided to the payments. The payoff from the facility of delegation takes away the burden of the overhead. We discuss the design of the protocol and provides a basic analysis of the performance of the system.

e-coupons: An Efficient, Secure and Delegable Micro-Payment System

In this paper, we propose a new efficient and secure micro-payment scheme, named e-coupons, which can provide the users the facility of delegating their spending capability to other users or their own devices like Laptop, PDA, Mobile Phone, and such service access points. The scheme has the promise of becoming an enabler for various Internet-based services involving unit-wise payment. It gives flexibility to the users to manage their spending capability across various access points for a particular service without obtaining an authorization for each and every access point from a facilitating bank. This flexibility which is not present in the existing micro-payment schemes is essential for accessing ubiquitous e-services and other Internet-based applications. The facility of delegation introduces a slight overhead in respect of the proof or verification of the delegated authorization and security provided to the payments. The payoff from the facility of delegation takes away the burden of the overhead. The paper discusses the design of the protocol and provides a basic analysis of the performance of the system.e-coupons is based on PayWord, a single-seed one-way hash chain for unit-wise payment, TESLA for payment security and SPKI/SDSI as underlying PKI framework for its unique delegation feature. The results obtained from the implementation of e-coupons are quite acceptable and show near real-time response. Our scheme uses multi-seed one-way hash chains for unit-wise payment. Furthermore, it allows an ordered transfer of the portions of payment chains to others. Because of this users spending capability can be used from different service access points to access the subscribed service, concurrently.

Trust management for e-transactions

There has been enormous increase in transactions and cooperative-computing services on the internet. This is both a technical and a social phenomenon. Transactions and services over the internet have global reach and users, known or unknown to the service provider, might be interested in availing access or participating in the cooperative transaction in a distributed manner. Thus, it is very important for service providers to identify and establish trustworthiness of potential collaborators, which they do by writing contracts (e.g. access control, security policies; the words contract and policy are used interchangeably) without violating the privacy and confidentiality laws that prevail across geographical boundaries. But as the system becomes complex and dynamic, contractual incompleteness arises since it becomes cumbersome to mention potentially large set of outcomes of the users choice of action. Trust plays a crucial role in the design of optimal contracts; not all the relevant, valuable information on the users choice of action is incorporated in the equilibrium contract. It may also be noted in that traditional transactions, the notion ofseeing is believing plays a vital role. However, in e-transactions, this is not the case. The challenge is to see how in such a scenario trust can indeed be generated. Note that the presence of trust facilitates cooperative behaviour and allows for exchange to occur in situations where its absence would preclude trade. In this paper, we shall present a comparative analysis of various approaches of trust management in practice that integrates technology with other factors. We shall also bring out the relative deficiencies and how these issues are tackled in our ongoing work that facilitates execution of optimal contracts.

Addressing the shortcomings of one-way chains

One-way hash chains have been the preferred choice, over the symmetric and asymmetric key cryptography, in security setups where efficiency mattered; despite the ephemeral confidentiality and authentication they assure. Known constructions of one-way chains (for example, SHA-1 based), only ensure the forward secrecy and have limitations over their length i.e., a priori knowledge of chains length is necessary before constructing it. In this paper, we will see how our approach, based on chameleon functions, leads to the generation of practically unbounded one-way chains with constant storage and computational requirements. We provide the construction and advantages of our proposal with the help of a secure group communication setup. We also provide the implementation details of our construction and argue its suitability for security setups, where one cannot a priori determine the longevity of the setup.

Short Paper: Practically Unbounded One-Way Chains for Authentication with Backward Secrecy

One-way hash chains have been the preferred choice (over symmetric and asymmetric key cryptography) in security setups where efficiency mattered; despite the ephemeral confidentiality and authentication they assure. They only support forward secrecy and have limitations over the chain size (bounded). In this paper, we show how the use of chameleon functions leads to the generation of practically unbounded one-way chains with constant memory storage requirement, providing forward, and backward secrecy as well. Such a cryptographic tool appears to be a great enabler for a variety of applications that could not be efficiently realized earlier. From our experiments we observed that this new kind of one-way chain formation adds a slight computational burden, which is justifiable by the unique advantages provided under our construction. The basic unit of our construction, chameleon function, can be elegantly used to design trees or even simpler star-like constructs