This document proposes a secure electronic payment protocol for wireless mesh networks. It discusses:
- Micropayment schemes are well-suited for wireless mesh networks due to their efficient operations for small payments and support of mobile devices.
- The proposed protocol uses a one-way hash chain structure to support both prepaid and credit-based payment schemes efficiently and securely. Tickets containing payment hash chains are used to facilitate authentication and billing.
- The protocol aims to minimize public-key operations by relying on hash functions whenever possible to reduce computational burden on wireless devices. It also supports roaming between mesh routers in the same domain.
The document discusses secure payment systems for electronic commerce. It outlines why security is important on the internet due to risks of snooping, alteration of information, and theft. It then covers various technologies used for secure transactions, including public key cryptography, SSL, digital signatures, and digital certificates. Finally, it discusses requirements for internet-based payments and different types of electronic payment systems like credit cards, electronic checks, anonymous payments and micropayments.
To increase the security of mobile payments, many payment schemes nowadays apply a technology called tokenization.
Tokenization is the process of replacing an existing payment card number with a surrogate value (token).
This token is used during a payment transaction, keeping the original card number safe.
A Token Service Provider (TSP) is an entity within the payments ecosystem that generates and manages tokens.
The TSP maps the original card number with the payment tokens and stores this safely in a token vault.
Often these tokens can only be used in a specific domain such as a merchant’s online website or channel, limiting the risk even further.
A TSP manages the entire lifecycle of payment credentials including: Token Requestor Authorization Host
1. Tokenization: Replaces the PAN with a payment token.
2. De-tokenization: Converts the token back to the PAN using the token vault.
3. Token vault: Establishes and maintains the payment token to PAN mapping.
4. Domain management: Adds additional security by restricting tokens to be used within specific (retail) channels or domains.
5. Identification and verification: Ensures that the payment token is replacing a PAN that was legitimately used by the token requestor.
6. Clearing and settlement: Ad-hoc de-tokenization during clearing and settlement process.
Issuers, acquirers and merchants that wish to offer mobile and/or digital payments to customers can become a TSP.
Becoming your own TSP gives full control over the tokenization process: creation, storage, issuance and management.
By having your own TSP, you are in full control of digital payments by issuing tokens directly without third party intervention.
By using a third party TSP from the payment schemes, issuers need to integrate with each payment scheme.
Benefits of having you own TSP:
1. Reduce long term costs: no additional TSP fees from the payment schemes.
2. On-us transactions: save on transaction fees when you are the issuing as well as the acquiring bank.
3. Banks retain their privacy because data and roadmaps do not have to be shared with the schemes.
4. Keep track of customer payment behavior to gain valuable insight and be able to offer personalized services.
5. Expand to multiple use cases. Host Card Emulation Embedded SE Internet: Card-Not-Present Value added services / non-card payments
6. Have your own strategy and be future proof in order to stay competitive.
Bell ID® Token Service Provider enables issuers and processors to perform the role of a Token Service Provider.
This document provides an overview of biometric authentication techniques. It discusses what biometric authentication is, the different types of biometric techniques including fingerprint, face, iris, hand geometry, and voice recognition. It covers how biometric systems work, performance metrics, applications, limitations, and concludes that biometric authentication provides strong security for applications like e-commerce and e-government by utilizing unique physical and behavioral human traits.
This document describes various WiFi and proximity marketing solutions including captive portals, roaming and federation, data retention, big data analytics, WiFi probing, advertisement injection, iBeacon proximity, proximity with wallet/app, and case histories. It provides details on features like welcome pages, user registration, traffic management, partner networks, data management, analytics tools, passive localization, content insertion, push notifications, and a simplified onboarding process for telecom companies.
A SECURE ELECTRONIC PAYMENT PROTOCOL FOR WIRELESS MESH NETWORKSIJNSA Journal
Electronic payment systems for wireless mesh networks need to take into account the limited computational and communicational ability of mesh clients. Micropayment scheme is well suited for this scenario since it is specifically designed for efficient operations in payment transactions. In this article, we propose a one way hash chain structure based on which efficient and secure payment protocols that support both prepaid and credit-based paying schemes are introduced.
A Survey on Credit Based Scheme for Multihop Wireless Networkijsrd.com
Wireless Network (WSN) is an evolving technology that has various applications both for mass public and military. The performance of wireless networks depends on the cooperation of all active nodes. However, supporting a wireless network is a cost-intensive activity for a mobile node. For a single mobile node perspective, the detection of routes as well as forwarding packets consumes local CPU time, memory and bandwidth. Sometimes the mobile nodes denying the packet of other nodes, while at the same time use their services to deliver its own data. This behaviour of an independent mobile node is commonly known as misbehaving or selfishness. There are different schemes used for minimizing malicious behaviour of mobile nodes. Here provide different payment based schemes that provide co-operation among nodes in the network.
International Journal of Engineering and Science Invention (IJESI) is an international journal intended for professionals and researchers in all fields of computer science and electronics. IJESI publishes research articles and reviews within the whole field Engineering Science and Technology, new teaching methods, assessment, validation and the impact of new technologies and it will continue to provide information on the latest trends and developments in this ever-expanding subject. The publications of papers are selected through double peer reviewed to ensure originality, relevance, and readability. The articles published in our journal can be accessed online.
A Study of Secure Efficient Ad hoc Distance Vector Routing Protocols for MANETsIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
International Journal of Modern Engineering Research (IJMER) covers all the fields of engineering and science: Electrical Engineering, Mechanical Engineering, Civil Engineering, Chemical Engineering, Computer Engineering, Agricultural Engineering, Aerospace Engineering, Thermodynamics, Structural Engineering, Control Engineering, Robotics, Mechatronics, Fluid Mechanics, Nanotechnology, Simulators, Web-based Learning, Remote Laboratories, Engineering Design Methods, Education Research, Students' Satisfaction and Motivation, Global Projects, and Assessment…. And many more.
The document discusses secure payment systems for electronic commerce. It outlines why security is important on the internet due to risks of snooping, alteration of information, and theft. It then covers various technologies used for secure transactions, including public key cryptography, SSL, digital signatures, and digital certificates. Finally, it discusses requirements for internet-based payments and different types of electronic payment systems like credit cards, electronic checks, anonymous payments and micropayments.
To increase the security of mobile payments, many payment schemes nowadays apply a technology called tokenization.
Tokenization is the process of replacing an existing payment card number with a surrogate value (token).
This token is used during a payment transaction, keeping the original card number safe.
A Token Service Provider (TSP) is an entity within the payments ecosystem that generates and manages tokens.
The TSP maps the original card number with the payment tokens and stores this safely in a token vault.
Often these tokens can only be used in a specific domain such as a merchant’s online website or channel, limiting the risk even further.
A TSP manages the entire lifecycle of payment credentials including: Token Requestor Authorization Host
1. Tokenization: Replaces the PAN with a payment token.
2. De-tokenization: Converts the token back to the PAN using the token vault.
3. Token vault: Establishes and maintains the payment token to PAN mapping.
4. Domain management: Adds additional security by restricting tokens to be used within specific (retail) channels or domains.
5. Identification and verification: Ensures that the payment token is replacing a PAN that was legitimately used by the token requestor.
6. Clearing and settlement: Ad-hoc de-tokenization during clearing and settlement process.
Issuers, acquirers and merchants that wish to offer mobile and/or digital payments to customers can become a TSP.
Becoming your own TSP gives full control over the tokenization process: creation, storage, issuance and management.
By having your own TSP, you are in full control of digital payments by issuing tokens directly without third party intervention.
By using a third party TSP from the payment schemes, issuers need to integrate with each payment scheme.
Benefits of having you own TSP:
1. Reduce long term costs: no additional TSP fees from the payment schemes.
2. On-us transactions: save on transaction fees when you are the issuing as well as the acquiring bank.
3. Banks retain their privacy because data and roadmaps do not have to be shared with the schemes.
4. Keep track of customer payment behavior to gain valuable insight and be able to offer personalized services.
5. Expand to multiple use cases. Host Card Emulation Embedded SE Internet: Card-Not-Present Value added services / non-card payments
6. Have your own strategy and be future proof in order to stay competitive.
Bell ID® Token Service Provider enables issuers and processors to perform the role of a Token Service Provider.
This document provides an overview of biometric authentication techniques. It discusses what biometric authentication is, the different types of biometric techniques including fingerprint, face, iris, hand geometry, and voice recognition. It covers how biometric systems work, performance metrics, applications, limitations, and concludes that biometric authentication provides strong security for applications like e-commerce and e-government by utilizing unique physical and behavioral human traits.
This document describes various WiFi and proximity marketing solutions including captive portals, roaming and federation, data retention, big data analytics, WiFi probing, advertisement injection, iBeacon proximity, proximity with wallet/app, and case histories. It provides details on features like welcome pages, user registration, traffic management, partner networks, data management, analytics tools, passive localization, content insertion, push notifications, and a simplified onboarding process for telecom companies.
A SECURE ELECTRONIC PAYMENT PROTOCOL FOR WIRELESS MESH NETWORKSIJNSA Journal
Electronic payment systems for wireless mesh networks need to take into account the limited computational and communicational ability of mesh clients. Micropayment scheme is well suited for this scenario since it is specifically designed for efficient operations in payment transactions. In this article, we propose a one way hash chain structure based on which efficient and secure payment protocols that support both prepaid and credit-based paying schemes are introduced.
A Survey on Credit Based Scheme for Multihop Wireless Networkijsrd.com
Wireless Network (WSN) is an evolving technology that has various applications both for mass public and military. The performance of wireless networks depends on the cooperation of all active nodes. However, supporting a wireless network is a cost-intensive activity for a mobile node. For a single mobile node perspective, the detection of routes as well as forwarding packets consumes local CPU time, memory and bandwidth. Sometimes the mobile nodes denying the packet of other nodes, while at the same time use their services to deliver its own data. This behaviour of an independent mobile node is commonly known as misbehaving or selfishness. There are different schemes used for minimizing malicious behaviour of mobile nodes. Here provide different payment based schemes that provide co-operation among nodes in the network.
International Journal of Engineering and Science Invention (IJESI) is an international journal intended for professionals and researchers in all fields of computer science and electronics. IJESI publishes research articles and reviews within the whole field Engineering Science and Technology, new teaching methods, assessment, validation and the impact of new technologies and it will continue to provide information on the latest trends and developments in this ever-expanding subject. The publications of papers are selected through double peer reviewed to ensure originality, relevance, and readability. The articles published in our journal can be accessed online.
A Study of Secure Efficient Ad hoc Distance Vector Routing Protocols for MANETsIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
International Journal of Modern Engineering Research (IJMER) covers all the fields of engineering and science: Electrical Engineering, Mechanical Engineering, Civil Engineering, Chemical Engineering, Computer Engineering, Agricultural Engineering, Aerospace Engineering, Thermodynamics, Structural Engineering, Control Engineering, Robotics, Mechatronics, Fluid Mechanics, Nanotechnology, Simulators, Web-based Learning, Remote Laboratories, Engineering Design Methods, Education Research, Students' Satisfaction and Motivation, Global Projects, and Assessment…. And many more.
A Secure Payment Scheme with Low Communication and Processing Overhead for Mu...Editor IJMTER
In this proposed work a trust-based routing protocol is developed to route messages through the
highly trusted nodes to minimize the probability of dropping the messages. Thus improve the network
performance in terms of throughput and packet delivery ratio. The proposed design contains a novel secure
reactive routing protocol for Mobile ad hoc networks (MANETs), called TRIUMF (Trust-Based Routing
Protocol with controlled degree of Selfishness for Securing MANET against Packet Dropping Attack). In the
proposed protocol trust among nodes is represented by trust value, which consists of cooperation score, direct
trust and indirect trust. The proposed trust routing allows controlled degree of selfishness to give an incentive to
the selfish nodes to declare its selfishness behavior to its neighbor nodes, which reduce the searching time of
misbehaving nodes to search for the malicious nodes only. In the proposed routing protocol two node-disjoint
routes between the source and destination nodes are selected based on their path trust values, one marked as
primary and the other as secondary. In this work both DLL-ACK and end- to-end TCP-ACK as monitoring
tools to monitor the behavior of routing path nodes: if the data packet successfully transmitted, then the path
nodes trust value are updated positively; otherwise, if a malicious behavior is detected then the path searching
tool starts to identify the malicious nodes and isolate them from the routing path and the network. Finally this
scheme reduces the searching time of malicious nodes, and the routing protocol avoids the isolated misbehaving
node from sharing in all future routes, which improves the overall network throughput.
(Paper) An Endorsement Based Mobile Payment System for a Disaster AreaNaoki Shibata
Babatunde Ojetunde, Naoki Shibata, Juntao Gao, and Minoru Ito : An Endorsement Based Mobile Payment System for A Disaster Area, in Proc. of The 29th IEEE International Conference on Advanced Information Networking and Applications (AINA-2015) (29% acceptance rate), pp.482-489, Mar. 2015. DOI:10.1109/AINA.2015.225
A payment system in a disaster area is essential for people to buy necessities such as groceries, clothing, and medical supplies. However, existing payment systems require the needed communication infrastructures (like wired networks and cellular networks) to enable transactions, so that these systems cannot be relied on in disaster areas, where these communication infrastructures may be destroyed. In this paper, we propose a mobile payment system, adopting infrastructureless mobile adhoc networks (MANETs), which allow users to shop in disaster areas while providing secure transactions. Specifically, we propose an endorsement-based scheme to guarantee each transaction and a scheme to provide monitoring based on location information, and thus achieve transaction validity and reliability. Our mobile payment system can also prevent collusion between two parties and reset and recover attacks by any user. Security is ensured by using location-based mutual monitoring by nearby users, avoiding thereby double spending in the system.
Secure Ticket- Based Anonymity and Traceability in Wireless Mesh NetworksIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
This document summarizes a research paper that proposes a decentralized e-voting system using blockchain technology. It begins with an abstract that outlines the limitations of current centralized electronic voting systems and how blockchain could address issues like proxy voting, re-voting, and lack of verifiability. The paper then reviews relevant literature on blockchain voting protocols. It proposes a novel e-voting system that implements a voting protocol as a smart contract on the Ethereum blockchain. This would create nodes for each user to securely store encrypted votes on the distributed ledger in a transparent and verifiable manner, suitable for medium-sized elections.
ASSURED NEIGHBOR BASED COUNTER PROTOCOL ON MAC-LAYER PROVIDING SECURITY IN MO...cscpconf
In this paper, we have taken out the concern of security on a Medium Access Control layer
implementing Assured Neighbor based Security Protocol to provide the authentication,
confidentiality and taking in consideration High speed transmission by providing security in
parallel manner in both Routing and Link Layer of Mobile Ad hoc Networks. We basically
divide the protocol into two different segments as the first portion concentrates, based on
Routing layer information; we implement the scheme for the detection and isolation of the
malicious nodes. The trust counter for each node is maintained which actively increased and
decreased considering the trust value for the packet forwarding. The threshold level is defined differencing the malicious and non malicious nodes. If the value of the node in trust counter lacks below the threshold value then the node is considered as malicious. The second part focus on providing the security in the link layer, the security is provided using CTR (Counter) approach for authentication and encryption. Hence simulating the results in NS-2, we come to conclude that the proposed protocol can attain high packet delivery over various intruders while attaining low delays and overheads.
Administrator&trust based routing protocolNinad Samel
This document proposes a new routing scheme called Administrator and Trust Based Secure Routing (ATSR) for mobile ad hoc networks (MANETs). ATSR selects administrator nodes to route packets based on parameters like battery power, node coverage, reliability, and trust. It uses digital signatures and asymmetric cryptography to provide message confidentiality and integrity. Simulation results show ATSR is efficient, robust, and trustworthy. The document describes the working methodology of ATSR, related work, the proposed algorithms for administrator selection and trust/willingness calculation, packet formats, and security analysis.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Irrational node detection in multihop cellular networks using accounting centereSAT Journals
Abstract In multihop cellular networks mobile nodes typically transmit packets during intermediate mobile nodes for enhancing recital. Stingy nodes typically don't collaborate that incorporates a negative result on the network fairness and recital. A fair, inexpensive and best incentive mechanism by Selfish Node Detection (FESCIMbySND) has been projected to stimulate the mobile node’s cooperation. Hashing operations area unit employed in order to extend the safety. Trivial Hash perform has been wont to improve end-to-end delay and outturn. Additionally Cyclic Redundancy Check Mechanism has been used to spot the ridiculous nodes that involve themselves in sessions with the intention of dropping the in sequence packets. Moreover, to cut back the impact at the Accounting Center a Border node has been commend the task of propose the checks employing a digital signature. Keywords: Border Node Mechanism, Cyclic Redundancy Check, Selfish nodes, Trivial Hash Function
A SECURE CLUSTER BASED COMMUNICATION IN WIRELESS NETWORK USING CRYPTOGRAPHIC ...IJNSA Journal
Mobile Adhoc Networks are becoming very popular in current Wireless Technology, which is been
associated to business, socially and in some critical applications like Military etc, The network which is
formed by self configuring wireless links which are connected to each other. These applications are
categorized by hostile environment that they serve while communicating between nodes. However in such
Wireless Network will be more exposed to different types of security attacks. The challenge is to meet
secure network communication. In this paper we focus on cluster based secure communication to improve
the reliability between clusters. In this scheme the Cluster Members (CM) submits a report to the Cluster
Head (CH) and temporarily stores Evidences as a security tokens. The reports contain digital signatures.
The CH will verify the consistency of the CM report and updates to Accounting Centre (AC). AC will verify
the uniformity of reports and clears the cryptographic operations. For attacker nodes, the security tokens
are requested to classify and expel the attacker nodes which submit wrong reports.
Multi-Level Secret Sharing Scheme for Mobile Ad-Hoc NetworksEswar Publications
In this paper, we are concerned with security for Mobile Ad-hoc Networks (MANETs) using threshold cryptography. When we are applying cryptography to MANETs, key management schemes must provide the cryptographic keys in a secure manner and storing the secret information within the nodes, thwarting the activities of malicious nodes inside a network and is how to distribute the role of the trusted authority among the nodes. Mobile ad hoc networks (MANETs) represent complex distributed systems that comprise wireless mobile nodes that can freely and dynamically self-organize into arbitrary and temporary, ad-hoc network topologies. Secret Sharing Scheme is a method which distributes shares of a secret to a set of participants in such a way that only authorized subset of participants can uniquely reconstruct the secret and an unauthorized subset can get no information about the secret. In this paper we present a new multilevel secret sharing scheme by extending the Shamir’s to the case that the global threshold is strictly greater than the sum of the compartment thresholds and we indicate how to use the threshold secret sharing schemes based on polynomial interpolation. These schemes are based on one-way functions (Discrete Logarithm) which are computationally perfect. In the first scheme the number of public shares grows exponentially with the number of participants. To overcome this disadvantage we proposed two efficient schemes in which the number of public shares ate linearly proportional to the number of participants. Both these schemes are similar except that in the third scheme the identities of the participants are also hidden. In this we also addressed the problem of malicious shareholders that aim to corrupt a secret sharing scheme. To prevent such a threat, legitimate shareholders must detect any modification of shares that has not been issued by a node responsible for the sharing of secret S.
- Asynchronous transfer mode (ATM) is a switching technique that uses fixed-sized cells to encode data and is used in telecommunication networks. It is different from variable packet size techniques like Ethernet.
- ATM uses synchronous optical network as a backbone and forms the core protocol of integrated digital services networks. It establishes connections using virtual circuits before transmitting data between endpoints like routers and switches.
- ATM cells have a header containing a virtual path/channel identifier pair to identify the destination as cells pass through switches on their way to the final destination. Quality of service is ensured through traffic contracts specifying parameters like constant or variable bit rates.
ABCrowd: An Auction Mechanism on Blockchain for Spatial CrowdsourcingMaha Kadadha
R-SMB is an auction mechanism proposed for spatial crowdsourcing on blockchain. It addresses the challenges of centralized platforms by running the crowdsourcing platform entirely on Ethereum blockchain using smart contracts. This guarantees trusted execution and transparency. R-SMB is based on repeating the Single-Minded Bidder auction multiple times to allocate tasks to workers in order to maximize allocation given crowdsourcing requirements. It provides truthfulness incentives for workers while approximating the optimized social welfare of the Vickrey-Clarke-Groves mechanism. The R-SMB mechanism is implemented on blockchain and shown to have comparable performance to VCG with improved results for workers and requesters, while having lower execution costs.
A NOVEL CHARGING AND ACCOUNTING SCHEME IN MOBILE AD-HOC NETWORKSIJNSA Journal
Because of the lack of infrastructure in mobile ad hoc networks (MANETs), their proper functioning must rely on co-operations among mobile nodes. However, mobile nodes tend to save their own resources and may be reluctant to forward packets for other nodes. One approach to encourage co-operations among
nodes is to reward nodes that forward data for others. Such an incentive-based scheme requires a charging and accounting framework to control and manage rewards and fines (collected from users committing infractions). In this paper, we propose a novel charging and accounting scheme for MANETs. We present a detailed description of the proposed scheme and demonstrate its effectiveness via formal proofs and simulation results [15]. We develop a theoretical game model that offers advice to network administrators about the allocation of resources for monitoring mobile nodes. The solution provides the optimal monitoring probability, which discourages nodes from cheating because the gain would be compensated by
the penalty.
A NOVEL CHARGING AND ACCOUNTING SCHEME IN MOBILE AD-HOC NETWORKSIJNSA Journal
Because of the lack of infrastructure in mobile ad hoc networks (MANETs), their proper functioning must
rely on co-operations among mobile nodes. However, mobile nodes tend to save their own resources and
may be reluctant to forward packets for other nodes. One approach to encourage co-operations among
nodes is to reward nodes that forward data for others. Such an incentive-based scheme requires a charging
and accounting framework to control and manage rewards and fines (collected from users committing
infractions). In this paper, we propose a novel charging and accounting scheme for MANETs. We present a
detailed description of the proposed scheme and demonstrate its effectiveness via formal proofs and
simulation results [15]. We develop a theoretical game model that offers advice to network administrators
about the allocation of resources for monitoring mobile nodes. The solution provides the optimal
monitoring probability, which discourages nodes from cheating because the gain would be compensated by
the penalty.
A NOVEL CHARGING AND ACCOUNTING SCHEME IN MOBILE AD-HOC NETWORKSIJNSA Journal
Because of the lack of infrastructure in mobile ad hoc networks (MANETs), their proper functioning must rely on co-operations among mobile nodes. However, mobile nodes tend to save their own resources and may be reluctant to forward packets for other nodes. One approach to encourage co-operations among nodes is to reward nodes that forward data for others. Such an incentive-based scheme requires a charging and accounting framework to control and manage rewards and fines (collected from users committing infractions). In this paper, we propose a novel charging and accounting scheme for MANETs. We present a detailed description of the proposed scheme and demonstrate its effectiveness via formal proofs and simulation results [15]. We develop a theoretical game model that offers advice to network administrators about the allocation of resources for monitoring mobile nodes. The solution provides the optimal monitoring probability, which discourages nodes from cheating because the gain would be compensated by the penalty.
IRJET- Guarded Remittance System Employing WANET for Catastrophe RegionIRJET Journal
This document proposes an offline mobile payment system for catastrophe regions using Wireless Ad-hoc Networks (WANETs). The system aims to enable payments when fixed infrastructure like cellular towers are unavailable after disasters. It introduces a mobile payment app that allows customers to make payments offline by communicating through an infrastructure-less wireless network established via WANET. The system uses multilevel endorsement and digital signatures to guarantee payments and prevent double spending. It also provides an interface for users to view and upload information about regional conditions like roadblocks or flooding to help others in the disaster area.
This document describes a fast handoff scheme called NodeScan for IEEE 802.11 wireless networks. NodeScan aims to reduce handoff latency by taking advantage of wireless mesh network architecture. It maintains a list of active mesh nodes on the client and transmits authentication requests to all nodes on the list simultaneously instead of scanning channels. This allows the client to discover and connect to a new mesh node quickly. Experimental results on a wireless mesh testbed show that NodeScan can reduce handoff latency compared to standard scanning methods. The scheme requires only a client-side software upgrade to implement.
International Journal of Engineering Research and Development (IJERD)IJERD Editor
The TV can assist the authentication of other OBUs.
5)
Mutual authentication: Both the OBU and the TV/LE can authenticate each other to avoid the
impersonation attack.
6)
Resistance to stolen-verified attacks: Even if the adversary obtains the authentication parameters of the
OBU, it still cannot impersonate the OBU.
7)
Resistance to forgery attacks: The adversary cannot forge a valid authentication message to cheat the
TV/LE.
8)
Resistance to modification attacks: The adversary cannot modify the authentication message without
being detected.
9)
Resistance to replay attacks: The adversary cannot replay the previous valid authentication message to
Soft real time auction scheme for task allocation in wireless sensor networkseSAT Publishing House
1) The document proposes a Soft Real Time Auction (SRT-A) scheme for task allocation in wireless sensor networks to improve energy efficiency compared to existing real time auction algorithms.
2) In SRT-A, the winner is chosen at the end of a time slot rather than immediately when the bid exceeds a threshold, giving all nodes a fair chance to participate. Wait time is also used to allow nodes with higher bids to bid earlier.
3) The algorithm is evaluated through simulations showing SRT-A achieves better bid values in less time compared to existing real time auction algorithms for task allocation in wireless sensor networks.
Titles with Abstracts_2023-2024_Block Chain.pdfinfo751436
Engaging in blockchain domain projects offers various advantages, as blockchain technology has unique features that can be beneficial in different contexts. Here are some key advantages:
Decentralization: Blockchain operates on a decentralized network of nodes, eliminating the need for a central authority. This can enhance security, reduce the risk of a single point of failure, and promote trust among participants in a network.
Transparency: Transactions on a blockchain are recorded in a transparent and immutable ledger. This transparency reduces the risk of fraud and increases accountability as all participants can verify the history of transactions.
Security: Blockchain uses cryptographic techniques to secure transactions and control access to information. The decentralized and tamper-resistant nature of blockchain makes it resistant to hacking and unauthorized alterations.
Smart Contracts: Smart contracts are self-executing contracts with the terms of the agreement directly written into code. They automate and enforce the execution of contractual agreements, reducing the need for intermediaries and the associated costs.
Immutable Record: Once data is added to a blockchain, it becomes extremely difficult to alter or delete. This immutability ensures the integrity of the data, which is particularly valuable in applications where data tampering is a concern.
Efficiency and Cost Reduction: Blockchain can streamline processes and reduce the need for intermediaries in various industries, leading to increased efficiency and cost savings. For example, in financial transactions, blockchain can eliminate the need for multiple intermediaries and reduce transaction times.
Cross-Border Transactions: Blockchain facilitates cross-border transactions by providing a decentralized and standardized platform for transactions. This can reduce the complexities and delays associated with traditional cross-border transactions.
Data Ownership and Privacy: Users have more control over their personal data on a blockchain. They can grant permission for specific entities to access their data, enhancing privacy and giving individuals more ownership and control over their information.
Traceability and Supply Chain Management: Blockchain enables end-to-end traceability of products in supply chains. This can help in verifying the authenticity of products, preventing fraud, and ensuring the quality and safety of goods.
Tokenization of Assets: Blockchain allows for the tokenization of physical and digital assets, enabling fractional ownership and making it easier to trade and transfer ownership of assets. This has implications for real estate, art, and other asset classes.
Incentive Mechanisms: Some blockchain networks use tokens and incentive mechanisms to encourage network participants to contribute resources, validate transactions, or perform other functions. This can create a self-sustaining ecosystem.
AppSec PNW: Android and iOS Application Security with MobSFAjin Abraham
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
A Secure Payment Scheme with Low Communication and Processing Overhead for Mu...Editor IJMTER
In this proposed work a trust-based routing protocol is developed to route messages through the
highly trusted nodes to minimize the probability of dropping the messages. Thus improve the network
performance in terms of throughput and packet delivery ratio. The proposed design contains a novel secure
reactive routing protocol for Mobile ad hoc networks (MANETs), called TRIUMF (Trust-Based Routing
Protocol with controlled degree of Selfishness for Securing MANET against Packet Dropping Attack). In the
proposed protocol trust among nodes is represented by trust value, which consists of cooperation score, direct
trust and indirect trust. The proposed trust routing allows controlled degree of selfishness to give an incentive to
the selfish nodes to declare its selfishness behavior to its neighbor nodes, which reduce the searching time of
misbehaving nodes to search for the malicious nodes only. In the proposed routing protocol two node-disjoint
routes between the source and destination nodes are selected based on their path trust values, one marked as
primary and the other as secondary. In this work both DLL-ACK and end- to-end TCP-ACK as monitoring
tools to monitor the behavior of routing path nodes: if the data packet successfully transmitted, then the path
nodes trust value are updated positively; otherwise, if a malicious behavior is detected then the path searching
tool starts to identify the malicious nodes and isolate them from the routing path and the network. Finally this
scheme reduces the searching time of malicious nodes, and the routing protocol avoids the isolated misbehaving
node from sharing in all future routes, which improves the overall network throughput.
(Paper) An Endorsement Based Mobile Payment System for a Disaster AreaNaoki Shibata
Babatunde Ojetunde, Naoki Shibata, Juntao Gao, and Minoru Ito : An Endorsement Based Mobile Payment System for A Disaster Area, in Proc. of The 29th IEEE International Conference on Advanced Information Networking and Applications (AINA-2015) (29% acceptance rate), pp.482-489, Mar. 2015. DOI:10.1109/AINA.2015.225
A payment system in a disaster area is essential for people to buy necessities such as groceries, clothing, and medical supplies. However, existing payment systems require the needed communication infrastructures (like wired networks and cellular networks) to enable transactions, so that these systems cannot be relied on in disaster areas, where these communication infrastructures may be destroyed. In this paper, we propose a mobile payment system, adopting infrastructureless mobile adhoc networks (MANETs), which allow users to shop in disaster areas while providing secure transactions. Specifically, we propose an endorsement-based scheme to guarantee each transaction and a scheme to provide monitoring based on location information, and thus achieve transaction validity and reliability. Our mobile payment system can also prevent collusion between two parties and reset and recover attacks by any user. Security is ensured by using location-based mutual monitoring by nearby users, avoiding thereby double spending in the system.
Secure Ticket- Based Anonymity and Traceability in Wireless Mesh NetworksIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
This document summarizes a research paper that proposes a decentralized e-voting system using blockchain technology. It begins with an abstract that outlines the limitations of current centralized electronic voting systems and how blockchain could address issues like proxy voting, re-voting, and lack of verifiability. The paper then reviews relevant literature on blockchain voting protocols. It proposes a novel e-voting system that implements a voting protocol as a smart contract on the Ethereum blockchain. This would create nodes for each user to securely store encrypted votes on the distributed ledger in a transparent and verifiable manner, suitable for medium-sized elections.
ASSURED NEIGHBOR BASED COUNTER PROTOCOL ON MAC-LAYER PROVIDING SECURITY IN MO...cscpconf
In this paper, we have taken out the concern of security on a Medium Access Control layer
implementing Assured Neighbor based Security Protocol to provide the authentication,
confidentiality and taking in consideration High speed transmission by providing security in
parallel manner in both Routing and Link Layer of Mobile Ad hoc Networks. We basically
divide the protocol into two different segments as the first portion concentrates, based on
Routing layer information; we implement the scheme for the detection and isolation of the
malicious nodes. The trust counter for each node is maintained which actively increased and
decreased considering the trust value for the packet forwarding. The threshold level is defined differencing the malicious and non malicious nodes. If the value of the node in trust counter lacks below the threshold value then the node is considered as malicious. The second part focus on providing the security in the link layer, the security is provided using CTR (Counter) approach for authentication and encryption. Hence simulating the results in NS-2, we come to conclude that the proposed protocol can attain high packet delivery over various intruders while attaining low delays and overheads.
Administrator&trust based routing protocolNinad Samel
This document proposes a new routing scheme called Administrator and Trust Based Secure Routing (ATSR) for mobile ad hoc networks (MANETs). ATSR selects administrator nodes to route packets based on parameters like battery power, node coverage, reliability, and trust. It uses digital signatures and asymmetric cryptography to provide message confidentiality and integrity. Simulation results show ATSR is efficient, robust, and trustworthy. The document describes the working methodology of ATSR, related work, the proposed algorithms for administrator selection and trust/willingness calculation, packet formats, and security analysis.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Irrational node detection in multihop cellular networks using accounting centereSAT Journals
Abstract In multihop cellular networks mobile nodes typically transmit packets during intermediate mobile nodes for enhancing recital. Stingy nodes typically don't collaborate that incorporates a negative result on the network fairness and recital. A fair, inexpensive and best incentive mechanism by Selfish Node Detection (FESCIMbySND) has been projected to stimulate the mobile node’s cooperation. Hashing operations area unit employed in order to extend the safety. Trivial Hash perform has been wont to improve end-to-end delay and outturn. Additionally Cyclic Redundancy Check Mechanism has been used to spot the ridiculous nodes that involve themselves in sessions with the intention of dropping the in sequence packets. Moreover, to cut back the impact at the Accounting Center a Border node has been commend the task of propose the checks employing a digital signature. Keywords: Border Node Mechanism, Cyclic Redundancy Check, Selfish nodes, Trivial Hash Function
A SECURE CLUSTER BASED COMMUNICATION IN WIRELESS NETWORK USING CRYPTOGRAPHIC ...IJNSA Journal
Mobile Adhoc Networks are becoming very popular in current Wireless Technology, which is been
associated to business, socially and in some critical applications like Military etc, The network which is
formed by self configuring wireless links which are connected to each other. These applications are
categorized by hostile environment that they serve while communicating between nodes. However in such
Wireless Network will be more exposed to different types of security attacks. The challenge is to meet
secure network communication. In this paper we focus on cluster based secure communication to improve
the reliability between clusters. In this scheme the Cluster Members (CM) submits a report to the Cluster
Head (CH) and temporarily stores Evidences as a security tokens. The reports contain digital signatures.
The CH will verify the consistency of the CM report and updates to Accounting Centre (AC). AC will verify
the uniformity of reports and clears the cryptographic operations. For attacker nodes, the security tokens
are requested to classify and expel the attacker nodes which submit wrong reports.
Multi-Level Secret Sharing Scheme for Mobile Ad-Hoc NetworksEswar Publications
In this paper, we are concerned with security for Mobile Ad-hoc Networks (MANETs) using threshold cryptography. When we are applying cryptography to MANETs, key management schemes must provide the cryptographic keys in a secure manner and storing the secret information within the nodes, thwarting the activities of malicious nodes inside a network and is how to distribute the role of the trusted authority among the nodes. Mobile ad hoc networks (MANETs) represent complex distributed systems that comprise wireless mobile nodes that can freely and dynamically self-organize into arbitrary and temporary, ad-hoc network topologies. Secret Sharing Scheme is a method which distributes shares of a secret to a set of participants in such a way that only authorized subset of participants can uniquely reconstruct the secret and an unauthorized subset can get no information about the secret. In this paper we present a new multilevel secret sharing scheme by extending the Shamir’s to the case that the global threshold is strictly greater than the sum of the compartment thresholds and we indicate how to use the threshold secret sharing schemes based on polynomial interpolation. These schemes are based on one-way functions (Discrete Logarithm) which are computationally perfect. In the first scheme the number of public shares grows exponentially with the number of participants. To overcome this disadvantage we proposed two efficient schemes in which the number of public shares ate linearly proportional to the number of participants. Both these schemes are similar except that in the third scheme the identities of the participants are also hidden. In this we also addressed the problem of malicious shareholders that aim to corrupt a secret sharing scheme. To prevent such a threat, legitimate shareholders must detect any modification of shares that has not been issued by a node responsible for the sharing of secret S.
- Asynchronous transfer mode (ATM) is a switching technique that uses fixed-sized cells to encode data and is used in telecommunication networks. It is different from variable packet size techniques like Ethernet.
- ATM uses synchronous optical network as a backbone and forms the core protocol of integrated digital services networks. It establishes connections using virtual circuits before transmitting data between endpoints like routers and switches.
- ATM cells have a header containing a virtual path/channel identifier pair to identify the destination as cells pass through switches on their way to the final destination. Quality of service is ensured through traffic contracts specifying parameters like constant or variable bit rates.
ABCrowd: An Auction Mechanism on Blockchain for Spatial CrowdsourcingMaha Kadadha
R-SMB is an auction mechanism proposed for spatial crowdsourcing on blockchain. It addresses the challenges of centralized platforms by running the crowdsourcing platform entirely on Ethereum blockchain using smart contracts. This guarantees trusted execution and transparency. R-SMB is based on repeating the Single-Minded Bidder auction multiple times to allocate tasks to workers in order to maximize allocation given crowdsourcing requirements. It provides truthfulness incentives for workers while approximating the optimized social welfare of the Vickrey-Clarke-Groves mechanism. The R-SMB mechanism is implemented on blockchain and shown to have comparable performance to VCG with improved results for workers and requesters, while having lower execution costs.
A NOVEL CHARGING AND ACCOUNTING SCHEME IN MOBILE AD-HOC NETWORKSIJNSA Journal
Because of the lack of infrastructure in mobile ad hoc networks (MANETs), their proper functioning must rely on co-operations among mobile nodes. However, mobile nodes tend to save their own resources and may be reluctant to forward packets for other nodes. One approach to encourage co-operations among
nodes is to reward nodes that forward data for others. Such an incentive-based scheme requires a charging and accounting framework to control and manage rewards and fines (collected from users committing infractions). In this paper, we propose a novel charging and accounting scheme for MANETs. We present a detailed description of the proposed scheme and demonstrate its effectiveness via formal proofs and simulation results [15]. We develop a theoretical game model that offers advice to network administrators about the allocation of resources for monitoring mobile nodes. The solution provides the optimal monitoring probability, which discourages nodes from cheating because the gain would be compensated by
the penalty.
A NOVEL CHARGING AND ACCOUNTING SCHEME IN MOBILE AD-HOC NETWORKSIJNSA Journal
Because of the lack of infrastructure in mobile ad hoc networks (MANETs), their proper functioning must
rely on co-operations among mobile nodes. However, mobile nodes tend to save their own resources and
may be reluctant to forward packets for other nodes. One approach to encourage co-operations among
nodes is to reward nodes that forward data for others. Such an incentive-based scheme requires a charging
and accounting framework to control and manage rewards and fines (collected from users committing
infractions). In this paper, we propose a novel charging and accounting scheme for MANETs. We present a
detailed description of the proposed scheme and demonstrate its effectiveness via formal proofs and
simulation results [15]. We develop a theoretical game model that offers advice to network administrators
about the allocation of resources for monitoring mobile nodes. The solution provides the optimal
monitoring probability, which discourages nodes from cheating because the gain would be compensated by
the penalty.
A NOVEL CHARGING AND ACCOUNTING SCHEME IN MOBILE AD-HOC NETWORKSIJNSA Journal
Because of the lack of infrastructure in mobile ad hoc networks (MANETs), their proper functioning must rely on co-operations among mobile nodes. However, mobile nodes tend to save their own resources and may be reluctant to forward packets for other nodes. One approach to encourage co-operations among nodes is to reward nodes that forward data for others. Such an incentive-based scheme requires a charging and accounting framework to control and manage rewards and fines (collected from users committing infractions). In this paper, we propose a novel charging and accounting scheme for MANETs. We present a detailed description of the proposed scheme and demonstrate its effectiveness via formal proofs and simulation results [15]. We develop a theoretical game model that offers advice to network administrators about the allocation of resources for monitoring mobile nodes. The solution provides the optimal monitoring probability, which discourages nodes from cheating because the gain would be compensated by the penalty.
IRJET- Guarded Remittance System Employing WANET for Catastrophe RegionIRJET Journal
This document proposes an offline mobile payment system for catastrophe regions using Wireless Ad-hoc Networks (WANETs). The system aims to enable payments when fixed infrastructure like cellular towers are unavailable after disasters. It introduces a mobile payment app that allows customers to make payments offline by communicating through an infrastructure-less wireless network established via WANET. The system uses multilevel endorsement and digital signatures to guarantee payments and prevent double spending. It also provides an interface for users to view and upload information about regional conditions like roadblocks or flooding to help others in the disaster area.
This document describes a fast handoff scheme called NodeScan for IEEE 802.11 wireless networks. NodeScan aims to reduce handoff latency by taking advantage of wireless mesh network architecture. It maintains a list of active mesh nodes on the client and transmits authentication requests to all nodes on the list simultaneously instead of scanning channels. This allows the client to discover and connect to a new mesh node quickly. Experimental results on a wireless mesh testbed show that NodeScan can reduce handoff latency compared to standard scanning methods. The scheme requires only a client-side software upgrade to implement.
International Journal of Engineering Research and Development (IJERD)IJERD Editor
The TV can assist the authentication of other OBUs.
5)
Mutual authentication: Both the OBU and the TV/LE can authenticate each other to avoid the
impersonation attack.
6)
Resistance to stolen-verified attacks: Even if the adversary obtains the authentication parameters of the
OBU, it still cannot impersonate the OBU.
7)
Resistance to forgery attacks: The adversary cannot forge a valid authentication message to cheat the
TV/LE.
8)
Resistance to modification attacks: The adversary cannot modify the authentication message without
being detected.
9)
Resistance to replay attacks: The adversary cannot replay the previous valid authentication message to
Soft real time auction scheme for task allocation in wireless sensor networkseSAT Publishing House
1) The document proposes a Soft Real Time Auction (SRT-A) scheme for task allocation in wireless sensor networks to improve energy efficiency compared to existing real time auction algorithms.
2) In SRT-A, the winner is chosen at the end of a time slot rather than immediately when the bid exceeds a threshold, giving all nodes a fair chance to participate. Wait time is also used to allow nodes with higher bids to bid earlier.
3) The algorithm is evaluated through simulations showing SRT-A achieves better bid values in less time compared to existing real time auction algorithms for task allocation in wireless sensor networks.
Titles with Abstracts_2023-2024_Block Chain.pdfinfo751436
Engaging in blockchain domain projects offers various advantages, as blockchain technology has unique features that can be beneficial in different contexts. Here are some key advantages:
Decentralization: Blockchain operates on a decentralized network of nodes, eliminating the need for a central authority. This can enhance security, reduce the risk of a single point of failure, and promote trust among participants in a network.
Transparency: Transactions on a blockchain are recorded in a transparent and immutable ledger. This transparency reduces the risk of fraud and increases accountability as all participants can verify the history of transactions.
Security: Blockchain uses cryptographic techniques to secure transactions and control access to information. The decentralized and tamper-resistant nature of blockchain makes it resistant to hacking and unauthorized alterations.
Smart Contracts: Smart contracts are self-executing contracts with the terms of the agreement directly written into code. They automate and enforce the execution of contractual agreements, reducing the need for intermediaries and the associated costs.
Immutable Record: Once data is added to a blockchain, it becomes extremely difficult to alter or delete. This immutability ensures the integrity of the data, which is particularly valuable in applications where data tampering is a concern.
Efficiency and Cost Reduction: Blockchain can streamline processes and reduce the need for intermediaries in various industries, leading to increased efficiency and cost savings. For example, in financial transactions, blockchain can eliminate the need for multiple intermediaries and reduce transaction times.
Cross-Border Transactions: Blockchain facilitates cross-border transactions by providing a decentralized and standardized platform for transactions. This can reduce the complexities and delays associated with traditional cross-border transactions.
Data Ownership and Privacy: Users have more control over their personal data on a blockchain. They can grant permission for specific entities to access their data, enhancing privacy and giving individuals more ownership and control over their information.
Traceability and Supply Chain Management: Blockchain enables end-to-end traceability of products in supply chains. This can help in verifying the authenticity of products, preventing fraud, and ensuring the quality and safety of goods.
Tokenization of Assets: Blockchain allows for the tokenization of physical and digital assets, enabling fractional ownership and making it easier to trade and transfer ownership of assets. This has implications for real estate, art, and other asset classes.
Incentive Mechanisms: Some blockchain networks use tokens and incentive mechanisms to encourage network participants to contribute resources, validate transactions, or perform other functions. This can create a self-sustaining ecosystem.
Similar to A SECURE ELECTRONIC PAYMENT PROTOCOL FOR WIRELESS MESH NETWORKS (20)
AppSec PNW: Android and iOS Application Security with MobSFAjin Abraham
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...Fwdays
Direct losses from downtime in 1 minute = $5-$10 thousand dollars. Reputation is priceless.
As part of the talk, we will consider the architectural strategies necessary for the development of highly loaded fintech solutions. We will focus on using queues and streaming to efficiently work and manage large amounts of data in real-time and to minimize latency.
We will focus special attention on the architectural patterns used in the design of the fintech system, microservices and event-driven architecture, which ensure scalability, fault tolerance, and consistency of the entire system.
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
Must Know Postgres Extension for DBA and Developer during MigrationMydbops
Mydbops Opensource Database Meetup 16
Topic: Must-Know PostgreSQL Extensions for Developers and DBAs During Migration
Speaker: Deepak Mahto, Founder of DataCloudGaze Consulting
Date & Time: 8th June | 10 AM - 1 PM IST
Venue: Bangalore International Centre, Bangalore
Abstract: Discover how PostgreSQL extensions can be your secret weapon! This talk explores how key extensions enhance database capabilities and streamline the migration process for users moving from other relational databases like Oracle.
Key Takeaways:
* Learn about crucial extensions like oracle_fdw, pgtt, and pg_audit that ease migration complexities.
* Gain valuable strategies for implementing these extensions in PostgreSQL to achieve license freedom.
* Discover how these key extensions can empower both developers and DBAs during the migration process.
* Don't miss this chance to gain practical knowledge from an industry expert and stay updated on the latest open-source database trends.
Mydbops Managed Services specializes in taking the pain out of database management while optimizing performance. Since 2015, we have been providing top-notch support and assistance for the top three open-source databases: MySQL, MongoDB, and PostgreSQL.
Our team offers a wide range of services, including assistance, support, consulting, 24/7 operations, and expertise in all relevant technologies. We help organizations improve their database's performance, scalability, efficiency, and availability.
Contact us: info@mydbops.com
Visit: https://www.mydbops.com/
Follow us on LinkedIn: https://in.linkedin.com/company/mydbops
For more details and updates, please follow up the below links.
Meetup Page : https://www.meetup.com/mydbops-databa...
Twitter: https://twitter.com/mydbopsofficial
Blogs: https://www.mydbops.com/blog/
Facebook(Meta): https://www.facebook.com/mydbops/
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillLizaNolte
HERE IS YOUR WEBINAR CONTENT! 'Mastering Customer Journey Management with Dr. Graham Hill'. We hope you find the webinar recording both insightful and enjoyable.
In this webinar, we explored essential aspects of Customer Journey Management and personalization. Here’s a summary of the key insights and topics discussed:
Key Takeaways:
Understanding the Customer Journey: Dr. Hill emphasized the importance of mapping and understanding the complete customer journey to identify touchpoints and opportunities for improvement.
Personalization Strategies: We discussed how to leverage data and insights to create personalized experiences that resonate with customers.
Technology Integration: Insights were shared on how inQuba’s advanced technology can streamline customer interactions and drive operational efficiency.
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
The Department of Veteran Affairs (VA) invited Taylor Paschal, Knowledge & Information Management Consultant at Enterprise Knowledge, to speak at a Knowledge Management Lunch and Learn hosted on June 12, 2024. All Office of Administration staff were invited to attend and received professional development credit for participating in the voluntary event.
The objectives of the Lunch and Learn presentation were to:
- Review what KM ‘is’ and ‘isn’t’
- Understand the value of KM and the benefits of engaging
- Define and reflect on your “what’s in it for me?”
- Share actionable ways you can participate in Knowledge - - Capture & Transfer
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
QA or the Highway - Component Testing: Bridging the gap between frontend appl...zjhamm304
These are the slides for the presentation, "Component Testing: Bridging the gap between frontend applications" that was presented at QA or the Highway 2024 in Columbus, OH by Zachary Hamm.
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
"What does it really mean for your system to be available, or how to define w...Fwdays
We will talk about system monitoring from a few different angles. We will start by covering the basics, then discuss SLOs, how to define them, and why understanding the business well is crucial for success in this exercise.
"What does it really mean for your system to be available, or how to define w...
A SECURE ELECTRONIC PAYMENT PROTOCOL FOR WIRELESS MESH NETWORKS
1. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.5, September 2014
A SECURE ELECTRONIC PAYMENT
PROTOCOL FOR WIRELESS MESH
NETWORKS
Helen Cheung and Cungang Yang
Department of Electrical and Computer Engineering
Ryerson University
ABSTRACT
Electronic payment systems for wireless mesh networks need to take into account the limited computational
and communicational ability of mesh clients. Micropayment scheme is well suited for this scenario since it
is specifically designed for efficient operations in payment transactions. In this article, we propose a one
way hash chain structure based on which efficient and secure payment protocols that support both prepaid
and credit-based paying schemes are introduced.
KEYWORDS
multiparty micropayment, payment certificate, hash chain, wireless mesh networks, electronic payment
1. INTRODUCTION
There are a few payment models proposed in the literature [5] [6], which can be classified into
two categories: the traditional payment model and the micropayment model. The example
traditional payment model include the credit card platforms [7] [8] and electric cash platform [9].
The traditional payment models allow only one payment in a transaction, which has been widely
adopted for the electric payment applications. These protocols will be too expensive and time-consuming
when applied to inexpensive transactions because of the transaction charges of card
companies and the computational cost of public-key signature verification. They also place a
heavy burden on the computational and storage capabilities of currently available wireless devices.
Micropayment models are designed to allow frequent transfer of very small amounts, perhaps less
than a cent, in a single transaction, which is considered more efficient than the traditional
payment model. The micropayment models are often adopted for mobile and wireless network
applications [3][4]. In this paper, we focus on micropayment schemes because this category not
only directly addresses the limited resources of mobile communications but also is the most
reasonable option for applying to the light-weight payment scheme by mesh clients in wireless
mesh networks. The following requirements should be addressed when designing a suitable
payment mechanism for mesh networks. First, customers expect a robust, secure, and fair
payment mechanism which can be applied in different wireless networks. Second, the payment
mechanism should be light-weight (i.e. with low computational complexity and low
communication overhead) so that it can be easier run on mobile devices. Third, user anonymity
should be achieved. Finally, a payment mechanism should be of low implementation cost.
In this paper, we integrate a new one-way hash chain and the roaming technology to develop
novel payment schemes for mesh networks. The main goal is to minimize the number of public-key
operations required per payment, using hash operations instead whenever possible. As a
DOI : 10.5121/ijnsa.2014.6501 01
2. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.5, September 2014
rough guide, hash functions are about 100 times faster than RSA signature verification, and about
10,000 times faster than RSA signature generation. The contributions of this work are
summarized as follows: First, the ticket-base approach supporting authentication and secure
billing functionalities makes these two fundamental security operations in mesh networks more
efficient. Second, it proposes a novice user-user payment scheme which provides credits so as to
encourage MCs (mesh clients) to relay packets for other MCs. Third, the payment schemes
support intra-domain roaming. The commutation and communication cost of the billing on intra-domain
2
roaming is more efficient than the cost when a MC logs in.
The remainder of this paper is organized as follow: In section 2, we introduce the effective one-way
hash chain. In section 3, we study ticket-based electronic payment protocol in more details.
Security analysis of the proposed payment protocol is explained in section 4. Section 5
demonstrates the performance analysis. Section 6 discuss the related works. The paper is
concluded in section 7.
2. EFFICIENT ONE-WAY HASH CHAIN
Hash values from a user-generated hash chain can be used as authenticated payment tokens. A
one-way chain (V0 … VN) is a collection of values such that each value Vi (except the last value
VN) is a one-way function of the next value Vi+1. In particular, we have that Vi = H(Vi+1), for 0 i
N. Here, H is a one-way function, and is often selected as a cryptographic hash function. A
drawback of traditional one-way chains is that the verifier has to perform j-i operations to validate
Vj given Vi, which can be expensive if j-i is large. This weakness is solved by the hierarchical
one-way chain that is more efficient.
A hierarchical one-way chain consists of two or more levels of chains, where values of a first-level
(“primary”) chain act as roots of a set of second-level (“secondary”) chains[1]. We refer to
the secondary chain rooted in the ith value of the primary chain as the ith secondary chain. Here,
all the values of the ith secondary chain are released before any of the values of the i + 1st chain
is released; the primary chain value Vi is released in between. In a hierarchical one-way chain, all
end-values need to be authenticated – both that of the primary chain and those of all secondary
chains. The drawback of the hierarchical one-way chain is that the loss of the end value of a
secondary hash chain prevents the verifier to authenticate secondary chain values until the next
value of the primary chain is disclosed.
3. International Journal of Network Security Its Applications (IJNSA), Vol.6, No.5, September 2014
3
Spending order
V0,m V1,m V2,m V3,m VN-1,m VN,m
V1,2 V2,2 V3,2 VN,2
Spending
order
V1,1 V2,1 V3,1 VN,1
V1,0 V2,0 V3,0 VN,0
W0 W1 W2 WN-1
Figure 1. Efficient One-Way Hash Chain
We propose a secure and efficient hierarchy one way chain (see Figure 1) where VN,m is private
information and m, N, V0, m and W0 W1 W2 ...WN-1 are public information. The hash chain is
generated by broker and is assigned to MCs or MRs (mesh routers). Before the start of the
transactions, MC/MR sends the public information m, N, V0, m and W0 W1 W2 ...WN-1 to MR/MC.
Payment token are m+1 elements of the secondary chains. MR/MC authenticates V1, 0 using W0 =
h(V1, 0||V0, m). This authentication ensures the correctness of the token values from the same
hierarchy hash chain. For the following end values of secondary chain, MR/MC can authenticate
them as follows:
Wi = h(Vi+1,0 ||Vi,m) (i0)
where Wi and V0,m are public information and MC/MR may retransmits them periodically. Vn,m is
private information only hold secretly by MC/MR.
The proposed hash chain efficiently authenticates the end-values of the secondary chain at any
moment, without assuming any additional authentication protocols. In the meantime, it does not
have the problem as the approach proposed by Liu and Ning [1].
If a hash chain is not used up, MCs could still use its remaining tokens when roams to a different
MR of the same mesh domain. MCs need to notify new MR the most recent hash value used and
its index in the hash chain.
The advantages of the proposed one-way hash chain are as follows: (1) it voids the long chain of
the one-way hash chain. The hierarchy one way chain allows MC/MR to reduce storage. (2) it
does not need a protocol to authenticate the end values of the hash chain. (3) it is efficient: a
MC/MR who received the authentic values such as V0, m and W0 W1 W2 ...WN-1 can efficiently
authenticate secondary chain in hash chain generated by Vi,0 This approach substantially reduces
the verification overhead for a new MR/MC that needs to catch up to current value of the chain.
4. International Journal of Network Security Its Applications (IJNSA), Vol.6, No.5, September 2014
4
3. TICKET-BASED ELECTRONIC PAYMENT PROTOCOL
A ticket purchased by the MCs from a broker includes the information of the hierarchy hash chain.
The tokens must be spent through its associated MR, who prevents cheating by the MC. Cheating
by the MR itself will be detected after the fact. The payment tokens MR collected can be
efficiently redeemed from the brokers. Unspent tokens can be spent on a different MR to access a
different destination, but utilizing the MRs in the same mesh domain to prevent double spending.
If further accesses are not made, tokens may later be refunded by the issuing broker.
The goal of this research is to design ticket-based protocols that support both secure mutual
authentication and billing. After MC and MR mutually authenticate with each other[2], MCs
access the mesh network and pay for the services through the tokens of the hierarchy hash chain
approach.
The payment protocols support two types of paying schemes: directly buy tokens of hash chain
with the pre-paid scheme and pay later with credit-based scheme. A MC/MR can apply either or
both types of paying schemes from the broker. Normally, a ticket only can be used for one mesh
domain. The billing server of the domain is in charge of controlling the credit limit or the balance
of tickets to avoid MC using a hash token chain more than one time for pre-paid scheme or spent
beyond the credit limit of the credit-based scheme.
• Pre-paid: MC/MR purchase hash chains from brokers before accessing the mesh network.
The chain related information will be added to the MC/MR’s ticket. Broker may issue
multiple pre-paid tickets to a MC.
• Credit-based: the broker assigns a credit limit for MCs. The broker determines the credit
limit for each MC ticket. Broker may issue multiple credit-based tickets to a MC.
However, the total remaining credit limits of all a MC’s tickets must not greater than
his/her credit limit. The broker also determines a credit limit for MRs in a mesh domain.
Credit-related information will be added to MR/MC’s ticket.
For the credit-based scheme, MC/MR pay bills to his/her broker, the broker continues updating
the credit balance of the MC/MR. If the MC/MR has available credit, the broker can generate new
ticket for him/her.
MC can use the same ticket to roam different MRs in the same domain. A MR will inform the
billing server the most recent balance of a MC’s ticket when the MC roams out of its covering
area. The billing server of the mesh domain will update the balance of MC’s ticket afterwards.
Broker will also issue multiple credit-base tickets to MR if the balance of the tickets is within the
limits of the domain’s credit.
Prepaid and credit-based payment approaches need the support of mutual authentication. The MR
authenticates MCs to ensure that the MC is trusted. MC authenticates MR to prevent bogus MRs
asking higher unit token fee to MCs. This mutual authentication is based on the tickets signed by
brokers [2].
A ticket includes the information of credit limit or the balance of MC/MR. The billing server
always checks the balance or credit limit, if the balance or credit is beyond the limit, the billing
server will notify the MR to cut the MC’s service.
In the design of the protocols, the beacon message of a MR should include the information of its
service fee and relaying fee. MCs need to know this public information before roaming to a new
MR or agreeing to provide the relaying service for other MCs.
5. International Journal of Network Security Its Applications (IJNSA), Vol.6, No.5, September 2014
5
We will discuss the ticket-based payment approach for the following two different cases:
(1) Multiple hops between MC and its associated MR
The multiple hops case describes the situation that a MC is at an arbitrary number of hops
away from the MR. The MR that MC associated is defined as the associate MR which is
in charge of authenticating MC, implementing billing protocol with MC and sending the
billing update information to billing server.
Figure 2. Payment Scheme for Multiple Hops between a MC and its Associated MR
In Figure 2, suppose MC is associated with MR1 and both MC and MR1 have bought tickets
separately from their brokers, the procedure of the billing scheme for multiple hops is as follows:
o MC pays MR1 with the tokens which value is the addition of service fee for MR1
and relaying fee for MC1, MC2 and MC3
o MR1 pays tokens for relaying fees of MC1, MC2 and MC3 on behalf of MC
o MR1 collects the tokens from MC and submit them to the billing server
o Billing server get the fund from MC’s broker
o MC1, MC2 and MC3 collects the tokens from MR1 and get the fund from MR1’s
broker
(2) One hop between a MC and its associated MR
It is a special case of multiple hops. If a MC can reach the MR directly, the general
procedure of the billing process is as follows:
o MC pays tokens to MR1. MR1 collects the tokens and submits to the billing
server
o Billing server get the fund from MC’s broker
Figure 3. Payment Scheme for One Hop between a MC and MR1
3.1 Payment Hash Chain
Tokens are fundamental component of the payment hash chain. In the prepaid scheme, MC/MR
needs to pay first to purchase payment hash chain from brokers. Brokers also need to assign
payment hash chains for MC/MR in the credit-based approach and send bill to redeem from
MR/MC later.
To avoid double spend of a hash chain, each chain only can be used for one mesh domain. MC
needs to prepare different chains for different domains. In the meantime, a MC/MR could also
hold multiple hash chains for a single domain.
6. International Journal of Network Security Its Applications (IJNSA), Vol.6, No.5, September 2014
Two types of payment hash chains are designed: one for MCs and the other is for MRs. MC’s
hash chain pays tokens to MR it associates. MR’s hash chain pays relaying MCs on the route.
6
The format of purchase hash chain for MC:
PMC: IDpmc, W0 W1 W2 ...WN-1, V0,m, m, N, MC, Date, Domain, Value, Ticket Credit
IDpmc: id of the hash chain
W0 W1 W2 ...WN-1, V0,m, m, N: public information of hierarchical hash chain
Domain: the only domain that the hash chain could be used.
MC: id of the MC
Date: the expiry date that the ticket is to be expired
Value/Credit: the purchased value or credit limit of the chain
Billing server keeps the record of the PMC and continues to update the balance/credit of the MC
whenever he/she logs in or roams in the same mesh domain. If there is no balance or credit, the
billing server requests MC to provide a new ticket or ask MR to directly cut off the service. Each
payment hash chain only can be used in a specific domain. The payment chain of MC is added to
its ticket which will be signed by the MC’s broker.
The format of purchase hash chain for MR:
PMR: IDpmr, W0 W1 W2 ...WN-1, V0,m, m, N, Domain, MR, Credit/Value, Date
IDpmr: id of the hash chain
W0 W1 W2 ...WN-1, V0,m, m, N: public information of hierarchical hash chain
Domain: the only domain that the hash chain could be used.
MR: id of the MR
Date: the date that the ticket is to be expired
Value/Credit: the purchased value or credit limit of the chain
Purchase hash chain is a part of MR’s ticket [2] which will be signed by the broker.
3.2 Billing Protocol
3.2.1 Login Billing Protocol for Multiple Hops
If a MC cannot directly reach MR, their communication could be relayed by other MCs. To
encourage MCs to support packet relaying for others, a relaying fee is provided as a bonus. MR
prepares a contract in which each relaying MC need to add its MAC. These MAC values prove
that these MCs are on the route of the traffic and have provided the relaying service and therefore
should receive the bonus. Moreover, MC prepares a contract for its associated MR. MC’s contract
proves to broker that MR provides service and therefore redeem the tokens of the MC.
The contract issued by MC:
MC, MR, Pstart, Unit Fee, PMC, Brokerid
MC: ID of MC
MR: ID of MR
Unit fee: unit fee for each token
Pstart: start index of the MR’s hash chain
PMC: payment chain
7. International Journal of Network Security Its Applications (IJNSA), Vol.6, No.5, September 2014
7
Brokerid: ID of the broker
The contract issued by MR:
MR, Pstart, Fee of Relay, PMR, Brokerid, MACs
MR: ID of the MR who issues the contract and distributes it to relaying MCs.
Pstart: start index of the MR’s hash chain
MACs: MACs generated by relaying MCs and adds to the contract
The detail of the login billing protocol shown in figure 4 is as follows:
o From the beacon message, MC knows the service and relaying fee of its associated MR.
MC and MR mutual authenticate each other by exchanging their tickets. MR checks the
domain of the purchase hash chain from the MC’s ticket and then transfers it to the billing
server.
o The billing server checks if the MC has ever visited the domain and the balance or
remaining credit of his/her ticket. The billing server will notify MR the index where the
hash chain should be started if the payment chain has balance or credit. The billing server
records index of MC’s hash chain when the last time he/she visits the domain. If the MC
is new to the domain, the index value should be the beginning of the MC’s hash chain.
o The MR will then inform the MC the unit fee of a token. If MC agrees with this, it
generates a contract which includes the unit fee and index information. MC signs the
contract and send it back to MR. MR verify the contract and keep it for his future redeem
from broker.
o MR generates a contract and distributes it to all relaying MCs on the route. All relaying
MCs will add its MAC to the contract. Each MAC key is shared by MC and the broker.
MR signs the contract and sends it to all the relaying MCs.
o MC starts and keeps releasing hash tokens from the start index. Each token will be
verified by MR. MR also releases tokens from its hash chain that will be verified by all
relaying MCs on the route. If the relaying MC cannot receive the token of the MR as the
bonus of the relaying service, it will stop to provide the relaying service.
The protocol is briefly shown as follows:
Exchange Ticket with Payment Chain Check balance/Credit
Unit fee and current hash value and inde x index and current hash value of the hash
chain
Temporary ticket and the encrypted MAC
key with MC’s public key
unit fee, index and current hash value with MAC value
MC generates contract, sign it. MR1 verify it
MR1 generates the contract and send securely to all relaying MCs
The contract is added with the MAC generated with shared key between neighbours
8. International Journal of Network Security Its Applications (IJNSA), Vol.6, No.5, September 2014
Each relaying MC verify it and add a MAC (generated with the key shared with
8
broker)
With the same hop-by hop approach, the contract is sent back to MR1
MR1 sign the final contract and distribute to all relaying MCs
The first token is submitted from MC and verified by MR1
MR1 sends first token to relaying MCs and relaying MCs verify the tokens
The second token is submitted from MC and verified by MR1
MR1 sends second token to relaying MCs and relaying MCs verify the tokens
......
The m token is submitted from MC and verified by MR1
MR1 sends m token to relaying MCs and relaying MCs verify the tokens
MC contract, current index and the last hash value of the hash chain
used
Figure 4. login billing protocol for multiple hops
In the case that the topology changes, for example relaying MCs moves out of the route, MR will
ask new joined MCs to sign a new contract with the most recent index of MR’s hash chain.
3.2.2 Login Billing Protocol for One-hop
The login protocol for one hop shown in figure 5 is a special case of the protocol of multiple
hops. The general procedural of the protocol for one hop is as follows:
o MC and MR mutual authenticate each other by exchanging their tickets. MR verifies the
domain of the payment chain in the ticket and transfers the ticket to the billing server.
o The billing server verifies if MC has visited the domain before and checks his/her balance
or remaining credit. The billing server will notify MR the index where the hash chain
should be started if the payment chain has balance or credit. The billing server records the
hash chain information whenever MC roams leaves the domain. If the MC is new to the
domain, the index should be the beginning of the hash chain.
o The MR informs the MC his/her balance, unit token fee, and start index of the token. If
MC agree with the information from MR, it generates a contract and send to MR1
o MC starts and keeps releasing hash tokens from the start index. Each token will be
verified by MR.
Exchange Ticket with
Payment Chain Check balance/Credit of the MC
9. International Journal of Network Security Its Applications (IJNSA), Vol.6, No.5, September 2014
9
Unit fee and current hash value and index index and current hash value of the hash chain
Temporary ticket and the encrypted MAC
key with MC’s public key
Encrypt unit fee and current hash value and
index with the MAC key
MC generates contract, sign it. MR1 verify it
The first token is submitted from MC and verified by MR1
The second token is submitted from MC and verified by MR1
......
The m token is submitted from MC and verified by MR1
MC contract, current index and the last hash value of the hash chain used
Figure 5. Login Billing Protocol for One-hop
3.3 Billing Issues During Intra-domain Roaming
When a MC roams, for example, from MR1 to MR2 of the same domain in the mesh network,
MR1 needs to securely forward the MC’s MAC key and the balance/credit of MC to MR2. MC2
monitor the balance of MC and will stop the service once the balance is used up. In the mean
time, MR1 submits MC’s contract, balance of the contract, the collected tokens from MC and the
record of delivered tokens to the billing server. Billing server will verify this message and update
the MC’s balance. Billing server collects these information for fund redeem from the broker.
Since the new balance of MC is securely forwarded from MR1, MR2 does not need to recheck the
balance of the MC from the billing server. Also, the index of the current token chain of MC’s is
also forwarded from MR1 to MR2. For the case of one-hop, only MC1 generates contract. For the
case of multiple hops, MR2 will create the contracts according to new start index and the balance
forwarded from MR1. If no balance value and contract are forwarded, MR2 will implement the
login process as indicated in section 3.2.1.
The Intra-domain Billing Protocol for One-hop shown in figure 6 is as follows:
MC show temporary ticket
unit fee and index with the MAC key
10. International Journal of Network Security Its Applications (IJNSA), Vol.6, No.5, September 2014
10
MC generates contract, sign it. MR2 verify it
The first token is submitted from MC and verified by MR2
The second token is submitted from MC and verified by MR2
......
The m token is submitted from MC and verified by MR2
MC contract, current index and the last hash value of the hash chain used
Figure 6. Intra-domain Billing Protocol for One-hop
The Intra-domain Billing Protocol for Multiple Hop shown in figure 7 is as follows:
Temporary Ticket
Unit fee, index with MAC
MC generates contract, sign it. MR2 verify it
MR2 generates the contract and send securely to all relaying MCs
The contract is added with the MAC generated with shared key between neighbours
Each relaying MC verify it and add a MAC (generated with the key shared with
broker)
With the same hop-by-hop approach, the contract is sent back to MR2
MR2 sign the final contract and distribute to all relaying MCs
The first token is submitted from MC and verified by MR2
MR2 sends first token to relaying MCs and relaying MCs verify the tokens
The second token is submitted from MC and verified by MR2
MR2 sends second token to relaying MCs and relaying MCs verify the tokens
......
The m token is submitted from MC and verified by MR2
MR2 sends m token to relaying MCs and relaying MCs verify the tokens
MC contract, current index and the last hash value of the hash chain
used
11. International Journal of Network Security Its Applications (IJNSA), Vol.6, No.5, September 2014
11
Figure 7. Intra-domain Billing Protocol for Multiple Hop
Comparing with login billing protocols, the intra-domain billing schemes have one more
advantage: when perform intra-domain roam, MR2 doesn’t need to perform signature verification
for authentication and billing procedure. Symmetric key encryption is employed for securely
transfer the balance and start index of MC1 between MR1 and MR2.
Since the authentication and the billing information are in the same ticket, very limited expensive
signature verifications are required for both authentication and billing procedure between MC and
MR. Once the MC passed the authentication and its hash chain balance/credit is available, it will
be more efficient for MC to perform intra-domain roam in mesh networks.
3.4 Fee Clearance
MRs always needs to submit MC’s contracts and his/her current index to the billing server.
Periodically, after collecting this information from all MRs in the same domain, the billing server
transfers it to the broker for fund redeeming. The broker verifies MC’s signature and ensure that
MC should pay the MRs. The amount is calculated according to the number of hashed tokens
received and the unit token fee identified in the MC’s contract.
On the other hand, contract generated by MR proves which relaying MCs are involved in the
relaying process and should receive the relaying fee from the MR. Relaying MC submits the
contract the MR signed and the most current index of MR’s hash chain. Broker verifies the
contract and calculates the fund based on the current index and unit relaying fee described in the
MR’s contract.
4. SECURITY ANALYSIS
There are a few useful features of the proposed payment scheme including the avoidance of
overspending and double spending, the fairness, the user anonymity, and privacy. The proposed
scheme meets the security requirements of mesh networks and is secure against various attacks.
(1) Outsider attack: An attacker cannot obtain value during a payment chain purchase from a
broker. The ticket signed by broker can be obtained by an eavesdropper. However, the
attacker cannot generate token because the secret information Vn,m of the hash chains is
not known by the outside attackers. Also an attacker cannot redeem value even if all
payment messages are observed. MC or MR will not release tokens until a contract has
been received. The contracts indicate the MCs or MR who can redeem the tokens and the
unit fee of each token. Redeeming relaying MCs or MR must authenticate themselves
using a signature to broker. The outsider attacker cannot redeem without the correct
signature for authentication. An attacker cannot impersonate a valid MC or MR. A valid
MR or MC holds a public key certificate. With the support of bop by hop authentication
between neighbours, even if the outsider attacker can get the certificate, he will be
identified in the contract and will be detected by its neighbours. The attacker-signed
pricing contract is also a proof of fraud.
(2) MC attacks: for pre-paid scheme, the MC cannot spend more than the total value of a
hash chain in the ticket. The billing server will track the balance of the MC’s ticket and
prevent the hash value being exceeded. For credit-based scheme, the MC cannot spend
more than the limit credit from the broker. For each credit-based ticket, each ticket is
specific design for a domain. The billing server of the domain will monitor the balance of
the ticket and ensure the credit will not be exceeded. The broker will issue new tickets for
MCs only if the credit balance of the MC is still within the limit credit of the MC.
12. International Journal of Network Security Its Applications (IJNSA), Vol.6, No.5, September 2014
Moreover, a MC cannot double spend a hash chain of a ticket. A ticket with a payment
hash chain must be spent through MRs of the specific domain that defined for the hash
chain. The billing server will track the balance of the hash chain and will not allow hash
chain to be double spent. Furthermore, anonymity is provided: MC use tickets which
including the hash chains for the billing purpose. The tickets issued by broker only
include the ID of the user. The real identity only known by broker. The mesh network
cannot know the real identity of customers.
(3) Relaying MC Fraud: the relaying MC cannot obtain more than paid by MR. The value of
the payment to a relaying MC is specified in the MR’s contract. The broker will use the
contract and number of tokens the relaying obtained by the relaying MC to calculate how
much is owned by MR. To increase the value per token requires contract to be modified,
which is not possible without forging signature. A relaying MC cannot obtain values
belongs to another relaying MC. All relaying MCs redeem the same tokens. To obtain
other relaying MC’s value also requires the forged digital signature. Moreover, contract
cannot be replayed without detection. A relaying MC may try to replay an old contract
issued by MR and submit to broker for redeem. The TID in the contract is a random
number that ensure an old contract cannot be replayed.
(4) MR Fraud: payment chain overspending by the MR can be detected. The broker records
the total amount redeemed against a payment chain. When more than the total value
spent, it will be detected by the broker.
12
5. PERFORMANCE ANALYSIS
In this section, we compare the computation and communication costs of MC and MR when login
and intra-domain payment protocol are carried out. We consider two scenarios: one hop and
multiple hops. Only billing-related computation and communication costs are considered. The
authentication messages of the protocols are not included and the costs of acknowledgement
messages are ignored.
When considering the communication cost of a payment scheme, the size, length, and number of
messages sent between parties must be calculated. When paying for the volume of traffic
transported, or if making frequent payments, the signalling overhead, due to payment process
should be kept small relative to the payload sent. If payment is made to or from a mobile device
over an air interface, with limited or scarce bandwidth, the volume of payment messages should
also be minimized.
We use the numbers in table 1 as the size of the basic micropayment constructions. Since the
chain length will not exceed 216, thus m is 1 byte and n is 1 byte.
Table 1
Object Size (bytes)
Hierarchical hash chain 18+16*N (N: depth of the chain)
MC Ticket 232
MC contract 15
MR contract (initial) 27
MR contract (final) 36 + 16*S (S: # of relaying MCs)
MC payment hash chain 27 + 16*N (N: depth of the chain)
MR payment hash chain 27 + 16*N (N: depth of the chain)
We use the numbers in table 2 as the size and speed of the cryptographic algorithms.
Table 2
13. International Journal of Network Security Its Applications (IJNSA), Vol.6, No.5, September 2014
13
Cryptographic algorithm Size (bytes) Speed (ms)
ECC signature generation 46.4
MD5 hash function 16 0.009
ECC signature verification 92.4
MAC 16 0.015
The computation cost comparisons of login and intra-domain handover in case of one hop are
shown in figure 8 and 9.
m=0 m = 10 m=100 m=500
Figure 8 Computation Cost
MC login
MC Intra
MR login
MR Intra
m = 10 m=100 m=500
MC login
MC Intra
MR login
MR Intra
Figure 9. Average Computing Cost Per Payment
120
100
80
60
40
20
0
10
9
8
7
6
5
4
3
2
1
0
We find that the computation cost of MC is about 50% of that of MR. Login and Intra-domain is
almost same for MCs or MRs. In addition, the communication cost for token contribution is low
and the average computation and communication cost prepayment is reduced dramatically with
the increase number of payments. This scheme is optimized for repeated payments to the same
vendor.
The comparisons of communication bandwidth used for login and intra-domain handover in case
of one hop are shown in figure 10 and 11.
14. International Journal of Network Security Its A
pplications m=10 m=50
MC-MR (login)
MR-BS (login)
MC-MR(Intra)
MR-BS(Intra)
Figure 10. Communication Bandwidth Used
m=10 m=50
MC-MR (login)
MR-BS (login)
MC-MR(Intra)
MR-BS(Intra)
Figure 11. Average Communication Bandwidth Per Payment
900
800
700
600
500
400
300
200
100
300
250
200
150
100
50
If we don’t consider hash component (m=0), the bandwidth used by intra
less than login protocol of one hop
and intra-domain will gradually become close since the weight of hash will comprise la
the bandwidth of the communication
The computation and communication
hops (the number of hops is 2) are shown in figure
m = 10 m=100 m=500
Figure 1
0
m=0
0
m=0
120
100
80
60
40
20
0
m=0
Applications (IJNSA), Vol.6, No.5, September 2014
intra-domain of one hop is
hop. However, with the addition of hashes, the bandwidth of login
communication.
cost of login and intra-domain handover in case of multiple
12 and 13.
MC login
MC Intra
MR login
MR Intra
Relay MC
12: Computation cost (number of hops is 2)
14
ith large part of
15. International Journal of Network Security Its Applications (IJNSA), Vol.6, No.5, September 2014
15
1000
900
800
700
600
500
400
300
200
100
0
m=0 m=10 m=50
MC-MR (login)
MR-BS (login)
MR-RMC(login)
MC-MR(Intra)
MR-BS(Intra)
MR-RMC (Intra)
Figure 13. Communication cost (number of hops is 2)
We find that the computation costs of login and Intra-domain of MC-MR are very close. The
computation costs of login and Intra-domain of MC-RMC are very close. In addition, the
computation cost of a relaying MC is almost the same as the computation cost of MR.
For multiple hops mesh networks, with a specific number of hops, the communication cost for
login and intra-domain of MC-MR is very close. The communication cost for login and intra-domain
of MR-RMC is also very close. However, the MR-BS for intra-domain is less than that of
the login.
m=0 m=10 m=50
MC-MR (login)
MR-BS (login)
MR-RMC(log)
MC-MR(Intra)
MR-BS(Intra)
MR-RMC (Intra)
Figure 14. Communication cost (number of hops is 5)
1200
1000
800
600
400
200
0
If the number of hops is increase from 2 to 5 (see figure 14), with the increase number of hops,
we find that only the MR-RMC communication cost is increased, but others are not affected.
6. RELATED WORK
In this section, we compare our proposal with other micropayment schemes. PayWord[6] is a
credit-based scheme. Since the hash chain is generated by the user, there is no control of the
credit that the user could have. In our approach, a credit limit has been assigned to each ticket by
the broker to control of credit of MCs. S. M. Yen [11] is a prepaid payment scheme. Each
customer should buy bank tokens in advance which are used to buy merchant. The MicroMint[6]
has double-spending problem. A user may use the same coin to pay two different vendors and the
vendors cannot find it until they check with broker. To overcome this problem, the MicroMint
scheme needs to trace all the users who purchased the coins. (The vendor need to know the users
too so that he can demonstrate who spent those coins). As a result, this schema is not anonymous
any more.
16. International Journal of Network Security Its Applications (IJNSA), Vol.6, No.5, September 2014
Zhang proposed a billing scheme for wireless mesh networks[13]. In the protocol scheme, client
and mesh router authenticates each-other and the client has to pay for the services for all the
involved entities. The serving mesh router provides network access and backhaul internet service.
Brokers are responsible for micropayment aggregation among the entities. The scheme comprises
two phases as entity authentication and billing. In the billing scheme, the commitment of payment
structure is user-router specific thus there is no chance of double-spending and double-redemption.
The good feature of the billing scheme is that new signed commitment of payment
structures is not required after route change in ad-hoc network portion as all the relay nodes are
paid by the associated router. The usage of payment structures only one payment chain in
generated but in total multiple chains are used which will reduced the payment chain storage cost
and computation cost of next payment hash generation. However, the scheme is vulnerable to
security risk from the payment chain. The unspent portion of the payment hashes may be claimed
by corrupt routers by changing the payment hash as authenticated hashes are known to him or
user may deny his last payment chain.
Netbill[12] offers a number of advanced features. However, it is relatively expensive: digital
signatures are heavily used. This scheme will not be suitable to be applied to mesh networks.
Yang[10][11] applied symmetric-key cryptography instead that is more efficient than the public
key cryptography and is more suitable for mobile devices. Unfortunately, the symmetric key
cryptography requires more frequent key establishments and updates to prevent the shared key
from being comprised. In our proposed billing scheme, the authentication and billing approach
only use one digital signature and some hash chains. Since the authentication protocol
authenticates mesh clients that are not known beforehand by MR, only symmetric key
cryptography cannot realize the mutual authentication task. However, we have already minimized
the number of the digital signatures in this proposed billing approach. In summary, the related
works are not suitable for the security requirements of mesh networks which have been indicated
in section 1.
16
7. CONCLUSION
In this paper, we propose the novice billing scheme for login and intra-domain for wireless mesh
networks. The security analysis shows that the protocol is resilient to various kinds of attacks.
The performance analysis proves that the intra-domain billing scheme is more efficient when
compared with login billing approach.
REFERENCES
[1] Donggang Liu and Peng Ning, Efficient distribution of key chain commitments for broadcast
authentication in distributed sensor networks. In Network and Districuted System Security
Symposium, NDSS 2003, pp. 263-276, 2003.
[2] Celia Li and Uyen Trang Nguyen, Trust-based Secure Authentication for Wireless Mesh Networks.
[3] Phone Lin and Hung-yueh Chen, A secure mobile electronic payment architecture platform for
wireless mobile networks IEEE Transactions on Wireless Communications, Vol. 7, No. 7, pp. 2705 –
2713, July 2008.
[4] DongGook Park, Colin Boyd and Ed Dawson, Micropayments for Wireless Communications, Lecture
Notes in Computer Science, Vol. 2015/2001, pp. 192-205.
[5] N. Asokan and P.A. Janson, “The state of the art in electric payment systems,” IEEE Computer,
Vol.30, No.9, Oct, 1998.
[6] R.L. Rivest and A. Shamir, PayWord and MicroMint: Two simple micropayment schemes, Proc. of
Security Protocols Workshop, Lecture Notes in Computer Science, Vol.1189, Springer Verlag, pp.69-
87, 1997.
[7] M. Bellare, J. Garay and R. Hauser, “Design, implementation and deployment of a secure account-based
electronic payment system”, IEEE J. Select. Areas Commun., Vol.18, pp. 611-627, Apr. 2000.
17. International Journal of Network Security Its Applications (IJNSA), Vol.6, No.5, September 2014
[8] Mastercard and Visa, SET Secure Electronic Transactions Protocol, version 1.0 edition.
[9] F. Medvinsky and B. Neuman, “NetCash: a design for practical electronic currency on the Internet”,
17
in Proc. First ACM Conference on Computer and Communication Security, pp. 102-106, 1993.
[10] Z. Yang, W. Lang, and Y. Tan., “A new fair micropayment system based on hash chain.”, in Proc.
IEEE International Conference on e-Technology, e-Commerce and e-Service, pp 139-145, 2004.
[11] S. M. Yen, “PayFair: a prepaid Internet micropayment scheme ensuring customer fairness,” in Proc.
IEE Computers and Digital Techniques, Vol. 148, No. 6, pp.207-213, Nov. 2001.
[12] The NetBill Electronic Commerce Project, 1995.
[13] Y. Zhang and Y. Fang, “A secure authentication and billing architecture for wireless mesh networks”,
Wireless Networks, vo. 13, no.5, pp. 663-678, 2007.
APPENDIX A: PERFORMANCE CALCULATION
When considering the communication cost of a payment scheme, the size, length, and number of
messages sent between parties must be calculated. When paying for the volume of traffic
transported, or if making frequent payments, the signalling overhead, due to payment process
should be kept small relative to the payload sent. If payment is made to or from a mobile device
over an air interface, with limited or scarce bandwidth, the volume of payment messages should
also be minimized.
(1) MC Ticket:
TicketMC = MC, Brokerid, Date, PubMC, PMC, SigBroker
(2 bytes) MC: the identifier number of the MC
(2 byte) Brokerid: the identifier number of the broker who issue this ticket
(3 bytes) Date: the expire date and time of the ticket
(20 bytes) PubMC: the public key of the MC
(20 bytes) Sigbroker: the signature signed by the private key of the broker
PMC: IDpmc, W0 W1 W2 ...WN-1, V0,m, m, N, Domain, Value, Ticket Credit
(4 bytes) IDpmc: id of the hash chain
(1 byte) Domain: the only domain that the hash chain could be used.
(2 bytes) Value: the purchased value of the chain for the pre-paid approach.
(2 bytes) Ticket Credit: the credit limit for the ticket.
(160 bytes) W0.... WN-1: 16 bytes * N
(16 bytes) V0,m
(1 bytes) m
(1 bytes) N
Public key of ECC: 20 byte (160bits) key is similar as 128 bytes RSA
MD5 hash and MAC size: 16 bytes
Chain length will not exceed 216, thus m is 1 byte and n is 1 byte.
Size of the MC Ticket: 72 bytes + 16 N bytes = 232 bytes
To control the size of the ticket, we assume N=10. The number of tokens depends on the number
of m.
(2) Hash size: 16 bytes
(3) MC contract
IDpmc, MC, MR, Pstart, Unit Fee, Brokerid
(2 bytes) MC: ID of MC
(2 bytes) MR: ID of MR
18. International Journal of Network Security Its Applications (IJNSA), Vol.6, No.5, September 2014
18
(1 byte) Unit fee: unit fee for each token
(4 bytes) Pstart: start index of the MR’s hash chain
(2 bytes) Brokerid: ID of the broker
(4 bytes) IDpmc
Size of MC contract: 15 bytes
(4) unit fee, index and current hash value with MAC value
1 byte + 4 bytes + 16 bytes + 16 byte = 37 bytes
(5) Current index and the last hash value of the hash chain used (MR send to billing server)
MC contract + 4 bytes + 16 bytes = 15 bytes +4 bytes + 16 bytes = 35 bytes
(6) MR initial contract
MR, Pstart, Fee of Relay, IDpmr, Brokerid, MAC
(2 bytes) MR: ID of MR who issues the contract and distributes it to relaying MCs.
(4 bytes) Pstart: start index of the MR’s hash chain
(16 bytes) MAC
(4 bytes) IDpmr
(1 byte) fee of relay
Size of MR original contract: 27 bytes
(7) PMR: IDpmr, W0 W1 W2 ...WN-1, V0,m, m, N, Domain, MR, Credit/Value, Expiry Date
(4 bytes) ID: id of the hash chain
(1 byte) Domain: the only domain that the hash chain could be used.
(2 bytes) Value: the purchased value of the chain for the pre-paid approach.
(2 bytes) Credit of the ticket: the credit limit for the ticket.
(160 bytes) W0 W1 W2 ...WN-1: 16*N bytes
V0,m: 16 bytes
m: 1 byte
N: 1 byte
Size of PMR: 187bytes
(8) MR final contract
MR, Pstart, Fee of Relay, IDpmr, Brokerid, MACs, Sig
(2 bytes) MR: ID of MR who issues the contract and distributes it to relaying MCs.
(4 bytes) Pstart: start index of the MR’s hash chain
(16 bytes*S) MACs: each relaying MC adds its MAC to the contract
(4 bytes) IDpmr
(1 byte) Fee of Relay
(1 byte) Brokerid
(20 bytes) Sig
Size of MR final contract: 36 + 16*S
One-hop login
MC:
Computation: 1 MAC + Siggeneration + m hash
Computation cost: 0.015 + 46.4 + 0.009*m = 46.415 + 0.009m
ECC signature reference: generation: 46.4ms, verify: 92.4ms
19. International Journal of Network Security Its Applications (IJNSA), Vol.6, No.5, September 2014
19
MR:
Computation: 1 MAC + Sigverify + m hash
Computation cost: 0.015 + 92.4 + 0.009*m = 92.415 + 0.009m
Communication:
MC-MR: unit fee, index and current hash value with MAC value (37bytes) + MC contract
+
m hash (15 bytes + 16m = 15 + 16m)
Bandwidth: 52 + 16m
MR-BS: MC Ticket 232 bytes + Current index and its hash value of the hash chain used
(35 bytes)
Bandwidth: 267 bytes
Multiple-hop login
MC:
Computation: 1 MAC + Siggeneration + m hash
Computation cost: 0.015 + 46.4 + 0.009m = 46.415 + 0.009m
MR:
Computation: 1 MAC + Sigverify + 1 MAC +1 MAC + Siggeneration+m hash +m hash + 1
MAC
Computation cost: 0.015 + 92.4 + 0.03 + 46.4 + 2*0.009m + 0.015 = 138.86 + 0.018m
Relaying MC (with authentication, use this for the combined paper of authentication and billing)
Computation: 2MAC + 2 MAC + m hash + m hash +Sigverify
Computation cost: 4*0.015 + 2*0.009*m + 92.4 = 92.46 + 0.018m
Communication:
MC-MR: MC contract + m hash (15 + 16m) + unit fee, index and current hash
value with MAC value (37)
Bandwidth: 52 + 16m
MR-BS: Ticket size (MR sends to billing server) 232 + Current index and its hash value of the
hash chain used Communication cost (35)
Bandwidth: 267
MR-RMC: 2 * initial contract + the final contract (2 * 63 + 16*S) + m hash (16m)
Bandwidth: 126 + 16S +16m
One-hop Intra-domain:
MC:
Computation: 1 MAC + Siggeneration + m hash
Computation cost: 0.015 + 46.4 + 0.009 * m = 46.415 + 0.009m
MR:
Computation: 1 MAC + Sigverify + m hash
Computation cost: 0.015 + 92.4 + 0.009*m = 92.415 + 0.009m
Communication:
MC-MR: unit fee and index with the MAC key (37 bytes) + MC contract + m hash (15 + 16 *
m)
Bandwidth: 52 + 16m
MR-BS: Current index and its hash value of the hash chain used (35 bytes)
20. International Journal of Network Security Its Applications (IJNSA), Vol.6, No.5, September 2014
20
Bandwidth: 35 bytes
Multiple-hop Intra-domain:
MC
Computation: 1 MAC + Siggeneration + m hash
Computation cost: 0.015 + 46.4 + 0.009 * m = 46.415 + 0.009m
MR
Computation: 1 MAC + 1 Sigverify + 1 MAC + Siggeneration + m hash +m hash + 1 MAC
Computation cost: 0.015 + 92.4 + 0.015 + 46.4 + 2 * 0.009 * m + 0.015 = 138.845 +
0.018m
Relaying MC:
Computation: 2 MAC + 1 MAC + Sigverify + m hash
Computation cost: 3 * 0.015 + 92.4 + 0.009 * m = 92.445 + 0.009m
Communication:
MC-MR: MC contract + m hash (15 + 16 * m) + Unit fee, index with MAC (37) +
Bandwidth: 52 + 16m
MR-BS: current index and its hash value of the hash chain used (35)
Bandwidth: 35
MR-RMC: 2 * initial contract + final contract (2 * 63 + 16 * S) + m hash (16m)
Bandwidth: 126 + 16S + 16m
To control the size of the MR final contract, we assume the number of relaying MCs is at most 5.
MC software control that when is asked to join the relay service, it should be not moving or move
at slow speed.
Appendix B: one-way chain
For setup of the one-way chain, the generator chooses at random the root or seed of the chain, i.e.,
the value VN, and derives all previous values Vi by iteratively applying the hash function H.
The value V0, which we refer to as the end-value, is normally made public, and potentially
linked to the identity of the user possessing the corresponding root value.
An example of a standard hash chain:
Hash values from a user-generated hash chain can be used as authenticated payment tokens.
21. International Journal of Network Security Its Applications (IJNSA), Vol.6, No.5, September 2014
On the first payment to a new vendor, the user signs a commitment to that vendor with a new
hash chain. By including the vendor identity in the commitment, the vendor is linked to the chain,
preventing it being redeemed by other vendors. For each micropayment, the user releases the next
payment hash, the pre-image of the current value, to the vendor. Since the hash function is one-way,
only the user could have generated this value, and knowledge of it can constitute proof of
payment. In essence, the hash chain links the correctness of the current payment to the validity of
previous payments. Each hash value is worth the same amount, which can be specified in the
commitment. A payment of m units is made by releasing the single hash which is the mth pre-image
21
of the current hash in the chain. The vendor only needs to apply m hashes to verify it.
A broker, or trusted third party, is introduced to aggregate micropayments to many different
vendors. Actual monetary value is claimed by redeeming the highest spent hash token, along with
the commitment, at a broker with whom the user has an account.
By using a hash chain, the computational cost of a payment is now a single hashing operation for
the vendor, after the initial single digital signature verification for a new chain. Where a user
spends n hashes from a chain to make z payments at the vendor the average cost per payment is (n
hashes + 1 signature)/z. Thus, in the worst case, where a user only ever makes a single purchase
from a vendor, the cost is similar to the public key schemes. Therefore, as with the majority of
micropayment systems, the scheme is optimized for repeated payments to the same vendor.
One-way Chain Advantages and Disadvantages
Traditional one-way chains have many advantages. First of all, given only a trusted value Vi of
the chain, it is intractable to find a value Vj , where j i, such that Hj-i(Vj ) = Vi (assuming that H
is a secure one-way function and that the output of H is sufficiently large, we further discuss the
security of one-way chains below). However, it is easy to assess the validity of a value Vj, where
j i, by verifying that Hj-i(Vj ) = Vi .
Hierarchical One-Way Chains
A hierarchical one-way chain consists of two or more levels of chains, where values of a first-level
(“primary”) chain act as roots of a set of second-level (“secondary”) chains. We refer to the
secondary chain rooted in the ith value of the primary chain as the ith secondary chain. Here, all
the values of the ith secondary chain are released before any of the values of the i + 1st chain is
released; the primary chain value Vi is released in between.
22. International Journal of Network Security Its Applications (IJNSA), Vol.6, No.5, September 2014
Different one-way functions may be used for primary and secondary chains, with the aim of
lowering the communication costs. To set up the hierarchical chain, the generator picks VN at
random and computes the primary chain VN-1…V0. The generator computes the secondary chain
on the fly. A clear advantage is the very efficient setup, as only N/K operations are needed to
compute V0, where K is the length of the secondary chain.
To use this one-way chain, the generator traverses all the secondary chains in sequence (e.g., v00,
v01, v02, v20 …vN0, vN1, vN2) and discloses the values of the primary one-way chain when possible.
A disadvantage of the hierarchical chain is the authentication of end-values of secondary chain.
This hierarchical chain was proposed by Liu and Ning [1]. Liu and Ning propose to use the
TESLA authentication protocol using the primary chain to authenticate the end-values of the
secondary chain. This approach has the shortcoming that the hierarchical chain can only be used
in conjunction with the TESLA authentication protocol, as they propose to authenticate the end-values
of the secondary chain with the TESLA authentication protocol using the primary chain.
The disadvantage of that approach is that the loss of the authentication message prevents the
verifier to authenticate secondary chain values until the next value of the primary chain is
disclosed. Another shortcoming of their approach is that the authentication is staged, as the
generator can only send authentication values at transitions of the primary chain. The tradeoff is
clear, on one hand we would like to have infrequent transitions in the primary chain, but on the
other hand we prefer a short authentication delay.
Note that the all end-values need to be authenticated - both that of the primary chain and those of
all secondary chains. The authentication mechanism by Liu and Ning has several shortcomings.
To overcome these shortcomings, we propose the hash chain scheme enabling efficient
authentication of the end-values of the secondary chain at any moment, without assuming any
additional authentication protocols.
The problem of hierarchical one-way chain is that if the commitment to the end-value of the
secondary chain is lost (for example, if V20 is lost, the verifier must wait for the disclose of V3
before authenticate the whole chain of V2), the verifier has to wait until the generating value of
the secondary chain (i.e., the value of the primary chain) is disclosed.
22