Consideration of a Mobile Payment System using Endorsement in MANETs for a Disaster Area
1. Consideration of a Mobile Payment System using
Endorsement in MANETs for a Disaster Area
Ojetunde Babatunde
Nara Institute of Science and Technology
Division of Foundations of Software
2. Introduction (1/2)
One of the major
problems in disaster areas
People have no cash at hand to buy necessary
amenities
2
3. Introduction (2/2)
Due to non-availability of network infrastructure
People have no access to
Their bank account
Electronic transaction
An infrastructureless Payment System is required
3
4. Many researches are conducted on Mobile Payment Systems
Related Work on Payment System
Online service1
Computation overhead1
Privacy of users1
Compensate users2
Work without third party
vendor2
[1] Hu, Z., Liu, Y., Hu, X., and Li, J.: Anonymous
Micropayments Authentication (AMA) in Mobile Data
Network, IEEE INFOCOM 2004, Twenty-third Annual
Joint Conference of the IEEE Computer and
Communications Societies Issue: 7 March (2004)
[2] Chitra Kiran, N., and Kumar, G. N.: Implication of
Secure Micropayment System Using Process Oriented
Structural Design by Hash chain in Mobile Network,
IJCSI International Journal of Computer Science,
Issues, Vol. 9, Issue 1, No 2, January (2012)
No mobile payment system developed for disaster areas 4
5. Main Contributions to Mobile Payment System
• Dynamic topology
• Disconnected network
• It takes two days to
communicate with the bank
MANETs
Issues
• Authentication issues
• Impersonation
• Double spending
• Resetting phone
Fraudulent
Transactions
• Money is deducted online
real-time through direct
access to bank
No need for
merchants to
trust users
Mobile payment system for
disaster areas
Need no connection to the
bank to work
Avoid fraud
Users account balance is
checked by surrounding
mobile nodes
Guarantee payment of each
transaction by endorsing
Challenges Contributions
5
7. Normal Transaction Without Disaster (2/2)
This method is not suitable in a disaster area due
to the challenges mentioned above
We propose an endorsement based mobile
payment system for disaster areas
7
9. All users are required to register with a Bank in
advance
The Bank issues digital certificates to all users at
registration
Merchant
Customer
Endorser
Bank
We assume that all users except the bank are in the
disaster area
Endorsement Based Mobile Payment System (1/8)
Registration process
9
10. Endorsement Based Mobile Payment System (2/8)
Merchant Customer A
Send transaction order
“ I want to buy an apple from you”
Merchant
Verify the customer using pre-
digitally signed picture
Customer A
10
11. How to check the Identity of a Customer
A user sends digitally signed picture to merchant
Merchant checks and compares digitally signed
picture with customer’s appearance
Merchant confirms the digital signature of the
bank
Another kind of biometric authentication can also
be used for verification
11
12. Merchant Bank/MP Service provider
Forwards the forms to the Bank
“Apple cost $2”
It takes at least two days for a message to get to Bank
No means of confirming customer’s account balance
Network infrastructure is not available
Customer collects his/her money before the bank deducts
money for items purchase
Bank will not have money to deduct from customer
Merchant will lose money
Endorsement Based Mobile Payment System (3/8)
Motivation for Endorsement
12
13. To prevent this and allow transaction in a disaster area
We introduce endorsement
Merchant Endorsers
Create and forward Billing Form
“Customer A wants to buy $2 apple.
Do you guarantee the transaction?”
Endorsement Based Mobile Payment System (4/8)
Merchant forwards the billing form to endorsers
To obtain guarantee that the transaction can be paid by
endorsers in case customer fails to pay
We assume that endorsers are
available during transaction
13
14. A person agrees to pay for another person, who
fails to pay for an item.
The agreement is made before a disaster happens
Endorsement
14
15. Many Challenges of Endorsement Based
Payment System 1
Endorsers
What
Happen?
If endorsers are not available
Frequent change in topology of
networks
Transaction cannot be successfully
completed without an endorser
A customer can have more than one endorser
If one endorser is not available another endorser
can endorse
Reduce endorser’s liability
Endorsers are rewarded for successful transaction
15
16. MerchantEndorsers
Authenticate the Merchant and Create
endorsement form
“I guaranteed customer A purchase of $2
apple”
Endorsement Based Mobile Payment System (5/8)
Endorsers send endorsement form back to the
merchant
16
17. Merchant Bank/MP Service provider
Forward the forms to the
Bank
“Customer A bought an apple at
$2”
It takes at least two days for a message to get to Bank
Endorsement Based Mobile Payment System (6/8)
Send transaction confirmation to
customer and endorsers
Deliver items to customer
Merchant Customer A
Endorsers
17
18. Merchant
Bank/MP Service provider
Bank pays merchant
“Pay merchant $2”
Customer A
Bank/MP Service provider
Deduct responding money from customer’s account
“Deduct $2 from customer A’s account”
The bank authenticates all users and checks for consistency
of messages
18
Endorsement Based Mobile Payment System (7/8)
19. Bank/MP Service provider Endorsers
Deduct money from endorsers
“Deduct $2 from endorsers”
Send acknowledgement to Merchant,
Customer and Endorser
Customer A
Merchant
Endorser may have no money or collude with a
customer
Mechanism to check endorser balance
We assume that some endorsers will pay
However, if there is no money in customer’s account
19
Endorsement Based Mobile Payment System (8/8)
21. Customer and endorsers may carry out
Reset and Recovery attacks
A reset and recovery is when a user,
Backups all data
Resets phone to default state
Recovers all data already used
Reset attack cannot be detected if there is no network
connection
We assume that,
Most but not all users are trustable
Most of the users do not change location often
Many Challenges of Endorsement Based
Payment System 2
21
Reset and Recovery Attack
22. Customer and endorsers can collude to do fraud
Customer A has no money
Endorsers have no money
There is no means of confirming endorsers
account balance
Endorsers will endorse many transactions without
paying
22
Many Challenges of Endorsement Based
Payment System 3
Collusion Attack
23. Monitoring Based on
Location Information
• Proof user are in a particular location
…
One-time Session Token
• Prevent user from using same message
E-coin
•Confirm amount in user account
Blind Signature
• Ensure anonymity of message
Schemes to Prevent Attacks
23
24. Preventing Collusion and Checking Balance
Bank creates unique tokens called e-coin
Users account balance is divided into e-
coins of same amount of money
Customer
¥10,000 eT1, eT2, eT3, ….. eT10
E-coin is limited to
endorsers
The e-coin contains
Customer ID
E-coin identifier
GPS coordinates
HELLO message interval
Monitoring customer signature
Only bank can encode the ID
and identifier
Endorser attaches e-coin to
endorsement
Bank deletes e-coin from
endorser account if a
customer defaults
If a customer does not
default, the bank reissues e-
coin with new identifier
Endorsement without e-coin
is rejected
E-coin
24
25. Preventing Reset Attack (1/2)
User
User
Customer
User
User User User
User
Each user constantly exchanges
HELLO message to show their
respective location
HELLO
HELLO
HELLO
HELLO
HELLO:
Customer ID
GPS
Coordinates
HELLO
HELLO HELLO:
If a user stays in a location
for a long time
Other users monitor their
transactions
If a user fails to broadcast
HELLO messages
Not in range
Lost of connection
If a user phone is lost or
turned off
Cannot provide collected
HELLO messages
Find endorsers
Provide endorser’s
confirmation
GPS coordinates in HELLO message constantly replace
the e-coin GPS coordinates
Intervals between HELLO messages are added to e-coin
Monitoring Based on Location
25
26. Allows a person to get a message signed by
another party without revealing the message
Original Message Envelope containing Message
and Carbon paper
Signature
Envelope is signed
(by signer)
Message has now
been signed
Signature
Sent to Signer
Envelope Removed
Binding Process
There is an existing research on how to get digital
blind signature
Blind Signature Scheme
Preventing Reset Attack (2/2)
26
27. The techniques stated above are adopted to prevent
attacks
Reset and Recovery attacks
Collusion attack
A Customer or endorsers
Blinds the message
Broadcasts the message to other users
Monitoring customer
Checks GPS coordinates and HELLO message intervals
Checks e-coin attached to the endorsement message
Creates one-time session token and appends to message
Signs message with his/her digital signature
Preventing Attacks
27
28. Conclusion
Proposed a new mobile payment system by
Adopting infrastructureless mobile ad-hoc networks
(MANETs)
Allowing users to purchase amenities in disaster areas
Providing secure transactions
Users authenticates each other without a network connection a
third party
Users anonymity is protect by using user’s nickname
Ensures confidentiality of messages and transaction
Ensures integrity
Reliability of transaction messages
The proposed system suits the limitation of mobile
payment transaction in a disaster area 28