Privacy-Preserving Management of Transactions' Receipts

Get BibTex-formatted data

Download

PDF

Author

Federica Paci, Ning Shang, Elisa Bertino, Sam Kerr, Kevin Steuer, Jr., Jungha Woo

Tech report number

CERIAS TR 2008-28

Entry type

techreport

Abstract

Users increasingly use their mobile devices for electronic transactions to store related information, such as digital receipts. However, such information can be target of several attacks. There are some security issues related to Mcommerce: the loss or theft of mobile devices results in a exposure of transaction information; transaction receipts that are send over WI-FI or 3G networks can be easily intercepted; transaction receipts can also be captured via Bluetooth connections without the userâ€™s consent; and mobile viruses, worms and Trojan horses can access the transaction information stored on mobile devices if this information is not protected by passwords or PIN numbers. Therefore, assuring privacy and security of transactionsâ€™ information, as well as of any sensitive information stored on mobile devices is crucial. In this paper, we propose a privacy-preserving approach to manage electronic transaction receipts on mobile devices. The approach is based on the notion of transaction receipts issued by service providers upon a successful transaction and combines Pedersen commitment and Zero Knowledge Proof of Knowledge (ZKPK) techniques and Oblivious Commitment-Based Envelope (OCBE) protocols. We have developed a version of such protocol for Near Field Communication (NFC) enabled cellular phones.

Download

PDF

Date

2008 – 12 – 30

Key alpha

Bertino

Publication Date

2008-12-30

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Techreport{ Bertino,
	title = "Privacy-Preserving Management of Transactions' Receipts",
	author = "Federica Paci, Ning Shang, Elisa Bertino, Sam Kerr, Kevin Steuer, Jr., Jungha Woo",
	year = "2008",
	month = "12",
	day = "30",
	abstract = "Users increasingly use their mobile devices for electronic
transactions to store related information, such as digital
receipts. However, such information can be target of several
attacks. There are some security issues related to Mcommerce:
the loss or theft of mobile devices results in a exposure
of transaction information; transaction receipts that
are send over WI-FI or 3G networks can be easily intercepted;
transaction receipts can also be captured via Bluetooth
connections without the userâ€™s consent; and mobile
viruses, worms and Trojan horses can access the transaction
information stored on mobile devices if this information is
not protected by passwords or PIN numbers. Therefore, assuring
privacy and security of transactionsâ€™ information, as
well as of any sensitive information stored on mobile devices
is crucial. In this paper, we propose a privacy-preserving approach
to manage electronic transaction receipts on mobile
devices. The approach is based on the notion of transaction
receipts issued by service providers upon a successful transaction and combines Pedersen commitment and Zero Knowledge Proof of Knowledge (ZKPK) techniques and Oblivious
Commitment-Based Envelope (OCBE) protocols. We have
developed a version of such protocol for Near Field Communication (NFC) enabled cellular phones.",
}