Author
Federica Paci, Ning Shang, Elisa Bertino, Sam Kerr, Kevin Steuer, Jr., Jungha Woo
Abstract
Users increasingly use their mobile devices for electronic
transactions to store related information, such as digital
receipts. However, such information can be target of several
attacks. There are some security issues related to Mcommerce:
the loss or theft of mobile devices results in a exposure
of transaction information; transaction receipts that
are send over WI-FI or 3G networks can be easily intercepted;
transaction receipts can also be captured via Bluetooth
connections without the user’s consent; and mobile
viruses, worms and Trojan horses can access the transaction
information stored on mobile devices if this information is
not protected by passwords or PIN numbers. Therefore, assuring
privacy and security of transactions’ information, as
well as of any sensitive information stored on mobile devices
is crucial. In this paper, we propose a privacy-preserving approach
to manage electronic transaction receipts on mobile
devices. The approach is based on the notion of transaction
receipts issued by service providers upon a successful transaction and combines Pedersen commitment and Zero Knowledge Proof of Knowledge (ZKPK) techniques and Oblivious
Commitment-Based Envelope (OCBE) protocols. We have
developed a version of such protocol for Near Field Communication (NFC) enabled cellular phones.