Provably Unlinkable Smart Card-based Payments

• URL: http://arxiv.org/abs/2309.03128v1
• Date: Wed, 6 Sep 2023 16:06:40 GMT
• Title: Provably Unlinkable Smart Card-based Payments
• Authors: Sergiu Bursuc, Ross Horne, Sjouke Mauw, Semen Yurkov,
• Abstract summary: The most prevalent smart card-based payment method, EMV, currently offers no privacy to its users. We present the UTX protocol - an enhanced payment protocol satisfying such requirements. We formally certify key security and privacy properties using techniques based on the applied pi-calculus.
• Score: 0.7799711162530711
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The most prevalent smart card-based payment method, EMV, currently offers no privacy to its users. Transaction details and the card number are sent in cleartext, enabling the profiling and tracking of cardholders. Since public awareness of privacy issues is growing and legislation, such as GDPR, is emerging, we believe it is necessary to investigate the possibility of making payments anonymous and unlinkable without compromising essential security guarantees and functional properties of EMV. This paper draws attention to trade-offs between functional and privacy requirements in the design of such a protocol. We present the UTX protocol - an enhanced payment protocol satisfying such requirements, and we formally certify key security and privacy properties using techniques based on the applied pi-calculus.

Related papers

• Privacy-Preserving Biometric Verification with Handwritten Random Digit String [49.77172854374479]
  Handwriting verification has stood as a steadfast identity authentication method for decades. However, this technique risks potential privacy breaches due to the inclusion of personal information in handwritten biometrics such as signatures. We propose using the Random Digit String (RDS) for privacy-preserving handwriting verification.
  arXiv  Detail & Related papers  (2025-03-17T03:47:25Z)
• Formal Verification of Permission Voucher [1.4732811715354452]
  The Permission Voucher Protocol is a system designed for secure and authenticated access control in distributed environments. The analysis employs the Tamarin Prover, a state-of-the-art tool for symbolic verification, to evaluate key security properties. Results confirm the protocol's robustness against common attacks such as message tampering, impersonation, and replay.
  arXiv  Detail & Related papers  (2024-12-18T14:11:50Z)
• Balancing Confidentiality and Transparency for Blockchain-based Process-Aware Information Systems [46.404531555921906]
  We propose an architecture for blockchain-based PAISs aimed at preserving both confidentiality and transparency. Smart contracts enact, enforce and store public interactions, while attribute-based encryption techniques are adopted to specify access grants to confidential information.
  arXiv  Detail & Related papers  (2024-12-07T20:18:36Z)
• Privacy-Enhanced Adaptive Authentication: User Profiling with Privacy Guarantees [0.6554326244334866]
  This paper introduces a novel privacy-enhanced adaptive authentication protocol. It dynamically adjusts authentication requirements based on real-time risk assessments. By adhering to data protection regulations such as CCPA, our protocol not only enhances security but also fosters user trust.
  arXiv  Detail & Related papers  (2024-10-27T19:11:33Z)
• SD-BLS: Privacy Preserving Selective Disclosure of Verifiable Credentials with Unlinkable Threshold Revocation [0.0]
  We propose a method for selective disclosure and privacy-preserving revocation of digital credentials. We use second-order Elliptic Curves and Boneh-Lynn-Shacham (BLS) signatures. Our system's unique design enables extremely fast revocation checks, even with large revocation lists.
  arXiv  Detail & Related papers  (2024-06-27T09:41:13Z)
• VPAS: Publicly Verifiable and Privacy-Preserving Aggregate Statistics on Distributed Datasets [4.181095166452762]
  We explore the challenge of input validation and public verifiability within privacy-preserving aggregation protocols. We propose the "VPAS" protocol, which satisfies these requirements. Our findings indicate that the overhead associated with verifiability in our protocol is 10x lower than that incurred by simply using conventional zkSNARKs.
  arXiv  Detail & Related papers  (2024-03-22T13:50:22Z)
• A Privacy-preserving key transmission protocol to distribute QRNG keys using zk-SNARKs [2.254434034390528]
  Quantum Random Number Generators can provide high-quality keys for cryptographic algorithms. Existing Entropy-as-a-Service solutions require users to trust the central authority distributing the key material. We present a novel key transmission protocol that allows users to obtain cryptographic material generated by a QRNG in such a way that the server is unable to identify which user is receiving each key.
  arXiv  Detail & Related papers  (2024-01-29T14:00:37Z)
• A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
  The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
  arXiv  Detail & Related papers  (2024-01-19T14:52:04Z)
• Tamper-Evident Pairing [55.2480439325792]
  Tamper-Evident Pairing (TEP) is an improvement of the Push-Button configuration (PBC) standard. TEP relies on the Tamper-Evident Announcement (TEA), which guarantees that an adversary can neither tamper a transmitted message without being detected, nor hide the fact that the message has been sent. This paper provides a comprehensive overview of the TEP protocol, including all information needed to understand how it works.
  arXiv  Detail & Related papers  (2023-11-24T18:54:00Z)
• A Randomized Approach for Tight Privacy Accounting [63.67296945525791]
  We propose a new differential privacy paradigm called estimate-verify-release (EVR) EVR paradigm first estimates the privacy parameter of a mechanism, then verifies whether it meets this guarantee, and finally releases the query output. Our empirical evaluation shows the newly proposed EVR paradigm improves the utility-privacy tradeoff for privacy-preserving machine learning.
  arXiv  Detail & Related papers  (2023-04-17T00:38:01Z)
• Secure access system using signature verification over tablet PC [62.21072852729544]
  We describe a highly versatile and scalable prototype for Web-based secure access using signature verification. The proposed architecture can be easily extended to work with different kinds of sensors and large-scale databases.
  arXiv  Detail & Related papers  (2023-01-11T11:05:47Z)
• PrivHAR: Recognizing Human Actions From Privacy-preserving Lens [58.23806385216332]
  We propose an optimizing framework to provide robust visual privacy protection along the human action recognition pipeline. Our framework parameterizes the camera lens to successfully degrade the quality of the videos to inhibit privacy attributes and protect against adversarial attacks.
  arXiv  Detail & Related papers  (2022-06-08T13:43:29Z)
• SPAct: Self-supervised Privacy Preservation for Action Recognition [73.79886509500409]
  Existing approaches for mitigating privacy leakage in action recognition require privacy labels along with the action labels from the video dataset. Recent developments of self-supervised learning (SSL) have unleashed the untapped potential of the unlabeled data. We present a novel training framework which removes privacy information from input video in a self-supervised manner without requiring privacy labels.
  arXiv  Detail & Related papers  (2022-03-29T02:56:40Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.