The document proposes an endorsement-based mobile payment system for disaster areas that does not require network infrastructure. In the proposed system, transactions are guaranteed through endorsements from surrounding nodes rather than connection to a bank. The system aims to address challenges like dynamic topology, double spending, and lack of central authority through an endorsement mechanism, event chains to validate transactions, and assigning endorsers to customers. The system is designed to enable secure mobile payments in disaster scenarios where traditional banking infrastructure is unavailable.
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
An Endorsement Based Mobile Payment System for A Disaster Area
1. An Endorsement-Based Mobile
Payment System for a
Disaster Area
Babatunde Ojetunde †1, Naoki Shibata †1, Juntao Gao †1, Minoru Ito †1
†1 Nara Institute of Science and Technology, Nara, Japan
2. 2
An Endorsement-based Mobile Payment System for a Disaster Area
Overview
No Cash
A payment system in a disaster area is essential for
people to buy necessities as
– Groceries, Medical supplies, Clothing
An infrastructureless payment system is required
– Mobile payment system based on MANETs
This is due to non-availability of network infrastructure
No Bank access
3. 3
An Endorsement-based Mobile Payment System for a Disaster Area
Payment System Challenges in MANETs
• Dynamic topology
• Disconnected network
• It takes two days to communicate with the
bank
MANETs Issues
• Authentication issues
• Impersonation
• Double spending
• Resetting phone
Fraudulent
Transactions
• Merchant needs to trust users
• No central authority
Trust Issues
4. 4
An Endorsement-based Mobile Payment System for a Disaster Area
Related Work
Many researches have been conducted on payment
systems
Decentralized electronic cash with no central control [1]
Privacy of users [1]
Reducing computational overheads [2]
[1] S. Nakamoto, Bitcoin: A peer-to-peer electronic system, 2008.
[2] Z. Hu, and Y. Liu and X. Hu and J. Li: "Anonymous micropayments authentication (AMA) in mobile data
network", INFOCOM 2004.
Most of the existing payment systems require
communication infrastructure
5. 5
An Endorsement-based Mobile Payment System for a Disaster Area
Online Payment System without Disaster
The merchant and the customer agree to start the
transaction
• Both of them register on provider platform
• A customer sends transaction order to the merchant
• The merchant forwards payment information to the bank
• The bank deducts the money from the customer’s account (or credit
card)
• The merchant supplies the item to the customer
Bank
Customer Merchant
We propose an infrasturctureless mobile payment system
6. 6
An Endorsement-based Mobile Payment System for a Disaster Area
Limitations of Existing Payment Systems in
Disaster Areas
The bank will not have money to deduct from the
customer
• The merchant will lose money
It takes at least two days for a message to get to the
bank
No means of confirming customer’s account balance
• Network infrastructure is not available
• Customer collects his/her money before the bank deducts
money for items purchase
Since there is no bank to guarantee transactions, we need a
MANETs based guarantee mechanism (Endorsement)
7. 7
An Endorsement-based Mobile Payment System for a Disaster Area
Outline
Overview
Payment System Challenges in MANETs
Related Work
Online Payment System without Disaster
Limitations of Existing Payment Systems in Disaster
Areas
Proposed Endorsement-based Mobile
Payment System
Main Contribution
Transaction using Endorsement-based Mechanism
Schemes to Prevent Attacks
Conclusion
8. 8
An Endorsement-based Mobile Payment System for a Disaster Area
Main Contributions
Mobile payment system for disaster areas
• Allow people in disaster areas to shop without cellular network
Endorsement-based mechanism to guarantee payment
of transactions
• Need no connection to the bank to work
Provide secure transaction
• Detecting double spending during the transaction
• Checking user’s account balance by surrounding nodes
• Detecting impersonation
Protecting privacy
• Using temporary identity
• Scrambling the temporary identity
9. 9
An Endorsement-based Mobile Payment System for a Disaster Area
Transaction using Endorsement-Based
Mechanism 1/4
All users are required to register with a Bank in
advance
Registration process
The Bank issues digital certificates to all users at
registration
• Merchant
• Endorser
• Bank
We assume that all users except the bank are in the
disaster area
The bank signs the user’s photo with its digital
signature
• The digitally signed photo is used for authentication
10. 10
An Endorsement-based Mobile Payment System for a Disaster Area
Transaction using Endorsement-Based
Mechanism 2/4
MerchantCustomer A
1. Send transaction order
“ I want to buy an apple
from you”
2. Verify the customer using pre-digitally
signed picture
Endorsers
3. Create and forward Billing Form
“Customer A wants to buy $2 apple.
Do you guarantee the transaction?”
4. Authenticate the merchant and
create an endorsement form
“I guaranteed customer A purchase of
$2 apple”
The merchant and the customer physically meet
and agrees to start a transaction before hand
We assume that the endorsers are close to the
customer and the merchant
11. 11
An Endorsement-based Mobile Payment System for a Disaster Area
Transaction using Endorsement-Based
Mechanism 3/4
7. Send transaction
confirmation to customer
and endorsers
Deliver items to customer
MerchantCustomer A
BankEndorsers
5. Forward the forms to the Bank
“Customer A bought an apple at
$2”
6. It takes two days to
communicate with the bank
12. 12
An Endorsement-based Mobile Payment System for a Disaster Area
Transaction using Endorsement-Based
Mechanism 4/4
MerchantCustomer A
BankEndorsers
8. Deduct responding money
from the customer’s account
“Deduct $2 from customer A’s
account”
9. Bank pays merchant
“Pay merchant $2”
10. Deduct money from endorsers
“Deduct $2 from endorsers”
Send acknowledgement to
Merchant, Customer and EndorserThe endorser may have no money
or collude with a customer
• Mechanism to check endorser balance
13. 13
An Endorsement-based Mobile Payment System for a Disaster Area
Outline
Overview
Proposed Endorsement-based Mobile
Payment System
Schemes to Prevent Attacks
Collusion Attack
Double Spending/Reset and Recovery Attack
Non-availability of Endorsers
Location Changing Attack
Conclusion
14. 14
An Endorsement-based Mobile Payment System for a Disaster Area
Problem 1 - Collusion Attack
There is no means of confirming endorsers account
balance
The customer and the endorsers can collude to do
fraud
• Customer A has no money
• Endorsers have no money
Endorsers will endorse many transactions without
paying
15. 15
An Endorsement-based Mobile Payment System for a Disaster Area
Solution - Preventing Collusion
Bank
Endorsers
e-coin(eT1)
Endorser
ID
e-coin
Identifier &
Digital
Signature
Hello
Message
Interval
Predefine
Expiration
Date
e-coin
Value
Blank
To prevent collusion, we introduced e-coin to check
endorser’s bank balance
• To buy an e-coin, an endorser deposits some money
The bank creates for an endorser unique e-coins
Endorser attaches e-coin to the endorsement message
– An endorsement without e-coin is rejected
16. 16
An Endorsement-based Mobile Payment System for a Disaster Area
Problem 2 - Double Spending/Reset and
Recovery Attack
A dishonest endorser may decide to spend same e-
coin twice for different transactions
To double spend an e-coin, a dishonest user can either:
• Duplicate the e-coin
• Forge the e-coin
A reset and recovery attack is when a user,
• Back-ups all data
• Resets phone to default state
• Recovers all data already used
• Reuses already endorsed transaction order or endorsement
message for new transaction
To prevent double spending a merchant needs to check
the log of past transactions of the endorser
• However, it requires a lot of communication overhead
Merchant 1
Payment
Method
ID: eT3
Merchant 2
Endorse
r
17. 17
An Endorsement-based Mobile Payment System for a Disaster Area
Solution - Preventing Double Spending/Reset
and Recovery Attack 1/3
An event chain is a successive application of a
cryptographic hash function on a piece of an event log
(called block)
Unlike Bitcoin block chain, the event chain does not
require proof of work
An endorser calculates the hash value in the last
block and sends to neighboring users
Previous block
(1)
GPS
Time e-coin
New Event
Signature
Initial Block (0)
Hash
Block 0
Event Chain
Block 1 Current Block
GPS
Time e-coin
New Event
Signature
Previous Block (1)
Hash
Current Block
Current
Transaction Log
Hash
18. 18
An Endorsement-based Mobile Payment System for a Disaster Area
Solution - Preventing Double Spending/Reset
and Recovery Attack 2/3
Previous block
(1)
Current
Transaction Log
Hash
User
User
User
UserUser
Endorsemen
t Message
Event
chain
E-coin
Message
Endorsemen
t Message
Event
chain
E-coin
Message
GPS
Time e-coin
New Event
Signature
Initial Block (0)
Hash
GPS
Time e-coin
New Event
Signature
Previous Block (1)
Hash
Current Block
GPS
Time e-coin
New Event
Signature
Hash
Endorse
r
The past event of a customer can be verified by any
monitoring user
The event chain is invalidated, if
a new event is not added within a
predetermined length of time
19. 19
An Endorsement-based Mobile Payment System for a Disaster Area
Solution - Preventing Double Spending/Reset and
Recovery Attack 3/3
The merchant can also validate the event chain
• Check the signature of the monitoring user
• Check the entire event chain of all previous transaction
order
• Check the e-coin expiration date
• Check the endorsement message location information (e.g.
the timestamp and GPS)
20. 20
An Endorsement-based Mobile Payment System for a Disaster Area
Problem 3 – Non-availability of Endorsers
If endorsers are not available
• Frequent change in topology of networks
Endorsers
What
Happen?
This can lead to
• Transaction delay
• The merchant may reject the transaction order
21. 21
An Endorsement-based Mobile Payment System for a Disaster Area
Solution – Chains of Endorsers
A customer can have more than one endorser
If one endorser is not available another endorser can
endorse the transaction
• The liability for the item is shared among endorsers
To motivate endorsers to participate
• Some part of the transaction amount awarded to endorsers
(e.g. 3% of the transaction cost)
The bank creates an endorsement
tree during registration
• Each endorser ID is mapped to a
customer
• This could also prevent self-endorsement
22. 22
An Endorsement-based Mobile Payment System for a Disaster Area
Outline
Overview
Proposed Endorsement-based Mobile
Payment System
Schemes to Prevent Attacks
Conclusion
23. 23
An Endorsement-based Mobile Payment System for a Disaster Area
Conclusion
We proposed a new mobile payment system which
adopts infrastructureless mobile ad-hoc networks
(MANETs)
• To allow users to purchase necessities in a disaster area.
The proposed system provides solutions to secure
mobile payment transaction in a disaster area
• By Preventing
Double spending
Fraud
Collusion
Reset and recovery attacks
Impersonation of users
24. 24
An Endorsement-based Mobile Payment System for a Disaster Area
Babatunde Ojetunde, Naoki Shibata, Juntao Gao, and Minoru
Ito : An Endorsement Based Mobile Payment System for A
Disaster Area, in Proc. of The 29th IEEE International
Conference on Advanced Information Networking and
Applications (AINA-2015) , pp.482-489, Mar. 2015.
DOI:10.1109/AINA.2015.225
[ PDF ]