Lecture Notes in Computer Science 5471 - tiera.ru

More documents

Recommendations

Info

230 C. Soghoian and I. Aadon giving customers at least the same level of protection that they have withcash-based transactions.A Colluding Concierge and Merchant: The bank does not learn the pricecharged for each item and instead relies on the merchant to enforce the maximumprice specified for each item in the shopping list. Thus, in this collusion scenario,the merchant can also overcharge for individual items. This risk can be mitigatedby requiring that merchants transmit the price of each item to the bank, butthis will result in a loss of purchase privacy for the customer.It is not possible to protect the privacy of the customer’s shopping list fromthe bank, without at the same time enabling a colluding merchant and conciergeto bypass the shopping list restrictions. This more advanced adversary is able toneutralize the enforcement of shopping lists. For example, the customer can listapples on her shopping list, yet the concierge can instead purchase oranges. Thecolluding merchant will provide the concierge with oranges but send the banka transaction with the (hashed) apple item in the shopping list. The maximumtotal price specified in the transaction token will at least protect the customerfrom more egregious abuses.A Colluding Merchant and Bank: This advanced adversary is able to neutralizethe privacy protection associated with shopping lists. The merchant canreveal the complete shopping list to the bank, and thus permit the bank to createa full record of every item purchased by the customer at that merchant.The bank is also able to share the customer’s information with the merchant,and thus strip the customer of her anonymity. In such a situation, the merchantwill know who the customer is, and the bank will know every item that thecustomer purchases from the colluding merchant.A Colluding Concierge and Bank: This is a more extreme case of theprevious adversary. Whereas a colluding merchant and bank are only able toviolate the customer’s privacy for that specific merchant, a colluding conciergeand bank are able to do so for all transactions. Thus, the bank is able to createa complete list of every item purchased through the concierge by the customer.If the customer has attempted to hide her identity from the concierge bytransmitting the transaction tokens electronically, this collusion will strip thecustomer of her privacy. The bank can reveal the customer’s identity to theconcierge, while the concierge can reveal the complete list of purchased items tothe bank.A Law Enforcement Investigation: In situations where government agentsor law enforcement officers are able to compel multiple actors to disclose transactioninformation, the customer’s anonymity and transaction privacy are lost.For purposes of privacy analysis, a search warrant executed on the bank anda merchant is the same as the collusion scenario outlined above in section 4.2.Our system is not designed to protect the customer’s purchase privacy against
Merx: Secure and Privacy Preserving Delegated Payments 231government investigations. Customers wishing that level of protection may wantto stick with cash.As we can see, Merx provides high levels of security and privacy against individualactors. The collusion between non-trusted parties leads to minor “controllable”effects. The only severe damages result from collusions involving thebank. However, such collusions are the least likely to occur in everyday life.4.3 Communication and Processing OverheadIn this section we evaluate the additional costs, processing, and communicationoverhead our system requires from all parties. The main observation is that thedelegation mechanism we propose, in its most basic form, requires no additionalhardware. It is a simple software solution using off-the-shelf components thatpiggyback on the existing payment-network infrastructure.For the numerical evaluation, we assume the customer uses a low-capacitymobile device (200MHz processor, 64MB RAM), whereas the merchant and thebank use an average speed server or desktop PC (Intel P4 2.8Ghz, 500MB RAM).We chose the SHA256 algorithm for all hashes, which we compute using thefree OpenSSL library. GnuPG, an open-source implementation of Pretty GoodPrivacy was used for all encryption. We selected GnuPG’s default algorithmsof El Gamal with 2048 bit keys (public key encryption) and AES (symmetricencryption) as these provide sufficient security while being quick to computeon a mobile platform. While we have chosen these particular algorithms, thescheme is flexible, and alternative encryption/hashing technologies could easilybe substituted.The processing time results shown in Fig. 3 are averaged over 10 runs for eachnumber of items. The confidence intervals are very small, therefore omitted fromthe figure.The Customer: To use such a system, the customer must have access to eithera mobile telephone or a computer. These devices do not necessarily need to beowned by the customer. In many cases, she merely needs to have temporaryaccess to them. If the customer owns the device, the she can store her accountnumber in it. If she is borrowing the device from someone else, she will need tofind a way to input her account number. This can be done manually (e.g. byentering a 16+ digit number), or perhaps by reading a QR code printed ontothe back of her bank card with a camera phone.Figure 3 shows the processing time required to create a token, for a givennumber of items in the shopping list. We can observe that in spite of the lowprocessingpower of the customer’s device, the processing delay is still acceptableeven for an exaggerated number of items. For low number of items, the processingdelay remain below 10 s.The total size of an encrypted transaction token for 10 items is approximately1.6 KBytes, with an additional 1 KByte required for the shopping list. For atransaction involving 50 items, the token grows to nearly 3 KBytes while the
Page 2 and 3:
Liqun Chen Chris J. MitchellAndrew
Page 4 and 5:
PrefaceThis volume contains the 15
Page 6 and 7:
VIIIOrganizationJean-Pierre Seifert
Page 8:
XTable of ContentsTrustable Remote
Page 11:
Towards a Programmable TPM 3Count-L
Page 16 and 17:
8 P. England and T. Tariqperforms t
Page 18 and 19:
10 P. England and T. Tariq3) Valida
Page 20 and 21:
12 P. England and T. TariqUnfortuna
Page 22 and 23:
ACPI: Design Principles and Concern
Page 24 and 25:
16 L. Duflot, O. Levillain, and B.
Page 26 and 27:
Page 28 and 29:
Page 30 and 31:
Page 32 and 33:
Page 34 and 35:
Page 36 and 37:
Page 38 and 39:
30 K. Dietrich and J. Winterassumpt
Page 40 and 41:
32 K. Dietrich and J. Wintercommand
Page 42 and 43:
34 K. Dietrich and J. WinterThe har
Page 44 and 45:
36 K. Dietrich and J. WinterThe act
Page 46 and 47:
38 K. Dietrich and J. WinterMany ca
Page 48 and 49:
40 K. Dietrich and J. Wintermechani
Page 50 and 51:
42 K. Dietrich and J. Winteruntrust
Page 52 and 53:
44 K. Dietrich and J. Winter8. Trus
Page 54 and 55:
46 H. Löhr et al.on a very low lev
Page 56 and 57:
48 H. Löhr et al.been modified, an
Page 58 and 59:
50 H. Löhr et al.of HASK-PP is mor
Page 60 and 61:
52 H. Löhr et al.A security kernel
Page 62 and 63:
54 H. Löhr et al.Fig. 3. Overview
Page 64 and 65:
56 H. Löhr et al.Definition 1 (Sec
Page 66 and 67:
58 H. Löhr et al.the protected dat
Page 68 and 69:
60 H. Löhr et al.5. Kurth, H., Kru
Page 70 and 71:
62 H. Löhr et al.Table 1. Security
Page 72 and 73:
64 M. Nauman et al.strength lies in
Page 74 and 75:
66 M. Nauman et al.platform, we cre
Page 76 and 77:
68 M. Nauman et al.Using these stru
Page 78 and 79:
70 M. Nauman et al.Fig. 2. Remote A
Page 80 and 81:
72 M. Nauman et al.INITs1.a:o1.a:s1
Page 82 and 83:
74 M. Nauman et al.{ delete }s 3{ p
Page 84 and 85:
76 M. Nauman et al.Algorithm 1. Inf
Page 86 and 87:
78 M. Nauman et al.6 Conclusion and
Page 88 and 89:
80 M. Nauman et al.21. Haldar, V.,
Page 90 and 91:
82 F. Baiardi et al.the integrity o
Page 92 and 93:
84 F. Baiardi et al.without receivi
Page 94 and 95:
86 F. Baiardi et al.1. granular che
Page 96 and 97:
88 F. Baiardi et al.- the VMM is tr
Page 98 and 99:
90 F. Baiardi et al.be periodically
Page 100 and 101:
92 F. Baiardi et al.Table 1. Exampl
Page 102 and 103:
94 F. Baiardi et al.Fig. 2. Attesta
Page 104 and 105:
96 F. Baiardi et al.• an elapsed
Page 106 and 107:
98 F. Baiardi et al.(a)(b)Fig. 6. H
Page 108 and 109:
100 F. Baiardi et al.16. Loscocco,
Page 110 and 111:
102 M. Pirker et al.actually be tru
Page 112 and 113:
104 M. Pirker et al.Fig. 1. Overvie
Page 114 and 115:
106 M. Pirker et al.Guideline 3. Us
Page 116 and 117:
108 M. Pirker et al.not stipulate a
Page 118 and 119:
110 M. Pirker et al.4.1 TCcertAs ou
Page 120 and 121:
112 M. Pirker et al.supplies an EK
Page 122 and 123:
114 M. Pirker et al.Table 1. Overvi
Page 124 and 125:
116 M. Pirker et al.[12] µ-kernel,
Page 126 and 127:
118 M. Pirker et al.13. Housley, R.
Page 128 and 129:
Revocation of TPM KeysStefan Katzen
Page 130 and 131:
122 S. Katzenbeisser, K. Kursawe, a
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
134 T.E. Levin et al.In this paper,
Page 144 and 145:
136 T.E. Levin et al.used — Devic
Page 146 and 147:
138 T.E. Levin et al.4 New Security
Page 148 and 149:
140 T.E. Levin et al.providers, a s
Page 150 and 151:
142 T.E. Levin et al.Fig. 5. Data F
Page 152 and 153:
144 T.E. Levin et al.overwriting th
Page 154 and 155:
146 T.E. Levin et al.services, they
Page 156 and 157:
148 T.E. Levin et al.6.1 Prototype
Page 158 and 159:
150 T.E. Levin et al.8 ConclusionsT
Page 160 and 161:
152 T.E. Levin et al.24. Xen User
Page 162 and 163:
154 J. Lyle2 Background, Definition
Page 164 and 165:
156 J. Lyleachieve with web service
Page 166 and 167:
158 J. Lyle Fig. 2. An overview o
Page 168 and 169:
160 J. LyleSun JDK are used as the
Page 170 and 171:
162 J. Lyleinput. Essentially, any
Page 172 and 173:
164 J. Lyle(TVM) to attest to high-
Page 174 and 175:
166 J. LyleCert B0Pre: ...Post: Q o
Page 176 and 177:
168 J. Lyle11. Necula, G.: Proof-Ca
Page 178 and 179:
170 J.H. Huh and J. LyleThe rest of
Page 180 and 181:
172 J.H. Huh and J. Lylelogs have b
Page 182 and 183:
174 J.H. Huh and J. Lyleanonymisati
Page 184 and 185:
176 J.H. Huh and J. LyleCT =(PCR AI
Page 186 and 187:
178 J.H. Huh and J. LyleFig. 4. Sub
Page 188 and 189: 180 J.H. Huh and J. LyleTable 1. Tr
Page 190 and 191: 182 J.H. Huh and J. Lyle11. Ng, H.-
Page 192 and 193: 184 S. Türpe et al.to withstand at
Page 194 and 195: 186 S. Türpe et al.- The attacker
Page 196 and 197: 188 S. Türpe et al.Copy the entire
Page 198 and 199: 190 S. Türpe et al.Requirements. R
Page 200 and 201: 192 S. Türpe et al.No trusted path
Page 202 and 203: 194 S. Türpe et al.Fig. 1. Spoofed
Page 204 and 205: 196 S. Türpe et al.References1. Mi
Page 206 and 207: 198 S. Schulz and A.-R. Sadeghicurr
Page 208 and 209: 200 S. Schulz and A.-R. Sadeghitraf
Page 210 and 211: 202 S. Schulz and A.-R. Sadeghi/S2/
Page 212 and 213: 204 S. Schulz and A.-R. Sadeghiwith
Page 214 and 215: 206 S. Schulz and A.-R. Sadeghichan
Page 216 and 217: 208 S. Schulz and A.-R. Sadeghi/M1/
Page 218 and 219: 210 S. Schulz and A.-R. Sadeghiip2i
Page 220 and 221: 212 S. Schulz and A.-R. Sadeghiwill
Page 222 and 223: 214 S. Schulz and A.-R. Sadeghi/S2/
Page 224 and 225: 216 S. Schulz and A.-R. Sadeghi17.
Page 226 and 227: 218 C. Soghoian and I. Aadbudget an
Page 228 and 229: 220 C. Soghoian and I. Aadto tackle
Page 230 and 231: 222 C. Soghoian and I. AadThe Conci
Page 232 and 233: 224 C. Soghoian and I. Aad- Motivat
Page 234 and 235: 226 C. Soghoian and I. AadFrom Merc
Page 236 and 237: 228 C. Soghoian and I. AadConcierge
Page 240 and 241: 232 C. Soghoian and I. AadProcessin
Page 242 and 243: 234 C. Soghoian and I. Aadtransacti
Page 244 and 245: 236 C. Soghoian and I. AadFurthermo
Page 246 and 247: 238 C. Soghoian and I. AadReference
Page 248 and 249: A Property-Dependent Agent Transfer
Page 250 and 251: 242 E. Gallery, A. Nagarajan, and V
Page 272: Author IndexAad, Imad 217Alam, Maso
show all

Lecture Notes in Computer Science 5471 - tiera.ru

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?