Payment System Security

Jayasinghe, D., Markantonakis, K., Mayes, K.: Optimistic Fair-Exchange with Anonymity for Bitcoin Users. To appear in the 11th IEEE International Conference on e-Business Engineering (IEEE ICEBE-14). IEEE Computer Society, Guangzhou, China (2014).Abstract
Fair-exchange and anonymity are two important attributes in e-commerce. It is much more difficult to expect fairness in e-commerce transactions using Bitcoin due to anonymity and transaction irreversibility. Genuine consumers and merchants who would like to make and receive payments using Bitcoin may be reluctant to do so due to this uncertainty. The proposed protocol guarantees strong-fairness while preserving anonymity of the consumer and the merchant, using Bitcoin as a payment method which addresses the aforementioned concern. The involvement of the trusted third party (TTP) is kept to a minimum, which makes the protocol optimistic and the exchanged product is not revealed to TTP. It achieves dispute resolution within the protocol run without any intervention of an external judge. Finally we show how the protocol can be easily adapted to use other digital cash systems designed using public ledgers such as Zerocoin/Zerocash.
Zhang, Q., Markantonakis, K., Mayes, K.: A Practical Fair-Exchange E-Payment Protocol for Anonymous Purchase and Physical Delivery. Computer Systems and Applications, 2006. IEEE International Conference on. p. 851-858. IEEE Computer Society, Washington, DC, USA (2006). WebsiteAbstract
In this paper, a practical electronic-payment (e- payment) protocol is presented for use over the internet. The protocol applies the principle of true fair-exchange to the process of purchase and physical delivery via an e-commerce system without the involvement of third party, whilst maintaining customer and merchant anonymity.
Zhang, Q., Markantonakis, K., Mayes, K.: A Mutual Authentication Enabled Fair-Exchange and Anonymous E-Payment Protocol. E-Commerce Technology, 2006. The 8th IEEE International Conference on and Enterprise Computing, E-Commerce, and E-Services, The 3rd IEEE International Conference on. p. 20–. IEEE Computer Society, Washington, DC, USA (2006). WebsiteAbstract
In this paper, a practical electronic-payment (e-payment) protocol is presented for the purchase of digital products over the Internet. The proposed protocol realizes the true fair-exchange through a process of mutual authentication between the customer and the merchant, by which each party ensures that the item (product or payment) he/she is about to receive from the other party is valid and correct, whilst maintaining customer and merchant anonymity
Zhang, Q., Brites-Moita, J.N., Mayes, K., Markantonakis, K.: The Secure and Multiple Payment System based on the Mobile Phone Platform. Workshop on Information Security Applications (WISA 2004). Lecture Notes in Computer Science (2004). WebsiteAbstract
In this paper, a secure proximity payment system based on the characteristics of the mobile phone is proposed. By combining the convenience and portability of the mobile phone with the strength of on-card-matching fingerprint authentication and public key infrastructure, we constructed a powerful, secure and practical payment system for both micro and macro payment methods. The first method is a simple, fast and efficient method for an electronic purse transaction whilst the second is aimed at higher value transactions such as credit card purchases.
Akram, R.N., Markantonakis, K., Mayes, K.: Recovering from Lost Digital Wallet. In: Y. Xiang, M.F.G. and Ruj, S. The 4th IEEE International Symposium on Trust, Security, and Privacy for Emerging Applications (TSP-13). IEEE Computer Society, Zhangjiajie, China (2013).Abstract
The User Centric Smart Card Ownership Model (UCOM) provides an open and dynamic smart card environment enabling cardholders to request installation/deletion of an application to which they are entitled. As in this model, smart cards are not under the control of a centralised authority; hence, it is difficult for an application provider to ascertain their trustworthiness. At present, proposed secure channel protocols for the smart card environment do not provide adequate assurance required by the UCOM. In this paper, we explore the reasons behind their failure to meet the UCOM requirements and then propose a secure and trusted channel protocol that meets them. In addition, the proposed protocol is also suitable to GlobalPlatform's consumer-centric smart cards. A comparison of the proposed protocol with existing smart card and selected Internet protocols is provided. Then we analyse the protocol with the CasperFDR tool. Finally, we detail the implementation and the performance measurement.