experimenting with electronic commerce on the palmpilot
DESCRIPTION
Experimenting with Electronic Commerce on the PalmPilot. Neil DaswaniDan Boneh [email protected] [email protected]. Public Key Solutions ‘99 April 12 - 14. Overview. Security Applications on a PDA (advantages / disadvantages?) - PowerPoint PPT PresentationTRANSCRIPT
1
Experimenting with Electronic Commerce on the
PalmPilot
Neil Daswani Dan Boneh
[email protected] [email protected]
Public Key Solutions ‘99April 12 - 14
2
Overview
Security Applications on a PDA(advantages / disadvantages?)
How about a payment system?(wide-deployment of PDAs?)
Is this feasible with existing PDA technology?
3
Outline
Trade-offsE-Commerce on the PalmPilotPDA-PayWordPerformanceConclusions
4
Trade-offs
Vs. SmartCards no tamper resistance no cryptographic accelerators
direct line of communication with user more processing power more memory
5
Trade-offs
Vs. Desktops
less memory less processing power
portable
6
E-Commerce on the PalmPilot
Security Features (Lack of?)Cryptographic PrimitivesAuthenticationMemory Mgmt. & BackupsPrototypical Application
7
Security Features (Lack of?)
Databases -- No Access Control non-volatile creatorID “secret” attribute (just a suggestion)
Password Entry
8
* DES, SHA-1, RSA figures obtained with SSLeay* ECC-DSA figures obtained with Certicom Security Builder Toolkit
Cryptographic PrimitivesAlgorithm Time
DES Encryption 4.9ms / blockSHA-1 2.7ms / block512-bit RSA key gen. 3.4 minutes512-bit RSA sig. gen. 7028 ms512-bit RSA sig. verify 438 ms163-bit ECC-DSA key gen. 597 ms163-bit ECC-DSA sig. gen 776 ms163-bit ECC-DSA sig. verify 2448 ms
9
E-Commerce on the PalmPilot
Authentication Pro: direct line of communication with
owner Con: entering passwords
Memory Management & Backups Encrypted Storage (Instrument Manager) PalmPilot Databases (deletion, double
spending)
10
E-Commerce on the PalmPilot
Small payments ($5 -> $50)
Target Application: Pony Vending Machine
11
E-Commerce on the PalmPilot
Where to start? PayWord (Rivest, Shamir)
Why PayWord? amortize cost of signatures coins = hash tokens
12
PDA-PayWord
PalmPilot implementation of PayWord
Minimize cryptographic operations
Minimize storage requirements
13
PDA-PayWord Characteristics
Vendor-Specific
Pre-Pay (Debit-Based)
Vendor = Bank
Hash Chain Based
14
PDA-PayWord: Withdrawal
Y0
Y1
Yk
{Y{Ykk, k, d, vid}, k, d, vid}SSECC-DSAECC-DSA(User)(User)
User’s Wallet
Bank
Pre-Paid?
YesHCC=HCC={Y{Ykk, k, d, exp,vid}, k, d, exp,vid}SSRSARSA (Bank) (Bank)
15
PDA-PayWord: Purchase
Y0
Y1
Yk-i Yk-i, i, HCC
User’s Wallet
Yk-i
Yk-i+1
Yk
Vendor
16
PDA-PayWord: Withdrawal Timings
Amount($)
Hash ChainSize (words)
Avg time(ms)
5 100 504
10 200 896
20 400 1667
50 1000 3970
Sign Withdrawal Request (ECC-DSA) +Receive HCC = 1874msHash Chain CertificateVerification: 1008ms
Note: d = 5
17
PDA-PayWord: Purchase Timings
InstrumentAmount ($)
HashesReq’d
(words)
TransactionTime (ms)
5 70 1090
10 170 1467
15 370 2267
50 970 4580
(First time $1.50 buy)
18
PDA-PayWord Variations
Multiple hash chains / Multiple denominations
Storing “sentinel” values
Multiple Vendors (Introduce Online Broker)
19
Conclusions / Summary
PDA = portable commerce device w/o
tamper resistanceSuitable for small paymentsCommerce protocols can be adapted
Example: PDA-PayWord leverages best of ECC and RSA
20
Acknowledements
Certicom
Andrew Toy