1 Lecture 8 Electronic Commerce Modelling Techniques Electronic Commerce.
Experimenting with Electronic Commerce on the PalmPilot
description
Transcript of Experimenting with Electronic Commerce on the PalmPilot
1
Experimenting with Electronic Commerce on the
PalmPilot
Neil Daswani, Dan Boneh,Stanford University
2
Trade-offs
Vs. SmartCards no tamper resistance no cryptographic accelerators
direct line of communication with user more processing power more memory
3
Trade-offs
Vs. Desktops
less memory less processing power
portable
4
* DES, SHA-1, RSA figures obtained with SSLeay* ECC-DSA figures obtained with Certicom Security Builder Toolkit
Cryptographic PrimitivesAlgorithm Time
DES Encryption 4.9ms / blockSHA-1 2.7ms / block512-bit RSA key gen. 3.4 minutes512-bit RSA sig. gen. 7028 ms512-bit RSA sig. verify 438 ms163-bit ECC-DSA key gen. 597 ms163-bit ECC-DSA sig. gen 776 ms163-bit ECC-DSA sig. verify 2448 ms
5
E-Commerce on a PDA
Small payments ($5 -> $50)
Target Application: Pony Vending Machine Pre-pay Vendor-specific
Where to start? PayWord (Rivest, Shamir)
6
PDA-PayWord
PalmPilot implementation of PayWord
Minimize cryptographic operations
Minimize storage requirements
7
PDA-PayWord: Withdrawal
Y0
Y1
Yk
{Y{Ykk, k, d, vid}, k, d, vid}SSECC-DSAECC-DSA(User)(User)
User’s Wallet
Bank
Pre-Paid?
YesHCC=HCC={Y{Ykk, k, d, exp,vid}, k, d, exp,vid}SSRSARSA (Bank) (Bank)
8
PDA-PayWord: Purchase
Y0
Y1
Yk-i Yk-i, i, HCC
User’s Wallet
Yk-i
Yk-i+1
Yk
Vendor
9
PDA-PayWord: Withdrawal Timings
Amount($)
Hash ChainSize (words)
Avg time(ms)
5 100 504
10 200 896
20 400 1667
50 1000 3970
Sign Withdrawal Request (ECC-DSA) +Receive HCC = 1874msHash Chain CertificateVerification: 1008ms
Note: d = 5
10
PDA-PayWord: Purchase Timings
InstrumentAmount ($)
HashesReq’d
(words)
TransactionTime (ms)
5 70 1090
10 170 1467
15 370 2267
50 970 4580
(First time $1.50 buy)
11
Conclusions / Summary
PDA = portable commerce device w/o
tamper resistanceSuitable for small paymentsCommerce protocols can be adapted
Example: PDA-PayWord leverages best of ECC and RSA
Acknowledgements: Andrew Toy & Certicom