An Improved E-Payment System and Its Extension to a Payment System for Visually Impaired and Blind People with User Anonymity

Electronic payment systems have become increasingly popular due to the widespread use of the internet-based shopping and banking. Such systems should at least guarantee users’ anonymity during the transaction, fair exchange of goods and offer dispute resolutions. As many of the electronic payments are nowadays performed on mobile devices, also efficiency with respect to communication and computation costs at the user’s side is another important requirement. In this paper we first show that a previously proposed system does not offer the claimed anonymity and non repudiation features. These issues are based on problems in the underlying authenticated encryption scheme. We propose an alternative system that satisfies all the required security features. In addition, we show how similar techniques can be applied to develop a payment system on a vending machine or in a retail outlet for the user using its smartphone as proxy, allowing besides confidentiality and authentication, also user anonymity throughout the whole process. This payment system is in particular of interest for blind or visually impaired people, who become able to take the whole payment process in own hands, instead of being dependent of the payment device and the possibly untrusted environment. Both payment systems apply the anonymous signcryption scheme ASEC as building block.

     

Algorithm of blockchain data provenance based on ABE

To solve the problem that the blockchain-based traceability algorithm mainly used homomorphic encryption and zero-knowledge proof for privacy protection,making it difficult to achieve dynamic sharing of traceability information,a blockchain data traceability algorithm based on attribute encryption was proposed.In order to realize the dynamic protection of transaction privacy,the strategy update algorithm applicable to block chain was designed based on the CP-ABE scheme proposed by Waters to achieve dynamic protection of transaction privacy.In order to realize the dynamic update of the visibility about block content,based on the strategy update algorithm,the block structure was designed to achieve the dynamic update about the content visibility of the block.The security and experimental simulation analysis show that the proposed algorithm can realize the dynamic sharing of traceability information while completing the protection transaction privacy.     

Cryptanalysis and Improvement of an Anonymous Authentication Protocol for Wireless Access Networks

Authentication protocols with anonymity attracted wide attention since they could protect users’ privacy in wireless communications. Recently, Hsieh and Leu proposed an anonymous authentication protocol based on elliptic curve Diffie–Hellman problem for wireless access networks and claimed their protocol could provide anonymity. However, by proposing a concrete attack, we point out that their protocol cannot provide user anonymity. To overcome its weakness, we propose an improved protocol. We also provide an analysis of our proposed protocol to prove its superiority, even though its computational cost is slightly higher.     

一种金融级安全的区块链资产交易系统

提出了一种基于同态加密和环签名的区块链资产交易系统,通过同态加密技术可以对用户交易信息进行加密,使其对其他用户不可见,而环签名可以对同态加密后的密文进行业务合法性校验,保证交易合法性。该方法可以使区块链上原本公开透明的用户资产交易信息得到保护,具有去中心化、安全可靠和易用性高的特点,可以有效地起到保护用户隐私的作用,有利于促进增强区块链在金融资产交易场景中的用户交易信息隐私保护功能,有利于促进区块链隐私保护技术在金融场景中的落地和发展。     

内容中心网络中面向隐私保护的协作缓存策略

针对内容中心网络节点普遍缓存带来的隐私泄露问题,在兼顾内容分发性能的基础上,该文提出一种面向隐私保护的协作缓存策略。该策略从信息熵的角度提出隐私度量指标,以增大攻击者的不确定度为目标,首先对于缓存策略的合理性给予证明;其次,通过构建空间匿名区域,扩大用户匿名集合,增大缓存内容的归属不确定性。缓存决策时,针对垂直请求路径和水平匿名区域,分别提出沿途热点缓存和局域hash协同的存储策略,减小缓存冗余和隐私信息泄露。仿真结果表明,该策略可减小内容请求时延,提高缓存命中率,在提升内容分发效率的同时增强了用户隐私保护水平。     

利用Smart卡的可撤销匿名性的电子支付系统

本文对文（１）提出的利用Ｓｍａｒｔ卡的电子支付系统进行了改进,提出了一种可撤销用户匿名性的支付系统,一方面,它能有效地保护用户的隐私,另一方面,在银行的协助下,一个可信第三方（委托人）可撤销用户的匿名性。因此可有效地防止钱的伪造、含污和敲诈。     

Preserving User Anonymity in Context‐Aware Location‐Based Services: A Proposed Framework

Protecting privacy is an important goal in designing location‐based services. Service providers want to verify legitimate users and allow permitted users to enjoy their services. Users, however, want to preserve their privacy and prevent tracking. In this paper, a new framework providing users with more privacy and anonymity in both the authentication process and the querying process is proposed. Unlike the designs proposed in previous works, our framework benefits from a combination of three important techniques: k‐anonymity, timed fuzzy logic, and a one‐way hash function. Modifying and adapting these existing schemes provides us with a simpler, less complex, yet more mature solution. During authentication, the one‐way hash function provides users with more privacy by using fingerprints of users' identities. To provide anonymous authentication, the concept of confidence level is adopted with timed fuzzy logic. Regarding location privacy, spatial k‐anonymity prevents the users' locations from being tracked. The experiment results and analysis show that our framework can strengthen the protection of anonymity and privacy of users by incurring a minimal implementation cost and can improve functionality.     

A novel attributes anonymity scheme in continuous query

In location-based service (LBS), the un-trusted LBS server can preserve lots of information about the user. Then the information can be used as background knowledge and initiated the inference attack to get user’s privacy. Among the background knowledge, the profile attribute of users is the especial one. The attribute can be used to correlate the real location in uncertain location set in both of the snapshot and continuous query, and then the location privacy of users will be revealed. In most of the existing scheme, the author usually assumes a trusted third party (TTP) to achieve the profile anonymity. However, as the TTP disposes all anonymous procedure for each user, it will become the center of attacks and the bottleneck of the query service. Furthermore, the TTP may be curious about user’s privacy just because of the commercial consideration. In order to deal with the inference attack and remedy the drawback of TTP scheme, we propose a similar attributes anonymous scheme which based on the CP-ABE, and with the help of center server and collaborative users, our scheme can resist the inference attack as well as the privacy detection of any entity in the service of query. At last, security analysis and experimental results further verify the effectiveness of our scheme in privacy protection as well as efficiency of the algorithm execution.     

Applying privacy on the dissemination of location information

Recent achievements in the positioning technology enable the provision of location-based services that require high accuracy. On the other hand, location privacy is important, since position information is considered as personal information. Thus, anonymity and location privacy in mobile and pervasive environments has been receiving increasing attention during the last few years, and several mechanisms and architectures have been proposed to prevent “big brother” phenomena. In this paper, we discuss an architecture to shield the location of a mobile user and preserve the anonymity on the service delivery. This architecture relies on un-trusted entities to distribute segments of anonymous location information, and authorizes other entities to combine these portions and derive the actual location of a user. The paper describes how the proposed architecture takes into account the location privacy requirements, and how it is used by the end users’ devices, e.g., mobile phones, for the dissemination of location information to Service Providers. Furthermore, it discusses performance study experiments, based on real location data, and summarizes the threats analysis results.     

商业银行移动支付安全研究

移动支付无疑是目前互联网金融领域最为引人关注的焦点。然而,用户在享受移动支付方便快捷服务的同时,却面临着严峻的安全问题：手机木马、隐私泄露等事件层出不穷,大量具有完整攻击行为的金融支付类病毒,可在远程/近场支付过程中对用户的账户、密码、验证码等信息进行直接窃取。安全性问题已经严重阻碍了移动支付市场的进一步发展。针对上述问题,以金融机构的角度,全面梳理移动支付中的安全问题,包括移动终端安全、支付安全（包括近场支付、远程支付）、网络安全、业务交互逻辑安全等。此外,对学术界与产业界中相关安全关键技术的研究现状进行了分析与归纳。最终,基于上述阶段性的研究成果,给出移动支付安全体系设计架构与规划建议,指引未来商业银行在移动金融领域的信息安全研究重点与方向。     

Rumor Riding: An Anonymity Approach for Decentralized Peer to Peer Systems

The anonymizing peer to peer (P2P) system is frequently incurred additional expense in order to efficiency transfer and various systems execute to disguise the uniqueness privacy considerations issues for their users. Although, an anonymity technique mostly existing path base peer before transmits, it has pre-create an anonymous path. An information as well as maintenance transparency of path is a lot high. In this paper it has been proposed mutual anonymity rumor riding (RR) protocol for decentralization environment P2P systems. The very heavy load path construction carries by RR system using random walk mechanism for free initiate peers. We evaluate with before RSA based and also anonymity approach based on AES, RR get extra benefit of lower cryptographic overhead mostly to get anonymity using asymmetric cryptographic algorithm. We illustrate design and effectiveness during the simulations by trace driven. RR is very effect and efficient than previous protocols the experimental and analytical result shows us.     

A Fairness-Enhanced Micropayment Scheme

The micropayment scheme is widely used in the electronic payment, where the transaction value is tiny, meanwhile, the number of transactions is very huge. Recently, Liu and Yan proposed a lightweight micropayment scheme to achieve the efficiency, the fairness, and the privacy. However, the bank in the Liu–Yan’s scheme maybe obtain the illegal benefits by controlling the selective result. In this paper, an enhanced fairness micropayment scheme is presented to resist the attack from the malicious bank. In addition, considering that most of the users have no motivation to verify the result due to the tiny transaction value, the observers are employed to audit the process for ensuring the fairness.     

CP-ABE based users collaborative privacy protection scheme for continuous query

In location-based services (LBS),as the untrusted LBS server can be seen as an adversary,and it can utilize the attribute as background knowledge to correlate the real location of the user in the set of uncertain locations.Then the adversary can gain the location privacy when the user enjoys the snapshot and continuous query through the correlation inference attack.In order to cope with this attack,the main scheme in privacy protection is to generalize the attribute and achieve attribute anonymity.However,algorithms of this type usually assumes a trusted third party (TTP) which provides the service of similarity attribute finding and comparing,and it is unpractical in the real environment,as the TTP may become the point of attack or the bottleneck of service and it cannot be considered as the trusted one all the time.Thus,to cope with the correlation inference attack as well as the semi-trusted third party,ciphertext policy attribute based encryption (CP-ABE) and users collaboration based attribute anonymous scheme was proposed.In this scheme,the user coupled achieve location and attribute anonymity.Furthermore,this scheme could also provide security for attacks from the semi-trusted third party as well as semi-trusted collaborative users.At last,security analysis and the experiment results further verify the effectiveness of privacy protection and the efficiency of algorithm execution.     

个人移动数据收集中的多维轨迹匿名方法

在情景感知位置服务中,移动互联网络的开放性使得个人移动数据面临巨大的安全风险,移动数据的时空关联特性对个人数据的隐私保护提出重大挑战.针对基于时空关联的背景知识攻击,本文提出了一种多维的轨迹匿名隐私保护方法.该方法在匿名轨迹数据收集系统的基础上,基于多用户协作的隐私保护模式,通过时间匿名和空间匿名算法,实现用户的隐私保护.实验结果表明,该方法可以有效的对抗基于位置和移动方式的背景知识攻击,满足了k-匿名的隐私保护要求.     

区块链用户匿名与可追踪技术

区块链具有透明性、数据完整性、防篡改等优点,在金融、政府、军事等领域有重要应用价值。目前有越来越多的工作研究区块链的隐私保护问题,典型的包括门罗币、Zerocash, Mixcoin等等。这些隐私保护方法可以用于保护区块链上用户的身份和交易的金额。隐私保护方案是双刃剑,一方面是对合法用户隐私的完善保护,另一方面如果完全脱离监管,则是对洗钱、勒索等违法犯罪行为的姑息和纵容。针对区块链上各种层出不穷的隐私保护方案,监管也要与时俱进。该文研究区块链用户身份的隐私保护和监管方法,提出了用户匿名和可追踪的技术,旨在推动区块链在实际中的应用。     

一种针对共谋攻击的I2P节点选择优化算法

随着网络技术的迅猛发展,人们的个人隐私保护意识逐渐提高,越来越多的用户为了保护自己的隐私安全,选择在暗网与他人进行互联沟通。I2P作为当前使用最广泛的匿名网络之一,虽然有着较好的保证网络内用户匿名性的机制,但是也有不足。在简单介绍I2P技术原理的基础上,分析I2P容易受到的网络攻击手段,提出了一种针对共谋攻击的节点选择优化算法,能够有效减少网络攻击对I2P网络匿名性的影响。     

Approach of location privacy protection based on order preserving encryption of the grid

The centralized structure of the trusted third party is a major privacy protection structure on location based services.However,if the central third party server can not be trusted or compromised,users have the risk of leakage of privacy location.Aiming at the above problems,location privacy protection approach based on a user-defined grid to hide location was proposed.The system first automatically converted the query area into a user-defined grid,and then the approach utilized order preserving encryption,which made the user’s real-time position in the hidden state could still be compared.Because the information in the process of the approach was in a state of encryption,the server could not know the user’s location information,thus improved privacy protection of the user location.The central third party server only need to do simple comparison work,so its processing time overhead would effectively decrease.Security analysis certificate the security of the proposed approach and simulation experimental show the proposed approach can reduce the time cost of the central third party server.     

Mobile Payment Based on Transaction Certificate Using Cloud Self‐Proxy Server

Recently, mobile phones have been recognized as the most convenient type of mobile payment device. However, they have some security problems; therefore, mobile devices cannot be used for unauthorized transactions using anonymous data by unauthenticated users in a cloud environment. This paper suggests a mobile payment system that uses a certificate mode in which a user receives a paperless receipt of a product purchase in a cloud environment. To address mobile payment system security, we propose the transaction certificate mode (TCM), which supports mutual authentication and key management for transaction parties. TCM provides a software token, the transaction certificate token (TCT), which interacts with a cloud self‐proxy server (CSPS). The CSPS shares key management with the TCT and provides simple data authentication without complex encryption. The proposed self‐creating protocol supports TCM, which can interactively communicate with the transaction parties without accessing a user's personal information. Therefore, the system can support verification for anonymous data and transaction parties and provides user‐based mobile payments with a paperless receipt.     

Anonymizing region construction scheme based on query range in location-based service privacy protection

Since k-anonymity method can reduce the users’ computation cost and provides the precise query results,it has been widely used to protect the user’s privacy in location-based service.However,the existing schemes did not consider the size of the querying region for location based service provider (LSP) during the construction of the anonymizing region,which led that the quality of service was low.To solve this problem,the user’s querying range was introduced to present a novel anonymizing region construction scheme.In the proposal,the anonymity server first generated the original anonymizing sub-regions according to the user’s privacy requirements,and then merged these sub-regions to construct the anonymity region submitted to LSP based on the size of corresponding querying regions.The security and experiment analysis show that the presented scheme not only protects the user’s privacy effectively,but also decreases LSP’s querying regions,thereby improving the quality of service.     

Bidirectional authentication key agreement protocol supporting identity’s privacy preservation based on RLWE

In order to solve the problem of identity privacy preservation between two participants involved when implementing authenticated key agreement protocol,a bidirectional authenticated key agreement protocol against quantum attack based on C commitment scheme was proposed.Through the design of C commitment function,the real identity information of two participants involved was hidden.Based on RLWE difficult problem,under the premise to ensure identity anonymity,this protocol not only completed two-way identity authentication,but also ensured the integrity of the transmitted message,furthermore,the shared session key was negotiated.After been analyzed,in terms of protocol’s execution efficiency,only two rounds of message transmission were needed to complete anonymous two-way authentication and key agreement in the proposed scheme.Compared with Ding’s protocol,the length of public key was reduced by nearly 50%.With regard to security,the protocol could resist forgery,replay,key-copy,and man-in-the-middle attacks.It is proved that the proposed protocol satisfies the provable security under the eCK model.At the same time,the protocol is based on the RLWE problem of lattices,and can resist quantum computing attacks.