ISSN XXXX XXXX © 2017 IJESC

Research Article Volume 7 Issue No.3

Fraud Resilient Device for Off-Line Micro Payments

R.Siva ku mar1 , V.Hemalatha 2 , M.Mugila3 , L.Mythili4
Assistant Professor1 , Student 2, 3, 4
Depart ment of Information Technology
Prathyusha Engineering College, Chennai, India

Abstract:
Cred it and debit card data theft is one form of cybercrime. Attackers often aim at stealing such as customer data by targetin g the Point
of Sale system, where retailer first gets the customer data. Modern POS systems are equipped with a card reader and specialized
software. User details are given as input to the POS. In this malware steals card data as soon as they are read by the device. Until the
customer and vendor are disconnected from the network, no secure on -line payment is possible. It describes a s ecure off-line micro-
payment solution that is resilient to POS data stealing. FRODO provides secure fully o ff-line payments

I. INTRODUCTION: connected to the internet, making direct access impossible for

most remote support tools. And even when an employee is
Co mputer security (Also known as cyber security or IT Security) present at the terminal, access restrictions and/or lack of
is informat ion security as applied to computers and networks. technical knowledge Makes communicating the solution to a
The field covers all the processes and mechanisms by which problem d ifficu lt. To add complications, hackers are ramp ing up
computer-based equipment, info rmation and services are their efforts to steal payment card data by gaining access to POS
protected from unintended or unauthorized access, change or systems and kiosks.
destruction. Co mputer security also includes protection from
unplanned events and natural disasters. Otherwise, in the 3. RELIAB LE OSPM SCHEMA FOR S ECURE
computer industry, the term security or the phrase computer TRANSACTION USING MOB ILE AGENT IN
security refers to techniques for ensuring that data stored in MICROPAYMENT S YS TEM
a computercannot be read or compro mised by any individuals AUTHOR: NC Kiran
without authorizat ion. Most computer security measures This project introduces a novel offline payment system in mob ile
involve data encryption and passwords. Data encryption is the commerce using the case study of micro-payments. The present
translation of data into a form that is unintellig ible without a project is an extension version of our prior study addressing on
deciphering mechanis m. A password is a secret word or phrase implication of secure micropayment system deploying process
that gives a user access to a particular p rogram or system. oriented structural design in mobile network. The previous
system has broad utilization of SPKI and hash chaining to
II. LITERATURE S URVEY: furnish reliab le and secure offline transaction in mobile
commerce. However, the current work has attempted to provide
1. PAY WORD AND MICRO MINT: TWO SIMPLE much more light weight secure offline payment system in micro-
MICROPAYMENT SCHEMES payments by designing a new schema termed as Offline Secure
AUTHOR: R. L. Ri vets Payment in Mobile Co mmerce (OSPM). The emp irical operation
are carried out on three types of transaction process considering
The Basic Paper coin method can be implemented in a variety of maximu m scenario of real time offline cases. Therefore, the
ways, to maximize ease of use for the customer in a given current idea introduces two new parameters i.e. mob ile agent and
situation. While the basic pepper coin method requires that each mobile token that can ensure better security and comparatively
consumer have digital signature capability, one can easily less network overhead.
eliminate this requirement by having a party trusted by the
consumer sign payments for him as a proxy; this might be a 4.LIGHTWEIGHT AND S ECURE PUT KEY STORAGE
natural approach in a web services environ ment. The pepper coin US ING LIMITS OF MACHINE LEARNING:
method can also be imp lemented so that it feels to the consumer A lightweight and secure key storage scheme using silicon
as a natural extension of his existing credit-card processing Physical Unclonable Functions (PUFs) is described. To derive
procedure, further increasing consumer acceptance and ease of stable PUF bits fro m ch ip manufacturing variations, a
use. lightweight error correction code (ECC) encoder / decoder is
used. With a register count of 69, this codec core does not use
2. S ECURE POS & KIOS K any traditional error correction techniques and is 75% smaller
AUTHOR: B OMGAR than a previous provably secure implementation, and yet
Limited interfaces and location within local networks, achieves robust environmental performance in 65n m FPGA and
supporting kiosks and point of sale (POS) terminals can be 0.13μ ASIC imp lementations. The security of the syndrome bits
challenging. Often they are located on networks that are not uses a new security argument that relies on what cannot be

International Journal of Engineering Science and Computing, March 2017 5853 http://ijesc.org/
learned fro m a machine learn ing perspective. The number of can monitor the system and look for transaction data in plain -
Leaked Bits is determined for each Syndrome Word, reducible text, i.e., before it is encrypted.
using Syndrome Distribution Shaping. The design is secure from
a min-entropy standpoint against a machine-learn ing-equipped 3.3 ARCHITECTUR E OF THE PROPOS ED S YSTEM
adversary that, given a ceiling of leaked bits, has a classification The proposed system has 3 modules
error bounded by ε. Nu merical examples are given using latest 1.System Construction Module
mach ine learning results. 2.Identity Element
3.Coin Element
5. B UILDING ROB US T M-COMMERC E PAYMENT 4.Attack Mit igation
SYSTEM ON OFFLINE WIREL ESS NETWORK:
1. System Constructi on Module
Mobile commerce is one of the upcoming research areas with
focus on mobile payment systems. Unfortunately, the current In the first module, we develop the System Construction module
payment systems is directly dependent on fixed infrastructure of with the various entities: Vendor, User, FRODO, PUF, Attacker.
network (cellular network), wh ich fails to facilitate optimal level This process is developed completely on Offline Transaction
of security for the payment system. The proposed system process. We develop the system with user entity initially. The
highlights a novel approach for building secure, scalable, and options are available for a new user to register first and then
flexib le e-pay ment systems in the distributed scenario of login for authentication process. Then we develop the option of
wireless adhoc network in offline mode of co mmun ication for making the Vendor Registration, such that, the new vendor
enhanced security on transaction and payment process. The should register first and then login the system for authentication
proposed system uses Simple Public Key Infrastructure for process.
providing the security in payment processes. The performance
analysis of the proposed model shows that the system is highly 2. Identity Element
robust and secure ensuring anonymity, privacy, non-repudiation
offline pay ment system over wireless adhoc network. In this module, we develop the Identity Element module
functionalities. FRoDO does not require any special hardware
III. OVERVIEW OF PROPOS ED S YSTEM component apart from the identity and the coin element that can
be either plugged into the customer device or directly embedded
3.1 Problem statement into the device.
Over the last years, several retail organizations have been
victims of informat ion security breaches and payment datatheft 3. Coin Element
targeting consumer pay ment card data and personally
identifiable information. In this module, we develop Co in Element where we develop Key
Generator and Cryptographic Element. The Key Generator is
3.2 Solution used to compute on-the-fly the private key of the coin element.
Although POS breaches are declining, they still remain an The Cryptographic Element used for symmetric and asymmetric
extremely lucrative endeavor for criminals . Customer data can cryptographic algorithms applied to data received in input and
be used by cybercriminals for fraudulent operations, and this led send as output by the coin element. The Co in Selector is
the payment card industry security standards council to establish responsible for the selection of the right registers used together
data security standards for all those organizations that handle with the output value computed by the coin element PUF in
credit, debit, and ATM cardholder informat ion. Regardless of order to obtain the final coin value; The Co in Registers used to
the structure of the electronic payment system, POS systems store both PUF input and output values required to reconstruct
always handle information, oftentimes, they also require emote original coin values. Coin reg isters contain coin seed and coin
management. Usually, as depicted in, POS system sactas helper data. Coin seeds are used as input to the PUF wh ilst coin
gateways and require some sort of network connection in order helpers are used in order to reconstruct stable coin values when
to contact external credit card processors. This is mandatory to the PUF is challenged.
validate transactions. However, larger businesses that wish to tie
their POS with other back-end systems may connect the former 4. Attack Mitigati on
to their own internal networks. In addition, to reduce cost and In this module we develop the Attack Mitigation process. The
simp lify ad min istration and maintenance, POS devices may be read-once property of the erasable PUF used in this solution
remotely managed over these internal networks. However, a prevents an attacker fro m co mputing the same coin twice. The
network connection might not be available due to either a private keys of both the identity and coin elements are needed to
temporary network service disruption or due to a permanent lack decrypt the request of the vendor and can be computed only
of network coverage. Last, but not least; such on-line solutions within the customer device. The fake vendor could then try to
are not very efficient since remote communication can forge a new emulated identity/coin element with private/ public
introduced elays in the payment process. Most POS attacks can key pair. However, identity/coin element public keys are valid
be attributed to organized criminal groups . Brute forcing remote only if signed by the bank. As such, any message received by an
access connections and using stolen credentials remain the unconfirmed identity/coin element will be immediately rejected;
primary vectors for POS intrusions. However, recent Each coin is encrypted by either the bank or the coin element
developments show the resurgence of RAM-scraping malware. issuer and thus it is not possible for an attacker to forge new
Such attacks, once such malware is installed on a POS terminal, coins

International Journal of Engineering Science and Computing, March 2017 5854 http://ijesc.org/
 VI. REFER ENCES

[1]. VanesaDaza, Roberto Di Pietro, Flavio Lo mbardi, And

MatteoSignorini “Off-Line micro-Pay ments”, Dependable And
Secure Co mputing, IEEE Transactions On (Volu me:PP , Issue:
99 ), 12 June 2015

[2]. R. L. Rivest, “Payword and micro mint: two simple

micropay ment schemes,” in CryptoBytes, 1996, pp. 69–87.

[3]. W. Chen,G. Hancke,K. Mayes,Y. Lien, and J.-H.

Chiu,“Using 3G network co mponents to enable NFC mob ile
transactions and authentication,” in IEEE PIC ’10, vol. 1, Dec
2010, pp. 441 –448.
3.4 Result Anal ysis
The Performance Analysis is generated to check whether the [4]. T. Nishide and K. Sakurai, “Security of offline anonymous
data is transmitted between the Client and Server in a error free electronic cash systems against insider attacks by untrusted
manner. It can avoid the data loss during the transmission. So the authorities revisited,”ser. INCOS’11.Washington, DC, USA:
client can make use of data in a efficient manner. IEEE Co mp. Soc., 2011, pp.656–661.
IV. CONCLUS IONS [5]. M. A. Salama, N. El-Bendary, and A. E. Hassanien,
“Towards secure mobile agent based e-cash system,” in Intl.
In this project we have introduced FRODO that is, to the best of Workshop on Security and Privacy Preserving in e-Societies.
our knowledge, the first data-breach-resilient fully offline micro- New York, NY, USA: A CM, 2011, pp. 1– 6.
payment approach. The security analysis shows that FRODO
does not impose trustworthiness assumptions. Further, FRODO [6]. J. Guajardo, S. S. Ku mar, G.-J. Schrijen, and P. Tuyls,
is also the first solution in the literature where no customer “FPGA intrinsic PUFs and their use for IP protection,” ser.
device data attacks can be exploited to compro mise the system. CHES ’07. Berlin, Heidelberg : Springer-Verlag, 2007, pp. 63–
This has been achieved mainly by leverag ing a novel erasable 80.
PUF arch itecture and a novel protocol design. Furthermore, our
proposal has been thoroughly discussed and compared against [7]. S. Go mzin, Hacking Point of Sa le: Pay ment Application
the state of the art. Our analysis shows that FRODO is the only Secrets, Threats, and Solutions, 1st ed. Wiley Publishing, 2014.
proposal that enjoys all the properties required to a secure micro -
payment solution, while also introducing flexibility when [8]. Y. Dodis, R. Ostrovsky, L. Reyzin, and A. Smith, “Fu zzy
considering the payment med iu m (types of digital co ins). extractors: Ho w to generate strong keys from b io metrics and
Finally, some open issues have been identified that are left as other noisy data,” SIAM J.Co mpute, vol. 38, no. 1, pp. 97– 139,
future work. In part icular, we are investigating the possibility to mar 2008.
allo w digital change to be spent over multip le off-line
transactions while maintaining the same level of security and [9]. B. Kori, P. Tuyls, and W. Ophey, “Robust key extraction
usability. fro m physical uncloneable functions,” in Applied Cryptography
and Network Security,ser. LNCS, J. Ioannidis, A. Kero mytis,
V. FUT URE S COPE and M. Yung, Eds. Springer Berlin Heidelberg, 2005, vol. 3531,
pp. 407–422.
We have introduced FRODO that is, to the best of our
knowledge, the first data-breach-resilient fully off-line [10]. M.-D. Yu , D. M Raih i, R. Sowell, and S. Devadas,
micropay ment approaches . The security analysis shows that “Lightweight and Secure PUF Key Storage Using Limits of
FRODO does not impose trustworthiness assumptions. Further, Machine Learning,” in CHES 2011, ser. LNCS, B. Preneel and
FRODO is also the first solution in the literature where no T. Takagi, Eds. Springer Berlin Heidelberg, 2011, vol. 6917, pp.
customer device data attacks can be explo ited to compro mise the 358–373.
system. This has been achieved main ly by leveraging a novel
erasable PUF arch itecture and a novel protocol design.
Furthermore, our proposal has been thoroughly discussed and
compared against the state of the art. Our analysis shows that
FRODO is the only proposal that enjoys all the properties
required to a secure micro-pay ment solution, while also
introducing flexib ility when considering the payment mediu m
(types of digital coins). Finally, some open issues have been
identified that are left as future work. In particular, we are
investigating the possibility to allo w digital change to be sp ent
over multip le off-line transactions while maintaining the same
level of security and usability.

International Journal of Engineering Science and Computing, March 2017 5855 http://ijesc.org/