A SECURITY ARCHITECTURE ACHIEVING …ijcsmc.com/docs/papers/February2014/V3I2201499a50.pdfControlled anonymity provides a healthy balance between privacy and security issues thus avoiding

M.Sangeetha et al, International Journal of Computer Science and Mobile Computing, Vol.3 Issue.2, February- 2014, pg. 653-658

© 2014, IJCSMC All Rights Reserved 653

Available Online at www.ijcsmc.com

International Journal of Computer Science and Mobile Computing

A Monthly Journal of Computer Science and Information Technology

ISSN 2320–088X

IJCSMC, Vol. 3, Issue. 2, February 2014, pg.653 – 658

RESEARCH ARTICLE

A SECURITY ARCHITECTURE ACHIEVING

ANONYMITY AND TRACEABILITY IN

PAYMENT BASED SYSTEM

M.Sangeetha1, S.Rajasulochana

2, S.Shanmathi

3

1M.E Computer Science and Engineering, SriGuru Institute of Technology, Coimbatore



1 [email protected], 2 [email protected], 3 [email protected]

Abstract: Anonymous profitable transactions can protect the privacy of clients. Some clients prefer to use cash when buying

everyday possessions to put off sellers from aggregating in sequence or soliciting them in the future. E-cash are associated to

a user's name, and can be used to determine other information, such as address, mobile number, etc. The E-cash system was

residential to allow secure anonymous transactions. Many loyalty programs use cards that personally recognize the user

tempting in each transaction or that act as a mathematical pseudonym, for use in data mining. The paper proposes a key

based protocol that enhances security in mobile transaction there by helping the bank admin to find the identity and the time

of misuse.

Keywords: Blind mark; e – cash; key based protocol; anonymity; traceability

I. INTRODUCTION

Not every system is completely secured. One of the crucial challenges of payment based system is anonymity and

privacy. Controlled anonymity provides a healthy balance between privacy and security issues thus avoiding anonymity misuse.

Security in general can be defined by three terms namely:

Confidentiality – termed as secrecy in data transfer

Integrity – can also be termed as trustworthiness. It ensures that the content remains unaltered

Authentication – refers to the identity of the person accessing the data

It is essential that a strong security protocol should address these three core areas.

Privacy and anonymity are two issues that are under a serious research these days. Privacy refers to the fact that the

information should be safe from third party disclosure. Thus a strong access control is essential to get rid of various attacks like

replay attack, brute-force attack and the like. Access control can be provided in various ways like role-based access control,



Mandatory access control and discretionary access control etc. Secure Socket Layer (SSL) ensures privacy in transferring user

documents across the internet. SSL overcomes the lack of trust between parties involved in transaction by ensuring

confidentiality through encryption, integrity through checksums, and authentication via server certificates.

Fig.1 Payment based system

The world has moved onto the next phase where all the transaction where everything is electroic based. All the packets

been sent are in the form of tokens, where the token is issued by a trusted third party. In order to ensure that the history of

information is not available to anyone, one need to ensure not only privacy but also anonymity. In particular it is essential that,

Payer anonymity

Payer traceability

need to be ensured in a wide scale.

II. PREVIOUS WORK

In wireless communication systems, it is easier for a global observer to mount traffic analysis attacks by following the

packet forwarding path. Thus, routing anonymity is indispensable, which conceals the confidential communication relationship

of two parties by building an anonymous path between them. Nevertheless, unconditional anonymity may incur insider attacks

since misbehaving users are no longer traceable. Therefore, traceability is highly desirable such as in e-cash systems where it is

used for detecting and tracing double-spenders.

Disadvantages

In the existing Systems, there exist conflicts between the anonymity and traceability.

The fundamental security requirements including authentication, confidentiality, data integrity, and

non-repudiation are not achieved.

It has heavy wireless links.

Blind signature can use only for normal verifications.



III. IMPLEMENTATION

The proposed work is implemented in the following ways:

A. E – Cash System

E – Cash is a privacy preserving mechanism used in payment based system to ensure anonymity and privacy. There

are two ways of counterfeiting physical cash in an electronic cash system:

Token forgery

Multiple spending

In order to avoid token forgery, in the proposed system, token is generated randomly generated during each transaction and the

system prompts the user to register during each transaction.

B. Initial Verification

Initial verification is done by blind mark process. A blind mark scheme allows a receiver to obtain a signature or mark on

a message such that both the message and the resulting mark remain unknown to the signer. We refer the readers for a formal

description of a blind mark scheme, which should bear the properties of verifiability, unlinkability, and unforgeability. Blind

mark scheme, where the restrictiveness property is included into the blind mark scheme such that the message being signed

must hold encoded information. As the name suggests, this property restricts the user in the blind mark scheme to embed some

account-related clandestine information into what is being signed by the bank (otherwise, the sign will be unsuccessful) such

that this secret can be recovered by the bank to identify a user if and only if he double-spends. The restrictiveness property is

essentially the assurance for traceability in the restrictive blind mark systems.

C. Key Issuance

In sequence to maintain security of the multipart against attacks and the equality among clients, the home server

manager may control the access of each client by issuing keys based on the mischief history of the client, which reflects the

server manager’s confidence about the client to act properly. Key issuance occurs when the client initially attempts to access the network or when all previously issued keys are used up. The client needs to disclose his real ID to the server executive in order

to obtain a key since the server executive has to ensure the faithfulness of this client.

D. Scam Detection

Key reuse usually results from the client’s inability to obtain key from the TA when network right to use is desired, primarily due to the client’s past mischief, which causes the server manager to limit his key requests.

E. Primary security objectives

It is trifling to show that our security architecture satisfy the security requirements for authentication, data integrity, and confidentiality, which follows directly from the employment of the standard cryptographic primitives, message authentication

code, and encryption, in our system. We are only left with the proof of non repudiation in this class. A scam can be repudiate

only if the client can provide a different demonstration, knows of communication from what is derivative by the server

manager.

IV. RESULTS

A. Message Transaction

Administrator will be the total controller of the project.

The blind mark scheme to embed some account-related secret information signed by the bank.

Each and every Transfer will be based on their key and one time password provided by admin.

Key is provided to the user at the time of transaction to their mobile or email id.



Fig.2 Message transaction

B. Amount Transaction

The account number is stored with the client’s ID at the Key.

Customer account is activated by administrator and one time password is provide to them for

transaction

Each and every Transfer will be based on their key and one time password provided by admin

Fig.3 Amount transaction



C. Blind Message

Transaction is based on the Key and one time password.

Key is provided to the user at the time to their mobile or Email id.

Registered and authenticated persons only make transaction.

Fig.4 Blind Message

D. Received SMS

Each client can receive the broadcast messages.

Fig.5 Received SMS



V. CONCLUSION

A security architecture mainly consisting of the key-based protocols, which resolve the contradictory security

requirements of unconditional anonymity for honest users and traceability of misbehaving users. By utilizing the key, the

proposed approach is established to accomplish ideal security objectives and effectiveness. This type of E-cash system is

focused on in this paper. As the name implies, electronic cash is an effort to make an electronic expense system modeled after

our paper. The main design goal of E-cash system is to pay attention to protect the applications of intractability and anonymity.

Thus, E- cash is distinct to be an electronic payment system that provides, in calculation to the above refuge features, the property of consumer anonymity and payment intractability.

ACKNOWLEDGEMENT

The authors would like to thank the staff and students of SriGuru Institute of technology, friends and family members

for their support and guidance in bringing this research article. The authors would also like to thank them for their valuable support.

REFERENCES

[1] Balakrishnan.H, Barrett.C, Kumar.V, Marathe.M(2004), ‘The distance-2 matching problem and its relationship to the maclayer capacity of ad hoc networks’, IEEE Journal on Selected Area in Communications.

[2] Bui.L, Srikant.R(2009), ‘Novel architectures and algorithms for delay reduction in back-pressure scheduling and

routing’, INFOCOM Mini-Conference.

[3] Chaporkar.P, Kar.K(2009), ‘Throughput guarantees through maximal scheduling in wireless networks’.

[4] Dai.J.G, and Lin.W(2005), ‘Maximum pressure policies in stochastic processing networks. Operations Research’.

[5] Dai.J.G, and Lin.W(2007), ‘Asymptotic optimality of maximum pressure policies in stochastic processing networks’.

[6] Dupuis.H and Hajek.B(1994), ‘A simple formula for mean multiplexing delay for indep endent regenerative sources’.

[7] Feldmann.A, Kammenhuber.N, Maennel.O(2004), ‘A methodology for estimating interdomain web traffic demand’.

[8] Georgiadis.L, Neely.M.J, and Tassiulas.L(2006), ‘Resource Allocation and Cross-Layer Control in Wireless

Networks’.

[9] Gupta.G.R(2009), ‘Delay Efficient Control Policies for Wireless Networks’, Ph.D. Dissertation, Purdue University.

[10] GuptaG.R, Sanghavi.S, and Shroff.N.B(2009), ‘Workload optimality in switches without arrivals. MAthematical

performance Modeling and Analysis’.

Authors Profile

M Sangeetha was born in Theni on 26th December 1990. She received her B.Tech.(IT) degree from Periyar

Maniammai University, Thanjavur, Tamil Nadu in 2012. She is currently pursuing M.E. (CSE) degree in

SriGuru Institute of Technology, Coimbatore, Tamil Nadu. She has Published articles in various international

journals. She is interested in Secure Computing, Data mining, Audio mining.

S. Rajasulochana was born in Coimbatore on 26th June 1990. She received her B.E. (CSE) from Dr.

Mahalingam College of Engineering and Technology, Pollachi, Tamil Nadu in 2012. She is currently pursuing

her M.E (CSE) in SriGuru Institute of Technology, Varathayangarpalayam, Coimbatore, Tamil Nadu. She has

published an application for Windows Phone 7 and got certified. Her areas of interest include Cloud Computing

and Machine learning.

S.Shanmathi was born in Tiruchengode on 8th Augest 1991. She received her B.E (CSE) degree from Sengundhar College of Engineering Tiruchengode, Tamil Nadu in 2012. She is currently pursuing M.E. (CSE)

degree in SriGuru Institute of Technology, Coimbatore, Tamil Nadu. She has presented papers in various

national conferences. Her areas of interest are Network Security, Datastructures and web designing.

Documents

A SECURITY ARCHITECTURE ACHIEVING …ijcsmc.com/docs/papers/February2014/V3I2201499a50.pdfControlled anonymity provides a healthy balance between privacy and security issues thus avoiding