Proceedings of National Conference on Computing & Information Technology (NCCIT-2017)

International Journal for Modern Trends in Science and Technology

Volume: 03, Special Issue No: 02, March 2017
ISSN: 2455-3778
http://www.ijmtst.com

Fraud Resilient Mechanism for Micro Payments at

Point of Sales
Priyusha.B1 | Bharani.Y2 | Durga Bhavani.Ch3 | B.Venu Gopal4
1,2,3,4Department of IT, Andhra Loyola Institute of Engineering & Technology, Vijayawada, Andhra Pradesh, India.

To Cite this Article

Priyusha.B, Bharani.Y, Durga Bhavani.Ch and B.Venu Gopal, “Fraud Resilient Mechanism for Micro Payments at Point of
Sales ”, International Journal for Modern Trends in Science and Technology, Vol. 03, Special Issue 02, 2017, pp. 32-38.

ABSTRACT
Cybercrimes which are most common nowadays which includes earliest forms of credit card and debit
card theft. Point of sale (PoS) is the place where the attackers often aim at steal such customer data by
targeting it. This scenario produces a shift in purchase method from classic credit cards to new approches
such as device-based payments. Nowadays, crypto-currencies and decentralized payment system are
increasingly popular, fostering a shift from physical to digital currencies. However, such payment techniques
are not common place, due to several unresolved issues, including a lack of widely accepted standards,
limited interoperability among systems and, most importantly, security. To the best of our knowledge, Fraud
Resilient Mechanism For Micro-Payments at Point of sale is the first solution that can provide secure fully
off-line payments while being resilient to all currently known PoS breaches. Our solution improves over up to
date approaches in terms of flexibility and security.

KEYWORDS: interoperability, micropayments, crypto-currencies, architecture, Fraud resilient, point of

sales(pos).

Copyright © 2017 International Journal for Modern Trends in Science and Technology
All rights reserved.

and Shamir back in 1996. Nowadays,

I. INTRODUCTION crypto-currencies and decentralized payment
PoS systems are acting like a gateways, in order systems are increasingly popular, fostering a shift
to contact external credit card processors they from physical to digital currencies.
require some sort of network connection. This is
mandatory to validate transactions. To reduce cost
of administration and maintenance, PoS devices
are managed remotely over these internal
networks. Mobile payment solutions proposed so
far can be classified as fully on-line, semi off-line,
weak off-line or fully off-line.
Widely supported by recent hardware, mobile
payment technology is still at its early stages of
evolution but it is expected to rise in the near
future as demonstrated by the growing interest in
crypto-currencies. The first pioneering
micro-payment scheme, was proposed by Rivest

32 Volume 3 | Special Issue 02 | March 2017 | ISSN:2455-3778 | www.ijmtst.com/nccit2017.html

 Proceedings of National Conference on Computing & Information Technology (NCCIT-2017)

1.1 Contribution 1.3 Secure Payment Solutions Fully Off-Line

This paper introduces and discusses Fraud Functions on Fraud Resilient Mechanism
Resilient Mechanism for Micro-payments at point In this survey says nowadays online payments
of sales, a secure off-line micro-payment approach are one of the most popular, when the customer or
using multiple physical unclonable functions. This buyer makes his payment transactions for the
features an identity element to authenticate the goods purchased with the use of the online money
customer, and a coin element where coins are not payment. In that the purchase methods from
locally stored, which are only computed on-the-fly classic credit or debit cards to new approaches like
when needed. The communication protocol used mobile- based payments, giving new market
for the payment transaction does not directly read entrant’s novel business probabilities.
customer coins. Instead, the vendor only However, many of us still resist the
communicates with the identity element in order to attractiveness and ease of revolving credit
user identification. This simplification is to transactions because of security issues. So far
communication burden with the coin element that there are a high risk for taken cards fraud so the
affected our previous approach. The main benefit is purchasers worry debit-card fraud by merchants
a simpler, faster, and more secure interaction will and different third parties. Payment transactions
be seen between the involved actors/entities. are usually processed by an electronic payment
Among properties, this two-steps protocol allows system (for short, EPS). The EPS is a separate
the bank or the coin element issuer to design function from the typical point of sale function,
digital coins to be read only by a certain specific although the EPS and PoS system may be
user. Furthermore, the identity element used to co-located on constant machine.
improve the security of the users can also be used
to malicious users. To the best of our knowledge, 1.4 Offline Micropayments without Trusted
this is the most accurate solution that can provide Hardware
secure fully off-line payments while being resilient Current electronic payment systems are not well
to all currently known PoS breaches. matched to occasional, low-valued transactions.
(For the purposes of this discussion, we use the
1.2 Fraud Resilient Mechanism for term “electronic payment system” broadly, to
micro-payments at Point of sales encompass conventional credit cards, stored-value
“Here we propose the market analysts have cards, online and offline digital cash, etc.) A central
predicted that mobile payments will overtake the requirement for any electronic payment system is
traditional marketplace, thus providing greater that a single compromise or failure should not have
convenience to consumers and new sources of catastrophic consequences. For example, it should
revenue to many companies. This scenario not be possible to double spend in a digital cash
produces a shift in purchase methods from classic system, nor should the compromise of a client’s
credit cards to new approaches such as authorization secret entail unlimited client liability
mobile-based payments, giving new market or uncollectible transactions. Traditional payment
entrants novel business chances. Widely systems are designed to prevent such failures.
supported by recent hardware, mobile payment Unfortunately, the prevention mechanisms are
technology is still at its early stages of evolution but generally too expensive to support occasional,
it is expected to rise in the near future as low-valued transactions. Typically, such systems
demonstrated by the growing interest in require online transactions, trusted client
crypto-currencies. The first pioneering hardware such as smartcards, or must assume
micro-payment scheme. Nowadays, conditions that are not always true, such as that
crypto-currencies and decentralized payment payers can be held responsible for any and all
systems are increasingly popular, fostering a shift fraud or misuse of their authorization secrets. In
from physical to digital currencies. However, such this paper, however, we present a new approach
payment techniques are not yet commonplace, due that focuses instead on risk management. Our
to several unresolved issues, including a lack of central observation is that in some applications we
widely-accepted standards, limited interoperability can relax many of the expensive requirements
among systems and, most importantly, security”. associated with electronic payment systems while
still keeping fraud or uncollectible transactions
within acceptable levels.

33 Volume 3 | Special Issue 02 | March 2017 | ISSN:2455-3778 | www.ijmtst.com/nccit2017.html

 Proceedings of National Conference on Computing & Information Technology (NCCIT-2017)

However, such payment techniques are not yet III. ATTACK METHODS
commonplace, due to several unresolved issues, Only a subset of the attacks listed in Table 1
including a lack of widely-accepted standards, represents real dangers in a fully off-line scenario.
limited interoperability among systems and, most In fact, in such a scenario only vendor and
importantly, security. Off-line scenarios are harder customer devices are involved in the transaction
to protect, customer data is kept within the PoS for and no connection to the external world is
much longer time, thus being more exposed to provided. In Figure 3 a general picture of all
attackers. Skimmers in this attack, the customer possible PoS system threats is given. It is clear
input device that belongs to the PoS system is from the picture that, no matter what the
replaced with a fake one in order to capture environment and the architectural design of the
customer’s card data. The main issue with a fully EPS are (boxes 1, 2 and 3), customer data needs at
off-line approach is the difficulty of checking the some point to be sent back to the bank or to the
trustworthiness of a transaction without a trusted coin element issuer. This means that the data read
third party. In fact, keeping track of past from the customer’s card can be stolen within the
transactions with no available connection to card reader (label A), within the cash register or
external parties or shared databases can be quite back office server (label D), while in transit between
difficult, as it is difficult for a vendor to check if the devices (label B) or while in transit to the bank
some digital coins have already been spent. (label C).

II. THREAT MODELS

Table 1 depicts the most relevant attacks and
attacker models that have been analyzed in this
work. As such, it shows both the attacks that can
be unleashed against the customer device or the
transaction protocol, and the attacks aimed at
threaten customer sensitive data. Based on the
capabilities and on the amount of devices that can
be accessed during the attack, a taxonomy of the
attackers is first introduced as follows:
• Collector: This is an external attacker able to
eavesdrop and alter messages being exchanged
between the customer and the vendor device.
• Malicious Customer: (M. Customer) this is an
internal attacker that can either physically open
the customer device to eavesdrop sensitive
information or inject malicious code within the
customer device in order to alter its behavior.
• Malicious Vendor: (M. Vendor) It is an internal
attacker that can either eavesdrop information
from the vendor device or inject malicious code in it
in order to alter its behavior.
• Ubiquitous: This is an internal attacker with In fact, many different ways to exploit PoS
complete access to all the involved devices. vulnerabilities and steal customer’s data exist:
In Fraud Resilient Mechanism for Micro-payments • Skimmers: in this attack, the customer input
at point of sale has no restrictions made on the device that belongs to the PoS system is replaced
capabilities of the attacker that is always with a fake one in order to capture customer’s card
considered as ubiquitous. data. As an example, input devices can be either
physically replaced or directly purchased with
Keywords: Collectors, Malicious Customer,
vulnerable or misconfigured software .
Malicious Vendor, Ubiquitous, Eavesdrop. • Scrapers: In this attacker, a malware is installed
within the PoS system in order to steal customer’s
card data. As an example, cybercriminals can
infect the system using phishing attacks. However,
in some other cases, the malware is installed with

34 Volume 3 | Special Issue 02 | March 2017 | ISSN:2455-3778 | www.ijmtst.com/nccit2017.html

 Proceedings of National Conference on Computing & Information Technology (NCCIT-2017)

the help of an insider or via a backdoor. RAM • Data in memory: the target of this attack is card
scrapers work by examining the list of processes data that is feed into the PoS system by some input
that are running on the PoS system and by device. One way to avoid such attack is by
inspecting the memory for customer’s card data
encrypting the card data as soon as possible and
such as account numbers and expiration dates.
by keeping it encrypted as long as possible through
its life within the system.
• Data in transit: the target of this attack is the
data that is exchanged between all the entities of
the system that processes customer’s data. Even in
fully off-line electronic payment systems, this
attack is still available. In fact, a payment system is
usually composed by two or more elements and
card data is exchanged between all of them. The
technologies that are normally used for addressing
the data in transit vulnerability include SSL, TLS
and, IPsec .
• Data at rest: the target of this attack is the card
• Forced off-line authorization: In this scenario, data stored in non-volatile memories within the
the attacker exploits a DoS attack to force the PoS system. The only way to avoid such kind of attack
system to go off-line. By doing so, the attacker will is to avoid any data storage at all. Now that all the
force the payment card data to be locally data breaches and attacks models have been
processed. This means that any data read from the described, it is possible to introduce our solution.
card will be locally decrypted and verified, thus After the description of both the architecture and
creating an opportunity for the attacker to easily the protocol being used, it will be shown how our
collect all the required information. proposed system is the first solution able to provide
a fraud resilient off-line micro-payment scheme.

IV. SECURITY ANALYSIS

In this section the robustness of proposed
system is discussed. Fraud Resilient Mechanism
for Micropayments at point of sales uses both
symmetric and asymmetric cryptographic
primitives in order to guarantee the following
security principles:
• Authenticity: It is guaranteed in proposed
system by the on-the-fly computation of private
keys. In fact, both the identity and the coin element
use the key generator to compute their private key
needed to encrypt and decrypt all the messages
exchanged in the protocol. Furthermore, each
public key used by both the vendor and the
identity/coin element is signed by the bank. As
such, its authenticity can always be verified by the
vendor.
• Non-Repudiation: The storage device that is
kept physically safe by the vendor prevents the
adversary from being able to delete past
transactions, thus protecting against malicious
• Software vulnerabilities: payment applications
repudiation requests. Furthermore, the content of
themselves are also vulnerable to several attacks I
the storage device can be backed up and exported
attackers and each one of them exploits some
to a secondary equipment, such as pen drives, in
payment software vulnerabilities.
order to make it even harder for an adversary to
With respect to PoS data vulnerabilities, there are
tamper with the transaction history.
three specific attacks that have to be analyzed.

35 Volume 3 | Special Issue 02 | March 2017 | ISSN:2455-3778 | www.ijmtst.com/nccit2017.html

 Proceedings of National Conference on Computing & Information Technology (NCCIT-2017)

Integrity: it is ensured with the encryption of each 4.1 Attack Mitigation

digital coin by the bank or identity/coin element In this section, the resiliency of Fraud Resilient
issuer. Coin seeds and coin helpers are written into Mechanism for Offline Micropayments at point of
the coin element registers by either the bank or sales to the attacks listed is discussed before
coin element issuer such that the final coin value • Double Spending: The read-once property of the
given as output corresponds to an encrypted erasable PUF used in this solution prevents an
version of the real digital coin. As such, by using attacker from computing the same coin twice. Even
the public key of the bank or identity/coin element if a malicious customer creates a fake vendor
issuer, it is always possible to verify the integrity of device and reads all the coins, it will not be able to
each coin. Furthermore, the integrity of each spend any of these coins due to the inability to
message exchanged in the protocol is provided as decrypt the request of other vendors. Indeed, as the
well. In fact, both the identity and the coin element private keys of both the identity and coin elements
use their private/public keys. The private key is are needed to decrypt the request of the vendor and
not stored anywhere within the identity/coin can be computed only within the customer device.
element but it is computed each time as needed. The fake vendor could then try to forge a new
• Confidentiality: Both the communications emulated identity/coin element with
between the customer and the vendor and those private/public key pair. However, identity/coin
between the identity element and the coin element element public keys are valid only if signed by the
leverage asymmetric encryption primitives to bank. As such, any message received by an
achieve message confidentiality. unconfirmed identity/coin element will be
• Availability: The availability of the proposed immediately rejected.
solution is guaranteed mainly by the fully off-line • Coin Forgery: Each coin is encrypted by either
scenario that completely removes any type of the bank or the coin element issuer and thus it is
external communication requirement and makes it not possible for an attacker to forge new coins.
possible to use off-line digital coins also in extreme • Emulation: Physical unclonable functions, by
situations with no network coverage. Furthermore, design, can be neither dumped nor forged, either in
the lack of any registration withdrawal phase, hardware or software. Responses computed by
makes proposed system able to be used by different emulated/fake PUFs will be different from the
devices. original ones.
Fraud Resilient Mechanism for offline • Postponed Transaction: The only way to
Micropayments at point of sales uses two different understand data obtained as output from the
elements an identity element and a coin element, in identity/coin element is by having access to their
order to improve the security of the whole payment private key. However, physically opening these
system In fact, the vendor device does not directly elements will alter their PUFs behavior thus
communicate with the coin element but has to go invalidating the elements itself. However, no
through the identity element. On the other hand information is kept within the elements, either in
this allows either the bank or the coin element plain-text or in the encrypted form. As such, an
issuer to design all the digital coins belong to a attacker will not be able to steal any information.
specific coin element to be read only by a certain • Information Stealing: The private key of each
identity element, i.e. by a specific user. This means element is computed on-the-fly as needed. No
that even though the coin element is lost or it is sensitive information is kept in either the identity
stolen by an attacker, such element will not work or the coin element. Coin seeds and coin helpers do
without the associated identity element. As such, not provide by themselves any information about
the identity element can be considered as a second coins and physical access to the hardware will
factor aimed at improving the security of customer cause the PUFs to change their behavior.
coins. On the other hand, the identity element can • Replay: Each transaction, even if related to the
be used to fight against attackers as well. In fact, as same coin, is different due to the random salt
depicted in if an identity element is considered generated each time by the vendor.
malicious and is blacklisted, no matter what is the • Man In the Middle: Digital coins are encrypted
device used by the user, any coin will not be by either the bank or the coin element issuer and
accepted and processed by the vendor. contain, among all other things, the ID of the coin
element. Furthermore, as in proposed system
digital coins are computed at run-time rather than
being written in to the memory, an attacker cannot

36 Volume 3 | Special Issue 02 | March 2017 | ISSN:2455-3778 | www.ijmtst.com/nccit2017.html

 Proceedings of National Conference on Computing & Information Technology (NCCIT-2017)

dump coins from another customers. Last but not faults within integrated circuits. However, as
least, an attacker cannot pretend to be another explained in we consider this kind of attack an
customer with a different ID because it will not be overkill.
able to compute his private key. • Repudiation: Fraud Resilient Mechanism for
• Reverse Engineering: By design, any attempt to offline Micropayments at point of sales does not
tweak and steal any useful information from either provide a transaction dispute protocol phase.
the identity or the coin element will alter the However, while the payment transaction is
behavior of the PUFs thus rendering the elements
accomplished in a fully off-line scenario, any
no longer usable.
• Denial of Services: Fraud Resilient Mechanism additional operation is accomplished on-line. In
for offline micropayments at point of sales uses an this way, the customer cannot repudiate a valid
initial pairing process. Such step cannot be transaction (the log entry for that transaction will
accomplished by an attacker as it requires a be notified on-line by the vendor) and the same
security code to be manually type do the applies for the vendor (a repudiated valid
customer’s device. As such, DoS attacks are transaction cannot be spent). So far, resiliency to
mitigated. Even
the attacks has been shown. Next, other
considerations are shared based on the different
attacker models.
• Malicious Customer: As shown at the beginning
of this section, forgery, dump, and reply attacks are
mitigated by design.
• Malicious Vendor: The only feasible attack for a
malicious vendor is the deletion of past transaction
entries from the storage device. However, this is not
possible as the storage device is assumed to be
kept physically secure by the vendor.
• Ubiquitous: The smarter attack that can be
unleashed by such an attacker is the stealing of
information from each device involved in the
transaction. However, as described later in this
section, Fraud Resilient Mechanism for
Micropayments at point of sales proved to be
resilient to data breaches.

V. CONCLUSION
In this paper we have introduced Fraud Resilient
Mechanism for Micropayments at point of sale is,
to the best of our knowledg, this is first
data-breach-resilient fully off-line micropayment
approach. The security analysis shows that Fraud
Attacks over the coin element Resilient Mechanism for Micropayments at point of
if the attacker is a malicious vendor, each sale does not impose trustworthiness
transaction has to be confirmed by the customer assumptions. Further, Fraud Resilient Mechanism
thus preventing batch attacks where either the for Micropayments at point of sales is only the first
identity or the coin element are repeatedly solution in the literature where no customer device
challenged. data attacks can be exploited to compromise the
• HW Modification: Again, by design, it is not system. This has been achieved mainly by PUF’S
possible for an attacker to either add or modify or architecture and protocol design. Our analysis
remove any element belonging to either the identity shows that Fraud Resilient Mechanism for
or the coin element without changing its behavior. Micropayments at point of sales is the only
• HW Eavesdropping: Solutions have been proposal that enjoys all the secure micro-payment
proposed in the literature that use photon counting solution require properties, which gives flexibility
APD modules and photon emission microscope when considering the payment medium (types of
with In GaAs image sensors together with Focused digital coins). Finally, some issues which are open
Ion Beam (for short, FIB) systems in order to locate are identified which are left for future process. In

37 Volume 3 | Special Issue 02 | March 2017 | ISSN:2455-3778 | www.ijmtst.com/nccit2017.html

 Proceedings of National Conference on Computing & Information Technology (NCCIT-2017)

particular, we are researching the possibility to

allow digital change which help to spent micro
off-line payments while maintaining the same level
of security and usability.
Future Enhancement
We present basic idea of Micropayment by
introducing two typical Micropayment schemas
here. People should keep in mind that
Micropayment technology is still not mature yet. It
still remains as an attractive but hard challenge.

REFERENCES
[1] J.Lewandowska,http://www.frost.com/prod/servlet
/pressrelease.page?docid=274238535, 2013.
[2] R. L. Rivest, “Payword and micromint: two simple
micropayment schemes,” in CryptoBytes, 1996, pp.
69–87.
[3] S. Martins and Y. Yang, “Introduction to bitcoins: a
pseudo-anonymous electronic currency system,”
ser. CASCON ’11. Riverton, NJ, USA: IBM Corp.,
2011, pp. 349–350.
[4] Verizon, “2014 data breach investigations report,”
Verizon, Technical Report, 2014.
[5] T. M. Incorporated, “Point-of-sale system breaches,”
Trend Micro Incorporated, Technical Report, 2014.
[6] Mandiant, “Beyond the breach,” Mandiant,
Technical Report, 2014.
[7] Bogmar, “Secure POS & kiosk support,” Bogmar,
Technical Report, 2014.
[8] https://www.deepdyve.com/lp/institute-of-electric
al-and-electronics-engineers/frodo-fraud-resilient-d
evice-for-off-line-micro-payments-LvyAOyhGqq.
[9] http://frontl.in/projects/ftj1666-frodo-fraud-resilie
nt-device-for-off-line-micro-payments-ieee-java-proj
ect-2016-2017/.
[10] http://www.crypto.com/papers/knpay.pdf.

38 Volume 3 | Special Issue 02 | March 2017 | ISSN:2455-3778 | www.ijmtst.com/nccit2017.html