applying pre payments - iacr
TRANSCRIPT
Applying Proxy-Re-Encryption to PaymentsSivanarayana Gaddam, Rohit Sinha, Atul Luykx
Visa Research, 2019
©2019 Visa. All rights reserved.
Disclaimer
Case studies, comparisons, statistics, research and recommendations areprovided “AS IS” and intended for informational purposes only and should notbe relied upon for operational, marketing, legal, technical, tax, financial orother advice. Visa Inc. neither makes any warranty or representation as tothe completeness or accuracy of the information within this document, norassumes any liability or responsibility that may result from reliance on suchinformation. The Information contained herein is not intended as investmentor legal advice, and readers are encouraged to seek the advice of acompetent professional where such advice is required
©2019 Visa. All rights reserved.
Global Payments Stack
PaymentNetwork
Merchant
MerchantBank
ConsumerBank
Consumer
Point of Sale
PartnerPaymentGateway
©2019 Visa. All rights reserved.
Transaction Flow
PaymentNetwork
MerchantBank
ConsumerBank
Point ofSale
Partner
PaymentGateway
Consumer swipesSend transaction
Forward tomerchant bank
MapAuthRoute Authorize
Forward topayment network
©2019 Visa. All rights reserved.
Network Functions
MerchantBank
ConsumerBank
TransactionMap Auth Route
Transaction’
Cryptographic operations(CVV/CVV2, Chip, PIN etc.)
©2019 Visa. All rights reserved.
Sample Transactions
Card Verification Value(CVV/CVV2)
AuthPAN data, CVV 1 or 0
https://www.cs.ru.nl/E.Poll/papers/EMVtechreport.pdf
AuthPAN data, ARQC 1 or 0
PaymentNetwork
AuthPAN data, PIN 1 or 0
Authorization Request Cryptogram(ARQC)
PIN Verification
©2019 Visa. All rights reserved.
Cryptographic Operations at Scale
https://s1.q4cdn.com/050606653/files/doc_financials/2018/q4/Visa-Inc.-Q4-2018-Operational-Performance-Data.pdf
Credit
Debit
#No Of Transactions
2018-Q4
99Bn
61.4Bn
≅3000
≅2000Debit
Credit
≅5000/sec
©2019 Visa. All rights reserved.
PCI Compliance
PaymentGateway
PaymentNetwork
MerchantBank
ConsumerBank
HSM HSM HSM HSM
https://www.pcisecuritystandards.org/documents/PCI%20HSM%20Security%20Requirements%20v1.0%20final.pdf©2019 Visa. All rights reserved.
Top Hitters
Auth1 or 0Transaction
HSM
CVV/CVV2
ARQC
PIN verification
©2019 Visa. All rights reserved.
PIN Verification Modes
©2019 Visa. All rights reserved.
Online
ConsumerBank
Offline
Chip & PIN Transaction
ATCTrack Data
Online PIN counter(16-bit)
PAN, Name, Exp, etc.
Amount, Nonce, Currency …
EMV-Book-2_Security And Key Management
= KDF( , ATC)ARQC = {MAC( , {PoS data, ATC} ), ATC}
ARQC, Track data, PoS data
PaymentGateway
{ARQC, EPB}
PaymentNetwork
PIN Confidentiality
HSM HSMHSM
PIN Translation
3DES.Dec3DES.Enc
CT CT’
©2019 Visa. All rights reserved.
PIN Translation
PIN Translation
PIN Translation(PTS)
EPB: Encrypted PIN Block ARQC: Authorization Request Cryptogram
Key Sharing Setup
EMV-Book-2_Security And Key Management
PaymentGateway
PaymentNetwork
PoSPartners
MerchantBank
ConsumerBank
Key custodianKey custodian
Generate keys
Share key
Generate keys
©2019 Visa. All rights reserved.
Share key
Share key Share key
O(|MB| + |CB|) keysO(|PP| + |MB|) keys
PIN Confidentiality
EMV-Book-2_Security And Key Management
PaymentGateway
PaymentNetwork
PoSPartner
MerchantBank
ConsumerBank
{ARQC, PIN}
EPB = 3DES( ,PIN)
EPB
PIN = 3DES( , EPB)EPB1 = 3DES( , PIN)
EPB1
PIN = 3DES( , EPB1)EPB2 = 3DES( , PIN)
EPB2
PIN = 3DES( , EPB2)EPB3 = 3DES( , PIN)
EPB3
PIN = 3DES( , EPB3)Authorize
PTS PTS PTS
©2019 Visa. All rights reserved.
EPB: Encrypted PIN Block ARQC: Authorization Request Cryptogram
PIN Confidentiality Problem
EMV-Book-2_Security And Key Management
Payment
Gateway
Payment
Network
MerchantBank
ConsumerBank
Hard to scale
Simultaneous key-refresh issuesError prone/Transaction declines
PoS
Partner
©2019 Visa. All rights reserved.
Requirements
ü Support for all payment types(chip/mag-stripe, apple pay etc.)
ü Incur minimal changes to the ecosystem
ü Reduce HSM reliance
©2019 Visa. All rights reserved.
Strawman Solution#1
PaymentNetwork
ConsumerBank
PoSPartner
PaymentGateway
MerchantBank
©2019 Visa. All rights reserved.
(PK, SK)
Share public key
Not enough space
Which public key?
Share map table
Requires online serviceChange in transaction flow
Share network public keys
Payment network still need HSMLooses routing flexibility
Strawman Solution#2
ATCTrack Data
( , )
Increases cost of personalization
No PKI on mag-stripe
©2019 Visa. All rights reserved.
Online PIN counter(16-bit)
PAN, Name, Exp, etc.
http://www.uspaymentsforum.org/wp-content/uploads/2018/10/Dual-Interface-Card-Personalization-WP-FINAL-Oct-2018.pdf
ODA
ODA is optional
ODA: Offline Data Authentication
ODA
Our Solution: Proxy-Re-Encryption based PIN Confidentiality
©2019 Visa. All rights reserved.
PRE
PRE.KeyGenPRE.Enc
PRE.Re-KeyPRE.Re-Enc
PRE.DecBobProxy
RKAlice->Bob
Alice
PRE.Enc(M, PKAlice)
PRE.Re-Enc(M, RKAlice->Bob)
Uni/Bi-Directional Collusion-Safe Non-Interactive
Non-Transitive A à Proxy1 à B à Proxy2 à C
(RKA->B) (RKB->C)
(RKA->C)
Our Solution: Proxy-Re-Encryption based PIN Confidentiality
PaymentGateway
PaymentNetwork
PIN
EPB
PIN = 3DES( , EPB)EPB1 = 3DES( , PIN)
EPB1
PIN = 3DES( , EPB1)EPB2 = 3DES( , PIN)
EPB2
PIN = 3DES( , EPB2)EPB3 = 3DES( , PIN)
EPB3
PIN = 3DES( , EPB3)Authorize
PTS PTS PTS
©2019 Visa. All rights reserved.
PoSPartner
PRE.Re-EncPRE.Enc PRE.Re-Enc PRE.DecForward
Desired PRE Scheme
Matt Blaze, Gerrit Bleumer, and Martin Strauss. Divertible protocols and atomic proxy cryptography. In Kaisa Nyberg, editor, EUROCRYPT’98 ©2019 Visa. All rights reserved.
Non-Interactive
Transitive [Blaze, Bleumer, Strauss98]
Key Setup
PaymentGateway
PaymentNetwork
PoSPartner
©2019 Visa. All rights reserved.Matt Blaze, Gerrit Bleumer, and Martin Strauss. Divertible protocols and atomic proxy cryptography. In Kaisa Nyberg, editor, EUROCRYPT’98
share key
sharekey
Share key
Trusted Party
Share public key
RKRK
RK
O(|MB| * |CB|) re-enc keys
O(|PP| * |MB|) re-enc keys
Transaction Flow
PaymentGateway
PaymentNetwork
PoSPartner
©2019 Visa. All rights reserved.
EPB = PRE.Enc ( , PIN)EPB
EPB1 = PRE.Re-Enc ( , EPB)
EPB1
No burden on merchant bank
No HSM needed No HSM needed
No frequent key refresh
EPB1 EPB2
EPB2 = PRE.Re-Enc ( , EPB1)RK RK
PIN = PRE.Dec ( , EPB2)
Collusion-safe
Benchmarks*
©2019 Visa. All rights reserved.
PaymentGateway
PaymentNetwork
PoSPartner
1.14 ms 0.56 ms 0.56 ms 0.67 ms
Latency
# Transactions
#Nodes1
≅3000
O(|MB| * |CB|) re-keys
Space Overhead
O(|PP| + |MB|) keys O(|PP| * |MB|) re-keys
O(|MB| + |CB|) keys
4
≅10k
BBS-secp256k1Intel 4 [email protected]
* Representative results based on the configuration shown
Solution Summary
Supports all payment types(chip/mag-stripe, token-based etc..)
©2019 Visa. All rights reserved.
Reduced HSM reliance during online phase
Incurs minimal change [Domestic Card Processing Network]
Problem: Cart-Abandonments
https://baymard.com/lists/cart-abandonment-rateLexisNexis-True-Cost-Of-Fraud-Study, 2017
69.23%
Cart Abandonments
©2019 Visa. All rights reserved.
37%Site wanted me to create account
19%
8%Not enough paymentmethods
Don’t trust site with creditcard info
Help merchants accept unknown payment types?
PaymentGatewayCheckout
MerchantConsumer
App1CT
App2CT
CTProvider
CT
CT
CT <PII, PAN data>
AuthChain(PRE + Intel SGX + Blockchain)
Conclusion
PIN Translation: PRE reduces HSM burden on intermediaries
©2019 Visa. All rights reserved.
E-Commerce: PRE helps consumers choose any preferred mobileapp for checkout
?
©2019 Visa. All rights reserved.