1st International ICST Conference on Security and Privacy for Emerging Areas in Communication Networks

Research Article

A Solution for Wireless Privacy and Payments based on E-cash

  • @INPROCEEDINGS{10.1109/SECURECOMM.2005.9,
        author={A.  Karygiannis and A. Kiayias and  Y.  Tsiounis},
        title={A Solution for Wireless Privacy and Payments based on E-cash},
        proceedings={1st International ICST Conference on Security and Privacy for Emerging Areas in Communication Networks},
        publisher={IEEE},
        proceedings_a={SECURECOMM},
        year={2006},
        month={3},
        keywords={},
        doi={10.1109/SECURECOMM.2005.9}
    }
    
  • A. Karygiannis
    A. Kiayias
    Y. Tsiounis
    Year: 2006
    A Solution for Wireless Privacy and Payments based on E-cash
    SECURECOMM
    IEEE
    DOI: 10.1109/SECURECOMM.2005.9
A. Karygiannis1, A. Kiayias1, Y. Tsiounis1
  • 1: NIST

Abstract

The IEEE 802.11 Wireless Local Area Network (WLAN) specifications have been the subject of increased attention due to their rapid commercial adaptation and the introduction of new security and privacy concerns. The IEEE 802.1x standard was introduced in order to overcome the initial security shortcomings of the Wired Equivalent Privacy (WEP) protocol. The IEEE 802.1x standard is an extensible standard that couples 802.11 networks with various authentication services through the incorporation of an Extensible Authentication Protocol (EAP) authentication dialog. The existing implementations of EAP dialogs are based on standard cryptographic solutions for authentication and session key generation but do not, however, provide any form of user anonymity or privacy. Anonymity and privacy are currently of pressing interest, especially in the context of WLANs, which are simultaneously the best medium to provide privacy (there is no physical phone number or connection end-point with a predetermined owner) as well as the most threatening medium to user privacy, as they have the potential of disclosing not only the identity of the user, but also their physical location. At the same time, the potential "perfect hiding" capabilities of WLAN users also highlights the need to control anonymity by introducing more flexible authentication mechanisms. Moreover, payment for wireless services is completely decoupled from the above procedures, raising additional efficiency and privacy concerns. In this work we propose a new EAP authentication dialog based on anonymous electronic cash that provides for privacy, anonymity control, payment acceptance and billing, and authentication. Our solution is based on the notion of "public-key embedding e-cash," an e-cash variant we present and formalize in this paper. We present a concrete description of the new EAP authentication dialog in the context of IEEE 802.1x. We also present an effi- cient implementation of a public-key embedding e-cash scheme based on RSA blind signatures and prove its security.