V-cash

A Study in Electronic Commerce: Design

Cornell University
Computer Science Department
Masters of Engineering Project
Spring 1998

Han-Yang Lo
Sanjeev Topiwala
Joyce Wang
with assistance from Keith Sollers

Under the supervision of: Professor Fred B. Schneider
last modified: Monday, 4/27/98

System Architecture
Component Architecture
Driver Program
Network Services
File Services

System Architecture

 

 

Component Architecture

The v-óa$h system is composed of five main modules: file/data services, cryptographic services, network services, driver program, and user interface (as shown in the following illustration).

 

 

Driver Program

The driver program provides an extra layer of security by preventing direct access to the underlying subsystems. All interactions between the subsystems must pass through the driver. This provides for a smaller trusted computing base (TCB). The module categories were designed to isolate unrelated services, reducing the complexity of the overall system.

Driver Program interactions with Network Services

 


Network Services

Client Specific Elements

A client will support up to two socket connections at one time: one to the bank and one to a merchant.

Bank Specific Elements

The bank is considered to be a network server and as such will run around the clock. It will support an arbitrary number of client and/or merchant socket connections at one time. Each connection will be handled by an individual thread. The assumption is that the bank server is physically secure.

Merchant Specific Elements

The merchant is considered to be a network server and as such will run around the clock. It will support an arbitrary number of client socket connections and it will also support an arbitrary number of connections to the bank. Each connection will be handled by an individual thread.

Comments

All communications will occur over TCP sockets.

All communications will use the following packet format:

Packet Format

Header Type (see Table 1)
Subtype (see Table 2)
Length
Header Checksum
Data Data + Data Checksum

Table 1 Packet Types

Type Users Description
Connect Client, Merchant Establishment of a symmetric key for encryption across the network
Identify Client, Merchant Identification of the client/merchant and the associated account number
Request Client, Merchant Request from the client/merchant to the bank
Data Client, Merchant, Bank Sending data/messages
Acknowledge Client, Merchant, Bank Acknowledge receipt of packets
Error Client, Merchant, Bank Indicate that a packet was not successfully received
Disconnect Merchant, Bank Disconnect

Table 2 Packet Subtypes

Subtype Users Description
Connect – None    
Identify – None    
Request – Withdrawal Client Request for withdrawal from an account
Request – Deposit Client, Merchant Request for deposit to an account
Request - Change Client Request for change
Data – Coins Client, Merchant, Bank Coins for withdrawal/deposit
Data – Bill Merchant Bill for items purchased
Data – Receipt Merchant Receipt for items purchased
Data – Message Bank Valid/invalid coins
Acknowledge – Connect Merchant, Bank Acknowledge symmetric key for encryption
Acknowledge – Identify Bank Acknowledge identity of client/merchant
Acknowledge – Request Bank Acknowledge request for withdrawal/deposit
Acknowledge – Data Client, Merchant, Bank Acknowledge data
Error – Connect Merchant, Bank Symmetric key for encryption not received
Error – Identify Bank Identity of client/merchant not valid
Error – Request Bank Request for withdrawal/deposit not accepted
Error – Data Client, Merchant, Bank Data not valid
Disconnect – None    

Length

Length in bytes of the data section (including data checksum).

Header Checksum

Checksum of the data in the header.

Each side of the communication will be handled by an appropriate message packet processor. The message processor will be specific to each of the three units. The packets that need to be handled by each unit are labeled above in the packet format specification.

The following functions are implemented:


BankProcessMessage(	// process message packets received by the bank
				// and respond with a packet
				Input:		message packet
				Output:	none			)

Consumer:
	ProcessMerchantMessage(	// process message packets received from the merchant
					// and respond with a packet
					Input: message packet
					Output: none			)

	ProcessBankMessage(	// process message packets received from the bank
					// and respond with a packet
					Input: message packet
					Output: none			)

Merchant:
	ProcessConsumerMessage(	// process message packets received from the consumer
					// and respond with a packet	
					Input: message packet
					Output: none			)

	ProcessBankMessage(	// process message packets received from the bank
					// and respond with a packet
					Input: message packet
					Output: none			)

Cryptographic Services

We used Wei-Dai's Crypto++ cryptographic library. This can be found at http://www.eskimo.com/~weidai/cryptlib.html. We wrote wrappers for the functionality that we needed, and added functions to implement blinding. The following function definitions are implemented :


DESCrypto (Symmetric)
	unsigned int Encrypt(const byte *inBlock, byte * outBlock, unsigned int length);
		inBlock must have size greater than or equal to length
		outBlock must have size greater than or equal to length + 16 (because 9 to 16 bytes of padding)
		length is the amount of inBlock that will be encrypted
		return value is the number of data bytes in outBlock (including padding)

	unsigned int Decrypt(const byte *inBlock, byte * outBlock, unsigned int length);
		inBlock must have size greater than or equal to length
		outBlock must have size greater than or equal to length
		length is the amount of inBlock that will be decrypted
		return value is the number of data bytes in outBlock (because padding is removed)

DESCrypto constructor takes a char * (null terminated string) so be careful when generating random strings for symmetric encryption..

RSAPrivateCrypto and RSAPublicCrypto (Asymmetric)
	void Encrypt(const byte *inBlock, byte * outBlock, unsigned int length);
		inBlock must have size greater than or equal to length
		outBlock must have size greater than or equal to 64  (because inBlock padded to 64 bytes)
		length is the amount of inBlock that will be encrypted (must be less than or equal to 53)
	
	unsigned int Decrypt(const byte *inBlock, byte * outBlock);
		inBlock must have size equal to 64 (because 64 bytes always decrypted)
		outBlock must have size greater than or equal to 53 (because padding is removed)
		return value is the number of data bytes in outBlock (because padding is removed)

	void Sign(const byte *inBlock, byte * outBlock, unsigned int length);
		inBlock must have size greater than or equal to length
		outBlock must have size greater than or equal to 64  (because inBlock padded to 64 bytes)
		length is the amount of inBlock that will be encrypted (must be less than or equal to 53)

	unsigned int Recover(const byte *inBlock, byte * outBlock);
		inBlock must have size equal to 64 (because 64 bytes always decrypted)
		outBlock must have size greater than or equal to 53 (because padding is removed)
		return value is the number of data bytes in outBlock (because padding is removed)

	void Blind(Integer& blindingFactor, const Integer plaintext, Integer& blindtext);
		blindingFactor is initialized inside
		plaintext is the text to blind
		blindtext is the blinded text

	void SignBlind(const Integer plaintext, Integer &signtext);
		plaintext is the text to sign
		signtext is the signed text

	bool Unblind(Integer blindingFactor, const Integer plaintext, Integer& blindtext);
		blindingFactor is used to unblind text
		plaintext is the original text to compare to
		blindtext is the blinded signed text that will be unblinded
		return value: true if blindtext equals plaintext signed, false otherwise
 

Cryptographic services only communicate with the driver program. The user's RSA key pair and the bank's public keys are stored locally. The user's private key is accessed via a password generated by the user (not implemented 4/27). The bank acts as a certificate authority.

The cryptography service provides a core virtual class, with generic methods for generating prime numbers and random numbers, as well as a method for generating a checksum for a byte of data and hashing a block of data. Within this core class, we provide a separate class for each encryption algorithm (symmetric and asymmetric). Each of these classes includes methods for encryption, decryption, and key generation - a single key for the symmetric algorithm, and a key pair for the asymmetric algorithm. In addition, the asymmetric class also contains signature methods for signing and verification, as well as blinding methods.

File Services

 

Methods:


Abstractions:

Coin – Data format for v-óa$h coins

 

Bytes

Serial Number

4

Checksum

2

Purse – Format for storing client coin information during execution

Total Amount
Denom0   
... List of Coins
Denom9   

Methods:

Log – Format for storing log

Entries as defined in specs

Methods: