guided specification and analysis of a loyalty card system
play

Guided Specification and Analysis of a Loyalty Card System Laurent - PowerPoint PPT Presentation

Jan 13, 2023 •236 likes •625 views

Guided Specification and Analysis of a Loyalty Card System Laurent Cuennet 1 Marc Pouly 2 c 3 Sa sa Radomirovi 1 University of Fribourg 2 Lucerne University of Applied Sciences 3 Institute of Information Security, ETH Z urich July 13,

  1. Guided Specification and Analysis of a Loyalty Card System Laurent Cuennet 1 Marc Pouly 2 c 3 Saˇ sa Radomirovi´ 1 University of Fribourg 2 Lucerne University of Applied Sciences 3 Institute of Information Security, ETH Z¨ urich July 13, 2015 1

  2. Loyalty Cards Paper-based ink stamp cards are a convenient and inexpensive way for small shops to improve customer loyalty. ◮ Advantage: customer benefits without being tracked and profiled. ◮ Disadvantage: too many different cards accumulate over time. 2

  3. Physical Loyalty Card Protocol Customer Vendor − − − − − − − − − − − − − → , ← − − − − − − − − − − − − − , 3

  4. Sketch of Electronic Loyalty Card Protocol Mobile Customer Vendor Server − − − − − → ← − − − − − ← − − − − − − − − − − − − − − − − − − − − − − − − 4

  5. Security Requirements Customer anonymity: Vendor cannot link points to customer’s identity. Customer privacy: Vendor can- not link customer’s transac- tions. 5

  6. Security Requirements Customer anonymity: Vendor cannot link points to customer’s identity. Customer privacy: Vendor can- not link customer’s transac- tions. Theft protection: Points issued to an agent can be redeemed by the agent. 5

  7. Security Requirements Customer anonymity: Vendor cannot link points to customer’s identity. Customer privacy: Vendor can- not link customer’s transac- tions. Theft protection: Points issued to an agent can be redeemed by the agent. Non-repudiation: Vendor can- not repudiate validity of unre- deemed points. 5

  8. Security Requirements Customer anonymity: Vendor Unforgeability: Loyalty points cannot link points to customer’s accepted by vendor have been identity. issued by vendor. Customer privacy: Vendor can- No double-spending: Redeemed not link customer’s transac- loyalty points will not be ac- tions. cepted. Theft protection: Points issued to an agent can be redeemed by the agent. Non-repudiation: Vendor can- not repudiate validity of unre- deemed points. 5

  9. Security Requirements Customer anonymity: Vendor Unforgeability: Loyalty points cannot link points to customer’s accepted by vendor have been identity. issued by vendor. Customer privacy: Vendor can- No double-spending: Redeemed not link customer’s transac- loyalty points will not be ac- tions. cepted. Theft protection: Points issued to an agent can be redeemed by the agent. Non-repudiation: Vendor can- not repudiate validity of unre- deemed points. 5

  10. Theft protection Points issued to an agent can be redeemed by the agent: ◮ “Agent” = Mobile Device. We are not protecting against theft of Mobile Device. 6

  11. Theft protection Points issued to an agent can be redeemed by the agent: ◮ “Agent” = Mobile Device. We are not protecting against theft of Mobile Device. 2 Threats: 1. Points issued to a mobile device are redeemed by an attacker’s device. ⇒ Requirement: Confidentiality of loyalty points. 2. Points issued to a mobile device are corrupted or lost and thus not redeemable by the device. ⇒ Requirement: Authenticity of loyalty points. 6

  12. Theft protection Points issued to an agent can be redeemed by the agent: ◮ “Agent” = Mobile Device. We are not protecting against theft of Mobile Device. 2 Threats: 1. Points issued to a mobile device are redeemed by an attacker’s device. ⇒ Requirement: Confidentiality of loyalty points. 2. Points issued to a mobile device are corrupted or lost and thus not redeemable by the device. ⇒ Requirement: Authenticity of loyalty points. Remaining Problem: Transmit Loyalty Points from Server to Mobile Device authentically and confidentially. 6

  13. Communication Topology [BRS15] What assumptions can we make about ◮ the communication channels between the four parties? ◮ the capabilities of the four parties? ◮ the honesty of the four parties? 7

  14. Communication Channels •− →◦ •− →◦ Authentic Channel between Customer and Vendor, due to context and location. 8

  15. Communication Channels ◦− →◦ •− →◦ •− →◦ •− →◦ Authentic Channel from Device to Customer: Customer knows his device. Insecure Channel from Customer to Device: Anybody could input information into Device. 9

  16. Communication Channels ◦− →◦ •− →◦ ◦− →◦ •− →◦ •− →◦ •− →◦ Insecure Channel from Device to Server: Any Device can send information to Server. Authentic Channel from Server to Device: Server’s public key can be distributed authentically in the shop. 10

  17. Communication Channels ◦− →◦ •− →◦ ◦− →◦ •− →◦ •− →• •− →• •− →◦ •− →◦ Secure Channel between Vendor and Server due to physical access control. 11

  18. Honesty and Capabilities ◦− →◦ •− →◦ ◦− →◦ •− →◦ •− →• •− →• •− →◦ •− →◦ ◮ We assume all four agents are honest. ◮ Customer and Vendor are computationally restricted. 12

  19. Coffee Shop Topology ◦− →◦ D S •− →◦ Customer C Customer’s Mobile Device D ◦− →◦ •− →◦ •− →• •− →• Vendor V Vendor’s Server S •− →◦ →◦ Insecure Channel ◦− C V →◦ Authentic Channel •− •− →◦ →• Secure Channel •− 13

  20. Coffee Shop Topology ◦− →◦ D S •− →◦ Customer C Customer’s Mobile Device D ◦− →◦ •− →◦ •− →• •− →• Vendor V Vendor’s Server S •− →◦ →◦ Insecure Channel ◦− C V →◦ Authentic Channel •− •− →◦ →• Secure Channel •− How to transmit Loyalty Points from Server S to Mobile Device D authentically and confidentially? 13

  21. First Protocol ◦− →◦ D S 1. C → V : money •− →◦ 2. V → S : money S → V : points / QR 3. ◦− →◦ •− →◦ •− →• •− →• 4. V → C : QR •− →◦ C → D : QR / points 5. C V •− →◦ Are the points transmitted from S to D confidential? 14

  22. First Protocol ◦− →◦ D S 1. C → V : money •− →◦ 2. V → S : money S → V : points / QR 3. ◦− ◦− →◦ →◦ •− →◦ •− →• •− →• 4. V → C : QR •− →◦ C → D : QR / points 5. C V •− •− →◦ →◦ Are the points transmitted from S to D confidential? - No! 14

  23. First Protocol ◦− →◦ D S 1. C → V : money •− →◦ 2. V → S : money S → V : points / QR 3. ◦− ◦− →◦ →◦ •− →◦ •− →• •− →• 4. V → C : QR •− →◦ C → D : QR / points 5. C V •− •− →◦ →◦ Are the points transmitted from S to D confidential? - No! Options: (1) Change assumptions, (2) Improve protocol. 14

  24. Second Protocol ◦− →◦ D → S : D S ?. key •− →◦ 1. C → V : money V → S : money 2. ◦− →◦ •− →◦ •− →• •− →• 3. S → V : { points } key / QR 4. V → C : QR •− →◦ 5. C → D : QR / { points } key C V •− →◦ ◮ Idea: S encrypts points for D . Server needs a key for D . 15

  25. Second Protocol Not authentic ◦− →◦ ◦− →◦ D → S : D S ?. key •− →◦ 1. C → V : money V → S : money 2. ◦− →◦ •− →◦ •− →• •− →• 3. S → V : { points } key / QR 4. V → C : QR •− →◦ 5. C → D : QR / { points } key C V •− →◦ ◮ Idea: S encrypts points for D . Server needs a key for D . ◮ Problem: How to send information authentically from D to S ? 15

  26. Second Protocol Not authentic ◦− →◦ ◦− →◦ D → S : D S ?. key •− →◦ 1. C → V : money V → S : money 2. •− →◦ •− →• ◦− →◦ •− →◦ •− →• •− →• 3. S → V : { points } key / QR 4. V → C : QR •− •− →◦ →◦ 5. C → D : QR / { points } key C V •− →◦ ◮ Idea: S encrypts points for D . Server needs a key for D . ◮ Problem: How to send information authentically from D to S ? Information can be sent authentically along path [ D , C , V , S ]. 15

  27. Second Protocol ◦− →◦ C → D : GetPoints 1. D S •− →◦ 2. D → C : key C → V : money , key 3. 4. V → S : money , key ◦− →◦ •− →◦ •− →• •− →• 5. S → V : { points } key / QR •− →◦ 6. V → C : QR 7. C → D : QR / { points } key C V •− →◦ Are the points transmitted from S to D authentic? 16

  28. Second Protocol ◦− →◦ C → D : GetPoints 1. D S •− →◦ 2. D → C : key C → V : money , key 3. 4. V → S : money , key ◦− ◦− →◦ →◦ •− →◦ •− →• •− →• 5. S → V : { points } key / QR •− →◦ 6. V → C : QR 7. C → D : QR / { points } key C V •− →◦ Are the points transmitted from S to D authentic? - No! 16

Recommend

YOUR CUSTOMER LOYALTY PROGRAMME MORE SALES MORE REVENUE CARD HOLDER Cashback with every

YOUR CUSTOMER LOYALTY PROGRAMME MORE SALES MORE REVENUE CARD HOLDER Cashback with every

YOUR CUSTOMER LOYALTY PROGRAMME MORE SALES MORE REVENUE CARD HOLDER Cashback with every purchase Additional Shopping Points Offers in exchange for Shopping Points LOYALTY MERCHANTS Customer loyalty Acquisition of new

509 views • 20 slides
Leveraging Loyalty Card Data to Improve Trade Promotion Effectiveness Megan R. Margraff Chief

Leveraging Loyalty Card Data to Improve Trade Promotion Effectiveness Megan R. Margraff Chief

Leveraging Loyalty Card Data to Improve Trade Promotion Effectiveness Megan R. Margraff Chief Analytic Officer Spire, LLC Objectives Show how loyalty card data can be used to drive shopper-based trade insights and more effective trade

329 views • 30 slides
1 Good Requirements Graphical Languages? Specification Qualities Examples: Complete -

1 Good Requirements Graphical Languages? Specification Qualities Examples: Complete -

REQUIREMENT SPECIFICATION The Basic Waterfall Model Today: Requirements Specification Requirements Requirements tell us what the system should do - specification not how it should do it. Analysis & Requirements are

363 views • 3 slides
Guided Pathways at California Community Colleges WELCOME! Choose an index card from the table

Guided Pathways at California Community Colleges WELCOME! Choose an index card from the table

Guided Pathways at California Community Colleges WELCOME! Choose an index card from the table GREEN: Classified employees YELLOW: Faculty BLUE: Administrators Note the table number on your card and find your table (Hold on

607 views • 22 slides
LOYALTY CAR DS Amanda Dorsett - 21295469 THE PROJECT To create an interactive campaign to show

LOYALTY CAR DS Amanda Dorsett - 21295469 THE PROJECT To create an interactive campaign to show

LOYALTY CAR DS Amanda Dorsett - 21295469 THE PROJECT To create an interactive campaign to show users what information you are giving away when signing up for a loyalty card TARGET AUDIENCE 77% of British adults are members of at least

564 views • 9 slides
Long term stability analysis of a guided wave SHM system for platelike structures V. Attarian,

Long term stability analysis of a guided wave SHM system for platelike structures V. Attarian,

Long term stability analysis of a guided wave SHM system for platelike structures V. Attarian, F.B. Cegla, P. Cawley Non-Destructive Testing Group Department of Mechanical Engineering Imperial College London SW7 2AZ United Kingdom Outline

584 views • 19 slides
Biometric Data Specification on PIV Card Charlie Wilson and Ramaswamy Chandramouli Nov 18, 2004

Biometric Data Specification on PIV Card Charlie Wilson and Ramaswamy Chandramouli Nov 18, 2004

Biometric Data Specification on PIV Card Charlie Wilson and Ramaswamy Chandramouli Nov 18, 2004 Biometric Data on PIV Card Type of Data When Captured/ Purpose Location Ten slap (flat) PIV Registration Law Enforcement fingerprints Check

315 views • 5 slides
A Hierarchy of System Specification Basis of System Specification 1. Set Theory 2. Time Base 3.

A Hierarchy of System Specification Basis of System Specification 1. Set Theory 2. Time Base 3.

A Hierarchy of System Specification Basis of System Specification 1. Set Theory 2. Time Base 3. Segments and Trajectories Hierarchy of System Specification (causal, deterministic) 1. I/O Observation Frame 2. I/O Observation Relation

794 views • 58 slides
Cate: A System for Analysis and Test of Java Card Applications Peter Pfahler, Universitt

Cate: A System for Analysis and Test of Java Card Applications Peter Pfahler, Universitt

Cate: A System for Analysis and Test of Java Card Applications Peter Pfahler, Universitt Paderborn, Institut fr Informatik Jrgen Gnther, ORGA Kartensysteme GmbH, Paderborn First International Workshop on Software Quality SOQUA 2004,

458 views • 17 slides
Java Card vs. File System card Marc Kekicheff- Technical Director, GlobalPlatform March 10, 2004

Java Card vs. File System card Marc Kekicheff- Technical Director, GlobalPlatform March 10, 2004

Java Card vs. File System card Marc Kekicheff- Technical Director, GlobalPlatform March 10, 2004 A misleading question ? File System = a data structure seen at the card edge This part of ISO/IEC 7816 specifies: the contents of the

99 views • 5 slides
Have Health Card Will Travel Kira Leeb Director, Health System Analysis Canadian Institute for

Have Health Card Will Travel Kira Leeb Director, Health System Analysis Canadian Institute for

Have Health Card Will Travel Kira Leeb Director, Health System Analysis Canadian Institute for Health Information (CIHI) June 2010 Outline > Background > Methodology > Results Pan-Canadian Regions in focus >

739 views • 25 slides
CPACE Generic Card & Mobile Payment Application Specification Collectively, the ECPC

CPACE Generic Card & Mobile Payment Application Specification Collectively, the ECPC

CPACE Generic Card & Mobile Payment Application Specification Collectively, the ECPC Participating Schemes represent more than 300 million cards SRC Security Research Consulting, mandated Bancontact Company 9 Million 15 Million by the

1.76k views • 5 slides
Specification and Analysis of Contracts Lecture 7 Specification of Deontic Contracts Using

Specification and Analysis of Contracts Lecture 7 Specification of Deontic Contracts Using

Specification and Analysis of Contracts Lecture 7 Specification of Deontic Contracts Using CL Gerardo Schneider gerardo@ifi.uio.no http://folk.uio.no/gerardo/ Department of Informatics, University of Oslo SEFM School, Oct. 27 - Nov. 7,

873 views • 54 slides
U it 6 Unit 6 Loyalty and Relationships CuuDuongThanCong.com https://fb.com/tailieudientucntt

U it 6 Unit 6 Loyalty and Relationships CuuDuongThanCong.com https://fb.com/tailieudientucntt

U it 6 Unit 6 Loyalty and Relationships CuuDuongThanCong.com https://fb.com/tailieudientucntt Objectives Key Concepts - Value, Loyalty, Trust Developing Loyalty p g y y Strategies for developing Loyalty CuuDuongThanCong.com

504 views • 18 slides
Syntax-Guided Synthesis Rajeev Alur University of Pennsylvania 1 Program Verification Program

Syntax-Guided Synthesis Rajeev Alur University of Pennsylvania 1 Program Verification Program

Syntax-Guided Synthesis Rajeev Alur University of Pennsylvania 1 Program Verification Program P Specification S Verifier Proof of correctness or Witness of a bug 2 Classical Program Synthesis Specification S High Level WHAT

1.28k views • 59 slides
Network File System - NFS NFS Specification NFS is a distributed file system (DFS) originally

Network File System - NFS NFS Specification NFS is a distributed file system (DFS) originally

Network File System - NFS NFS Specification NFS is a distributed file system (DFS) originally The NFS specification distinguishes between the implemented by Sun Microsystems. services provided by the mount mechanism and the remote file

105 views • 9 slides
Lo Loyal alty ty on th the blockchai ain September 2018 The loyalty market We believe We

Lo Loyal alty ty on th the blockchai ain September 2018 The loyalty market We believe We

Lo Loyal alty ty on th the blockchai ain September 2018 The loyalty market We believe We believe $1,000b th that at every $500b loyalty points bran and will Prospective loyalty token in circulation hav ave its ts own

510 views • 12 slides
Institutional Loyalty and Collegial Governance Loyalty to the entire university community, not

Institutional Loyalty and Collegial Governance Loyalty to the entire university community, not

Institutional Loyalty and Collegial Governance Loyalty to the entire university community, not fealty to board chair or university president. Collegial: equal and united with a common purpose. However, faculty, staff, students are not allowed on

490 views • 29 slides
Analysis of Japanese Loyalty Programs Considering Liquidity, Security Efforts, and Actual

Analysis of Japanese Loyalty Programs Considering Liquidity, Security Efforts, and Actual

Analysis of Japanese Loyalty Programs Considering Liquidity, Security Efforts, and Actual Security Levels June 24, 2014 @WEIS 2014 Bongkot Jenjarrussakul, and Kanta Matsuura Institute of Industrial Science The University of Tokyo Outline

479 views • 28 slides
A Question of Loyalty: How to analyse loyalty rebates and discounts Moderator: Martin Mandorff,

A Question of Loyalty: How to analyse loyalty rebates and discounts Moderator: Martin Mandorff,

A Question of Loyalty: How to analyse loyalty rebates and discounts Moderator: Martin Mandorff, Swedish Competition Authority Panelists: Jarod Bona, DLA Piper LLP Andrew I Gavil, Federal Trade Commission Luc Peeperkorn, European Commission

546 views • 38 slides
Formal Specification and Verification Formal specification Temporal logic 12.06.2012

Formal Specification and Verification Formal specification Temporal logic 12.06.2012

Formal Specification and Verification Formal specification Temporal logic 12.06.2012 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Formal specification Specification for program/system Specification for

443 views • 21 slides
Proving Unrealizability for Syntax-Guided Synthesis Qinheping Hu , Jason Breck , John Cyphert ,

Proving Unrealizability for Syntax-Guided Synthesis Qinheping Hu , Jason Breck , John Cyphert ,

Proving Unrealizability for Syntax-Guided Synthesis Qinheping Hu , Jason Breck , John Cyphert , Loris D'Antoni , Thomas Reps Proving Unrealizability for Syntax-Guided Synthesis 1 Syntax-Guided Synthesis (SyGuS) Specification

649 views • 37 slides
The Sun Network File System (NFS) An implementation and a specification of a software system

The Sun Network File System (NFS) An implementation and a specification of a software system

The Sun Network File System (NFS) An implementation and a specification of a software system for accessing remote files across LANs . NFS The implementation is part of the Solaris and SunOS operating systems running on Sun workstations

327 views • 3 slides
Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis of Programs with Dynamic Memory Mihaela Sighireanu IRIF, University Paris Diderot & CNRS VTSA 2015 1 / 99 Static Analysis Establish

2.15k views • 186 slides

More recommend