FRoDO: Fraud Resilient Device for Off-Line Micro-Payments

Vanesa Daza, Roberto Di Pietro, Flavio Lombardi, Matteo Signorini

Research output: Contribution to journalArticlepeer-review

4 Scopus citations

Abstract

Credit and debit card data theft is one of the earliest forms of cybercrime. Still, it is one of the most common nowadays. Attackers often aim at stealing such customer data by targeting the Point of Sale (for short, PoS) system, i.e. the point at which a retailer first acquires customer data. Modern PoS systems are powerful computers equipped with a card reader and running specialized software. Increasingly often, user devices are leveraged as input to the PoS. In these scenarios, malware that can steal card data as soon as they are read by the device has flourished. As such, in cases where customer and vendor are persistently or intermittently disconnected from the network, no secure on-line payment is possible. This paper describes FRoDO, a secure off-line micro-payment solution that is resilient to PoS data breaches. Our solution improves over up to date approaches in terms of flexibility and security. To the best of our knowledge, FRoDO is the first solution that can provide secure fully off-line payments while being resilient to all currently known PoS breaches. In particular, we detail FRoDO architecture, components, and protocols. Further, a thorough analysis of FRoDO functional and security properties is provided, showing its effectiveness and viability.

Original languageEnglish (US)
Article number7123175
Pages (from-to)296-311
Number of pages16
JournalIEEE Transactions on Dependable and Secure Computing
Volume13
Issue number2
DOIs
StatePublished - Mar 1 2016

Keywords

  • architecture
  • cybercrime
  • Fraud-resilience
  • mobile secure payment
  • protocols

ASJC Scopus subject areas

  • General Computer Science
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'FRoDO: Fraud Resilient Device for Off-Line Micro-Payments'. Together they form a unique fingerprint.

Cite this