Graduate School and Research Center in Digital Sciences

PSP: Private and secure payment with RFID

Blass, Erik-Oliver; Kurmus, Anil; Molva, Refik; Strufe, Thorsten

Computer Communications, 2012

RFID can be used for a variety of applications, e.g., to conveniently pay for public transportation. However, achieving security and privacy of payment is challenging due to the extreme resource restrictions of RFID tags. In this paper, we propose PSP - a secure, RFID-based protocol for privacy-preserving payment that supports multiple different payees. Similar to traditional electronic cash, the user of a tag can pay for a service using his tag and so called coins of a virtual currency. With PSP, tags do not need to store valid coins, but generate them on the fly. Using Bloom filters, readers can verify the validity of generated coins offline. PSP guarantees privacy such that neither payees nor an adversary can reveal the identity of a user or link subsequent payments. PSP is secure against invention and overspending of coins, and can reveal the identity of users trying to double spend coins. Still, PSP is lightweight: it requires only a hash                                                                                                                               function and few bytes of non-volatile memory on the tag.

Document Doi Bibtex

Title:PSP: Private and secure payment with RFID
Keywords:RFID, Payment, Privacy, Security, Ecash
Department:Digital Security
Eurecom ref:3858
Copyright: © Elsevier. Personal use of this material is permitted. The definitive version of this paper was published in Computer Communications, 2012 and is available at :
Bibtex: @article{EURECOM+3858, doi = {}, year = {2012}, month = {11}, title = {{PSP}: {P}rivate and secure payment with {RFID}}, author = {{B}lass, {E}rik-{O}liver and {K}urmus, {A}nil and {M}olva, {R}efik and {S}trufe, {T}horsten}, journal = {{C}omputer {C}ommunications, 2012}, url = {} }
See also: