A Solution for Wireless Privacy and Payments based on E-cash
A Karygiannis, Y. Tsiounis, A. Kayias
With wireless capable devices becoming more and more accessible, there is an increasing need for standardization of wireless networking. One of the most utilized standards that is deployed by many current devices (including theWindows XP OS) for building wireless LANs is the IEEE 802.11. For the purpose of authentication the IEEE 802.1x standard has been proposed, a flexible and extensible standard that couples 802.11 networks with various authentication services, through the incorporation of an Extensible Authentication Protocol (EAP) authentication dialog. The existing implementations of EAP dialogs are based on standard cryptographic solutions for authentication and session key generation and do not provide any form of anonymity or privacy. Anonymity and privacy are currently of pressing interest, especially in the context of WLANs, which are simultaneously the best medium to provide privacy (there is no physical phone number or connection end-point with a predetermined owner) as well as the most threatening medium to user privacy, as they have the potential of disclosing the current location of the user, in addition to their identity. At the same time, the potential perfect hiding capabilities of WLANs also highlight the need to control anonymity in this environment. Furthermore, paying for wireless services is completely decoupled from the above procedures, raising additional concerns of efficiency and privacy. In this work we propose a solution forWireless privacy as well as payments by providing a new EAP authentication dialog based on anonymous electronic cash. Our solution is based on the notion of public-key embedding e-cash, an e-cash variant we present and formalize. We present a concrete description of the new EAP authentication dialog in the context of IEEE 802.1x. We also present an efficient implementation of a public-key embedding e-cash scheme based on RSA blind signatures and prove its security.