| Summary: | 碩士 === 中原大學 === 資訊工程研究所 === 100 === Online rental services, such as music stores, DVD rentals, magazine subscriptions, have been quite popular in our daily life. However, most of them require customers to provide personal information. The service providers may collect users’ consumption habits from rental records. Such analysis is carried out mostly without users’ permission and has consequently caused privacy breaches in e-rental services.
In this paper, we propose a protocol for anonymous e-rental services, particularly vehicle rentals. Our contributions include: (1) Anonymity. Users provide their personal information to a trusted third party (TTP) only. They do not even need to reveal their real identity to a rental company. (2) Unlinkability. Car rental companies are unable to establish any link between users’ rental records and users’ identity simply by analyzing the rental records. (3) Traceability. If there are consumer disputes or accidents, the rental company can request that TTP reveal users’ identity. (4) Flexibility. Users are free to choose their preferred vehicles from any allied companies. (5) Anonymous payment. Car rental companies have to claim payments through a TTP, which prevents privacy breaches in credit card payments.
Our proposed protocol use identity-based certificateless signature scheme with bilinear pairings. We then implement the scheme into near field communication (NFC) phones’ secure elements (SE). The improved SE will be of higher efficiency in authentication, authorization and auditing in car rental services.
Our security analysis also proves that our system is able to guarantee anonymity, confidentiality, forward secrecy, backward secrecy, and anonymity revocation. It can also resist replay attacks and man-in-the-middle (MITM) attacks.
|
|---|
