Traditionally, people used paper money to buy things. With the start of the digital age, transactions moved online and you can now use a credit card, a smartphone app, or online banking to pay for things. These systems, however, rely on the internet to connect your bank with the seller's bank and transfer money. Researchers from the Indian Institute of Technology (IIT) Indore have developed a new system called ElasticPay, which aims to make digital payments easier and more secure, even when there's no internet connection.
ElasticPay is a peer-to-peer offline digital payment system. It uses three key components: Trusted Platform Modules (TPMs), which are like digital vaults that store important information securely; Trusted Execution Environments (TEEs) to create a safe space inside your device where sensitive operations can happen without being spied on by other parts of the device, and Secure Elements (SEs) which are chips that handle secure transactions and store important keys. ElasticPay employs these technologies to work together to make sure your money is safely sent or received, even when you're not connected to the internet.
ElasticPay allows you to make payments directly from one smartphone to another. When you want to pay someone, ElasticPay creates a special token, which is like a digital check. This token includes the amount of money and the recipient's details and is protected by a digital signature that makes it impossible to change without invalidating it. ElasticPay ensures that once a token is used, it can't be used again. This stops people from trying to spend the same money twice. Your transaction details are also kept private, ensuring data privacy and security throughout the transaction.
Other key features of ElasticPay include The key features of ElasticPay include:
Double Spending Protection: ElasticPay ensures that each transaction is processed securely on a trusted device, preventing the use of the same payment token for multiple transactions. The token's cryptographic signature makes it tamper-proof, safeguarding against misuse or redirection of funds.
Replay Attack Prevention: The system detects and prevents the unauthorized reuse of a valid token by checking its usage history in both the sender's and receiver's Trusted Execution Environments (TEEs) and at the bank server.
Forgery Prevention: ElasticPay requires users to have digital certificates issued by an authoritative entity, ensuring that identities are verified and cannot be falsely assumed or replicated.Non-Repudiation: Transactions are confirmed through digital signatures and explicit consent, ensuring that participants cannot deny their involvement, thus securing accountability and traceability.
Side-Channel Attack Prevention: The system uses TEEs and Secure Elements (SEs) to prevent the leakage of external information and protect against side-channel attacks.
Mitigation of Man-in-the-Middle Attacks: All communications are encrypted using advanced cryptographic protocols, thwarting interception or alteration of messages.
Hardware Control Attack Resilience: Comprehensive encryption measures protect against unauthorized access to application data, even if hardware manipulation is attempted.
Software Control Attack Defense: Secure boot processes with TPM technology to authenticate software integrity, preventing compromised software from executing.
Privacy Preservation in Transactions: Only essential information is shared during transactions, minimizing the exposure of private data and maintaining user privacy.
Recovery from Transaction Failures: The system provides mechanisms for retransmission or invalidation and regeneration of tokens in case of transaction failures, ensuring transaction integrity.
These features collectively ensure that ElasticPay offers secure, private, and reliable offline digital transactions, addressing key challenges in digital payment systems. The team, however, acknowledges limitations like fund inaccessibility during offline transactions and the sequential processing of transactions (processing multiple requests at the same time) and is working on addressing these.
As India transitions towards a digital economy, the reliance on internet connectivity for digital transactions poses a barrier, especially in rural and remote areas where network access is inconsistent or absent. ElasticPay offers a viable solution to this challenge by enabling secure and private offline digital transactions. This system can significantly enhance financial inclusion, allowing individuals in underbanked and underserved regions to participate in the digital economy without the prerequisite of stable internet connectivity. By facilitating offline transactions, ElasticPay ensures that digital financial services are accessible to a broader population, bridging the digital divide and supporting the government's efforts to create a more inclusive financial ecosystem.
This research news was partly generated using artificial intelligence and edited by an editor at Research Matters