From 2e9bdd37d6292a0fc66309bd1def340ea942aac9 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Wed, 10 Aug 2016 17:59:12 +0200 Subject: minor updates --- articles/ui/ui.tex | 183 +++++++++++++++++++++++++++-------------------------- 1 file changed, 93 insertions(+), 90 deletions(-) (limited to 'articles/ui/ui.tex') diff --git a/articles/ui/ui.tex b/articles/ui/ui.tex index de314b95c..765efcf02 100644 --- a/articles/ui/ui.tex +++ b/articles/ui/ui.tex @@ -39,11 +39,13 @@ Marcello Stanisci} GNU Taler is a new electronic online payment system which provides anonymity for customers and accountability for merchants. This paper first describes the interaction processes of online payment systems, -and analytically compares their usability for both customers and -merchants. We then focus on the resulting assurances that Taler -provides, as---particularly for payment systems---usability and -security are intertwined. Web payment systems must also face the -reality of constraints imposed by modern Web browser security +and analytically compares the processes involved for both customers +and merchants. The focus here is in particular on how to make +electronic payments work nicely with the current Web architecture. + +We then focus on the resulting assurances that Taler provides and +consider possible failure modes. Web payment systems must also face +the reality of constraints imposed by modern Web browser security architecture, so the analysis includes considerations of how Web payment systems exploit the security infrastructure provided by the modern Web. We argue that the resulting system offers a good @@ -102,7 +104,7 @@ Key contributions of this paper are: \begin{itemize} \item A description of different payment systems using common terminology, which allows us to analytically compare - these systems with respect to security and usability. + these systems. \item An introduction to the Taler payment system from the perspective of users and merchants, with a focus on how to achieve secure payments in a way that is intuitive and @@ -328,7 +330,6 @@ by investigators~\cite{BTC:Anonymity}. This has resulted in the development of new protocols with better privacy protections. - \begin{figure*}[b!] \includegraphics[width=\textwidth]{figs/paypal.pdf} \caption{Payment processing with Paypal. (From: W3c Web Payments IG.)} @@ -432,6 +433,15 @@ cryptography and real-world deployment. There are four components of the Taler system (Figure~\ref{fig:system}): +\begin{figure*}[b!] +\includegraphics[width=0.9\textwidth]{figs/taler-withdraw.pdf} +\caption{Withdrawing coins with Taler.} +\label{fig:taler-withdraw} +\end{figure*} + + + + \begin{itemize} \item {\em Customers} use a digital wallet to withdraw, @@ -441,6 +451,26 @@ realized as browser extensions, mobile Apps or even in custom hardware. If a user's digital wallet is compromised, the current balance may be lost just like with an ordinary wallet for cash. + +\begin{figure}[t!]%[36]{R}{0.5\linewidth} +\subfloat[Bank login. (Simplified for demonstration.)]{ +\includegraphics[width=0.45\linewidth]{figs/bank0a.png} +\label{subfig:login}} \hfill +\subfloat[Select exchange provider. (Generated by wallet.)]{ +\includegraphics[width=0.45\linewidth]{figs/bank2a.png} +\label{subfig:exchange}} \\ +\subfloat[Specify amount to withdraw. (Integrated bank support.)]{ +\includegraphics[width=0.45\linewidth]{figs/bank1a.png} +\label{subfig:withdraw}} \hfill +\subfloat[Confirm transaction with a PIN. (Generated by bank.)]{ +\includegraphics[width=0.45\linewidth]{figs/bank3a.png} +\label{subfig:pin}} +\caption{Required steps in a Taler withdrawal process.} +\label{fig:withdrawal} +\end{figure} + + + \item {\em Exchanges}, which are run by financial service providers, enable customers to withdraw anonymous digital coins, @@ -473,17 +503,12 @@ volume of signed digital coins in order to compensate for potential risks due to operational failures (such as data loss or theft of private keys) of the exchange. \end{itemize} + The specific protocol between wallet and merchant depends on the setting. For a traditional store, a near field communication (NFC) protocol might be used between a point-of-sale system and a mobile application. In this paper, we focus on Web payments for an online shop. -\begin{figure*} -\includegraphics[width=0.9\textwidth]{figs/taler-withdraw.pdf} -\caption{Withdrawing coins with Taler.} -\label{fig:taler-withdraw} -\end{figure*} - % \smallskip \subsection{Web payment workflow} @@ -498,6 +523,14 @@ Taler is integrated tightly with browsers in the future. Regardless, installing the extension involves one or two clicks to confirm the operation. Restarting the browser is not required. + +\begin{figure*}[b!] +\includegraphics[width=0.9\textwidth]{figs/taler-pay.pdf} +\caption{Payment processing with Taler.} +\label{fig:taler-pay} +\end{figure*} + + \paragraph{Withdrawing coins} As with cash, the customer must first withdraw digital coins @@ -506,24 +539,6 @@ visit the bank's online portal. Here, the bank will typically require some form of authentication, the specific method used depends on the bank (Figure~\ref{subfig:login}). -\begin{figure}[h!]%[36]{R}{0.5\linewidth} -\subfloat[Bank login. (Simplified for demonstration.)]{ -\includegraphics[width=0.45\linewidth]{figs/bank0a.png} -\label{subfig:login}} \hfill -\subfloat[Select exchange provider. (Generated by wallet.)]{ -\includegraphics[width=0.45\linewidth]{figs/bank2a.png} -\label{subfig:exchange}} \\ -\subfloat[Specify amount to withdraw. (Integrated bank support.)]{ -\includegraphics[width=0.45\linewidth]{figs/bank1a.png} -\label{subfig:withdraw}} \hfill -\subfloat[Confirm transaction with a PIN. (Generated by bank.)]{ -\includegraphics[width=0.45\linewidth]{figs/bank3a.png} -\label{subfig:pin}} -\caption{Required steps in a Taler withdrawal process.} -\label{fig:withdrawal} -\end{figure} - - The next step depends on the level of Taler support offered by the bank: \begin{itemize} \item If the bank does not offer integration with Taler, the @@ -565,12 +580,6 @@ customers, and may help create a competitive market. \paragraph{Spending coins} % \tinyskip -\begin{figure*} -\includegraphics[width=0.9\textwidth]{figs/taler-pay.pdf} -\caption{Payment processing with Taler.} -\label{fig:taler-pay} -\end{figure*} - \begin{figure}[b!] \subfloat[Select article. (Generated by Web shop.)]{ \includegraphics[width=0.30\textwidth]{figs/cart.png} @@ -599,6 +608,45 @@ exchanges to operate with transaction fees acceptable to most merchants. If transaction fees are higher than what is covered by the merchant, the customer may choose to cover them. +% \tinyskip +\lstdefinelanguage{JavaScript}{ + keywords={typeof, new, true, false, catch, function, return, null, catch, switch, var, if, in, while, do, else, case, break, for}, + keywordstyle=\color{blue}\bfseries, + ndkeywords={class, export, boolean, throw, implements, import, this}, + ndkeywordstyle=\color{darkgray}\bfseries, + identifierstyle=\color{black}, + sensitive=false, + comment=[l]{//}, + morecomment=[s]{/*}{*/}, + commentstyle=\color{purple}\ttfamily, + stringstyle=\color{red}\ttfamily, + morestring=[b]', + morestring=[b]" +} + +\begin{figure*}[h!] + \lstset{language=JavaScript} + \lstinputlisting{figs/taler-presence.js} + \caption{Sample code to detect the Taler wallet. Allowing the + Web site to detect the presence of the wallet leaks one bit + of information about the user. The above logic also works + if the wallet is installed while the page is open.} + \label{listing:presence} +\end{figure*} + + +\begin{figure*}[h!] + \lstset{language=JavaScript} + \lstinputlisting{figs/taler-contract.js} + \caption{Sample code to pass a contract to the Taler wallet. + Here, the contract is fetched on-demand from the server. + The {\tt taler\_pay()} function needs to be invoked + when the user triggers the checkout.} + \label{listing:contract} +\end{figure*} + + + As with traditional Web transactions, customers first select which items they wish to buy. This can involve building a traditional shopping cart, or simply clicking on a particular link for the @@ -1219,7 +1267,8 @@ Customers and merchants should be able to easily adapt their existing mental models and technical infrastructure to Taler. In contrast, Bitcoin's payment models fail to match common expectations be it in terms of performance, durability, security, or privacy. Minimizing -the need to authenticate to pay fundamentally improves usability. +the need to authenticate to pay fundamentally improves security +and usability. % FIXME (following paragraph): it's never said that the Taler wallet % keeps any 'receipt' of transaction -- maybe here we want to say 'contract' @@ -1232,6 +1281,12 @@ question for the future is thus whether this data collection will be done on behalf of the citizens and under their control, or on behalf of the Reich of big data corporations. +We encourage readers to try our prototype for Taler +at \url{https://demo.taler.net/}, and to ponder why the billion dollar +e-commerce industry still relies mostly on TLS for security given +that usability, security and privacy can clearly {\em all} be improved +simultaneously using a modern payment protocol. + % These APIs are all RESTful in the modern sense because that greatly % simplify integrating Taler with web shops and browsers. @@ -1244,58 +1299,6 @@ thank Neal Walfield for comments on an earlier draft of the paper. \bibliographystyle{splncs03} \bibliography{ui,btc,taler,rfc} -\appendix - -We encourage readers to try our prototype for Taler -at \url{https://demo.taler.net/}, and to ponder why the billion dollar -e-commerce industry still relies mostly on TLS for security given -that usability, security and privacy can clearly {\em all} be improved -simultaneously using a modern payment protocol. - - -Figures~\ref{listing:presence} and~\ref{listing:contract} provide more -detailed sample source code for how merchants might integrate their -systems with Taler. - - - - -% \tinyskip -\lstdefinelanguage{JavaScript}{ - keywords={typeof, new, true, false, catch, function, return, null, catch, switch, var, if, in, while, do, else, case, break, for}, - keywordstyle=\color{blue}\bfseries, - ndkeywords={class, export, boolean, throw, implements, import, this}, - ndkeywordstyle=\color{darkgray}\bfseries, - identifierstyle=\color{black}, - sensitive=false, - comment=[l]{//}, - morecomment=[s]{/*}{*/}, - commentstyle=\color{purple}\ttfamily, - stringstyle=\color{red}\ttfamily, - morestring=[b]', - morestring=[b]" -} - -\begin{figure*} - \lstset{language=JavaScript} - \lstinputlisting{figs/taler-presence.js} - \caption{Sample code to detect the Taler wallet. Allowing the - Web site to detect the presence of the wallet leaks one bit - of information about the user. The above logic also works - if the wallet is installed while the page is open.} - \label{listing:presence} -\end{figure*} - - -\begin{figure*} - \lstset{language=JavaScript} - \lstinputlisting{figs/taler-contract.js} - \caption{Sample code to pass a contract to the Taler wallet. - Here, the contract is fetched on-demand from the server. - The {\tt taler\_pay()} function needs to be invoked - when the user triggers the checkout.} - \label{listing:contract} -\end{figure*} \end{document} -- cgit v1.2.3