System-Wide Security for Offline Payment Terminals

TL;DR

VolgaPay introduces a blockchain-based offline payment system that enhances security, reduces costs, and eliminates the need for sensitive data storage, enabling secure transactions without network connectivity.

Contribution

The paper presents a novel blockchain protocol and payment system, VolgaPay, that secures offline payments without sensitive data, improving security and efficiency over existing solutions.

Findings

VolgaPay achieves secure offline payments with limited security risks.

The system reduces operational costs and complexity.

Evaluation shows high speed and security in practical deployment.

Abstract

Most self-service payment terminals require network connectivity for processing electronic payments. The necessity to maintain network connectivity increases costs, introduces cybersecurity risks, and significantly limits the number of places where the terminals can be installed. Leading payment service providers have proposed offline payment solutions that rely on algorithmically generated payment tokens. Existing payment token solutions, however, require complex mechanisms for authentication, transaction management, and most importantly, security risk management. In this paper, we present VolgaPay, a blockchain-based system that allows merchants to deploy secure offline payment terminal infrastructure that does not require collection and storage of any sensitive data. We design a novel payment protocol which mitigates security threats for all the participants of VolgaPay, such that the maximum loss from gaining full access to any component by an adversary incurs only a limited scope of harm. We achieve significant enhancements in security, operation efficiency, and cost reduction via a combination of polynomial multi-hash chain micropayment channels and blockchain grafting for off-chain channel state transition. We implement the VolgaPay payment system, and with thorough evaluation and security analysis, we demonstrate that VolgaPay is capable of delivering a fast, secure, and cost-efficient solution for offline payment terminals.