System-Wide Security for Offline Payment Terminals. (arXiv:2107.08490v1 [cs.DC])

Most self-service payment terminals require network connectivity for
processing electronic payments. The necessity to maintain network connectivity
increases costs, introduces cybersecurity risks, and significantly limits the
number of places where the terminals can be installed. Leading payment service
providers have proposed offline payment solutions that rely on algorithmically
generated payment tokens. Existing payment token solutions, however, require
complex mechanisms for authentication, transaction management, and most
importantly, security risk management. In this paper, we present VolgaPay, a
blockchain-based system that allows merchants to deploy secure offline payment
terminal infrastructure that does not require collection and storage of any
sensitive data. We design a novel payment protocol which mitigates security
threats for all the participants of VolgaPay, such that the maximum loss from
gaining full access to any component by an adversary incurs only a limited
scope of harm. We achieve significant enhancements in security, operation
efficiency, and cost reduction via a combination of polynomial multi-hash chain
micropayment channels and blockchain grafting for off-chain channel state
transition. We implement the VolgaPay payment system, and with thorough
evaluation and security analysis, we demonstrate that VolgaPay is capable of
delivering a fast, secure, and cost-efficient solution for offline payment
terminals.