Raghav Bhaskar, Saikat Guha, Srivatsan Laxman, and Prasad Naldurg
Purchase of virtual goods and services is now a major source of revenue for developers on platforms like Facebook, Xbox, and iOS. These virtual economies are typically based on users maintaining a stored-value account of virtual-currency (purchased with real-currency) with the platform. While the model is similar to that of a bank, these economies lack transparency and regulatory oversight that protect a consumer's financial interests. We propose \Verito, a practical solution that provides transparency and accountability in this context. We combine state-of-the-art cryptographic constructs in novel ways to design a system that provides four desirable properties, viz., transparency (money-in equals money-out), fairness (users treated equally), non-repudiation (users' virtual money is safe), and scalability (low processing and storage costs). Our design also accommodates nuances such as support for multiple-currencies, and defense against arbitrage, while addressing scalability bottlenecks. We present an experimental evaluation based on our implementation of \Verito and study its performance characteristics. Overall, we show that it is possible to protect consumer interests in virtual economies in a practical manner, without relying only on regulation.
In Proceedings of the Network and Distributed Systems Security Symposium (NDSS)