Authors: Omaima Bamasak

Abstract:

This paper presents a novel method that allows an agent host to delegate its signing power to an anonymous mobile agent in such away that the mobile agent does not reveal any information about its host-s identity and, at the same time, can be authenticated by the service host, hence, ensuring fairness of service provision. The solution introduces a verification server to verify the signature generated by the mobile agent in such a way that even if colluding with the service host, both parties will not get more information than what they already have. The solution incorporates three methods: Agent Signature Key Generation method, Agent Signature Generation method, Agent Signature Verification method. The most notable feature of the solution is that, in addition to allowing secure and anonymous signature delegation, it enables tracking of malicious mobile agents when a service host is attacked. The security properties of the proposed solution are analyzed, and the solution is compared with the most related work.

Keywords: Anonymous signature delegation, collusion resistance, e-commerce fairness, mobile agent security.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1079566

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1397

References:

[1] N. Asokan, V. Shoup, and M. Waidner, "Optimistic fair exchange of digital signatures", IEEE Journal on Selected Areas in Communication., vol. 18, pp. 591-610, April 2000.
[2] O. Bamasak, " Delegating Signing Power to Mobile Agents: Algorithms and Protocol Design", PhD Thesis, School of Computer Science, the University of Manchester, January 2006.
[3] F. Bao, R.H. Deng, and W. Mao, "Efficient and practical fair exchange protocols with off-line TTP", in Proc. IEEE Symposium on Security and Privacy, Oakland, CA, May 1998, pp. 77-85.
[4] M. Blum, "How to exchange (secret) keys", ACM Trans. Computer Systems, Vol. 1, no.2, pp. 175-193, 1983.
[5] C. Boyd and E. Foo, "Off-line fair payment protocols using convertible signature", Advances in Cryptology - in Proc. Asiacrypt' 98, LNCS 1514, Springer-Verlag, 1998, pp. 271-285.
[6] L. Chen, "Efficient fair exchange with verifiable confirmation of signatures", Advances in Cryptology - in Proc. Asiacrypt' 98, LNCS 1514, Springer-Verlag, 1998, pp. 286-299.
[7] R.H.Deng, L. Gong, A. A. Lazar, and W. Wang, "Practical protocol for certified electronic mail", Journal of Network and System Management, vol. 4, no. 3, pp.279-297, 1996.
[8] S. Even, O. Golreich, and A. Lempel, "A randomized protocol for signing contracts", Communications of the ACM, vol. 28, no. 6, pp. 637-647, 1985.
[9] M.K. Franklin and M.K. Reiter, "Verifiable signature sharing", Advances in Cryptology - Proc. Eurocrypt' 95, LNCS 921, 1995, pp. 50-63.
[10] J. A. Garay, M. Jakobsson, and P. MacKenzie, "Abuse-free optimistic contract signing", Advances in Cryptology - Proc. Crypto' 99, LNCS 1666, Springer-Verlag, 1999, pp. 449 - 466.
[11] M. Jakobsson, K. Sako, and R. Impagliazzo, "Designated verifier proofs and their applications", Advances in Cryptology - Proc. Eurocrypt' 96, LNCS 1070, Springer-Verlag, 1996, pp. 143 - 154.
[12] T. Okamoto and K. Ohta, "How to simultaneously exchange secrets by general assumptions", in Proc. the 2nd ACM Conference on Computer and Communications Security, 1994, pp. 184-192.
[13] C. Wang and C. Yin, "Practical Implementations of a Non-disclosure Fair Contract Signing Protocol", IEICE Trans. on Fundamentals of Electronics, Communications and Computer Science, vol. e89-a, no. 1, pp. 297-309, 2006.
[14] J. Zhou and D. Gollmann, "A fair non-repudiation protocol", in Proc. 1996 IEEE Symposium on Security and Privacy, Oakland, CA, 1996, pp. 55-61.
[15] J. Zhou and D. Gollmann, "An efficient non-repudiation protocol", in Proc. 1997 IEEE Computer Security Foundations Workshop (CSFW 10), 1997, pp. 126 - 132.
[16] M. Lin, C. Chang, Y. Chen, "A fair and secure mobile agent environment based on blind signature and proxy host", Computers & Security, vol. 23, pp. 199-212, Elsevier, 2004.
[17] D. Chaum, "Blind signatures for untraceable payments", in Proc. CRYPTO-82, Plenum Press, Berlin, 1983, pp. 199-203.
[18] J. Kim, G. Kim, Y. Eom, "Design of the Mobile Agent Anonymity Framework in Ubiquitous Computing Environments", IEICE Trans. on Information and Systems, Vol. E89-D, No. 12, pp. 2990-2993, December 2006.
[19] RL. Rivest, A. Shamir, LM. Adleman, "A method for obtaining digital signatures and public key cryptosystems". Communication of ACM, Vol. 21, No. 2, pp. 120-126.
[20] National Institute of Standard and Technology (NIST), "Secure Hash Standard", Federal Information Processing Standards Publication 180-1.
[21] U. Wilhelm, "Cryptographically Protected Objects", Technical report, 1997, Ecole Polytechnique Federale de Lausanne, Switzerland.
[22] F. Hohl, "Time Limited Blackbox Security: Protecting Mobile Agents from malicious Hosts", In Mobile Agents and Security, Lecture Notes in Computer Science, Vol. 1419, 1998, Springer-Verlag, pp. 92-113.
[23] S. Kremer and J. Raskin, "A game-based verification of non-repudiation and fair exchange protocols", in Proc. 12th International Conference on Concurrency Theory (CONCUR 2001), Lecture Notes in Computer Science, Vol. 2154, Springer-Verlag, Berlin, Germany, 2001, pp. 551-566.
[24] S. Kremer and J. Raskin, "Game Analysis of abuse-free contract signing", in Proc. 15th IEEE Computer Security Foundations Workshop, IEEE Computer Society Press, 2002, pp. 206-220.
[25] Aglets Mobile Agent Platform, http://www.trl.ibm.co.jp/aglets