Identity-based undetachable digital signature for mobile agents in electronic commerce

2018 ◽  
Vol 22 (20) ◽  
pp. 6921-6935 ◽  
Author(s):  
Yang Shi ◽  
Jingxuan Han ◽  
Jiangfeng Li ◽  
Guoyue Xiong ◽  
Qinpei Zhao
Keyword(s):  
Electronic Commerce ◽  
Digital Signature ◽  
Mobile Agents ◽  
Identity Based

scholarly journals Key-Insulated Undetachable Digital Signature Scheme and Solution for Secure Mobile Agents in Electronic Commerce

2016 ◽  
Vol 2016 ◽  
pp. 1-18 ◽  
Author(s):  
Yang Shi ◽  
Jie Lin ◽  
Guoyue Xiong ◽  
Xiaoping Wang ◽  
Hongfei Fan
Keyword(s):  
Electronic Commerce ◽  
Digital Signature ◽  
Mobile Agents ◽  
Theoretical Perspective ◽  
Performance Testing ◽  
Digital Signatures ◽  
Diffie Hellman ◽  
Time Period ◽  
Digital Signature Scheme ◽  
Security Notion

Considering the security of both the customers’ hosts and the eShops’ servers, we introduce the idea of a key-insulated undetachable digital signature, enabling mobile agents to generate undetachable digital signatures on remote hosts with the key-insulated property of the original signer’s signing key. From the theoretical perspective, we provide the formal definition and security notion of a key-insulated undetachable digital signature. From the practical perspective, we propose a concrete scheme to secure mobile agents in electronic commerce. The scheme is mainly focused on protecting the signing key from leakage and preventing the misuse of the signature algorithm on malicious servers. Agents do not carry the signing key when they generate digital signatures on behalf of the original signer, so the key is protected on remote servers. Furthermore, if a hacker gains the signing key of the original signer, the hacker is still unable to forge a signature for any time period other than the key being accessed. In addition, the encrypted function is combined with the original signer’s requirement to prevent the misuse of signing algorithm. The scheme is constructed on gap Diffie–Hellman groups with provable security, and the performance testing indicates that the scheme is efficient.

Privacy-Preserving Transactions Protocol Using Mobile Agents with Mutual Authentication

2011 ◽  
pp. 103-114
Author(s):  
Song Han ◽  
Vidyasagar Potdar ◽  
Elizabeth Chang ◽  
Tharam Dillon
Keyword(s):  
Electronic Commerce ◽  
Mobile Agents ◽  
Mutual Authentication ◽  
Privacy Preserving ◽  
New Model

This chapter introduces a new transaction protocol using mobile agents in electronic commerce. The authors first propose a new model for transactions in electronic commerce – mutual authenticated transactions using mobile agents. They then design a new protocol by this model. Furthermore, the authors analyse the new protocol in terms of authentication, construction and privacy. The aim of the protocol is to guarantee that the customer is committed to the server, and the server is committed to the customer. At the same time, the privacy of the customer is protected.

Integrity Protection of Mobile Agent Data

2009 ◽  
pp. 2715-2724
Author(s):  
Sheng-Uei Guan
Keyword(s):  
Electronic Commerce ◽  
Mobile Agent ◽  
Current Literature ◽  
Mobile Agents ◽  
Data Integrity ◽  
Data Encryption ◽  
Agent Technology ◽  
Session Key ◽  
The Common ◽  
Malicious Host

One hindrance to the widespread adoption of mobile-agent technology is the lack of security. Security will be the issue that has to be addressed carefully if mobile agents are to be used in the field of electronic commerce. SAFER (secure agent fabrication, evolution and roaming) is a mobile-agent framework that is specially designed for the purpose of electronic commerce (Guan & Hua, 2003; Guan, Zhu, & Maung, 2004; Zhu, Guan, Yang, & Ko, 2000). Security has been a prime concern from the first day of our research (Guan & Yang, 2002; Yang & Guan, 2000). By building strong and efficient security mechanisms, SAFER aims to provide a trustworthy framework for mobile agents to assist users in conducting mobile or electronic-commerce transactions. Agent integrity is one such area crucial to the success of agent technology (Wang, Guan, & Chan, 2002). Despite the various attempts in the literature, there is no satisfactory solution to the problem of data integrity so far. Some of the common weaknesses of the current schemes are vulnerabilities to revisit attacks, when an agent visits two or more collaborating malicious hosts during one roaming session, and illegal modifi- cation (deletion or insertion) of agent data. The agent monitoring protocol (AMP; Chionh, Guan, & Yang, 2001), an earlier proposal under SAFER to address agent data integrity, does address some of the weaknesses in the current literature. Unfortunately, the extensive use of PKI (public-key infrastructure) technology introduces too much overhead to the protocol. Also, AMP requires the agent to deposit its data collected to the agent owner or butler before it roams to another host. While this is a viable and secure approach, the proposed approach, Secure Agent Data Integrity Shield (SADIS), will provide an alternative by allowing the agent to carry the data by itself without depositing them (or the data hash) onto the butler. Besides addressing the common vulnerabilities of current literature (revisit attacks and data-modification attacks), SADIS also strives to achieve maximum efficiency without compromising security. It minimizes the use of PKI technology and relies on symmetric key encryption as much as possible. Moreover, the data encryption key and the communication session key are both derivable from a key seed that is unique to the agent’s roaming session in the current host. As a result, the butler can derive the communication session key and data encryption key directly. Another feature in SADIS is strong security. Most of the existing research works focus on detecting integrity compromise (Esparza, Muñoz, Soriano, & Fomé, 2006) or bypassing integrity attacks by requiring the existence of a cooperating agent that is carried out within a trusted platform (Ouardani, Pierre, & Boucheneb, 2006). However, these works neglect the need to identify the malicious host. With SADIS, the agent butler will not only be able to detect any compromise to data integrity, but will identify the malicious host effectively.

Privacy-Preserving Transactions Protocol Using Mobile Agents with Mutual Authentication

2009 ◽  
pp. 546-557
Author(s):  
Song Han ◽  
Vidyasagar Potdar ◽  
Elizabeth Chang ◽  
Tharam Dillon
Keyword(s):  
Electronic Commerce ◽  
Mobile Agents ◽  
Mutual Authentication ◽  
Privacy Preserving ◽  
New Model

This article introduces a new transaction protocol using mobile agents in electronic commerce. The authors first propose a new model for transactions in electronic commerce, mutual authenticated transactions using mobile agents. They then design a new protocol by this model. Furthermore, the authors analyse the new protocol in terms of authentication, construction, and privacy. The aim of the protocol is to guarantee that the customer is committed to the server, and the server is committed to the customer. At the same time, the privacy of the customer is protected.

Sign in / Sign up

Export Citation Format

Share Document