A Collusion-Resistant Distributed Signature Delegation Based on Anonymous Mobile Agent
This paper presents a novel method that allows an
agent host to delegate its signing power to an anonymous mobile
agent in such away that the mobile agent does not reveal any information about its host-s identity and, at the same time, can be authenticated by the service host, hence, ensuring fairness of service
provision. The solution introduces a verification server to verify the
signature generated by the mobile agent in such a way that even if colluding with the service host, both parties will not get more information than what they already have. The solution incorporates
three methods: Agent Signature Key Generation method, Agent
Signature Generation method, Agent Signature Verification method.
The most notable feature of the solution is that, in addition to allowing secure and anonymous signature delegation, it enables
tracking of malicious mobile agents when a service host is attacked. The security properties of the proposed solution are analyzed, and the solution is compared with the most related work.
[1] N. Asokan, V. Shoup, and M. Waidner, "Optimistic fair exchange of digital signatures", IEEE Journal on Selected Areas in Communication., vol. 18, pp. 591-610, April 2000.
[2] O. Bamasak, " Delegating Signing Power to Mobile Agents: Algorithms
and Protocol Design", PhD Thesis, School of Computer Science, the
University of Manchester, January 2006.
[3] F. Bao, R.H. Deng, and W. Mao, "Efficient and practical fair exchange protocols with off-line TTP", in Proc. IEEE Symposium on Security and
Privacy, Oakland, CA, May 1998, pp. 77-85.
[4] M. Blum, "How to exchange (secret) keys", ACM Trans. Computer
Systems, Vol. 1, no.2, pp. 175-193, 1983.
[5] C. Boyd and E. Foo, "Off-line fair payment protocols using convertible
signature", Advances in Cryptology - in Proc. Asiacrypt' 98, LNCS
1514, Springer-Verlag, 1998, pp. 271-285.
[6] L. Chen, "Efficient fair exchange with verifiable confirmation of
signatures", Advances in Cryptology - in Proc. Asiacrypt' 98, LNCS
1514, Springer-Verlag, 1998, pp. 286-299.
[7] R.H.Deng, L. Gong, A. A. Lazar, and W. Wang, "Practical protocol for
certified electronic mail", Journal of Network and System Management,
vol. 4, no. 3, pp.279-297, 1996.
[8] S. Even, O. Golreich, and A. Lempel, "A randomized protocol for signing contracts", Communications of the ACM, vol. 28, no. 6, pp.
637-647, 1985.
[9] M.K. Franklin and M.K. Reiter, "Verifiable signature sharing", Advances in Cryptology - Proc. Eurocrypt' 95, LNCS 921, 1995, pp.
50-63.
[10] J. A. Garay, M. Jakobsson, and P. MacKenzie, "Abuse-free optimistic contract signing", Advances in Cryptology - Proc. Crypto' 99, LNCS
1666, Springer-Verlag, 1999, pp. 449 - 466.
[11] M. Jakobsson, K. Sako, and R. Impagliazzo, "Designated verifier proofs
and their applications", Advances in Cryptology - Proc. Eurocrypt' 96,
LNCS 1070, Springer-Verlag, 1996, pp. 143 - 154.
[12] T. Okamoto and K. Ohta, "How to simultaneously exchange secrets by
general assumptions", in Proc. the 2nd ACM Conference on Computer
and Communications Security, 1994, pp. 184-192.
[13] C. Wang and C. Yin, "Practical Implementations of a Non-disclosure
Fair Contract Signing Protocol", IEICE Trans. on Fundamentals of
Electronics, Communications and Computer Science, vol. e89-a, no. 1, pp. 297-309, 2006.
[14] J. Zhou and D. Gollmann, "A fair non-repudiation protocol", in Proc.
1996 IEEE Symposium on Security and Privacy, Oakland, CA, 1996, pp.
55-61.
[15] J. Zhou and D. Gollmann, "An efficient non-repudiation protocol", in
Proc. 1997 IEEE Computer Security Foundations Workshop (CSFW
10), 1997, pp. 126 - 132.
[16] M. Lin, C. Chang, Y. Chen, "A fair and secure mobile agent environment based on blind signature and proxy host", Computers &
Security, vol. 23, pp. 199-212, Elsevier, 2004.
[17] D. Chaum, "Blind signatures for untraceable payments", in Proc.
CRYPTO-82, Plenum Press, Berlin, 1983, pp. 199-203.
[18] J. Kim, G. Kim, Y. Eom, "Design of the Mobile Agent Anonymity
Framework in Ubiquitous Computing Environments", IEICE Trans. on
Information and Systems, Vol. E89-D, No. 12, pp. 2990-2993,
December 2006.
[19] RL. Rivest, A. Shamir, LM. Adleman, "A method for obtaining digital
signatures and public key cryptosystems". Communication of ACM,
Vol. 21, No. 2, pp. 120-126.
[20] National Institute of Standard and Technology (NIST), "Secure Hash
Standard", Federal Information Processing Standards Publication 180-1.
[21] U. Wilhelm, "Cryptographically Protected Objects", Technical report,
1997, Ecole Polytechnique Federale de Lausanne, Switzerland.
[22] F. Hohl, "Time Limited Blackbox Security: Protecting Mobile Agents
from malicious Hosts", In Mobile Agents and Security, Lecture Notes in
Computer Science, Vol. 1419, 1998, Springer-Verlag, pp. 92-113.
[23] S. Kremer and J. Raskin, "A game-based verification of non-repudiation
and fair exchange protocols", in Proc. 12th International Conference on
Concurrency Theory (CONCUR 2001), Lecture Notes in Computer
Science, Vol. 2154, Springer-Verlag, Berlin, Germany, 2001, pp. 551-566.
[24] S. Kremer and J. Raskin, "Game Analysis of abuse-free contract signing", in Proc. 15th IEEE Computer Security Foundations Workshop,
IEEE Computer Society Press, 2002, pp. 206-220.
[25] Aglets Mobile Agent Platform, http://www.trl.ibm.co.jp/aglets
[1] N. Asokan, V. Shoup, and M. Waidner, "Optimistic fair exchange of digital signatures", IEEE Journal on Selected Areas in Communication., vol. 18, pp. 591-610, April 2000.
[2] O. Bamasak, " Delegating Signing Power to Mobile Agents: Algorithms
and Protocol Design", PhD Thesis, School of Computer Science, the
University of Manchester, January 2006.
[3] F. Bao, R.H. Deng, and W. Mao, "Efficient and practical fair exchange protocols with off-line TTP", in Proc. IEEE Symposium on Security and
Privacy, Oakland, CA, May 1998, pp. 77-85.
[4] M. Blum, "How to exchange (secret) keys", ACM Trans. Computer
Systems, Vol. 1, no.2, pp. 175-193, 1983.
[5] C. Boyd and E. Foo, "Off-line fair payment protocols using convertible
signature", Advances in Cryptology - in Proc. Asiacrypt' 98, LNCS
1514, Springer-Verlag, 1998, pp. 271-285.
[6] L. Chen, "Efficient fair exchange with verifiable confirmation of
signatures", Advances in Cryptology - in Proc. Asiacrypt' 98, LNCS
1514, Springer-Verlag, 1998, pp. 286-299.
[7] R.H.Deng, L. Gong, A. A. Lazar, and W. Wang, "Practical protocol for
certified electronic mail", Journal of Network and System Management,
vol. 4, no. 3, pp.279-297, 1996.
[8] S. Even, O. Golreich, and A. Lempel, "A randomized protocol for signing contracts", Communications of the ACM, vol. 28, no. 6, pp.
637-647, 1985.
[9] M.K. Franklin and M.K. Reiter, "Verifiable signature sharing", Advances in Cryptology - Proc. Eurocrypt' 95, LNCS 921, 1995, pp.
50-63.
[10] J. A. Garay, M. Jakobsson, and P. MacKenzie, "Abuse-free optimistic contract signing", Advances in Cryptology - Proc. Crypto' 99, LNCS
1666, Springer-Verlag, 1999, pp. 449 - 466.
[11] M. Jakobsson, K. Sako, and R. Impagliazzo, "Designated verifier proofs
and their applications", Advances in Cryptology - Proc. Eurocrypt' 96,
LNCS 1070, Springer-Verlag, 1996, pp. 143 - 154.
[12] T. Okamoto and K. Ohta, "How to simultaneously exchange secrets by
general assumptions", in Proc. the 2nd ACM Conference on Computer
and Communications Security, 1994, pp. 184-192.
[13] C. Wang and C. Yin, "Practical Implementations of a Non-disclosure
Fair Contract Signing Protocol", IEICE Trans. on Fundamentals of
Electronics, Communications and Computer Science, vol. e89-a, no. 1, pp. 297-309, 2006.
[14] J. Zhou and D. Gollmann, "A fair non-repudiation protocol", in Proc.
1996 IEEE Symposium on Security and Privacy, Oakland, CA, 1996, pp.
55-61.
[15] J. Zhou and D. Gollmann, "An efficient non-repudiation protocol", in
Proc. 1997 IEEE Computer Security Foundations Workshop (CSFW
10), 1997, pp. 126 - 132.
[16] M. Lin, C. Chang, Y. Chen, "A fair and secure mobile agent environment based on blind signature and proxy host", Computers &
Security, vol. 23, pp. 199-212, Elsevier, 2004.
[17] D. Chaum, "Blind signatures for untraceable payments", in Proc.
CRYPTO-82, Plenum Press, Berlin, 1983, pp. 199-203.
[18] J. Kim, G. Kim, Y. Eom, "Design of the Mobile Agent Anonymity
Framework in Ubiquitous Computing Environments", IEICE Trans. on
Information and Systems, Vol. E89-D, No. 12, pp. 2990-2993,
December 2006.
[19] RL. Rivest, A. Shamir, LM. Adleman, "A method for obtaining digital
signatures and public key cryptosystems". Communication of ACM,
Vol. 21, No. 2, pp. 120-126.
[20] National Institute of Standard and Technology (NIST), "Secure Hash
Standard", Federal Information Processing Standards Publication 180-1.
[21] U. Wilhelm, "Cryptographically Protected Objects", Technical report,
1997, Ecole Polytechnique Federale de Lausanne, Switzerland.
[22] F. Hohl, "Time Limited Blackbox Security: Protecting Mobile Agents
from malicious Hosts", In Mobile Agents and Security, Lecture Notes in
Computer Science, Vol. 1419, 1998, Springer-Verlag, pp. 92-113.
[23] S. Kremer and J. Raskin, "A game-based verification of non-repudiation
and fair exchange protocols", in Proc. 12th International Conference on
Concurrency Theory (CONCUR 2001), Lecture Notes in Computer
Science, Vol. 2154, Springer-Verlag, Berlin, Germany, 2001, pp. 551-566.
[24] S. Kremer and J. Raskin, "Game Analysis of abuse-free contract signing", in Proc. 15th IEEE Computer Security Foundations Workshop,
IEEE Computer Society Press, 2002, pp. 206-220.
[25] Aglets Mobile Agent Platform, http://www.trl.ibm.co.jp/aglets
@article{"International Journal of Information, Control and Computer Sciences:61660", author = "Omaima Bamasak", title = "A Collusion-Resistant Distributed Signature Delegation Based on Anonymous Mobile Agent", abstract = "This paper presents a novel method that allows an
agent host to delegate its signing power to an anonymous mobile
agent in such away that the mobile agent does not reveal any information about its host-s identity and, at the same time, can be authenticated by the service host, hence, ensuring fairness of service
provision. The solution introduces a verification server to verify the
signature generated by the mobile agent in such a way that even if colluding with the service host, both parties will not get more information than what they already have. The solution incorporates
three methods: Agent Signature Key Generation method, Agent
Signature Generation method, Agent Signature Verification method.
The most notable feature of the solution is that, in addition to allowing secure and anonymous signature delegation, it enables
tracking of malicious mobile agents when a service host is attacked. The security properties of the proposed solution are analyzed, and the solution is compared with the most related work.", keywords = "Anonymous signature delegation, collusion resistance, e-commerce fairness, mobile agent security.", volume = "2", number = "5", pages = "1682-7", }
