An Improved Non-Repudiation Protocol and Its Security Analysis

This paper proposes an improved non-repudiation protocol after pointing out two attacks on an existing non-repudiation protocol. To analyze the improved protocol, it also proposes an extension of Kailar logic. Using the extended Kailar logic, the security analysis of the improved prototocol has been presented. Key words non-repudiation protocol - extended Kailar logic - converse assumption procedure CLC number TP 393. 08 Foundation item: Supported by the National Natural Science Foundation of China (90104005) and the Doctoral Science Foundation of Ministry of Education (20020486046)Biography: Li Li(1976-), female, Ph. D candidate, research direction: network security and formal analysis of security protocol.

A Signature Scheme with Non-Repudiation

Based on the Schnorr signature scheme, a new signature scheme with non-repudiation is proposed. In this scheme, only the signer and the designated receiver can verify the signature signed by the signer, and if necessary, both the signer and the designated receiver can prove and show the validity of the signature signed by the signer. The proof of the validity of the signature is noninteractive and transferable. To verify and prove the validity of the signature, the signer and the nominated receiver needn＇t store extra information besides the signature. At the same time, neither the signer nor the designated receiver can deny a valid signature signed. Then, there is no repudiation in this new signature scheme. According to the security analysis of this scheme, it is found the proposed scheme is secure against existential forgery on adaptive chosen message attack.

Fairness analysis of extra-gain guilty of a non-repudiation protocol

Many traditional applications can be refined thanks to the development of blockchain technology. One of these services is non-repudiation, in which participants in a communication process cannot deny their involvement.Due to the vulnerabilities of the non-repudiation protocols, one of the parties involved in the communication can often avoid non-repudiation rules and obtain the expected information to the detriment of the interests of the other party, resulting in adverse effects. This paper studies the fairness guarantee quantitatively through probabilistic model checking. E-fairness is measured by modeling the protocol in probabilistic timed automata and verifying the appropriate property specified in the probabilistic computation tree logic. Furthermore, our analysis proposes insight for choosing suitable values for different parameters associated with the protocol so that a certain degree of fairness can be obtained. Therefore, the reverse question—for a certain degree of fairness ε, how can the protocol parameters be specified to ensure fairness—is answered.

EAR Protocol-Towards Fair Optimistic Non-Repudiation Exchange

Fairness is of crucial importance for the exchange protocols via Internet . Non-repudiation therefore becomes one of the vital premises, which are essential in the exchange of sensitive and important messages. This paper is to propose a new exchange protocol, termed ＂EAR＂ Exchange Protocol as it consists of three sub-protocols ： Exchange sub-protocol, Abort sub-protocol and Recovery sub-protocol. It is to be argued that the incorporation of these three sub-protocols may effectively enables EAR to assure non-repudiation, strong fairness, timeliness, confidentiality and the minimized involvement of the Trusted Third Party （TTP）.

Fair Non-Repudiation for Web Services Transactions

To safeguard the interests of transacting parties,non-repudiation mechanisms need to assure fairness and timeliness.The non-repudiation service currently implemented usually does not consider the requirement of fairness and the fair non-repudiation protocols to date can not be suitably applied in real environment due to its complex interaction.This paper discusses the transaction-oriented non-repudiation requirement for Web services transaction,analyzes the constraints of the traditional model for the available fair non-repudiation protocols and designs a new Online-TTP fair non-repudiation protocol.The new protocol provides a fair non-repudiation solution to secure Web services transactions and can be embedded into a single Web service call.The protocol adopts evidence chained to decreasing the overhead of evidence verification and management and alleviates the overhead of certificate revocation checking and time-stamp generation for signatures.The protocol has strong fairness,timeliness,efficiency and practicability.

Security Test Case Prioritization through Ant Colony Optimization Algorithm

Security testing is a critical concern for organizations worldwide due to the potential financial setbacks and damage to reputation caused by insecure software systems.One of the challenges in software security testing is test case prioritization,which aims to reduce redundancy in fault occurrences when executing test suites.By effectively applying test case prioritization,both the time and cost required for developing secure software can be reduced.This paper proposes a test case prioritization technique based on the Ant Colony Optimization(ACO)algorithm,a metaheuristic approach.The performance of the ACO-based technique is evaluated using the Average Percentage of Fault Detection(APFD)metric,comparing it with traditional techniques.It has been applied to a Mobile Payment Wallet application to validate the proposed approach.The results demonstrate that the proposed technique outperforms the traditional techniques in terms of the APFD metric.The ACO-based technique achieves an APFD of approximately 76%,two percent higher than the second-best optimal ordering technique.These findings suggest that metaheuristic-based prioritization techniques can effectively identify the best test cases,saving time and improving software security overall.

A New Forward-Secure Authenticated Encryption Scheme with Message Linkages

Yoon and Yoo recently proposed a robust authenticated encryption scheme and claimed their scheme has the properties of forward secrecy and confidentiality. The current paper, however, points out that Yoon-Yoo＇s scheme also can not provide forward secrecy and confidentiality such that any adversary can easily recover the transferred message. Based on intractability of reversing the one-way hash function and discrete logarithm problem, an improved authenticated encryption scheme with messages linkage is proposed. The above security faults get solved perfectly. The new scheme is proven to satisfy all the basic security requirements of the authenticated encryption scheme. And by the concrete comparison, it has the similar efficiency of the original scheme.

Solutions for 3 Security Problems and its Application in SOA-FCA Service Components Based SDO

Service-Oriented Architecture (SOA), which is an open architecture, provides developers with more freedom. However, its security problem goes from bad to worse. By taking an insurance business in Formal Concept Analysis (SOA-FCA) Service Components based Service Data Object (SDO) data model transfer with proxy as an example, the security issue of SDO data model was analyzed in this paper and this paper proposed a mechanism to make sure that the confidentiality, integrity, and non-repudiation of SDO data model are preserved by applying encryption/decryption, digest, digital signature and so on. Finally, this mechanism was developed and its performance was evaluated in SOA-FCA Service Components.

Electronic Commerce Technology Adoption at the Scientific and Industrial Research and Development Centre

This paper focuses on the level of adoption of E-Commerce Technology at the Scientific and Industrial Research and Development Centre (SIRDC), a Zimbabwean organization established by an act of parliament, with a mandate to develop, adopt and adapt new technologies for the benefit of Zimbabwean companies and organizations. The study was done in 2004 and the findings reviewed in 2012 with similar results. The objective of the study was to establish whether E-commerce technology adoption would result in the organization being more efficient and effective in delivering its mandate and then establish the level of adoption of the technology at the centre using abstraction and a questionnaire survey. Abstraction results showed that organizations which had fully embraced the technology were more efficient and effective while the survey revealed that the centre had partially adopted the technology. It was recommended that the centre should fully embrace the technology and market it to other organizations as per its mandate.