Mobile agent technology is promising for e-commerce and distributed computing applications due to its properties of mobility and autonomy. One of the most security-sensitive tasks a mobile agent is expected to perform...Mobile agent technology is promising for e-commerce and distributed computing applications due to its properties of mobility and autonomy. One of the most security-sensitive tasks a mobile agent is expected to perform is signing digital signatures on a remote untrustworthy service host that is beyond the control of the agent host. This service host may treat the mobile agents unfairly, i.e. according to its’ own benefit rather than to their time of arrival. In this research, we present a novel protocol, called Collusion-Resistant Distributed Agent-based Signature Delegation (CDASD) protocol, to allow an agent host to delegate its signing power to an anonymous mobile agent in such a way that the mobile agent does not reveal any information about its host’s identity and, at the same time, can be authenticated by the service host, hence, ensuring fairness of service provision. The protocol introduces a verification server to verify the signature generated by the mobile agent in such a way that even if colluding with the service host, both parties will not get more information than what they already have. The protocol incorporates three methods: Agent Signature Key Generation method, Agent Signature Generation method, Agent Signature Verification method. The most notable feature of the protocol is that, in addition to allowing secure and anonymous signature delegation, it enables tracking of malicious mobile agents when a service host is attacked. The security properties of the proposed protocol are analyzed, and the protocol is compared with the most related work.展开更多
To enhance the robustness of a proxy multi-signature scheme and improve its efficiency,a novel proxy signature paradigm is proposed referred to as identity-based proxy multi-signature(IBPMS).In this paradigm,multiple ...To enhance the robustness of a proxy multi-signature scheme and improve its efficiency,a novel proxy signature paradigm is proposed referred to as identity-based proxy multi-signature(IBPMS).In this paradigm,multiple proxy signer candidates are employed to play a role of the single proxy signer in the existing model.A provably secure IBPMS scheme is presented which requires only one round broadcast operation.Performance analysis demonstrates that the new scheme outperforms the existing multi-signature schemes in robustness and communication.These properties are rendered to our IBPMS scheme as a more practical solution to secure e-transaction delegation applications of proxy signatures.展开更多
Threshold Proxy Signature (TPS) scheme facilitates a manager to delegate his signing capability to a group of n2 sub-ordinates without revealing his own private key, such that a subgroup of at least t2 ≤ n2 subordina...Threshold Proxy Signature (TPS) scheme facilitates a manager to delegate his signing capability to a group of n2 sub-ordinates without revealing his own private key, such that a subgroup of at least t2 ≤ n2 subordinates is required to generate a proxy signature. In reality, the situation can be more complicated. First of all, the subgroup may further delegate their proxy signing capabilities to another group of n3 subordinates such that at least another subgroup of at least t3 ≤ n3 subordinates are of the proxy signing capabilities (in the form of a chain). t2 can be unequal to t3 depending on the concrete requirement. This is a group-to-group delegation problem. In addition, a supervising agent (SA) may be introduced in the above chain to supervise the subordinates, such that proxy signing can only be successfully executed with SA’s agreement. This is a delegation with supervision problem in the threshold delegation chain described above. These two extensions of delegation problems are not solved yet. This paper designs two provably secure cryptographic schemes Chained Threshold Proxy Signature (CTPS) scheme and Chained Threshold Proxy Signature with Supervision (CTPSwS) scheme to solve these two delegation problems.展开更多
With the popularity of cloud computing and mobile Apps, on-demand services such as on-line music or audio streaming and vehicle booking are widely available nowadays. In order to allow efficient delivery and managemen...With the popularity of cloud computing and mobile Apps, on-demand services such as on-line music or audio streaming and vehicle booking are widely available nowadays. In order to allow efficient delivery and management of the services, for large-scale on-demand systems, there is usually a hierarchy where the service provider can delegate its service to a top-tier (e.g., countrywide) proxy who can then further delegate the service to lower level (e.g., region-wide) proxies. Secure (re-)delegation and revocation are among the most crucial factors for such systems. In this paper, we investigate the practical solutions for achieving re-delegation and revocation utilizing proxy signature. Although proxy signature has been extensively studied in the literature, no previous solution can achieve both properties. To fill the gap, we introduce the notion of revocable and re-delegable proxy signature that supports efficient revocation and allows a proxy signer to re-delegate its signing right to other proxy signers without the interaction with the original signer. We define the formal security models for this new primitive and present an efficient scheme that can achieve all the security properties. We also present a secure on-line revocable and re-delegate vehicle ordering system (RRVOS) as one of the applications of our proposed scheme.展开更多
文摘Mobile agent technology is promising for e-commerce and distributed computing applications due to its properties of mobility and autonomy. One of the most security-sensitive tasks a mobile agent is expected to perform is signing digital signatures on a remote untrustworthy service host that is beyond the control of the agent host. This service host may treat the mobile agents unfairly, i.e. according to its’ own benefit rather than to their time of arrival. In this research, we present a novel protocol, called Collusion-Resistant Distributed Agent-based Signature Delegation (CDASD) protocol, to allow an agent host to delegate its signing power to an anonymous mobile agent in such a way that the mobile agent does not reveal any information about its host’s identity and, at the same time, can be authenticated by the service host, hence, ensuring fairness of service provision. The protocol introduces a verification server to verify the signature generated by the mobile agent in such a way that even if colluding with the service host, both parties will not get more information than what they already have. The protocol incorporates three methods: Agent Signature Key Generation method, Agent Signature Generation method, Agent Signature Verification method. The most notable feature of the protocol is that, in addition to allowing secure and anonymous signature delegation, it enables tracking of malicious mobile agents when a service host is attacked. The security properties of the proposed protocol are analyzed, and the protocol is compared with the most related work.
基金Supported by the National Basic Research Program of China(No.2012CB315905)the National Natural Science Foundation of China(No.61272501)the Fund of Tianjin Key Laboratory of Civil Aircraft Airworthiness and Maintenance in CAUC and a General grant from Civil Aviation Flight University of China(No.J2013-31,Q2014-48)
文摘To enhance the robustness of a proxy multi-signature scheme and improve its efficiency,a novel proxy signature paradigm is proposed referred to as identity-based proxy multi-signature(IBPMS).In this paradigm,multiple proxy signer candidates are employed to play a role of the single proxy signer in the existing model.A provably secure IBPMS scheme is presented which requires only one round broadcast operation.Performance analysis demonstrates that the new scheme outperforms the existing multi-signature schemes in robustness and communication.These properties are rendered to our IBPMS scheme as a more practical solution to secure e-transaction delegation applications of proxy signatures.
文摘Threshold Proxy Signature (TPS) scheme facilitates a manager to delegate his signing capability to a group of n2 sub-ordinates without revealing his own private key, such that a subgroup of at least t2 ≤ n2 subordinates is required to generate a proxy signature. In reality, the situation can be more complicated. First of all, the subgroup may further delegate their proxy signing capabilities to another group of n3 subordinates such that at least another subgroup of at least t3 ≤ n3 subordinates are of the proxy signing capabilities (in the form of a chain). t2 can be unequal to t3 depending on the concrete requirement. This is a group-to-group delegation problem. In addition, a supervising agent (SA) may be introduced in the above chain to supervise the subordinates, such that proxy signing can only be successfully executed with SA’s agreement. This is a delegation with supervision problem in the threshold delegation chain described above. These two extensions of delegation problems are not solved yet. This paper designs two provably secure cryptographic schemes Chained Threshold Proxy Signature (CTPS) scheme and Chained Threshold Proxy Signature with Supervision (CTPSwS) scheme to solve these two delegation problems.
文摘With the popularity of cloud computing and mobile Apps, on-demand services such as on-line music or audio streaming and vehicle booking are widely available nowadays. In order to allow efficient delivery and management of the services, for large-scale on-demand systems, there is usually a hierarchy where the service provider can delegate its service to a top-tier (e.g., countrywide) proxy who can then further delegate the service to lower level (e.g., region-wide) proxies. Secure (re-)delegation and revocation are among the most crucial factors for such systems. In this paper, we investigate the practical solutions for achieving re-delegation and revocation utilizing proxy signature. Although proxy signature has been extensively studied in the literature, no previous solution can achieve both properties. To fill the gap, we introduce the notion of revocable and re-delegable proxy signature that supports efficient revocation and allows a proxy signer to re-delegate its signing right to other proxy signers without the interaction with the original signer. We define the formal security models for this new primitive and present an efficient scheme that can achieve all the security properties. We also present a secure on-line revocable and re-delegate vehicle ordering system (RRVOS) as one of the applications of our proposed scheme.
