This paper proposes an improved non-repudiation protocol after pointing out two attacks on an existing non-repudiation protocol. To analyze the improved protocol, it also proposes an extension of Kailar logic. Using t...This paper proposes an improved non-repudiation protocol after pointing out two attacks on an existing non-repudiation protocol. To analyze the improved protocol, it also proposes an extension of Kailar logic. Using the extended Kailar logic, the security analysis of the improved prototocol has been presented. Key words non-repudiation protocol - extended Kailar logic - converse assumption procedure CLC number TP 393. 08 Foundation item: Supported by the National Natural Science Foundation of China (90104005) and the Doctoral Science Foundation of Ministry of Education (20020486046)Biography: Li Li(1976-), female, Ph. D candidate, research direction: network security and formal analysis of security protocol.展开更多
With development of electronic com- merce, non-repudiation protocol as the basal component of non-repudiation service has done more and more important functions. Comparing with lots of work on two-party non-repudiatio...With development of electronic com- merce, non-repudiation protocol as the basal component of non-repudiation service has done more and more important functions. Comparing with lots of work on two-party non-repudiation, there are less work on multi-party non-repudiation protocol. Multi-party protocol is more complex and facing more challenge of collusion attack. In this paper we give a kind of multi-party non-repudiation protocol based on off-line TTP with consistent evidence. Consistent evidence is a property that can not only simplify the process of disputation resolving, but also make the service more friendly to users, which means that whether or not TTP involves, evidences participants obtained are consistent. In the meanwhile we analyze the collusion attack that multi-party protocol facing, our protocol can prevent collusion attack.展开更多
Based on the Schnorr signature scheme, a new signature scheme with non-repudiation is proposed. In this scheme, only the signer and the designated receiver can verify the signature signed by the signer, and if necessa...Based on the Schnorr signature scheme, a new signature scheme with non-repudiation is proposed. In this scheme, only the signer and the designated receiver can verify the signature signed by the signer, and if necessary, both the signer and the designated receiver can prove and show the validity of the signature signed by the signer. The proof of the validity of the signature is noninteractive and transferable. To verify and prove the validity of the signature, the signer and the nominated receiver needn't store extra information besides the signature. At the same time, neither the signer nor the designated receiver can deny a valid signature signed. Then, there is no repudiation in this new signature scheme. According to the security analysis of this scheme, it is found the proposed scheme is secure against existential forgery on adaptive chosen message attack.展开更多
Many traditional applications can be refined thanks to the development of blockchain technology. One of these services is non-repudiation, in which participants in a communication process cannot deny their involvement...Many traditional applications can be refined thanks to the development of blockchain technology. One of these services is non-repudiation, in which participants in a communication process cannot deny their involvement.Due to the vulnerabilities of the non-repudiation protocols, one of the parties involved in the communication can often avoid non-repudiation rules and obtain the expected information to the detriment of the interests of the other party, resulting in adverse effects. This paper studies the fairness guarantee quantitatively through probabilistic model checking. E-fairness is measured by modeling the protocol in probabilistic timed automata and verifying the appropriate property specified in the probabilistic computation tree logic. Furthermore, our analysis proposes insight for choosing suitable values for different parameters associated with the protocol so that a certain degree of fairness can be obtained. Therefore, the reverse question—for a certain degree of fairness ε, how can the protocol parameters be specified to ensure fairness—is answered.展开更多
Fairness is of crucial importance for the exchange protocols via Internet . Non-repudiation therefore becomes one of the vital premises, which are essential in the exchange of sensitive and important messages. This pa...Fairness is of crucial importance for the exchange protocols via Internet . Non-repudiation therefore becomes one of the vital premises, which are essential in the exchange of sensitive and important messages. This paper is to propose a new exchange protocol, termed "EAR" Exchange Protocol as it consists of three sub-protocols : Exchange sub-protocol, Abort sub-protocol and Recovery sub-protocol. It is to be argued that the incorporation of these three sub-protocols may effectively enables EAR to assure non-repudiation, strong fairness, timeliness, confidentiality and the minimized involvement of the Trusted Third Party (TTP).展开更多
To safeguard the interests of transacting parties,non-repudiation mechanisms need to assure fairness and timeliness.The non-repudiation service currently implemented usually does not consider the requirement of fairne...To safeguard the interests of transacting parties,non-repudiation mechanisms need to assure fairness and timeliness.The non-repudiation service currently implemented usually does not consider the requirement of fairness and the fair non-repudiation protocols to date can not be suitably applied in real environment due to its complex interaction.This paper discusses the transaction-oriented non-repudiation requirement for Web services transaction,analyzes the constraints of the traditional model for the available fair non-repudiation protocols and designs a new Online-TTP fair non-repudiation protocol.The new protocol provides a fair non-repudiation solution to secure Web services transactions and can be embedded into a single Web service call.The protocol adopts evidence chained to decreasing the overhead of evidence verification and management and alleviates the overhead of certificate revocation checking and time-stamp generation for signatures.The protocol has strong fairness,timeliness,efficiency and practicability.展开更多
Security testing is a critical concern for organizations worldwide due to the potential financial setbacks and damage to reputation caused by insecure software systems.One of the challenges in software security testin...Security testing is a critical concern for organizations worldwide due to the potential financial setbacks and damage to reputation caused by insecure software systems.One of the challenges in software security testing is test case prioritization,which aims to reduce redundancy in fault occurrences when executing test suites.By effectively applying test case prioritization,both the time and cost required for developing secure software can be reduced.This paper proposes a test case prioritization technique based on the Ant Colony Optimization(ACO)algorithm,a metaheuristic approach.The performance of the ACO-based technique is evaluated using the Average Percentage of Fault Detection(APFD)metric,comparing it with traditional techniques.It has been applied to a Mobile Payment Wallet application to validate the proposed approach.The results demonstrate that the proposed technique outperforms the traditional techniques in terms of the APFD metric.The ACO-based technique achieves an APFD of approximately 76%,two percent higher than the second-best optimal ordering technique.These findings suggest that metaheuristic-based prioritization techniques can effectively identify the best test cases,saving time and improving software security overall.展开更多
Yoon and Yoo recently proposed a robust authenticated encryption scheme and claimed their scheme has the properties of forward secrecy and confidentiality. The current paper, however, points out that Yoon-Yoo's schem...Yoon and Yoo recently proposed a robust authenticated encryption scheme and claimed their scheme has the properties of forward secrecy and confidentiality. The current paper, however, points out that Yoon-Yoo's scheme also can not provide forward secrecy and confidentiality such that any adversary can easily recover the transferred message. Based on intractability of reversing the one-way hash function and discrete logarithm problem, an improved authenticated encryption scheme with messages linkage is proposed. The above security faults get solved perfectly. The new scheme is proven to satisfy all the basic security requirements of the authenticated encryption scheme. And by the concrete comparison, it has the similar efficiency of the original scheme.展开更多
Service-Oriented Architecture (SOA), which is an open architecture, provides developers with more freedom. However, its security problem goes from bad to worse. By taking an insurance business in Formal Concept Analys...Service-Oriented Architecture (SOA), which is an open architecture, provides developers with more freedom. However, its security problem goes from bad to worse. By taking an insurance business in Formal Concept Analysis (SOA-FCA) Service Components based Service Data Object (SDO) data model transfer with proxy as an example, the security issue of SDO data model was analyzed in this paper and this paper proposed a mechanism to make sure that the confidentiality, integrity, and non-repudiation of SDO data model are preserved by applying encryption/decryption, digest, digital signature and so on. Finally, this mechanism was developed and its performance was evaluated in SOA-FCA Service Components.展开更多
This paper focuses on the level of adoption of E-Commerce Technology at the Scientific and Industrial Research and Development Centre (SIRDC), a Zimbabwean organization established by an act of parliament, with a mand...This paper focuses on the level of adoption of E-Commerce Technology at the Scientific and Industrial Research and Development Centre (SIRDC), a Zimbabwean organization established by an act of parliament, with a mandate to develop, adopt and adapt new technologies for the benefit of Zimbabwean companies and organizations. The study was done in 2004 and the findings reviewed in 2012 with similar results. The objective of the study was to establish whether E-commerce technology adoption would result in the organization being more efficient and effective in delivering its mandate and then establish the level of adoption of the technology at the centre using abstraction and a questionnaire survey. Abstraction results showed that organizations which had fully embraced the technology were more efficient and effective while the survey revealed that the centre had partially adopted the technology. It was recommended that the centre should fully embrace the technology and market it to other organizations as per its mandate.展开更多
Several quantum signature schemes are recently proposed to realize secure signatures of quantum or classical messages. Arbitrated quantum signature as one nontriviai scheme has attracted great interests because o~ its...Several quantum signature schemes are recently proposed to realize secure signatures of quantum or classical messages. Arbitrated quantum signature as one nontriviai scheme has attracted great interests because o~ its usefulness and efficiency. Unfortunately, previous schemes cannot against Trojan horse attack and DoS attack and lack of the unforgeability and the non-repudiation. In this paper, we propose an improved arbitrated quantum signature to address these secure issues with the honesty arbitrator. Our scheme takes use of qubit states not entanglements. More importantly, the qubit scheme can achieve the unforgeability and the non-repudiation. Our scheme is also secure for other known quantum attacks.展开更多
文摘This paper proposes an improved non-repudiation protocol after pointing out two attacks on an existing non-repudiation protocol. To analyze the improved protocol, it also proposes an extension of Kailar logic. Using the extended Kailar logic, the security analysis of the improved prototocol has been presented. Key words non-repudiation protocol - extended Kailar logic - converse assumption procedure CLC number TP 393. 08 Foundation item: Supported by the National Natural Science Foundation of China (90104005) and the Doctoral Science Foundation of Ministry of Education (20020486046)Biography: Li Li(1976-), female, Ph. D candidate, research direction: network security and formal analysis of security protocol.
文摘With development of electronic com- merce, non-repudiation protocol as the basal component of non-repudiation service has done more and more important functions. Comparing with lots of work on two-party non-repudiation, there are less work on multi-party non-repudiation protocol. Multi-party protocol is more complex and facing more challenge of collusion attack. In this paper we give a kind of multi-party non-repudiation protocol based on off-line TTP with consistent evidence. Consistent evidence is a property that can not only simplify the process of disputation resolving, but also make the service more friendly to users, which means that whether or not TTP involves, evidences participants obtained are consistent. In the meanwhile we analyze the collusion attack that multi-party protocol facing, our protocol can prevent collusion attack.
基金Supported by the National Natural Science Foun-dation of China (60473028) the Science Foundation of ZhengzhouUniversity of Light Industry(2006XJJ17)
文摘Based on the Schnorr signature scheme, a new signature scheme with non-repudiation is proposed. In this scheme, only the signer and the designated receiver can verify the signature signed by the signer, and if necessary, both the signer and the designated receiver can prove and show the validity of the signature signed by the signer. The proof of the validity of the signature is noninteractive and transferable. To verify and prove the validity of the signature, the signer and the nominated receiver needn't store extra information besides the signature. At the same time, neither the signer nor the designated receiver can deny a valid signature signed. Then, there is no repudiation in this new signature scheme. According to the security analysis of this scheme, it is found the proposed scheme is secure against existential forgery on adaptive chosen message attack.
文摘Many traditional applications can be refined thanks to the development of blockchain technology. One of these services is non-repudiation, in which participants in a communication process cannot deny their involvement.Due to the vulnerabilities of the non-repudiation protocols, one of the parties involved in the communication can often avoid non-repudiation rules and obtain the expected information to the detriment of the interests of the other party, resulting in adverse effects. This paper studies the fairness guarantee quantitatively through probabilistic model checking. E-fairness is measured by modeling the protocol in probabilistic timed automata and verifying the appropriate property specified in the probabilistic computation tree logic. Furthermore, our analysis proposes insight for choosing suitable values for different parameters associated with the protocol so that a certain degree of fairness can be obtained. Therefore, the reverse question—for a certain degree of fairness ε, how can the protocol parameters be specified to ensure fairness—is answered.
基金The workis sponsored by National Natural Science Foundation of China (60173037 ,70271050) National"863"High Technology Projects of China(2004AA775053) , Natural Science Foundation of Jiangsu Province and the Pre-research Project Funded by Natural Science Foundation of Jiangsu Province (BK2004218) ,High Technology Research Project of Jiangsu Province(BG2004004) and key Laboratory of Information Technology Processing of Jiangsu Province(kjs05001) .
文摘Fairness is of crucial importance for the exchange protocols via Internet . Non-repudiation therefore becomes one of the vital premises, which are essential in the exchange of sensitive and important messages. This paper is to propose a new exchange protocol, termed "EAR" Exchange Protocol as it consists of three sub-protocols : Exchange sub-protocol, Abort sub-protocol and Recovery sub-protocol. It is to be argued that the incorporation of these three sub-protocols may effectively enables EAR to assure non-repudiation, strong fairness, timeliness, confidentiality and the minimized involvement of the Trusted Third Party (TTP).
基金Supported by the National High Technology Research and Development Program of China (863 Program) (2006AA01Z405)
文摘To safeguard the interests of transacting parties,non-repudiation mechanisms need to assure fairness and timeliness.The non-repudiation service currently implemented usually does not consider the requirement of fairness and the fair non-repudiation protocols to date can not be suitably applied in real environment due to its complex interaction.This paper discusses the transaction-oriented non-repudiation requirement for Web services transaction,analyzes the constraints of the traditional model for the available fair non-repudiation protocols and designs a new Online-TTP fair non-repudiation protocol.The new protocol provides a fair non-repudiation solution to secure Web services transactions and can be embedded into a single Web service call.The protocol adopts evidence chained to decreasing the overhead of evidence verification and management and alleviates the overhead of certificate revocation checking and time-stamp generation for signatures.The protocol has strong fairness,timeliness,efficiency and practicability.
基金Deanship of Scientific Research at King Khalid University for funding this work through Large Group Research Project under Grant Number RGP2/249/44.
文摘Security testing is a critical concern for organizations worldwide due to the potential financial setbacks and damage to reputation caused by insecure software systems.One of the challenges in software security testing is test case prioritization,which aims to reduce redundancy in fault occurrences when executing test suites.By effectively applying test case prioritization,both the time and cost required for developing secure software can be reduced.This paper proposes a test case prioritization technique based on the Ant Colony Optimization(ACO)algorithm,a metaheuristic approach.The performance of the ACO-based technique is evaluated using the Average Percentage of Fault Detection(APFD)metric,comparing it with traditional techniques.It has been applied to a Mobile Payment Wallet application to validate the proposed approach.The results demonstrate that the proposed technique outperforms the traditional techniques in terms of the APFD metric.The ACO-based technique achieves an APFD of approximately 76%,two percent higher than the second-best optimal ordering technique.These findings suggest that metaheuristic-based prioritization techniques can effectively identify the best test cases,saving time and improving software security overall.
基金Supported by the National Natural Science Foun-dation of China (60473072)
文摘Yoon and Yoo recently proposed a robust authenticated encryption scheme and claimed their scheme has the properties of forward secrecy and confidentiality. The current paper, however, points out that Yoon-Yoo's scheme also can not provide forward secrecy and confidentiality such that any adversary can easily recover the transferred message. Based on intractability of reversing the one-way hash function and discrete logarithm problem, an improved authenticated encryption scheme with messages linkage is proposed. The above security faults get solved perfectly. The new scheme is proven to satisfy all the basic security requirements of the authenticated encryption scheme. And by the concrete comparison, it has the similar efficiency of the original scheme.
文摘Service-Oriented Architecture (SOA), which is an open architecture, provides developers with more freedom. However, its security problem goes from bad to worse. By taking an insurance business in Formal Concept Analysis (SOA-FCA) Service Components based Service Data Object (SDO) data model transfer with proxy as an example, the security issue of SDO data model was analyzed in this paper and this paper proposed a mechanism to make sure that the confidentiality, integrity, and non-repudiation of SDO data model are preserved by applying encryption/decryption, digest, digital signature and so on. Finally, this mechanism was developed and its performance was evaluated in SOA-FCA Service Components.
文摘This paper focuses on the level of adoption of E-Commerce Technology at the Scientific and Industrial Research and Development Centre (SIRDC), a Zimbabwean organization established by an act of parliament, with a mandate to develop, adopt and adapt new technologies for the benefit of Zimbabwean companies and organizations. The study was done in 2004 and the findings reviewed in 2012 with similar results. The objective of the study was to establish whether E-commerce technology adoption would result in the organization being more efficient and effective in delivering its mandate and then establish the level of adoption of the technology at the centre using abstraction and a questionnaire survey. Abstraction results showed that organizations which had fully embraced the technology were more efficient and effective while the survey revealed that the centre had partially adopted the technology. It was recommended that the centre should fully embrace the technology and market it to other organizations as per its mandate.
基金Supported by the National Natural Science Foundation of China under Grant No.61303039Sichuan Youth Science and Technique Foundation No.2017JQ0048+2 种基金Fundamental Research Funds for the Central Universities(Nos.2682014CX095)CSC ScholarshipEU ICT COST Crypto Action No.IC1306
文摘Several quantum signature schemes are recently proposed to realize secure signatures of quantum or classical messages. Arbitrated quantum signature as one nontriviai scheme has attracted great interests because o~ its usefulness and efficiency. Unfortunately, previous schemes cannot against Trojan horse attack and DoS attack and lack of the unforgeability and the non-repudiation. In this paper, we propose an improved arbitrated quantum signature to address these secure issues with the honesty arbitrator. Our scheme takes use of qubit states not entanglements. More importantly, the qubit scheme can achieve the unforgeability and the non-repudiation. Our scheme is also secure for other known quantum attacks.