Abstract
In this paper, we present a novel protocol, called Distributed Signcryption with Verifiable Partial Signature (DiSigncryption) protocol, to allow an agent owner to securely distribute his signing capability among a set of trusted third party hosts (TTP-hosts) via a mobile agent. The protocol incorporates three schemes: a novel Distributed Reputation Management scheme, a modified version of the Distributed Signcryption method proposed in [23], and an extended version of the Agent-based Threshold Proxy Signcryption (ATPS) protocol proposed in [2]. The security properties of the proposed protocol are analyzed, and the protocol is compared with the most related work.
Similar content being viewed by others
References
Bamasak, O., & Zhang, N. (2004). A secure method for signature delegation to mobile agents. In Proceedings of the 19th ACM Symposium on Applied Computing, (pp. 813–818). Nicosia, Cyprus: ACM Press.
Bamasak, O., & Zhang, N. (2004). A secure proxy signature protocol for agent-based M-commerce applications. In Proceedings of the 9th IEEE Symposium on Computer and Communications, (pp. 399–406). Egypt, Alexandria: IEEE Computer Society.
Cachin, C. (2001). Distributing trust on the internet. In Proceedings of International Conference on Dependable Systems and Networks (DSN2001), Gteborg. (pp. 183–192). Sweden, IEEE Computer Society.
Desmedt, Y. (1988). Society and group oriented cryptograph: a new concept. In Advances in Cryptology, proceedings of Crypto′ 87, Lecture Notes in Computer Science, vol. 293 (pp. 120–127). Springer-Verlag.
Desmedt, Y., & Frankel, Y. (1992). Shared generation of authenticators and signatures. In Advances in Cryptology, Proceedings of Crypto’ 91, Lecture Notes in Computer Science, Vol. 576 (pp. 457–469). Springer-Verlag.
eBay. http://www.ebay.com.
ElGamal, T. (1985). A public key cryptosystem and signature scheme based on discrete logarithms. IEEE Transaction on Information Theory, 31, 469–472.
Gamage, C., Leiwo, J., & Zheng, Y. (1999). Encrypted message authentication by firewalls. In Proceedings of the Second International Workshop on Practice and Theory in Public Key Cryptography (PKC’99), Lecture Notes in Computer Science, Vol. 1560 (pp. 69–81). Springer-Verlag.
Harn, L. (1994). Group oriented (t, n) digital signature scheme and digital multisignature. IEE Proceedings—Computers and Digital Techniques, 141(5), 307–313.
Hohl, F. (1998). Time limited blackbox security : Protecting mobile agents from malicious hosts. In Mobile Agents and Security, Lecture Notes in Computer Science, Vol. 1419 (pp. 92–113). Springer-Verlag.
Hsu, C., Wu, T., & Wu., T. (2003). Improvement of threshold proxy signature scheme. In Applied Mathematics and Computation, Vol. 136, (pp. 315–321) Elsevier Science.
ITU-T. (1997). ITU-T recommendation X.500. ISO/IEC 9594-1, Information technology—Open Systems Interconnection—The Directory: Overview of concepts, models and services.
Jøsang, A., & Ismail, R. (2002). The beta reputation system. In Proceedings of the 15th Bled Electronic Commerce Conference, Bled, Slovenia.
Kim, S., Park, S., & Won, D. (1997). Proxy signatures, revisited. In Proceedings of the International Conference on Information and Communications Security (ICICS’ 97), Lecture Notes in Computer Science, Vol. 1334 (pp. 223–232). Springer-Verlag.
Kim, H., Baek, J., Lee, B., & Kim, K. (2001). Secret computation with secrets for mobile agent using one-time proxy signature. In Proceedings of the 2001 Symposium on Cryptography and Information Security (SCIS2001), (pp. 845–850) Osio, Japan.
Kotzanikolaou, P., Burmester, M., & Chrissikopoulos, V. (2000). Secure transactions with mobile agents in hostile environments. In proceedings of the Fifth Australian Conference on Information Security and Privacy (ACISP 2000), Lecture Notes in Computer Science, Vol. 1841 (pp. 289–297). Springer-Verlag.
Langford, S. (1995). Threshold DSS signatures without a trusted party. In Advances in Cryptology, Proceedings of Crypto’ 95, Lecture Notes in Computer Science, Vol. 963 (pp. 397–409). Springer-Verlag.
Lee, B., Kim, H., & Kim, K. (2001). Strong proxy signature and its applications. In Proceedings of the 2001 Symposium on Cryptography and Information Security (SCIS2001), (pp. 603–608) Osio, Japan.
Li, C., Hwang, T., & Lee, N. (1995). (t, n) threshold signature scheme based on discrete logarithm. In Proceedings of Eurocrypt’ 94, Springer-Verlag.
Malaga, R. (2001). Web-based reputation management systems : Problems and suggested solutions. In Electronic Commerce Research, Vol. 1 (pp. 403–417). Kluwer.
Mambo, M., Usuda, K., & Okamoto, E. (1996). Proxy Signatures for Delegating Signing operation. In Proceedings of the Third ACM Conference on Computers and Communications Security, (pp. 48–57).
Mambo, M., Usuda, K., & Okamoto, E. (1996). Proxy signature: Delegation of the power to sign messages. IEICE Trans. Fundamentals, E79-A, 1338–1353.
Mu, Y., & Varadharajan, V. (2000). Distributed Signcryption. In Proceedings of INDOCRYPT 2000, Lecture Notes in Computer Science, Vol. 1977, (pp. 155–164). Springer Verlag.
NIST. (1995). Secure hash standard. National Institute of Standard and Technology, Federal Information Processing Standards Publication, 180-1.
NIST. (1999). Data encryption standard. National Institute of Standard and Technology, Federal Information Processing Standards Publication 46-3.
NIST. (2000). Digital signature standard. National Institute of Standard and Technology, Federal Information Processing Standards Publication 186-2.
NIST. (2001). Advanced encryption standard. National Institute of Standard and Technology, Federal Information Processing standards Publication 197.
Reiter, M. K. (1996). Distributing trust with the rampart toolkit. Communications of the ACM, 39(4), 71–74.
Sander, T., & Tschudin, C. (1998). Protecting mobile agents against malicious hosts. In Mobile Agents and Security, Lecture Notes in Computer Science, Vol. 1419 (pp. 44–60). Springer-Verlag.
Shamir, A. (1979). How to Share a secret. Technical report, Massachusetts Institute of Technology, MIT/LCS/TM-134.
Stallings, W. (2000). Network security essentials : Applications and standards. Prentice Hall. ISBN: 0130160938.
Sun, H., Lee, N., & Hwang, T. (1999). Threshold proxy signatures. IEE Proc.—Computer & Digital Techniques, 146(5), 259–263.
Tzeng, S., Hwang, M., & Yang, C. (2004). An improvement of nonrepudiable threshold proxy signature scheme with known signers. In Computer & security, Vol. 23, (pp. 174–178). Eelsevier Science.
Wilhelm, U. (1997). Cryptographically protected objects. Technical report, Ecole Polytechnique Federale de Lausanne, Switzerland.
Xiong, L., & Liu, L. (2003). A reputation-based trust model for Peer-to-Peer eCommerce communities. In Proceedings of the IEEE International Conference on E-Commerce (CEC’03) (pp. 275–284). IEEE Computer Society.
Yahoo! Auctions, http://auctions.yahoo.com.
Zacharia, G., & Maes, P. (2000). Trust management through reputation mechanisms. Applied Artificial Intelligence, 14, 881–908.
Zhang, K. (1997). Threshold proxy signature schemes. In Proceedings of the 1997 Information Security Workshop, Japan, (pp. 191–197).
Author information
Authors and Affiliations
Corresponding author
Additional information
Omaima Bamasak received her Ph.D. degree from the University of Manchester, UK, in 2006. Her research interests are in designing protocols using cryptography for the provision of security in distributed systems, mobile agent security, electronic/mobile commerce, reputation management, and non-repudiation and fairness protocols.
Ning Zhang received her Ph.D. degree from the University of Kent at Canterbury in 1994, and is now a lecturer in the School of Computer Science at the University of Manchester. Her research interests are in computer security and applied cryptography, e.g., security and privacy in distributed systems, ubiquitous computing, and electronic commerce, with a focus on security protocol design, access control, and trust management.
Rights and permissions
About this article
Cite this article
Bamasak, O., Zhang, N. Reputation management and signature delegation: A distributed approach. Electron Commerce Res 6, 227–263 (2006). https://doi.org/10.1007/s10660-006-8675-9
Issue Date:
DOI: https://doi.org/10.1007/s10660-006-8675-9