Skip to main content
SpringerLink
Log in

Reputation management and signature delegation: A distributed approach

  • Published:
Electronic Commerce Research Aims and scope Submit manuscript

Abstract

In this paper, we present a novel protocol, called Distributed Signcryption with Verifiable Partial Signature (DiSigncryption) protocol, to allow an agent owner to securely distribute his signing capability among a set of trusted third party hosts (TTP-hosts) via a mobile agent. The protocol incorporates three schemes: a novel Distributed Reputation Management scheme, a modified version of the Distributed Signcryption method proposed in [23], and an extended version of the Agent-based Threshold Proxy Signcryption (ATPS) protocol proposed in [2]. The security properties of the proposed protocol are analyzed, and the protocol is compared with the most related work.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Bamasak, O., & Zhang, N. (2004). A secure method for signature delegation to mobile agents. In Proceedings of the 19th ACM Symposium on Applied Computing, (pp. 813–818). Nicosia, Cyprus: ACM Press.

  2. Bamasak, O., & Zhang, N. (2004). A secure proxy signature protocol for agent-based M-commerce applications. In Proceedings of the 9th IEEE Symposium on Computer and Communications, (pp. 399–406). Egypt, Alexandria: IEEE Computer Society.

  3. Cachin, C. (2001). Distributing trust on the internet. In Proceedings of International Conference on Dependable Systems and Networks (DSN2001), Gteborg. (pp. 183–192). Sweden, IEEE Computer Society.

  4. Desmedt, Y. (1988). Society and group oriented cryptograph: a new concept. In Advances in Cryptology, proceedings of Crypto′ 87, Lecture Notes in Computer Science, vol. 293 (pp. 120–127). Springer-Verlag.

  5. Desmedt, Y., & Frankel, Y. (1992). Shared generation of authenticators and signatures. In Advances in Cryptology, Proceedings of Crypto’ 91, Lecture Notes in Computer Science, Vol. 576 (pp. 457–469). Springer-Verlag.

  6. eBay. http://www.ebay.com.

  7. ElGamal, T. (1985). A public key cryptosystem and signature scheme based on discrete logarithms. IEEE Transaction on Information Theory, 31, 469–472.

    Article  Google Scholar 

  8. Gamage, C., Leiwo, J., & Zheng, Y. (1999). Encrypted message authentication by firewalls. In Proceedings of the Second International Workshop on Practice and Theory in Public Key Cryptography (PKC’99), Lecture Notes in Computer Science, Vol. 1560 (pp. 69–81). Springer-Verlag.

  9. Harn, L. (1994). Group oriented (t, n) digital signature scheme and digital multisignature. IEE Proceedings—Computers and Digital Techniques, 141(5), 307–313.

  10. Hohl, F. (1998). Time limited blackbox security : Protecting mobile agents from malicious hosts. In Mobile Agents and Security, Lecture Notes in Computer Science, Vol. 1419 (pp. 92–113). Springer-Verlag.

  11. Hsu, C., Wu, T., & Wu., T. (2003). Improvement of threshold proxy signature scheme. In Applied Mathematics and Computation, Vol. 136, (pp. 315–321) Elsevier Science.

  12. ITU-T. (1997). ITU-T recommendation X.500. ISO/IEC 9594-1, Information technology—Open Systems Interconnection—The Directory: Overview of concepts, models and services.

  13. Jøsang, A., & Ismail, R. (2002). The beta reputation system. In Proceedings of the 15th Bled Electronic Commerce Conference, Bled, Slovenia.

  14. Kim, S., Park, S., & Won, D. (1997). Proxy signatures, revisited. In Proceedings of the International Conference on Information and Communications Security (ICICS’ 97), Lecture Notes in Computer Science, Vol. 1334 (pp. 223–232). Springer-Verlag.

  15. Kim, H., Baek, J., Lee, B., & Kim, K. (2001). Secret computation with secrets for mobile agent using one-time proxy signature. In Proceedings of the 2001 Symposium on Cryptography and Information Security (SCIS2001), (pp. 845–850) Osio, Japan.

  16. Kotzanikolaou, P., Burmester, M., & Chrissikopoulos, V. (2000). Secure transactions with mobile agents in hostile environments. In proceedings of the Fifth Australian Conference on Information Security and Privacy (ACISP 2000), Lecture Notes in Computer Science, Vol. 1841 (pp. 289–297). Springer-Verlag.

  17. Langford, S. (1995). Threshold DSS signatures without a trusted party. In Advances in Cryptology, Proceedings of Crypto’ 95, Lecture Notes in Computer Science, Vol. 963 (pp. 397–409). Springer-Verlag.

  18. Lee, B., Kim, H., & Kim, K. (2001). Strong proxy signature and its applications. In Proceedings of the 2001 Symposium on Cryptography and Information Security (SCIS2001), (pp. 603–608) Osio, Japan.

  19. Li, C., Hwang, T., & Lee, N. (1995). (t, n) threshold signature scheme based on discrete logarithm. In Proceedings of Eurocrypt’ 94, Springer-Verlag.

  20. Malaga, R. (2001). Web-based reputation management systems : Problems and suggested solutions. In Electronic Commerce Research, Vol. 1 (pp. 403–417). Kluwer.

  21. Mambo, M., Usuda, K., & Okamoto, E. (1996). Proxy Signatures for Delegating Signing operation. In Proceedings of the Third ACM Conference on Computers and Communications Security, (pp. 48–57).

  22. Mambo, M., Usuda, K., & Okamoto, E. (1996). Proxy signature: Delegation of the power to sign messages. IEICE Trans. Fundamentals, E79-A, 1338–1353.

    Google Scholar 

  23. Mu, Y., & Varadharajan, V. (2000). Distributed Signcryption. In Proceedings of INDOCRYPT 2000, Lecture Notes in Computer Science, Vol. 1977, (pp. 155–164). Springer Verlag.

  24. NIST. (1995). Secure hash standard. National Institute of Standard and Technology, Federal Information Processing Standards Publication, 180-1.

  25. NIST. (1999). Data encryption standard. National Institute of Standard and Technology, Federal Information Processing Standards Publication 46-3.

  26. NIST. (2000). Digital signature standard. National Institute of Standard and Technology, Federal Information Processing Standards Publication 186-2.

  27. NIST. (2001). Advanced encryption standard. National Institute of Standard and Technology, Federal Information Processing standards Publication 197.

  28. Reiter, M. K. (1996). Distributing trust with the rampart toolkit. Communications of the ACM, 39(4), 71–74.

    Article  Google Scholar 

  29. Sander, T., & Tschudin, C. (1998). Protecting mobile agents against malicious hosts. In Mobile Agents and Security, Lecture Notes in Computer Science, Vol. 1419 (pp. 44–60). Springer-Verlag.

  30. Shamir, A. (1979). How to Share a secret. Technical report, Massachusetts Institute of Technology, MIT/LCS/TM-134.

  31. Stallings, W. (2000). Network security essentials : Applications and standards. Prentice Hall. ISBN: 0130160938.

  32. Sun, H., Lee, N., & Hwang, T. (1999). Threshold proxy signatures. IEE Proc.—Computer & Digital Techniques, 146(5), 259–263.

    Article  Google Scholar 

  33. Tzeng, S., Hwang, M., & Yang, C. (2004). An improvement of nonrepudiable threshold proxy signature scheme with known signers. In Computer & security, Vol. 23, (pp. 174–178). Eelsevier Science.

  34. Wilhelm, U. (1997). Cryptographically protected objects. Technical report, Ecole Polytechnique Federale de Lausanne, Switzerland.

  35. Xiong, L., & Liu, L. (2003). A reputation-based trust model for Peer-to-Peer eCommerce communities. In Proceedings of the IEEE International Conference on E-Commerce (CEC’03) (pp. 275–284). IEEE Computer Society.

  36. Yahoo! Auctions, http://auctions.yahoo.com.

  37. Zacharia, G., & Maes, P. (2000). Trust management through reputation mechanisms. Applied Artificial Intelligence, 14, 881–908.

    Article  Google Scholar 

  38. Zhang, K. (1997). Threshold proxy signature schemes. In Proceedings of the 1997 Information Security Workshop, Japan, (pp. 191–197).

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, The University of Manchester, Oxford Road, Manchester, M13 9PL, United Kingdom

    Omaima Bamasak & Ning Zhang

Authors
  1. Omaima Bamasak
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ning Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Omaima Bamasak.

Additional information

Omaima Bamasak received her Ph.D. degree from the University of Manchester, UK, in 2006. Her research interests are in designing protocols using cryptography for the provision of security in distributed systems, mobile agent security, electronic/mobile commerce, reputation management, and non-repudiation and fairness protocols.

Ning Zhang received her Ph.D. degree from the University of Kent at Canterbury in 1994, and is now a lecturer in the School of Computer Science at the University of Manchester. Her research interests are in computer security and applied cryptography, e.g., security and privacy in distributed systems, ubiquitous computing, and electronic commerce, with a focus on security protocol design, access control, and trust management.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Bamasak, O., Zhang, N. Reputation management and signature delegation: A distributed approach. Electron Commerce Res 6, 227–263 (2006). https://doi.org/10.1007/s10660-006-8675-9

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10660-006-8675-9

Keywords

Search

Navigation