11,516 research outputs found
Fair exchange in e-commerce and certified e-mail, new scenarios and protocols
We are witnessing a steady growth in the use of Internet in the electronic commerce field. This rise is promoting the migration from traditional processes and applications (paper based) to an electronic model. But the security of electronic transactions continues to pose an impediment to its implementation. Traditionally, most business transactions were conducted in person. Signing a contract required the meeting of all interested parties, the postman delivered certified mail in hand, and when paying for goods or services both customer and provider were present. When all parties are physically present, a transaction does not require a complex protocol. The participants acknowledge the presence of the other parties as assurance that they will receive their parts, whether a signature on a contract, or a receipt, etc. But with e-commerce growing in importance as sales and business channel, all these transactions have moved to its digital counterpart. Therefore we have digital signature of contracts, certified delivery of messages and electronic payment systems. With electronic transactions, the physical presence is not required,moreover, most of the times it is even impossible. The participants in a transaction can be thousands of kilometers away from each other, and they may not even be human participants, they can be machines. Thus, the security that the transaction will be executed without incident is not assured per se, we need additional security measures. To address this problem, fair exchange protocols were developed. In a fair exchange every party involved has an item that wants to exchange, but none of the participants is willing to give his item away unless he has an assurance he will receive the corresponding item from the other participants. Fair exchange has many applications, like digital signature of contracts, where the items to be exchanged are signatures on contracts, certified delivery of messages, where we exchange a message for evidence of receipt, or a payment process, where we exchange a payment (e-cash, e-check, visa, etc.) for digital goods or a receipt. The objective of this dissertation is the study of the fair exchange problem. In particular, it presents two new scenarios for digital contracting, the Atomic Multi- Two Party (AM2P) and the Agent Mediated Scenario (AMS), and proposes one optimistic contract signing protocol for each one. Moreover, it studies the efficiency of Multi-Party Contract Signing (MPCS) protocols from their architecture point of view, presenting a new lower bound for each architecture, in terms of minimum number of transactions needed. Regarding Certified Electronic Mail (CEM), this dissertation presents two optimistic CEMprotocols designed to be deployed on thecurrent e-mail infrastructure, therefore they assume the participation of multiple Mail Transfer Agents (MTAs). In one case, the protocol assumes untrusted MTAs whereas in the other one it assumes each User Agent (UA) trusts his own MTA. Regarding payment systems, this dissertation presents a secure and efficient electronic bearer bank check scheme allowing the electronic checks to be transferred fairly and anonymously.L’ús d’Internet en l’à mbit del comerç electrònic estĂ experimentant un creixement estable. Aquest increment d’ús estĂ promovent lamigraciĂł de processos tradicionals i aplicacions (basades en paper) cap a un model electrònic. Però la seguretat de les transaccions electròniques continua impedint la seva implantaciĂł. Tradicionalment, la majoria de les transaccions s’han dut a terme en persona. La firma d’un contracte requeria la presència de tots els firmants, el carter entrega les cartes certificades enmĂ , i quan es paga per un bĂ© o servei ambdĂłs venedor i comprador hi sĂłn presents. Quan totes les parts hi sĂłn presents, les transaccions no requereixen un protocol complex. Els participants assumeixen la presència de les altres parts com assegurança que rebran el que esperen d’elles, ja sigui la firma d’un contracte, un rebut d’entrega o un pagament. Però amb el creixement del comerç electrònic com a canal de venda i negoci, totes aquestes transaccions s’hanmogut al seu equivalent en el mĂłn electrònic. AixĂ doncs tenim firma electrònica de contractes, enviament certificat de missatges, sistemes de pagament electrònic, etc. En les transaccions electròniques la presència fĂsica no Ă©s necessĂ ria, de fet, la majoria de vegades Ă©s fins it tot impossible. Els participants poden estar separats permilers de kilòmetres, i no Ă©s necessari que siguin humans, podrien sermĂ quines. Llavors, la seguretat de que la transacciĂł s’executarĂ correctament no estĂ assegurada per se, necessitem proporcionar mesures de seguretat addicionals. Per solucionar aquest problema, es van desenvolupar els protocols d’intercanvi equitatiu. En un intercanvi equitatiu totes les parts involucrades tenen un objecte que volen intercanviar, però cap de les parts implicades vol donar el seu objecte si no tĂ© la seguretat que rebrĂ els objectes de les altres parts. L’intercanvi equitatiu tĂ© multitud d’aplicacions, com la firma electrònica de contractes, on els elements a intercanviar son firmes de contractes, enviament certificat demissatges, on s’intercanvien unmissatge per una evidència de recepciĂł, o un procĂ©s de pagament, on intercanviemun pagament (e-cash, visa, e-xec, etc.) per bens digitals o per un rebut. L’objectiu d’aquesta tesi Ă©s estudiar el problema de l’intercanvi equitatiu. En particular, la tesi presenta dos nous escenaris per a la firma electrònica de contractes, l’escenari multi-two party atòmic i l’escenari amb agents intermediaris, i proposa un protocol optimista per a cada un d’ells. A mĂ©s, presenta un estudi de l’eficiència dels protocols de firma electrònica multi-part (Multi-Party Contract Signing (MPCS) protocols) des del punt de vista de la seva arquitectura, presentant una nova fita per a cada una, en termes de mĂnim nombre de transaccions necessĂ ries. Pel que fa al correu electrònic certificat, aquesta tesi presenta dos protocols optimistes dissenyats per a ser desplegats damunt l’infraestructura actual de correu electrònic, per tant assumeix la participaciĂł demĂşltiples agents de transferència de correu. Un dels protocols assumeix que cap dels agents de transferència de correu participants Ă©s de confiança,mentre que l’altre assumeix que cada usuari confia en el seu propi agent. Pel que fa a sistemes de pagament, la tesi presenta un esquema de xec bancari al portador, eficient i segur, que garanteix que la transferència dels xecs es fa demanera anònima i equitativa
Security of Quantum Bit-String Generation
We consider the cryptographic task of bit-string generation. This is a
generalisation of coin tossing in which two mistrustful parties wish to
generate a string of random bits such that an honest party can be sure that the
other cannot have biased the string too much. We consider a quantum protocol
for this task, originally introduced in Phys. Rev. A {\bf 69}, 022322 (2004),
that is feasible with present day technology. We introduce security conditions
based on the average bias of the bits and the Shannon entropy of the string.
For each, we prove rigorous security bounds for this protocol in both noiseless
and noisy conditions under the most general attacks allowed by quantum
mechanics. Roughly speaking, in the absence of noise, a cheater can only bias
significantly a vanishing fraction of the bits, whereas in the presence of
noise, a cheater can bias a constant fraction, with this fraction depending
quantitatively on the level of noise. We also discuss classical protocols for
the same task, deriving upper bounds on how well a classical protocol can
perform. This enables the determination of how much noise the quantum protocol
can tolerate while still outperforming classical protocols. We raise several
conjectures concerning both quantum and classical possibilities for large n
cryptography. An experiment corresponding to the scheme analysed in this paper
has been performed and is reported elsewhere.Comment: 16 pages. No figures. Accepted for publication in Phys. Rev. A. A
corresponding experiment is reported in quant-ph/040812
Privacy-Preserving Electronic Ticket Scheme with Attribute-based Credentials
Electronic tickets (e-tickets) are electronic versions of paper tickets,
which enable users to access intended services and improve services'
efficiency. However, privacy may be a concern of e-ticket users. In this paper,
a privacy-preserving electronic ticket scheme with attribute-based credentials
is proposed to protect users' privacy and facilitate ticketing based on a
user's attributes. Our proposed scheme makes the following contributions: (1)
users can buy different tickets from ticket sellers without releasing their
exact attributes; (2) two tickets of the same user cannot be linked; (3) a
ticket cannot be transferred to another user; (4) a ticket cannot be double
spent; (5) the security of the proposed scheme is formally proven and reduced
to well known (q-strong Diffie-Hellman) complexity assumption; (6) the scheme
has been implemented and its performance empirically evaluated. To the best of
our knowledge, our privacy-preserving attribute-based e-ticket scheme is the
first one providing these five features. Application areas of our scheme
include event or transport tickets where users must convince ticket sellers
that their attributes (e.g. age, profession, location) satisfy the ticket price
policies to buy discounted tickets. More generally, our scheme can be used in
any system where access to services is only dependent on a user's attributes
(or entitlements) but not their identities.Comment: 18pages, 6 figures, 2 table
Developing Asia's Competitive Advantage in Green Products: Learning from the Japanese Experience
Right now, governments around the world are spending record amounts of money to kick-start their economies in response to the financial crisis. Fortunately, a great opportunity exists for this fiscal stimulus to be directed towards "green" economic growth, which can not only provide the new markets and jobs needed immediately for alleviating poverty, but also address the challenges of global warming. Working models already exist, proving that sustainable growth is possible. To achieve this will require social, technical and structural changes, as well as appropriate policies conducive to eco-innovation. For developing countries, there are lessons that can be learned from countries that have already gone through that process. The aim of this paper is to show what lessons can be learnt from the Japanese case. As the world's second largest economy, Japan is not only one of the most energy-efficient economies in the world; it also produces some of the world's leading green technologies. This paper focuses on current trends in the green product market and consumer behavior in Japan, which have been influenced by recent government policies, particularly the ÂĄ15.4 trillion (more than US$100 billion) stimulus package. The aim of this paper is to provide some insight on, and present a repository of selected government policies promoting sustainable development. The scope of this paper will cover areas such as hybrid vehicles, renewable energy, energy efficient home appliances, and green certification schemes. It also provides a brief discussion on the environmental policies of the new Japanese government that came into power on 16 September 2009. The paper attempts to use the most recent data, from June to August 2009, however given the quickly-evolving global environment, these statistics may change drastically by the time this paper is presented.japanese government environmental policies; sustainable development; vehicle pollution policies
Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning
The secret keys of critical network authorities - such as time, name,
certificate, and software update services - represent high-value targets for
hackers, criminals, and spy agencies wishing to use these keys secretly to
compromise other hosts. To protect authorities and their clients proactively
from undetected exploits and misuse, we introduce CoSi, a scalable witness
cosigning protocol ensuring that every authoritative statement is validated and
publicly logged by a diverse group of witnesses before any client will accept
it. A statement S collectively signed by W witnesses assures clients that S has
been seen, and not immediately found erroneous, by those W observers. Even if S
is compromised in a fashion not readily detectable by the witnesses, CoSi still
guarantees S's exposure to public scrutiny, forcing secrecy-minded attackers to
risk that the compromise will soon be detected by one of the W witnesses.
Because clients can verify collective signatures efficiently without
communication, CoSi protects clients' privacy, and offers the first
transparency mechanism effective against persistent man-in-the-middle attackers
who control a victim's Internet access, the authority's secret key, and several
witnesses' secret keys. CoSi builds on existing cryptographic multisignature
methods, scaling them to support thousands of witnesses via signature
aggregation over efficient communication trees. A working prototype
demonstrates CoSi in the context of timestamping and logging authorities,
enabling groups of over 8,000 distributed witnesses to cosign authoritative
statements in under two seconds.Comment: 20 pages, 7 figure
Proposals from the ERNCIP Thematic Group, “Case Studies for the Cyber-security of Industrial Automation and Control Systems”, for a European IACS Components Cyber-security Compliance and Certification Scheme. Thematic Area Industrial Control Systems and Smart Grids
All studies recently published agree. Industrial Automation and Control Systems (IACS) increasingly constitutes a target for cyber-attacks aiming at disturbing Member States’ economies, at disabling our critical infrastructures or at taking advantage from our people. Such hostile acts take place in a context of geostrategic tensions, for the satisfaction of organised crime’s purposes, or else in support of possible activist causes. In this context, the ERNCIP Thematic Group (TG) “Case studies for the cybersecurity of Industrial Automation & Control Systems” was started in January 2014 to answer the question: “Do European critical infrastructure operators need to get IACS’ components or subsystems tested and “certified” (T&C) with regards to their cybersecurity?” And should the answer have been yes, it had to answer a corollary question: “What are (roughly) the conditions of feasibility for implementing successfully a European IACS components cybersecurity Compliance & Certification Scheme?” This TG’s undertaking was a research project, not a task force seeking to deliver an immediately applicable standard. It mobilised representatives of IACS vendors, industrial operators, European Istitutions and national cybersecurity authorities.JRC.G.5-Security technology assessmen
Towards Provably-Secure Timed E-Commerce: The Trusted Delivery Layer
Certified exchange of messages is an essential mechanism for e-commerce; the timing aspects (timeouts and timestamps) are very important for practical applications. However existing formal methods for security analysis assume simplified completely synchronous or completely asynchronous models, and cannot deal with the timing aspects of these (and other e-commerce) protocols. We present model for realistic, Δ-synchronized adversarial settings. We then present a simple, efficient and provably-secure protocol for certified, time-stamped message delivery, providing precise guarantees of delay and timestamps. Our model and analysis use concrete (rather than asymptotic) notions of security
Recommended from our members
A second generation of nonrepudiation protocols
A non-repudiation protocol from party S to party R performs two tasks. First, the protocol enables party S to send to party R some text x along with sufficient evidence (that can convince a judge) that x was indeed sent by S. Second, the protocol enables party R to receive text x from S and to send to S sufficient evidence (that can convince a judge) that x was indeed received by R. The first generation of non-repudiation protocols were published in the period 1996-2000. In this dissertation, we design a second generation of non-repudiation protocols that enjoy several interesting properties.
First, we identify in this dissertation a special class of non-repudiation
protocols, called two-phase protocols. The two parties, S and R, in each two-phase protocol execute the protocol as specified until one of the two parties
receives its needed proof. Then and only then does this party refrain from
sending any more message specified by the protocol because these messages only help the other party complete its proof. We show that the execution of each two-phase protocol is deterministic and does not require synchronized real-time clocks. We also show that each two-phase protocol needs to involve a trusted third party T beside the two original parties, S and R.
Second, we show that if party R in a two-phase protocol has a real-time
clock and knows an upper bound on the round trip delay from R to S and
back to R, then the two-phase protocol does not need to involve a trusted
third party T.
Third, we design a non-repudiation protocol for transferring file F from
a sender S to a receiver R over a cloud C. This protocol is designed such
that there is no direct communication between parties S and R. Rather all
communications between S and R are carried out through cloud C. In this
protocol parties S and R do not need to store a local copy of file F and the
proofs that are needed by the two parties S and R (the only copy of file F and the proofs is stored in cloud C).
Fourth, we design a new non-repudiation protocol from S to R over C
where some of the proofs stored in cloud C get lost. This new protocol has an interesting stabilization property which ensures that when some of the proofs get lost, and one party can get the needed proofs but the other party cannot get its needed proofs from cloud C, then eventually, neither party is able to receive its needed proofs from cloud C.
Fifth, we design a non-repudiation protocol for transferring files from a
sender S to a subset of potential receivers {R.1, R.2, ..., R.n} over a cloud C. The protocol guarantees that after each file F is transferred from sender S to a subset of the potential receivers, then (1) each receiver R.i in the subset ends up with a proof that file F was indeed sent by sender S to R.i, and (2) sender S ends up with a proof that file F was indeed received from S by each receiver R.i in the subset.Computer Science
Efficacy of Computer Aided Drafting (CAD) Certifications
This research investigated the perceived effect of industry recognized Computer Aided Drafting (CAD) certifications among community college drafting instructors and employers. The research questions that guided this study were: (1) Do community college drafting instructors believe that certified drafters perform better on the job than non-certified drafters? (2) Do employers believe that certified drafters perform better on the job than non-certified drafters? (3) Do employers seek CAD certified individuals to fill drafting positions? (4) Is there a difference between the perceptions of community college drafting instructors and employers of community college drafting program graduates regarding the importance of drafting certification? (5) What qualifications do employers look for when hiring new drafters?
Drafting instructors from a community college system in one southeastern U.S. state were surveyed to determine their awareness of and perceptions about industry recognized CAD certifications. Employers of drafters within the same state were also surveyed using the same instrument.
This study found that drafting instructors and employers of drafters do not believe that certified drafters perform better than their non-certified counterparts. There is little difference in the perceptions of the two groups. Employers of CAD drafters do not seek certified individuals to fill drafting positions. They look for applicants with experience, education, CAD proficiency, and people skills when hiring drafters.
Currently there is no single industry recognized credential for drafters. Almost every software manufacturer offers their own product specific certification, likely as a knee jerk reaction to Perkins funding, as one participant stated. The value and validity of such certification is questionable and needs further research. Momentum and awareness of American Design Drafting Association (ADDA) certification appears to be growing, and it may emerge as the industry leader in years to come.
Intuitively, certification appears to be perceived as having some value, though not enough value to warrant the time and expense required to attain it. Does having an industry recognized CAD certification benefit the community college CAD graduate? Based on the research in one southeastern U.S. state the researcher has concluded that there is no significant benefit to attaining such certification
- …