1,637 research outputs found

    Design and Evaluate a Fair Exchange Protocol Based on Online Trusted Third Party (TTP)

    Get PDF
    One of the most crucial factors that e-commerce protocols should address is a fair exchange. In this research, an advanced method of cryptography coupled with the pay per use technique is used. A new electronic commerce protocol for the exchange of commodities is introduced. The proposed new protocol guarantees both features while addressing the main drawbacks associated with other related protocols. The new suggested e-commerce protocol is composed of two stages: pre-exchange and exchange stages. When the suggested new protocol is analysed with scrupulous protocol analysis, it attains fair exchange and a secure method of payment. The suggested new e-commerce protocol is more efficient than other related existing protocols. In this research “protocol prototype” and “model checking” is used for the purpose of authentication. The protocol prototype verifies that the suggested new protocol is executable when it's used in a real context. By experimental designs, this research shows the length of asymmetric keys as the biggest element that affects the efficiency of the protocol. When model-checking is applied in this protocol, the outcome indicates that the suggested protocol achieves the required features of fairness. Protocol extensions give those involved in the protocol the capacity to be resilient to failure. By using three methods of authentication, this research confirms that the new proposed protocol is well formulated. The work reported in this thesis first study the existing fair exchange protocols that solve the fairness problem. Then, propose more efficient protocol to solve the fairness problem. The original idea in this thesis is to reduce the communication overheads, risks and solve the bottleneck problems in the protocols that involve an online TTP

    Internet Payment Blockades

    Get PDF
    Internet payment blockades are an attempt to enforce intellectual property rights by “following the money” that flows to online merchants who profit from piracy and counterfeiting. Where corporate copyright and trademark owners failed in the legislature and the judiciary to create binding public law requiring payment processors like MasterCard and Visa to act as intellectual property enforcers, “non-regulatory” intervention from the executive branch secured their cooperation as a matter of private ordering. The resulting voluntary best practices agreement prescribes a notice-and-termination protocol that extends the reach of U.S. intellectual property law into cyberspace, to merchants operating “foreign infringing sites.” It also privatizes the adjudication of infringement claims, raising issues of fairness and institutional competence. Like other forms of regulation by online intermediaries, payment blockades are subject to circumvention through disintermediation. Marrying peer-to-peer (P2P) technology with financial transactions, P2P virtual currencies like Bitcoin allow online merchants and their customers to work around payment blockades

    Efficient Packet-Drop Thwarting and User-Privacy Preserving Protocols for Multi-hop Wireless Networks

    Get PDF
    In multi-hop wireless network (MWN), the mobile nodes relay others’ packets for enabling new applications and enhancing the network deployment and performance. However, the selfish nodes drop the packets because packet relay consumes their resources without benefits, and the malicious nodes drop the packets to launch Denial-of-Service attacks. Packet drop attacks adversely degrade the network fairness and performance in terms of throughput, delay, and packet delivery ratio. Moreover, due to the nature of wireless transmission and multi-hop packet relay, the attackers can analyze the network traffic in undetectable way to learn the users’ locations in number of hops and their communication activities causing a serious threat to the users’ privacy. In this thesis, we propose efficient security protocols for thwarting packet drop attacks and preserving users’ privacy in multi-hop wireless networks. First, we design a fair and efficient cooperation incentive protocol to stimulate the selfish nodes to relay others’ packets. The source and the destination nodes pay credits (or micropayment) to the intermediate nodes for relaying their packets. In addition to cooperation stimulation, the incentive protocol enforces fairness by rewarding credits to compensate the nodes for the consumed resources in relaying others’ packets. The protocol also discourages launching Resource-Exhaustion attacks by sending bogus packets to exhaust the intermediate nodes’ resources because the nodes pay for relaying their packets. For fair charging policy, both the source and the destination nodes are charged when the two nodes benefit from the communication. Since micropayment protocols have been originally proposed for web-based applications, we propose a practical payment model specifically designed for MWNs to consider the significant differences between web-based applications and cooperation stimulation. Although the non-repudiation property of the public-key cryptography is essential for securing the incentive protocol, the public-key cryptography requires too complicated computations and has a long signature tag. For efficient implementation, we use the public-key cryptography only for the first packet in a series and use the efficient hashing operations for the next packets, so that the overhead of the packet series converges to that of the hashing operations. Since a trusted party is not involved in the communication sessions, the nodes usually submit undeniable digital receipts (proofs of packet relay) to a centralized trusted party for updating their credit accounts. Instead of submitting large-size payment receipts, the nodes submit brief reports containing the alleged charges and rewards and store undeniable security evidences. The payment of the fair reports can be cleared with almost no processing overhead. For the cheating reports, the evidences are requested to identify and evict the cheating nodes. Since the cheating actions are exceptional, the proposed protocol can significantly reduce the required bandwidth and energy for submitting the payment data and clear the payment with almost no processing overhead while achieving the same security strength as the receipt-based protocols. Second, the payment reports are processed to extract financial information to reward the cooperative nodes, and contextual information such as the broken links to build up a trust system to measure the nodes’ packet-relay success ratios in terms of trust values. A node’s trust value is degraded whenever it does not relay a packet and improved whenever it does. A node is identified as malicious and excluded from the network once its trust value reaches to a threshold. Using trust system is necessary to keep track of the nodes’ long-term behaviors because the network packets may be dropped normally, e.g., due to mobility, or temporarily, e.g., due to network congestion, but the high frequency of packet drop is an obvious misbehavior. Then, we propose a trust-based and energy-aware routing protocol to route traffics through the highly trusted nodes having sufficient residual energy in order to establish stable routes and thus minimize the probability of route breakage. A node’s trust value is a real and live measurement to the node’s failure probability and mobility level, i.e., the low-mobility nodes having large hardware resources can perform packet relay more efficiently. In this way, the proposed protocol stimulates the nodes not only to cooperate but also to improve their packet-relay success ratio and tell the truth about their residual energy to improve their trust values and thus raise their chances to participate in future routes. Finally, we propose a privacy-preserving routing and incentive protocol for hybrid ad hoc wireless network. Micropayment is used to stimulate the nodes’ cooperation without submitting payment receipts. We only use the lightweight hashing and symmetric-key-cryptography operations to preserve the users’ privacy. The nodes’ pseudonyms are efficiently computed using hashing operations. Only trusted parties can link these pseudonyms to the real identities for charging and rewarding operations. Moreover, our protocol protects the location privacy of the anonymous source and destination nodes. Extensive analysis and simulations demonstrate that our protocols can secure the payment and trust calculation, preserve the users’ privacy with acceptable overhead, and precisely identify the malicious and the cheating nodes. Moreover, the simulation and measurement results demonstrate that our routing protocols can significantly improve route stability and thus the packet delivery ratio due to stimulating the selfish nodes’ cooperation, evicting the malicious nodes, and making informed decisions regarding route selection. In addition, the processing and submitting overheads of the payment-reports are incomparable with those of the receipts in the receipt-based incentive protocols. Our protocol also requires incomparable overhead to the signature-based protocols because the lightweight hashing operations dominate the nodes’ operations

    E-commerce protocol supporting automated online dispute resolution

    Get PDF
    E-commerce now constitutes a significant part of all commercial activity; however the increase in transactions is also leading to more disputes. These disputes are becoming more frequent, more technologically complicated and more difficult in terms of traceability . This thesis focuses specifically on dispute problems related to soft products, i.e. those that are intangible and therefore requiring no physical delivery. With the growing demand for these types of products, e.g. downloadable films, music, software, and prepaid calling time, the prevention of fraudulent transactions is becoming increasingly important. Reasons for the rise in the number of fraudulent transactions include merchants being unable to see the customer to verify an ID or signature and E-commerce enabling soft-products and services to be acquired via soft delivery methods: email, download or logging in. The introductory section provides a critique of current e-commerce fraud detection and prevention techniques and shows that not all are suitable for e-commerce, especially soft-products, and therefore unable to provide complete protection against fraud. The future relating to the detection and prevention of e-commerce fraud is then discussed, leading to suggestions regarding the improvement of the current state-of-the-art technique, the Address Verification Service (AVS), which is used to accommodate the introduction of soft-products. Apart from the exchange process problems, i.e. those involving money and goods, attention is also paid to other important factors such as timing and quality that are usually neglected in these detection and prevention techniques. Dispute scenarios from many different perspectives have been analysed, viz. computer science, business, legal and that of the participants themselves. From the analyses, all possible dispute cases have been formally listed using the 'Truth Table' approach. This analysis has then led to the design of a comprehensive taxonomy framework for dispute in e-commerce. The term Online Dispute Resolution (ODR), is the online technology applied to Alternative Dispute Resolution (ADR) which is resolving disputes other than via litigation in the courts. Current ODR systems and their suitability for the e-commercial world have been examined, concluding that not all are appropriate for e-commerce situations (since most still involve a human element and often make the resolution process more costly than the actual item under dispute). The proposed solution to the problem is by automating the online dispute resolution process. The total solution is described in two parts (i) an E-commerce Transaction Protocol (ETP) forming the infrastructure where the transaction will take place and be able to accommodate any new improvements in the future, and (ii) an Automated Online Dispute Resolution (AODR) system which should automatically resolve any dispute occurring within the proposed e-commerce model. In order for the AODR to resolve any dispute, a product/payment specific plug-in (add-on) has been incorporated into the system. For illustration purposes, credit cards as a payment method has been selected and the appropriate plug-in specification for soft products and credit cards created. The concept of providing every soft product with a quality certificate has also been discussed. A concluding case study of e-commerce in Saudi Arabia has been used to test the viability of both the e-commerce dispute taxonomy and the proposed model. The case study shows the suitability of using ETP with AODR in order to resolve soft-product disputes automatically. Limitations of the work and further research possibilities have then been identified.EThOS - Electronic Theses Online ServiceDepartment of Computing Science, Newcastle UniversityGBUnited Kingdo

    Applications of the Blockchain using cryptography

    Get PDF
    PhD ThesisWe have witnessed the rise of cryptocurrencies in the past eight years. Bitcoin and Ethereum are the world’s most successful cryptocurrencies with market capitalisations of 37bnand37bn and 21bn respectively in June 2017. The innovation behind these cryptocurrencies is the blockchain which is an immutable and censorship resistant public ledger. Bitcoin introduced the blockchain to trade a single asset (i.e. bitcoins), whereas Ethereum adopted the blockchain to store and execute expressive smart contracts. In this thesis, we consider cryptographic protocols that bootstrap trust from the blockchain. This includes secure end-to-end communication between two pseudonymous users, payment protocols, payment networks and decentralised internet voting. The first three applications rely on Bitcoin, whereas the final e-voting application is realised using Ethereum. First, it is important to highlight that Bitcoin was designed to protect the anonymity (or pseudonymity) for financial transactions. Nakamoto proposed that financial privacy is achievable by storing each party’s pseudonym (and not their real-world identity) in a transaction. We highlight that this approach for privacy has led to real-world authentication issues as merchants are failing to re-authenticate customers in post-transaction correspondence. To alleviate these issues, we propose an end-to-end secure communication protocol for Bitcoin users that does not require any trusted third party or public-key infrastructure. Instead, our protocol leverages the Blockchain as an additional layer of authentication. Furthermore, this insight led to the discovery of two attacks in BIP70: Payment Protocol which is a community-accepted standard used by more than 100,000 merchants. Our attacks were acknowledged by the leading payment processors including Coinbase, BitPay and Bitt. As well, we have proposed a revised Payment Protocol that prevents both attacks. Second, Bitcoin as deployed today does not scale. Scalability research has focused on two directions: 1) redesigning the Blockchain protocol, and 2) facilitating ‘off-chain transactions’ and only consulting the Blockchain if an adjudicator is required. We focus on the latter and provide an overview of Bitcoin payment networks. These consist of two components: payment channels to facilitate off-chain transactions between two parties, and the capability to fairly exchange bitcoins across multiple channels. We compare Duplex Micropayment Channels and Lightning Channels, before discussing Hashed Time Locked Contracts which viii enable Bitcoin-based payment networks. Furthermore, we highlight challenges in routing and path-finding that need to be overcome before payment networks are practically feasible. Finally, we study the feasibility of executing cryptographic protocols on Ethereum. We provide the first implementation of a decentralised and self-tallying internet voting protocol with maximum voter privacy as a smart contract. The Open Vote Network is suitable for boardroom elections and is written as a smart contract for Ethereum. Unlike previously proposed Blockchain e-voting protocols, this is the first implementation that does not rely on any trusted authority to compute the tally or to protect the voter’s privacy. Instead, the Open Vote Network is a self-tallying protocol, and each voter is in control of the privacy of their own vote such that it can only be breached by a full collusion involving all other voters. The execution of the protocol is enforced using the consensus mechanism that also secures the Ethereum blockchain. We tested the implementation on Ethereum’s official test network to demonstrate its feasibility. Also, we provide a financial and computational breakdown of its execution cost

    Solving Legal Issues in Electronic Government: Jurisdiction, Regulation, Governance

    Get PDF
    This paper looks at who can be governed, what can be governed, and how it can be governed in an electronic world. Whether law aims to be enabling (i.e., confirming the ground rules and the legal effectiveness of general conduct) or normative (i.e., imposing standards of conduct on more or less willing subjects), the new media presents difficulties for its rational evolution. These are distinct questions from those raised by government online. Electronic service delivery issues tend to focus on how government can carry on its traditional programs using electronic means and how the law can support it in doing so. The programs themselves evolve through the changing media, but not so much that they stop being recognizable. The transformation of government to deliver services electronically is just beginning, and the changes are not yet dramatic. Here we start with a view of ‘‘jurisdiction’’, which considers how governments can regulate private conduct, whether in resolving disputes, protecting consumers, or repressing criminal or other offensive behaviour. The discussion looks at the courts and other dispute resolution methods, administrative processes, and alternative means to achieve the goals that have traditionally been sought by systems of direct commands and penalties. We then look at questions of the role of government faced with an electronic economy, particularly monetary and fiscal policy and taxation in general. The impact of electronic communications on the functioning of the democratic system is next: electronic publication of laws, electronic voting, governance models and public expectations. Finally, we review how technical rules and standards affect conduct that has been the purview of government, and some of the technical standards bodies whose role becomes more important in the electronic age

    Creating a Market for Justice; a Market Incentive Solution to Regulating the Playing Field: Judicial Deference, Judicial Review, Due Process, and Fair Play in Online Consumer Arbitration

    Get PDF
    Swindlers, purveyors of substandard products or services, and honest traders unable to perform their agreements can access the global market as easily as legitimate and capable businesses. The impersonal nature of e-commerce makes it more difficult for traders to discern a merchant or transaction that will not satisfy their expectations. This article analyzes procedural due process concerns as an element of arbitration in online dispute resolution ( ODR ) in business-to-consumer ( B2C ) e-commerce. B2C e-commerce will be worth an estimated 250billionbytheendof2003,butonefactorhinderingitsgrowthisthelackofeffectivedisputeresolution.Forreasonsofcost,jurisdiction,andotherproblemsrelatingtotransnationallitigation,courtsmaynotbeafeasibleforum,thusleavingprivatemechanisms,suchasODR,astheprimarysourceofdisputeresolution.Existingincentivesmayprovideforalevelplayingfieldforonlinearbitrationindisputesbetweenmerchants;however,theseincentivesmaybenonexistentorinadequatewithregardtodisputesbetweenconsumersandmerchants.Swindlers,purveyorsofsubstandardproductsorservices,andhonesttradersunabletoperformtheiragreementscanaccesstheglobalmarketaseasilyaslegitimateandcapablebusinesses.Theimpersonalnatureofe−commercemakesitmoredifficultfortraderstodiscernamerchantortransactionthatwillnotsatisfytheirexpectations.Thisarticleanalyzesproceduraldueprocessconcernsasanelementofarbitrationinonlinedisputeresolution(ODR)inbusiness−to−consumer(B2C)e−commerce.B2Ce−commercewillbeworthanestimated250 billion by the end of 2003, but one factor hindering its growth is the lack of effective dispute resolution. For reasons of cost, jurisdiction, and other problems relating to transnational litigation, courts may not be a feasible forum, thus leaving private mechanisms, such as ODR, as the primary source of dispute resolution. Existing incentives may provide for a level playing field for online arbitration in disputes between merchants; however, these incentives may be nonexistent or inadequate with regard to disputes between consumers and merchants. Swindlers, purveyors of substandard products or services, and honest traders unable to perform their agreements can access the global market as easily as legitimate and capable businesses. The impersonal nature of e-commerce makes it more difficult for traders to discern a merchant or transaction that will not satisfy their expectations. This article analyzes procedural due process concerns as an element of arbitration in online dispute resolution ( ODR ) in business-to-consumer ( B2C ) e-commerce. B2C e-commerce will be worth an estimated 250 billion by the end of 2003, but one factor hindering its growth is the lack of effective dispute resolution. For reasons of cost, jurisdiction, and other problems relating to transnational litigation, courts may not be a feasible forum, thus leaving private mechanisms, such as ODR, as the primary source of dispute resolution. Existing incentives may provide for a level playing field for online arbitration in disputes between merchants; however, these incentives may be nonexistent or inadequate with regard to disputes between consumers and merchants

    Creating a Market for Justice; a Market Incentive Solution to Regulating the Playing Field: Judicial Deference, Judicial Review, Due Process, and Fair Play in Online Consumer Arbitration

    Get PDF
    Swindlers, purveyors of substandard products or services, and honest traders unable to perform their agreements can access the global market as easily as legitimate and capable businesses. The impersonal nature of e-commerce makes it more difficult for traders to discern a merchant or transaction that will not satisfy their expectations. This article analyzes procedural due process concerns as an element of arbitration in online dispute resolution ( ODR ) in business-to-consumer ( B2C ) e-commerce. B2C e-commerce will be worth an estimated 250billionbytheendof2003,butonefactorhinderingitsgrowthisthelackofeffectivedisputeresolution.Forreasonsofcost,jurisdiction,andotherproblemsrelatingtotransnationallitigation,courtsmaynotbeafeasibleforum,thusleavingprivatemechanisms,suchasODR,astheprimarysourceofdisputeresolution.Existingincentivesmayprovideforalevelplayingfieldforonlinearbitrationindisputesbetweenmerchants;however,theseincentivesmaybenonexistentorinadequatewithregardtodisputesbetweenconsumersandmerchants.Swindlers,purveyorsofsubstandardproductsorservices,andhonesttradersunabletoperformtheiragreementscanaccesstheglobalmarketaseasilyaslegitimateandcapablebusinesses.Theimpersonalnatureofe−commercemakesitmoredifficultfortraderstodiscernamerchantortransactionthatwillnotsatisfytheirexpectations.Thisarticleanalyzesproceduraldueprocessconcernsasanelementofarbitrationinonlinedisputeresolution(ODR)inbusiness−to−consumer(B2C)e−commerce.B2Ce−commercewillbeworthanestimated250 billion by the end of 2003, but one factor hindering its growth is the lack of effective dispute resolution. For reasons of cost, jurisdiction, and other problems relating to transnational litigation, courts may not be a feasible forum, thus leaving private mechanisms, such as ODR, as the primary source of dispute resolution. Existing incentives may provide for a level playing field for online arbitration in disputes between merchants; however, these incentives may be nonexistent or inadequate with regard to disputes between consumers and merchants. Swindlers, purveyors of substandard products or services, and honest traders unable to perform their agreements can access the global market as easily as legitimate and capable businesses. The impersonal nature of e-commerce makes it more difficult for traders to discern a merchant or transaction that will not satisfy their expectations. This article analyzes procedural due process concerns as an element of arbitration in online dispute resolution ( ODR ) in business-to-consumer ( B2C ) e-commerce. B2C e-commerce will be worth an estimated 250 billion by the end of 2003, but one factor hindering its growth is the lack of effective dispute resolution. For reasons of cost, jurisdiction, and other problems relating to transnational litigation, courts may not be a feasible forum, thus leaving private mechanisms, such as ODR, as the primary source of dispute resolution. Existing incentives may provide for a level playing field for online arbitration in disputes between merchants; however, these incentives may be nonexistent or inadequate with regard to disputes between consumers and merchants
    • 

    corecore