A Novel Identity Based Blind Signature Scheme using DLP for E-Commerce

Abstract— Blind signatures are used in the most of the application where confidentiality and authenticity are the main issue. Blind signature scheme deals with concept where requester sends the request that the signer should sign on a blind message without looking at the content. Many ID based blind signature are proposed using bilinear pairings and elliptic curve. But the relative computation cost of the pairing in bilinear pairings and ID map into an elliptic curve are huge. In order to save the running time and the size of the signature, this paper proposed a scheme having the property of both concepts identity based blind signature that is based on Discrete Logarithm Problem, so as we know that DLP is a computational hard problem and hence the proposed scheme achieves all essential and secondary security prematurity. With the help of the proposed scheme, this paper implemented an E-commerce system in a secure way. E-commerce is one of the most concern applications of ID based blind signature scheme. E-commerce consisting selling and buying of products or services over the internet and open network. ID based blind signature scheme basically has been used enormously as a part of today’s focussed business. Our proposed scheme can be also be used in E-business, E-voting and E-cashing anywhere without any restriction DOI: 10.17762/ijritcc2321-8169.15060

On the Forgeability of Wang-Tang-Li\u27s ID-Based Restrictive Partially Blind Signature

Restrictive partially blind signature (RPBS) plays an important role in designing secure electronic cash system. Very recently, Wang, Tang and Li proposed a new ID-based restrictive partially blind signature (ID-RPBS) and gave the security proof. In this paper, we present a cryptanalysis of the scheme and show that the signature scheme does not satisfy the property of {\bf unforgeability} as claimed. More precisely, a user can forge a valid message-signature pair $(ID, msg, {\bf info\u27}, \sigma\u27)$ instead of the original one $(ID, msg, {\bf info}, \sigma)$, where {\bf info} is the original common agreed information and ${\bf info}\u27\neq {\bf info}$. Therefore, it will be much dangerous if Wang-Tang-Li\u27s ID-RPBS scheme is applied to the off-line electronic cash system. For example, a bank is supposed to issue an electronic coin (or bill) of \$100 to a user, while the user can change the denomination of the coin (bill) to any value, say \$100, 000, 000, at his will

Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

Privacy-Preserving Multi-Quality Charging in V2G network

Vehicle-to-grid (V2G) network, which provides electricity charging service to the electric vehicles (EVs), is an essential part of the smart grid (SG). It can not only effectively reduce the greenhouse gas emission but also significantly enhance the efficiency of the power grid. Due to the limitation of the local electricity resource, the quality of charging service can be hardly guaranteed for every EV in V2G network. To this end, the multi-quality charging is introduced to provide quality-guaranteed service (QGS) to the qualified EVs and best effort service (BES) to the other EVs. To perform the multi-quality charging, the evaluation on the EV's attributes is necessary to determine which level of charging service can be offered to the EV. However, the EV owner's privacy such as real identity, lifestyle, location, and sensitive information in the attributes may be violated during the evaluation and authentication. In this thesis, a privacy-preserving multi-quality charging (PMQC) scheme for V2G network is proposed to evaluate the EV's attributes, authenticate its service eligibility and generate its bill without revealing the EV's private information. Specifically, by adopting ciphertext-policy attribute based encryption (CP-ABE), the EV can be evaluated to have proper charging service without disclosing its attribute privacy. By utilizing group signature, the EV's real identity is kept confidential during the authentication and the bill generation. By hiding the EV's real identity, the EV owner's lifestyle privacy and location privacy are also preserved. Security analysis demonstrates that PMQC can achieve the EV's privacy preservation, fine-grained access control on the EVs for QGS, traceability of the EV's real identity and secure revocation on the EV's service eligibility. Performance evaluation result shows that PMQC can achieve higher efficiency in authentication and verification compared with other schemes in terms of computation overhead. Based on PMQC, the EV's computation overhead and storage overhead can be further reduced in the extended privacy-preserving multi-quality charging (ePMQC) scheme.4 month

ID-based restrictive partially blind signatures and applications

Abstract. Restrictive blind signatures allow a recipient to receive a blind signature on a message not known to the signer but the choice of message is restricted and must conform to certain rules. Partially blind signatures allow a signer to explicitly include necessary information (expiration date, collateral conditions, or whatever) in the resulting signatures under some agreement with receiver. Restrictive partially blind signatures incorporate the advantages of these two blind signatures. The existing restrictive partially blind signature scheme was constructed under certificate-based (CA-based) public key systems. In this paper we follow Brand's construction to propose the first identity-based (ID-based) restrictive blind signature scheme from bilinear pairings. Furthermore, we first propose an ID-based restrictive partially blind signature scheme, which is provably secure in the random oracle model. As an application, we use the proposed signature scheme to build an untraceable off-line electronic cash system followed Brand's construction. Key words: ID-based systems, Blind signatures, Bilinear pairings. 1 Introduction Blind signatures, introduced by Chaum [10], allow a recipient to obtain a signature on message mwithout revealing anything about the message to the signer. Blind signatures play an important role in a plenty of applications such as electronic voting, electronic cash schemes where anonymityis of great concern. About the formal definition and security of blind signature schemes, refer to [14, 16-18].Restrictive blind signatures, firstly introduced by Brands [5, 6], which allow a recipient to receive a blind signature on a message not known to the signer but the choice of the messageis restricted and must conform to certain rules. Furthermore, he proposed a highly efficient electronic cash system, where the bank ensures that the user is restricted to embed his identityin the resulting blind signature

Mise en oeuvre d’une approche sociotechnique de la vie privée pour les systèmes de paiement et de recommandation en ligne

Depuis ses fondements, le domaine de l’Interaction Homme-Machine (IHM) est marqué par le souci constant de concevoir et de produire des systèmes numériques utiles et utilisables, c’est-à-dire adaptés aux utilisateurs dans leur contexte. Vu le développement exponentiel des recherches dans les IHM, deux états des lieux s’imposent dans les environnements en ligne : le concept de confiance et le comportement de l’usager. Ces deux états ne cessent de proliférer dans la plupart des solutions conçues et sont à la croisée des travaux dans les interfaces de paiements en ligne et dans les systèmes de recommandation. Devant les progrès des solutions conçues, l’objectif de cette recherche réside dans le fait de mieux comprendre les différents enjeux dans ces deux domaines, apporter des améliorations et proposer de nouvelles solutions adéquates aux usagers en matière de perception et de comportement en ligne. Outre l’état de l’art et les problématiques, ce travail est divisé en cinq parties principales, chacune contribue à mieux enrichir l’expérience de l’usager en ligne en matière de paiement et recommandations en ligne : • Analyse des multi-craintes en ligne : nous analysons les différents facteurs des sites de commerce électronique qui influent directement sur le comportement des consommateurs en matière de prise de décision et de craintes en ligne. Nous élaborons une méthodologie pour mesurer avec précision le moment où surviennent la question de la confidentialité, les perceptions en ligne et les craintes de divulgation et de pertes financières. • Intégration de personnalisation, contrôle et paiement conditionnel : nous proposons une nouvelle plateforme de paiement en ligne qui supporte à la fois la personnalisation et les paiements multiples et conditionnels, tout en préservant la vie privée du détenteur de carte. • Exploration de l’interaction des usagers en ligne versus la sensibilisation à la cybersécurité : nous relatons une expérience de magasinage en ligne qui met en relief la perception du risque de cybercriminalité dans les activités en ligne et le comportement des utilisateurs lié à leur préoccupation en matière de confidentialité. • Équilibre entre utilité des données et vie privée : nous proposons un modèle de préservation de vie privée basé sur l’algorithme « k-means » et sur le modèle « k-coRating » afin de soutenir l’utilité des données dans les recommandations en ligne tout en préservant la vie privée des usagers. • Métrique de stabilité des préférences des utilisateurs : nous ciblons une meilleure méthode de recommandation qui respecte le changement des préférences des usagers par l’intermédiaire d’un réseau neural. Ce qui constitue une amélioration à la fois efficace et performante pour les systèmes de recommandation. Cette thèse porte essentiellement sur quatre aspects majeurs liés : 1) aux plateformes des paiements en ligne, 2) au comportement de l’usager dans les transactions de paiement en ligne (prise de décision, multi-craintes, cybersécurité, perception du risque), 3) à la stabilité de ses préférences dans les recommandations en ligne, 4) à l’équilibre entre vie privée et utilité des données en ligne pour les systèmes de recommandation.Technologies in Human-Machine Interaction (HMI) are playing a vital role across the entire production process to design and deliver advanced digital systems. Given the exponential development of research in this field, two concepts are largely addressed to increase performance and efficiency of online environments: trust and user behavior. These two extents continue to proliferate in most designed solutions and are increasingly enriched by continuous investments in online payments and recommender systems. Along with the trend of digitalization, the objective of this research is to gain a better understanding of the various challenges in these two areas, make improvements and propose solutions more convenient to the users in terms of online perception and user behavior. In addition to the state of the art and challenges, this work is divided into five main parts, each one contributes to better enrich the online user experience in both online payments and system recommendations: • Online customer fears: We analyze different components of the website that may affect customer behavior in decision-making and online fears. We focus on customer perceptions regarding privacy violations and financial loss. We examine the influence on trust and payment security perception as well as their joint effect on three fundamentally important customers’ aspects: confidentiality, privacy concerns and financial fear perception. • Personalization, control and conditional payment: we propose a new online payment platform that supports both personalization and conditional multi-payments, while preserving the privacy of the cardholder. • Exploring user behavior and cybersecurity knowledge: we design a new website to conduct an experimental study in online shopping. The results highlight the impact of user’s perception in cybersecurity and privacy concerns on his online behavior when dealing with shopping activities. • Balance between data utility and user privacy: we propose a privacy-preserving method based on the “k-means” algorithm and the “k-coRating” model to support the utility of data in online recommendations while preserving user’s privacy. • User interest constancy metric: we propose a neural network to predict the user’s interests in recommender systems. Our aim is to provide an efficient method that respects the constancy and variations in user preferences. In this thesis, we focus on four major contributions related to: 1) online payment platforms, 2) user behavior in online payments regarding decision making, multi-fears and cyber security 3) user interest constancy in online recommendations, 4) balance between privacy and utility of online data in recommender systems