Peer to Peer Mobile Coupons: Adding Incentives without Sacrificing Security

Mobile commerce is flourishing today due to the advance of the mobile technology. Many conventional marketing activities are moving their ways to the mobile environment. Efficient marketing instruments such as the paper coupons and the electronic coupons are also evolving into the mobile coupons. In comparison with conventional coupons, mobile coupons are personalized and suitable for peer to peer delivery. Coupons are commonly issued by the merchants, used by the interested customers, and discarded by the uninterested receivers. Raising the redemption rate of the coupon will increase the sales of the promoted items. The raise can be accomplished by forwarding coupons from uninterested receivers to potentially interested customers. The ease-of-use exchange mechanism in mobile devices pushes the delivery in the peer to peer environment. Moreover, the characteristic of personalization inspires trust into mobile coupons. Thus, adding the incentives of coupon forwarding, such as a reward bonus, may activate the movement of stationary coupons and eventually increase the redemption rate of mobile coupons. Nevertheless, the incentives adding may bring the threats of alterations and forgery; if the adding mechanism is improperly made. Additionally, complicated security means are hindered by the limitations of storage space, computation power, and communication bandwidth of mobile devices. Therefore, we propose a scheme that uses digital signatures for verifying the incentive-added coupons and design a hash chain to detect possible forgery. The proposed scheme may increase the use of peer to peer mobile coupons without sacrificing the security

IEEE 802.11 user fingerprinting and its applications for intrusion detection

AbstractEasy associations with wireless access points (APs) give users temporal and quick access to the Internet. It needs only a few seconds to take their machines to hotspots and do a little configuration in order to have Internet access. However, this portability becomes a double-edged sword for ignorant network users. Network protocol analyzers are typically developed for network performance analysis. Nonetheless, they can also be used to reveal user’s privacy by classifying network traffic. Some characteristics in IEEE 802.11 traffic particularly help identify users. Like actual human fingerprints, there are also unique traffic characteristics for each network user. They are called network user fingerprints, by tracking which more than half of network users can be connected to their traffic even with medium access control (MAC) layer pseudonyms. On the other hand, the concept of network user fingerprint is likely to be a powerful tool for intrusion detection and computer/digital forensics. As with actual criminal investigations, comparison of sampling data to training data may increase confidence in criminal specification. This article focuses on a survey on a user fingerprinting technique of IEEE 802.11 wireless LAN traffic. We also summarize some of the researches on IEEE 802.11 network characteristic analysis to figure out rogue APs and MAC protocol misbehaviors

Anonymous signature scheme

In order to hide the identity of a signer, an anonymous signaure scheme is presented in this paper. In this scheme, a signer located in a specified group produces a signautre on behalf of the group. The recipient can verify whether the signature is valid and comes from the specified group, while tracing the signature to its source is impossible. The proposed anonymous signature is similarly to ring signature in some respects, for example, there is no manager, and no revocation mechanism against signer\u27s anonymity. The most different between these two kinds of signatures is that the group in ring signature is adaptively constructed by the signer, while the group in our scheme is fixed

Identity-based anonymous designated ring signatures

In this paper, we propose the concept of identity-based anonymous designated ring signature. This concept extends the existing notion of ring signatures in two ways: firstly, it allows a member from the ring to sign a message directed to a designated verifier, but secondly, we would like to have an anonymous designated verifier. At a glance, these two additional properties seem contradictory, but we shall show an example of situation where this kind of primitive is required. We present a formal model of such a scheme, and proceed with a construction based on bilinear pairings. Our scheme is provably secure under the random oracle model

Contributions to privacy preserving with ring signatures

A ring signature is a cryptographic primitive that enables a signer to produce a signature without revealing his or her identity. In this thesis, we propose two ring signature schemes for privacy-preserving applications over the Internet. First we design a protocol that enables a ring signer to receive an acknowledgement from the verifer. We propose two constructions. With the basic construction, the verifer can send a message back to the original signer while keeping the latter\u27s identity hidden. Additionally, the verifer is assured that the signer is indeed the user in a group. We then extend our basic construction to a multi-party scenario. In the second construction, the verifer can discern a certain number of signers involved in the specific signature while their identities remain anonymous. We also investigate the possible applications of our schemes, such as in E-Commerce and Pay-TV. Then, we introduce the concept of identity-based anonymous designated ring signatures, which has not been studied before. This concept extends the existing notion of ring signatures in two ways: frstly, it allows a member of the ring to sign a message directed to a designated verifer. Secondly, we enable the concept of anonymous designated verifer. We show that it has useful applications in Peer-to-Peer networks and provide a construction based on bilinear pairings. Furthermore, we formulate a security model and prove the security of our proposed construction against a chosen message attack. We extend the scheme to construct a convertible version of the previous scheme, which enables a designated verifer to prove its participation in a particular session in case of dispute