Migration control for mobile agents based on passport and visa

Research on mobile agents has attracted much attention as this paradigm has demonstrated great potential for the next-generation e-commerce. Proper solutions to security-related problems become key factors in the successful deployment of mobile agents in e-commerce systems. We propose the use of passport and visa (P/V) for securing mobile agent migration across communities based on the SAFER e-commerce framework. P/V not only serves as up-to-date digital credentials for agent-host authentication, but also provides effective security mechanisms for online communities to control mobile agent migration. Protection for mobile agents, network hosts, and online communities is enhanced using P/V. We discuss the design issues in details and evaluate the implementation of the proposed system

Integration of Blockchain and Auction Models: A Survey, Some Applications, and Challenges

In recent years, blockchain has gained widespread attention as an emerging technology for decentralization, transparency, and immutability in advancing online activities over public networks. As an essential market process, auctions have been well studied and applied in many business fields due to their efficiency and contributions to fair trade. Complementary features between blockchain and auction models trigger a great potential for research and innovation. On the one hand, the decentralized nature of blockchain can provide a trustworthy, secure, and cost-effective mechanism to manage the auction process; on the other hand, auction models can be utilized to design incentive and consensus protocols in blockchain architectures. These opportunities have attracted enormous research and innovation activities in both academia and industry; however, there is a lack of an in-depth review of existing solutions and achievements. In this paper, we conduct a comprehensive state-of-the-art survey of these two research topics. We review the existing solutions for integrating blockchain and auction models, with some application-oriented taxonomies generated. Additionally, we highlight some open research challenges and future directions towards integrated blockchain-auction models

Blockchain-based distributive auction for relay-assisted secure communications

Physical layer security (PLS) is considered as a promising technique to prevent information eavesdropping in wireless systems. In this context, cooperative relaying has emerged as a robust solution for achieving PLS due to multipath diversity and relatively lower transmission power. However, relays or the relay operators in the practical environment are unwilling for service provisioning unless they are incentivized for their cost of services. Thus, it is required to jointly consider network economics and relay cooperation to improve system efficiency. In this paper, we consider the problem of joint network economics and PLS using cooperative relaying and jamming. Based on the double auction theory, we model the interaction between transmitters seeking for a particular level of secure transmission of information and relay operators for suitable relay and jammer assignment, in a multiple source-destination networks. In addition, theoretical analyses are presented to justify that the proposed auction mechanism satisfies the desirable economic properties of individual rationality, budget balance, and truthfulness. As the participants in the traditional centralized auction framework may take selfish actions or collude with each other, we propose a decentralized and trustless auction framework based on blockchain technology. In particular, we exploit the smart contract feature of blockchain to construct a completely autonomous framework, where all the participants are financially enforced by smart contract terms. The security properties of the proposed framework are also discussed

Online English Auction Scheme

Online English auction is most familiar and mostly used online auction process in the present scenario. It is the most efficient auction process which gives most desirable results in terms of revenue. Our scheme involves three parties, namely the Registration Manager(RM), Auction Manager(AM), and Bidder(B). The Registration Manager publicizes the parameters to register the bidders, allowing them to participate in the bidding process. It also protects the bidding rights and manages the information on the key. The Auction Manager is responsible for conducting the bidding after the registration is over. Our proposed scheme satisfies the following features such as anonymity, no framing, unforgeability, non-repudiation, fairness, public verifiability, one-time registration, and easy revocation. The scheme uses Discrete Logarithmic Problem (DLP) and Secure Hash Algorithm (SHA-1) as hash function

A Market-Based Model for Resource Allocation in Agent Systems

In traditional computational systems, resource owners have no incentive to subject themselves to additional risk and congestion associated with providing service to arbitrary agents, but there are applications that benefit from open environments. We argue for the use of markets to regulate agent systems. With market mechanisms, agents have the abilities to assess the cost of their actions, behave responsibly, and coordinate their resource usage both temporally and spatially. \par We discuss our market structure and mechanisms we have developed to foster secure exchange between agents and hosts. Additionally, we believe that certain agent applications encourage repeated interactions that benefit both agents and hosts, giving further reason for hosts to fairly accommodate agents. We apply our ideas to create a resource-allocation policy for mobile-agent systems, from which we derive an algorithm for a mobile agent to plan its expenditure and travel. With perfect information, the algorithm guarantees the agent\u27s optimal completion time. \par We relax the assumptions underlying our algorithm design and simulate our planning algorithm and allocation policy to show that the policy prioritizes agents by endowment, handles bursty workloads, adapts to situations where network resources are overextended, and that delaying agents\u27 actions does not catastrophically affect agents\u27 performance

Blockchain-Coordinated Frameworks for Scalable and Secure Supply Chain Networks

Supply chains have progressed through time from being limited to a few regional traders to becoming complicated business networks. As a result, supply chain management systems now rely significantly on the digital revolution for the privacy and security of data. Due to key qualities of blockchain, such as transparency, immutability and decentralization, it has recently gained a lot of interest as a way to solve security, privacy and scalability problems in supply chains. However conventional blockchains are not appropriate for supply chain ecosystems because they are computationally costly, have a limited potential to scale and fail to provide trust. Consequently, due to limitations with a lack of trust and coordination, supply chains tend to fail to foster trust among the network’s participants. Assuring data privacy in a supply chain ecosystem is another challenge. If information is being shared with a large number of participants without establishing data privacy, access control risks arise in the network. Protecting data privacy is a concern when sending corporate data, including locations, manufacturing supplies and demand information. The third challenge in supply chain management is scalability, which continues to be a significant barrier to adoption. As the amount of transactions in a supply chain tends to increase along with the number of nodes in a network. So scalability is essential for blockchain adoption in supply chain networks. This thesis seeks to address the challenges of privacy, scalability and trust by providing frameworks for how to effectively combine blockchains with supply chains. This thesis makes four novel contributions. It first develops a blockchain-based framework with Attribute-Based Access Control (ABAC) model to assure data privacy by adopting a distributed framework to enable fine grained, dynamic access control management for supply chain management. To solve the data privacy challenge, AccessChain is developed. This proposed AccessChain model has two types of ledgers in the system: local and global. Local ledgers are used to store business contracts between stakeholders and the ABAC model management, whereas the global ledger is used to record transaction data. AccessChain can enable decentralized, fine-grained and dynamic access control management in SCM when combined with the ABAC model and blockchain technology (BCT). The framework enables a systematic approach that advantages the supply chain, and the experiments yield convincing results. Furthermore, the results of performance monitoring shows that AccessChain’s response time with four local ledgers is acceptable, and therefore it provides significantly greater scalability. Next, a framework for reducing the bullwhip effect (BWE) in SCM is proposed. The framework also focuses on combining data visibility with trust. BWE is first observed in SC and then a blockchain architecture design is used to minimize it. Full sharing of demand data has been shown to help improve the robustness of overall performance in a multiechelon SC environment, especially for BWE mitigation and cumulative cost reduction. It is observed that when it comes to providing access to data, information sharing using a blockchain has some obvious benefits in a supply chain. Furthermore, when data sharing is distributed, parties in the supply chain will have fair access to other parties’ data, even though they are farther downstream. Sharing customer demand is important in a supply chain to enhance decision-making, reduce costs and promote the final end product. This work also explores the ability of BCT as a solution in a distributed ledger approach to create a trust-enhanced environment where trust is established so that stakeholders can share their information effectively. To provide visibility and coordination along with a blockchain consensus process, a new consensus algorithm, namely Reputation-based proof-of cooperation (RPoC), is proposed for blockchain-based SCM, which does not involve validators to solve any mathematical puzzle before storing a new block. The RPoC algorithm is an efficient and scalable consensus algorithm that selects the consensus node dynamically and permits a large number of nodes to participate in the consensus process. The algorithm decreases the workload on individual nodes while increasing consensus performance by allocating the transaction verification process to specific nodes. Through extensive theoretical analyses and experimentation, the suitability of the proposed algorithm is well grounded in terms of scalability and efficiency. The thesis concludes with a blockchain-enabled framework that addresses the issue of preserving privacy and security for an open-bid auction system. This work implements a bid management system in a private BC environment to provide a secure bidding scheme. The novelty of this framework derives from an enhanced approach for integrating BC structures by replacing the original chain structure with a tree structure. Throughout the online world, user privacy is a primary concern, because the electronic environment enables the collection of personal data. Hence a suitable cryptographic protocol for an open-bid auction atop BC is proposed. Here the primary aim is to achieve security and privacy with greater efficiency, which largely depends on the effectiveness of the encryption algorithms used by BC. Essentially this work considers Elliptic Curve Cryptography (ECC) and a dynamic cryptographic accumulator encryption algorithm to enhance security between auctioneer and bidder. The proposed e-bidding scheme and the findings from this study should foster the further growth of BC strategies

Development of an ECDLP based Traceable Blind Signature Scheme and its Application to E-Auction.

With the increase in internet users, E-Commerce has been grown exponentially in recent years. E-Auction is one among them. But its security and robustness is still a challenge. The electronic auction centers remain to be insecure and anonymity, bid privacy and other requirements are under the threat by malicious hackers. Any auction protocol must not leak the anonymity and bid privacy of an honest bidder. Keeping these requirements in mind, we have proposed a new electronic auction scheme using blind signature. Moreover our scheme is based upon elliptic curve cryptography which provides similar level of security with comparatively smaller key size. Due to the smaller key size, the space requirement can be reduced which further allows our E-Auction scheme to implement in a mobile application which has a constrained environment like low bandwidth, memory and computational power. Blind signature is a special kind of digital signature where the message privacy can be retained by blinding the message and getting a signature on that. It can be universally verifiable and signer can’t repudiate of signing the document. Moreover it also satisfies the integrity and authenticity of the message. Due to these features of a blind signature, it can easily be applied on an E-Auction scheme. So we have proposed an efficient blind signature protocol according to the requirements of E-Auction which is based upon the hard problem of solving elliptic curve discrete logarithm problem(ECDLP). Then we have successfully applied it in our E-Auction scheme. In this thesis, we developed an Elliptic Curve Discrete Logarithm Problem (ECDLP) based blind signature scheme which can be implemented on our E-Auction protocol. Both the schemes are proved to be resistant to active attacks and satisfies the requirements which are necessary for online auction

An Approach to Guide Users Towards Less Revealing Internet Browsers

When browsing the Internet, HTTP headers enable both clients and servers send extra data in their requests or responses such as the User-Agent string. This string contains information related to the sender’s device, browser, and operating system. Previous research has shown that there are numerous privacy and security risks result from exposing sensitive information in the User-Agent string. For example, it enables device and browser fingerprinting and user tracking and identification. Our large analysis of thousands of User-Agent strings shows that browsers differ tremendously in the amount of information they include in their User-Agent strings. As such, our work aims at guiding users towards using less exposing browsers. In doing so, we propose to assign an exposure score to browsers based on the information they expose and vulnerability records. Thus, our contribution in this work is as follows: first, provide a full implementation that is ready to be deployed and used by users. Second, conduct a user study to identify the effectiveness and limitations of our proposed approach. Our implementation is based on using more than 52 thousand unique browsers. Our performance and validation analysis show that our solution is accurate and efficient. The source code and data set are publicly available and the solution has been deployed