A secure archive for Voice-over-IP conversations

An efficient archive securing the integrity of VoIP-based two-party conversations is presented. The solution is based on chains of hashes and continuously chained electronic signatures. Security is concentrated in a single, efficient component, allowing for a detailed analysis.Comment: 9 pages, 2 figures. (C) ACM, (2006). This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in Proceedings of VSW06, June, 2006, Berlin, German

Migration control for mobile agents based on passport and visa

Research on mobile agents has attracted much attention as this paradigm has demonstrated great potential for the next-generation e-commerce. Proper solutions to security-related problems become key factors in the successful deployment of mobile agents in e-commerce systems. We propose the use of passport and visa (P/V) for securing mobile agent migration across communities based on the SAFER e-commerce framework. P/V not only serves as up-to-date digital credentials for agent-host authentication, but also provides effective security mechanisms for online communities to control mobile agent migration. Protection for mobile agents, network hosts, and online communities is enhanced using P/V. We discuss the design issues in details and evaluate the implementation of the proposed system

Development of Time-Stamped Signcryption Scheme and its Application in E-Cash System

A signcryption scheme combining public key encryptions and digital signatures in one logical step can simultaneously satisfy the security requirements of confidentiality, integrity, authenticity and non-repudiation and with a cost significantly lower than that required by the traditional "signature followed by encryption" approach. This thesis presents a new generic concept of time-stamped signcryption scheme with designated verifiability. Here an authenticated time-stamp is associated with the signcrypted text which can only be verifiable by a specific person, known as the designated verifier. The time-stamp is provided by a trusted third party, namely, Time Stamping System (TSS). The scheme is proved to be secure, as, no one, not even the signcrypter or TSS can produce a valid signcrypted text on behalf of them. We analyzed the security of the proposed scheme and found that it can withstand some active attacks. This scheme is resistant against both inside and outside attacks. The security of our scheme is based upon the hardness of solving Computational Diffie Hellman Problem (CDH), Discrete Logarithm Problem (DLP) and Integer Factorization Problem (IFP). The proposed scheme is suitable in scenarios such as, on-line patent submission, on-line lottery, e-cash, e-bidding and other e-commerce applications. Also we propose an e-cash system based on our proposed time-stamped signcryption scheme which confirms the notion of e-cash securities like anonymity of the spender, unforgeablity of the digital coin, prevention of double spending

Settlement in modern network-based payment infrastructures – description and prototype of the E-Settlement model

Payment systems are undergoing rapid and fundamental changes stimulated largely by technological progress especially distributed network technology and real-time processing. Internet and e-commerce will have a major impact on payment systems in the future. User demands and competition will speed up developments. Payment systems will move from conventions that were originally paper-based to truly network-based solutions. This paper presents a solution – E-Settlement – for improving interbank settlement systems. It is based on a decentralised approach to be fully integrated with the banks’ payment systems. The basic idea is that central bank money, the settlement cover, is transferred as an encrypted digital stamp as part of the interbank payment message. The future payment systems would in this model operate close to the Internet/e-mail concept by sending payment messages directly from the sending bank’s account/payment server to the system of the receiving bank with immediate final interbank settlement without intervening centralised processing. Payment systems would become more efficient and faster and the overall structure would be come straightforward. The E-Settlement and network-based system concept could be applied with major benefits for correspondent banking, ACH and RTGS processing environments. In order to assess this novel idea the Bank of Finland built a prototype of the E-Settlement model. It consist of a group of emulated banks sending payments to each other via a TCP/IP network under the control of a central bank as the liquidity provider and an administration site monitoring the system security. This paper contains an introduction to network-based payment systems and E-Settlement, the specifications of the E-Settlement model and the description, results and experiences of the actual E-Settlement prototype.network-based payment systems; settlement systems; interbank settlement; payment system integration

Time stamped Digital Signature Scheme with Message Recovery & Its Application in E-Cash System

We propose a Timestamped signature scheme which can be verified universally using signer’s public parameters. A trusted third party, the Timestamping System provides timestamp to a signature without even knowing the content of the document. The proposed scheme can withstand active attacks, such as forgery attack and chosen cipher text attack. It also provides the message recovery feature, i.e., from the timestamped signature, the message can be recovered by the receiver. Hence, the message need not be sent with the signature. The suggested scheme do not require any hash function and there by reduces the verification cost as compared to existing schemes at the expense of marginal increase in signature generation cost. Further, the scheme is more secured as its security lies in solving three computationally hard assumptions Performance analysis of both the schemes has been carried out in details. We applied the Time-stamped signature scheme with Message recovery in Ecash syste