Changjie Wang

A commutative encrypted protocol for the privacy protection of watermarks in digital contents

Analysis by Forrester research revealed that 18% of global exports will flow online in 2004 and that the volume of e-commerce will surpass

Secure Double Auction Protocols with Full Privacy Protection

400 billion. Digital rights protection is a major issue in the e-commerce of multimedia contents. Watermarking technology has been proposed as a promising enabling technology for the rights protection of multimedia digital contents. A unique watermark is embedded in each piece of multimedia contents before it is distributed to a customer. When unauthorized copies of a piece of contents are found, the customer who owns the contents can be readily identified by means of the embedded watermark. However, the unauthorized copies may also come from the content provider itself. It is therefore a challenging problem to determine whether an unauthorized copy is distributed by an unethical customer or by an unethical content provider. In this paper, we propose a watermarking protocol to address the problem using cryptographic technologies. Our protocol employs a commutative encryption algorithm to protect the privacy of watermarks. Information is doubly locked by two encryption keys kept separately by a customer and a content provider. In the protocol, a customer only gets a piece of watermarked multimedia contents in a transaction and the content provider has no idea how the watermark is formed. This facilitates the authority to determine the unethical party in case of unauthorized distribution of digital contents. We also discuss a couple of common attacks and show that our protocol can defend successfully against them.

Anonymity and security in continuous double auctions for Internet retails market

Many researches have been done on the strategies of double auctions, an important class of auction protocols that permit multiple buyers and sellers to trade simultaneously in a market. Some well designed dominant-strategy incentive compatible double auction protocols have been proposed. However, the security and the privacy issues in double auctions are seldom studied in the literatures. In this paper, we propose secure double auction protocols, which achieve full privacy protection of participants. That is, each bid/ask information is always kept secret, even when there is any collusion of participants. It is clear that our suggestion is stronger than other previous work in which assumptions that certain auctioneers never collude are made. To achieve full privacy protection, we employ homomorphic ElGamal encryption and distribute the private key among the all participants. In such a way, all participants jointly compute the outcome of the double auction without revealing any additional bid/ask information. Also, the proposed protocol is publicly verifiable, so that the robustness is assured. The communication and computation complexity of the proposed protocols are analyzed.

A private and efficient mobile payment protocol

Electronic auctions have become an integral part of electronic commerce nowadays. Besides the popular single-sided auction protocols, i.e. English auction, Vickrey auction etc., continuous double auction (CDA) is an important auction protocol that permits multiple buyers and sellers to trade goods. Internet CDAs have been widely used in financial and commodities markets. Although Internet provides an excellent infrastructure for CDAs, anonymity and security are important issues in the electronic CDA marketplaces. While most studies have been focusing on the strategies in agent-oriented CDAs (Friedman and Rust, 1992; He and Leung, 2001; Cliff and Bruten, 1998; and Preist and van Tol, 1998), relatively little research has been done on the privacy and security issues. In this paper, we first discuss the privacy and security issues in electronic CDAs, and propose that the security requirements in electronic CDAs include anonymity, traceability, impossibility of impersonation, unforgeablility, and verifiability. We then describe an anonymous and secure CDA protocol for electronic marketplaces. In the new protocol, both the anonymity of traders and the traceability of false offers are achieved. The identities of normal traders and their bidding behaviors are protected, while the identities of malicious traders can be revealed. With a simple analysis, we show that our CDA scheme satisfies all the required security.

Mobile agents for secure electronic commerce transactions with privacy protection of the customers

Many secure electronic payment protocols have been proposed, most of which are based on public key cryptograph. These protocols, however, are not suitable for mobile network due to the limitations of mobile environments, such as limited computation capability of mobile devices, limited bandwidth, etc. In this paper, we propose a private and efficient payment protocol for mobile network, which only involves symmetric key algorithm, such as symmetric encryption, hash function and keyed hash function. All these operations can be implemented on mobile devices feasibly. The proposed protocol also achieves completely privacy protection of buyers, which is one of the important requirements in mobile commerce. First, the identity of the buyer is protected from the merchant. Second, the transaction privacy of the buyer, such as what the buyer buys, and whom the buyer buys from, are also protected from any other parties and financial institutions. By giving a security analysis, we show that our protocol satisfies all security requirements in electronic payment.

Shared-Key Signature and Its Application to Anonymous Authentication in Ad Hoc Group

It is believed that the mobile agent technology is going to play an important role in future electronic commerce due to the characteristics of mobility and autonomy of the agents, which make it ideal for electronic commerce applications in open network environment. However, a couple of security issues need to be tackled before we can employ mobile agents in real life commercial applications. Some schemes have been proposed to solve the security problems in mobile agent paradigm, such as the undetachable signature scheme, the secure agent scheme using proxy signature and others. Most of the current work, however, mainly focus on the protection of the private key of the customer from the malicious servers, while the other related security issues in electronic commerce, say, privacy protection of the customer, are seldom considered. In this paper, we summarize the security requirements for mobile agent-based electronic transactions and propose a new secure mobile agent scheme for electronic commercial transactions with privacy protection of the customer. With a security analysis, we show that the proposed scheme satisfies all security requirements.

t -out-of- n string/bit oblivious transfers revisited

We formalize the notion of shared-key signatures, which makes it possible to anonymously sign any message with verification by a shared common public key. Unlike group signatures, shared-key signatures require no group manager or other third party to help the group members to generate signing keys. Also unlike ring signatures, shared-key signatures have no special structure such as a ring and the signing and verification procedures are the same as those of the ordinary signatures. In addition, they can be easily transformed into interactive authentication protocols while the ring signatures cannot. A concrete construction of such signatures is proposed based on Weak Dependence Problem (WDP). Since WDP is NP-complete and many researchers believe that NPC problems are intractable even in the quantum computation model, our scheme may be used to sign the documents requiring a longer-term validity with anonymity.

Use of cryptographic technologies for privacy protection of watermarks in internet retails of digital contents

In this paper, we focus on lowering the complexity of t-out-of-n string/bit OTs for large t. The notion of oblivious public-key cryptosystem (OPKC) is introduced, in which Bob possesses n public keys but only t private keys and no one knows which t private keys Bob possesses. If the sender, say, Alice, encrypts each message using the n oblivious public keys, resp., the receiver, Bob, can obtain only t messages by t decryptions with his known t private keys. This approach can be directly applied to t-out-of-n bit OT. However, it is very inefficient due to heavy message expansion and many encryption/decryption operations. To construct t-out-of-n bit OT, we introduce bit oblivious public-key cryptosystem (BOPKC), which is a special public-key cryptosystem with a message space of n bits, and the private key only enables its owner to decrypt t bits of n secret bits. After an offline generation of such a BOPKC, it requires only one encryption, one decryption and one ciphertext. Finally, we show the concrete implementations of OPKC/BOPKC based on ElGamal/Paillier cryptosystem, and efficient t-out-of-n string/bit OTs are achieved.

Use of cryptographic technologies for privacy protection of watermarks in Internet retails of digital contents

In this paper, we propose an implementation of secure watermarking protocol using cryptographic technologies for use in real-life Internet retail market of digital contents, in which there is no trust assumption between a customer and a digital content provider. The blind RSA decryption algorithm is used in our scheme to doubly lock the information by the public key of the content provider and the secret numbers of the customer separately. The privacy of watermark pattern is maintained, while the digital rights of the contents provider are protected. This is achieved by allowing the customer to choose a secret pattern of watermark combination unknown to the content provider. Consequently, the quality of the watermarked digital contents can be guaranteed. We show that the protocol is secure against any possible attacks from the customer and the content provider. Moreover, the dispute resolution process becomes mechanical.

Anonymity and Security Support for Persistent Enterprise Conversation

In this paper, we propose an implementation of secure watermarking protocol using cryptographic technologies for use in real-life Internet retail market of digital contents, in which there is no trust assumption between a customer and a digital content provider. The blind RSA decryption algorithm is used in our scheme to doubly lock the information by the public key of the content provider and the secret numbers of the customer separately. The privacy of watermark pattern is maintained, while the digital rights of the contents provider are protected. This is achieved by allowing the customer to choose a secret pattern of watermark combination unknown to the content provider. Consequently, the quality of the watermarked digital contents can be guaranteed. We show that the protocol is secure against any possible attacks from the customer and the content provider. Moreover, the dispute resolution process becomes mechanical.