Ernest Foo

Off-Line Fair Payment Protocols Using Convertible Signatures

An exchange or payment protocol is considered fair if neither of the two parties exchanging items or payment at any time during the protocol has a significant advantage over the other entity. Fairness is an important property for electronic commerce. This paper identifies a design framework based on existing fair protocols which use offline trusted third parties, but with convertible signatures as the underlying mechanism. We show that in principle any convertible signature scheme can be used to design a fair payment protocol. A specific protocol is detailed based on RSA undeniable signatures which is more efficient than other similar fair payment schemes. Furthermore, in this protocol the final signature obtained is always an ordinary RSA signature.

Toward non-parallelizable client puzzles

Client puzzles have been proposed as a useful mechanism for mitigating denial of service attacks on network protocols. Several different puzzles have been proposed in recent years. This paper reviews the desirable properties of client puzzles, pointing out that there is currently no puzzle which satisfies all such properties. We investigate how to provide the property of non-parallelizability in a practical puzzle. After showing that obvious ideas based on hash chains have significant problems, we propose a new puzzle based on the subset sum problem. Despite some practical implementation issues, this is the first example that satisfies all the desirable properties for a client puzzle.

RSDA: Reputation-Based Secure Data Aggregation in Wireless Sensor Networks

Wireless Sensor Networks (WSNs) are a new technology that is expected to be used in the near future due to its cheap cost and data processing ability. However, securing WSNs with traditional cryptographic mechanism is insufficient because of the existing limited resources and the lack of tamper resistant hardware. In this paper, we propose a Reputation-based Secure Data Aggregation for WSNs (RSDA) that integrates aggregation functionality with the advantages provided by a reputation system to enhance the network lifetime and the accuracy of the aggregated data. We bind symmetric secret keys to geographic locations and assign these keys to sensor nodes based on their locations. RSDA therefore can resist an adversary that is capable to compromise up to W sensor nodes in total with no more than t -1 compromised nodes in any cell.

An Improved Forward Integrity Protocol for Mobile Agents

Forward integrity is an important mobile agent security property. Forward integrity in mobile agents guarantees that results contained in a mobile agent from previously visited servers cannot be changed by a malicious server. Many mobile agent forward integrity protocols are based on a protocol family proposed by Karjoth et al.. This paper identifies a “colluding servers” attack on these protocols where two (or more) visited servers can conspire to modify the existing collected data from other servers. We propose an improved Karjoth protocol by applying split-knowledge when constructing digital signatures, which can defend against the colluding servers attack.

A Survey and Analysis of the GNSS Spoofing Threat and Countermeasures

Detection and prevention of global navigation satellite system (GNSS) “spoofing” attacks, or the broadcast of false global navigation satellite system services, has recently attracted much research interest. This survey aims to fill three gaps in the literature: first, to assess in detail the exact nature of threat scenarios posed by spoofing against the most commonly cited targets; second, to investigate the many practical impediments, often underplayed, to carrying out GNSS spoofing attacks in the field; and third, to survey and assess the effectiveness of a wide range of proposed defences against GNSS spoofing. Our conclusion lists promising areas of future research.

A Forward and Backward Secure Key Management in Wireless Sensor Networks for PCS/SCADA

Process Control Systems (PCSs) or Supervisory Control and Data Acquisition (SCADA) systems have recently been added to the already wide collection of wireless sensor networks applications. The PCS/SCADA environment is somewhat more amenable to the use of heavy cryptographic mechanisms such as public key cryptography than other sensor application environments. The sensor nodes in the environment, however, are still open to devastating attacks such as node capture, which makes designing a secure key management challenging. In this paper, a key management scheme is proposed to defeat node capture attack by offering both forward and backward secrecies. Our scheme overcomes the pitfalls which Nilsson et al.’s scheme suffers from, and is not more expensive than their scheme.

Using Recoverable Key Commitment to Defend Against Truncation Attacks in Mobile Agents

Protection of data integrity in mobile agents has drawn much attention in recent years. Various degrees of agent data integrity have been achieved by a number of proposed schemes. A known vulnerability of these published techniques is the truncation attack. In the truncation attack, either two visited hosts collude to discard the partial results collected between their respective visits, or one revisited server deletes all entries between its two visits. In this paper we propose a “recoverable key commitment” technique to effectively defend against the truncation attack. It also prevents other known attacks such as modification, insertion and deletion.

Detachable Electronic Coins

We propose a non-divisible electronic cash system that combines the restrictive blind signature technique and a batch signature scheme based upon the binary tree structure. Contemporary electronic cash solutions rely on the divisibility paradigm to achieve significant computational savings, and such techniques are considered to be the most efficient. We demonstrate an alternative approach that employs batch cryptography to withdraw and spend multiple coins. This approach provides a set of alternative primitives for an electronic cash system that possesses comparable efficiency to the most efficient divisible based schemes.

Designing secure e-tendering systems

Security requirements for e-tendering systems have not been closely scrutinised in the literature. This paper identifies key issues to be addressed in the design of secure e-tendering systems. In particular, the issues of secure timing and record keeping are raised. This paper also classifies existing e-tendering system designs by presenting common e-tendering architectures. A new e-tendering architecture, using distributed trusted third parties is proposed which may be suitable for secure large scale operations.

Linkability in Practical Electronic Cash Design

Designing a practical and complete electronic cash scheme has proved difficult. Designs must seek to optimise often conflicting metrics such as efficiency, anonymity, the ability to make exact payments. Gains in one area often result in a loss in one or more other areas. Several schemes have accepted linkability of some payments as a concession to getting the balance right. A point that has not been highlighted is the problem of preventing linking between payments made with different linkable coins. This paper reviews several electronic cash schemes which have the linkability property and concludes that linking across coins is of significant practical concern. Design improvements are suggested along with observations regarding the users active role in preserving anonymity.