M. Magdalena Payeras-Capellà

An Efficient Protocol for Certified Electronic Mail

Certified electronic mail is a kind of fair exchange of values: a message for a receipt. An exchange is fair if at the end of the exchange, either each party receives the item it expects or neither party receives any useful information about the others item. Fairness can be achieved through the involvement of a trusted third party (TTP). It is very interesting (and practical) the optimistic approach of involving a third party only in the case of exceptions: one party cannot obtain the expected item from the other party. Previous solutions using this approach implicitly assumed that players had reliable communication channels to the third party [2]. In this paper, we present an efficient (only three steps, the minimum), optimistic and fair protocol for certified electronic mail.

Efficient Optimistic N-Party Contract Signing Protocol

Contract signing is a fundamental service in the environment of the electronic commerce. It is a kind of fair exchange of values: a signature on a text contract for another signature on the same text. We present a fair protocol that requires the existence and possible involvement of a TTP (trusted third party), but it only intervenes in case of exception (it plays a subsidiary role). The protocol is the best solution to the date in terms of efficiency. We present and analyse a two-party and three-party version of the protocol, and we outline an N-party version. Finally, it is very simple and easy to understand. If we think that at the end some conflicts will be solved in courts, it is a non worthless characteristic.

A Realistic Protocol for Multi-party Certified Electronic Mail

In some cases, users need to notify the same information to multiple recipients, with the requirement that these recipients have to send an acknowledgement of receipt. In this paper we present an optimistic protocol for multi-party certified electronic mail. A Trusted Third Party (TTP) can take part in a protocol run, but only in case of exception. Fairness is guaranteed for all parties being involved in a transaction. At the end of a protocol run, every party possesses enough evidence to prove the final state of the exchange. Parties can contact the TTP when they want (without temporal constraints). The presented protocol is the best one in terms of efficiency: only three steps have to be followed in the exchange sub-protocol.

A Secure Automatic Fare Collection System for Time-based or Distance-based Services with Revocable Anonymity for Users

Automatic Fare Collection (AFC) systems calculate the fare that the users must pay depending on the time of service (time-based) or the points of entrance and exit of the system (distance-based). The progressive introduction of Information and Communication Technologies (ICT) allows the use of electronic tickets, which helps to reduce costs and improve the control of the infrastructures. Nevertheless, these systems must be secure against possible fraud and they must also preserve users’ privacy. Therefore, we have studied the security requirements for the timebased and distance-based systems and we have proposed a protocol for each of the AFC systems. The protocols offer strong privacy for honest users, i.e., the service provider is not able to disclose the identity of its users and, moreover, different journeys of the same user are not linkable between them. However, anonymity for users could be revoked if they misbehave. The protocols have been implemented in the Android mobile platform and its performance has been evaluated in two Android smartphones. The results remark that protocols are suitable to be used on AFC system with a medium class mobile device although they offer a better experience with a high-class smartphone. The appearance in the market of more powerful mobile devices suggests a better usability of our proposal in a near future.

An efficient anonymous scheme for secure micropayments

Micropayment systems allow payments of low value. Low cost for transaction is the main requirement for micropayments. For this reason, anonymity, a desired feature, is difficult to implement in micropayment systems. This paper presents an anonymous and untraceable micropayment system that offers low transactional costs while the use of secure protocols avoids financial risks. The efficient anonymity is achieved thanks to the use of a double spending prevention technique. Finally, the bank behavior can be verified.

Optimality in Asynchronous Contract Signing Protocols

Garay et alter [9] prove that for the multi-party contract signing with n participants, at least n rounds are necessary. To date, the best solution is Baum-Waidner’s scheme [6], with t+2 rounds (where t is the number of dishonest signatories, so with t=n–1, the number of rounds is n+1). Here, we propose an optimal solution with exactly n rounds. On the other hand, Pfitzmann et alter [10] state that “there is no asynchronous optimistic contract signing scheme with three messages in the optimistic case”. However, it seems that Ferrer et alter [7] invalidate the previous theorem with a counterexample, presenting an asynchronous protocol with only three messages. In this paper, we clarify this apparent contradiction.

On the practicability of using group signatures on mobile devices: implementation and performance analysis on the android platform

A group signature is a convenient cryptographic primitive to tackle with authentication and privacy problems. In the literature, it is used as an underlying black box by several theoretical proposals of secure applications and services, such as e-cash schemes, automatic fare collection systems and so on. However, there is a lack of implementations of group signature proposals to test their applied efficiency instead of purely show their mathematical complexity analysis. In this paper, we present, to the best of our knowledge, the first complete implementation and performance analysis of two group signature schemes on mobile devices: the pairing-based group signature due to Boneh et al. (referenced as BBS scheme) and the state-of-the-art non-pairing group signature by Ateniese et al. (called ACJT scheme). We test both implementations and we analyze their performance on a conventional laptop and two Android smartphones, comparing the gathered results to provide some interesting insights about which security parameter configurations perform better. This implementation expects to be useful so as to gain practice to know which is the real impact of using group signatures to the performance of applications, especially those used on mobile devices.

Untraceable, anonymous and fair micropayment scheme

The development of new applications of electronic commerce (e-commerce) that require the payment of small amounts of money to purchase services or goods opens new challenges in the security and privacy fields. This kind of payments are called micropayments and they have to provide a tradeoff between efficiency and security requirements to pay low-value items. In this paper we present a new efficient and secure micropayment scheme which fulfils the security properties that guarantee no financial risk for merchants and the privacy of the customers. In addition, the proposed system defines a fair exchange between the micropayment and the desired good or service. In this fair exchange, the anonymity and untraceability of the customers are assured. Finally, customers can request a refund whether they are no more interested on the services offered by merchants.

Anonymous and Fair Micropayment Scheme with Protection against Coupon Theft

The development of new applications of electronic commerce (e-commerce) that require the payment of small amounts of money to purchase services or goods opens new challenges in the security and privacy fields. These payments are called micropayments and they provide a trade-off between efficiency and security requirements to pay low-value items. It is usual to assume low value fraud to achieve efficiency in micropayment systems. In this paper the authors present an improved version of an efficient and secure micropayment scheme which fulfils the security properties that guarantee no financial risk for merchants and the privacy of the customers. In addition, the proposed system defines a fair exchange between the coin and the desired good or service. In this fair exchange, the anonymity and untraceability of the customers are assured. Moreover, customers can request a refund whether they are no more interested on the services offered by merchants. As a novelty, an improvement of the scheme avoids customers to fraudulently use a refund operation to gain a little amount of money (called coupon). Thus, a new resolution subprotocol allows the merchant to avoid the loss of any single coupon.

A Secure Multicoupon Solution for Multi-merchant Scenarios

Electronic multicoupons are the equivalent of paper-based coupons booklets, offered to customers in order to achieve discounts or gifts from one or more merchants for goods or services. To date, most of the previous proposals have focused in scenarios where multiple customers can interact with a single merchant. But this restriction is a serious drawback for the expansion of the use of electronic coupons, since each customer needs a preestablished relationship with each merchant. In this paper, we propose a new multicoupon scheme for multi-merchant scenarios, preserving security properties of previous single merchant schemes, but enhancing the efficiency and the security of the few solutions that deal with multi-merchant scenarios.