Intrusion-Resilient Undetachable Digital Signature for Mobile-Agent-Based Collaborative Business Systems

Mobile agents are useful in collaborative business systems due to their mobility and autonomy, which can roam over the Internet to purchase goods and services on behalf of their owners. However, given attacks from a malicious host, it is a challenge to securely sign a contract on behalf of the owner (the original signer). In this paper, we propose an intrusion-resilient undetachable digital signature (IR-UDS) approach to mitigate the security risk of signing key leakage on the signer's host, base device, and potentially malicious remote hosts, as well as the risk of misusing the signing algorithm on remote hosts. An attacker will be unable to forge the past and future signatures as long as the base device is secure, even if the current signing key of the original signer has been gained. When the base device is compromised, although the future signatures could be forged, all past signatures remain secure. Furthermore, the encrypted signing function has been combined with the original signer's requirement to prevent the misuse of signing algorithm and the exposure of original signing key on malicious hosts. Security analysis has indicated that our scheme can defeat a variety of attacks, and experimental evaluations have demonstrated the good performance of the scheme.

[1]  Yang Shi,et al.  A security scheme of electronic commerce for mobile agents uses undetachable digital signatures , 2004, InfoSecu '04.

[2]  Volker Roth,et al.  Perspectives on Electronic Commerce with Mobile Agents , 2007 .

[3]  Fritz Hohl,et al.  Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Hosts , 1998, Mobile Agents and Security.

[4]  Yang Shi,et al.  Secure Mobile Agents in Electronic Commerce by Using Undetachable Signatures from Pairings , 2004, ICEB.

[5]  Christian F. Tschudin,et al.  Protecting Mobile Agents Against Malicious Hosts , 1998, Mobile Agents and Security.

[6]  Qin Liu,et al.  An Obfuscatable Designated Verifier Signature Scheme , 2017, IEEE Transactions on Emerging Topics in Computing.

[7]  Song Han,et al.  Secure e-transactions using mobile agents with agent broker , 2005, Proceedings of ICSSSM '05. 2005 International Conference on Services Systems and Services Management, 2005..

[8]  Jemal H. Abawajy,et al.  Secure Multi-Attribute One-to-Many Bilateral Negotiation Framework for E-Commerce , 2018, IEEE Transactions on Services Computing.

[9]  Wang Zhe A proxy signature and proxy blind signature scheme based on elliptic curve , 2002 .

[10]  Jie Lin,et al.  Key-Insulated Undetachable Digital Signature Scheme and Solution for Secure Mobile Agents in Electronic Commerce , 2016, Mob. Inf. Syst..

[11]  Wensheng Zhang,et al.  Large-Scale Online Multitask Learning and Decision Making for Flexible Manufacturing , 2016, IEEE Transactions on Industrial Informatics.

[12]  Rajwinder Singh,et al.  Antecedence Graph Approach to Checkpointing for Fault Tolerance in Mobile Agent Systems , 2013, IEEE Transactions on Computers.

[13]  Chris J. Mitchell,et al.  Undetachable Threshold Signatures , 2001, IMACC.

[14]  Jung Hee Cheon,et al.  An Identity-Based Signature from Gap Diffie-Hellman Groups , 2003, Public Key Cryptography.

[15]  Qin Liu,et al.  Protecting Encrypted Signature Functions Against Intrusions on Computing Devices by Obfuscation , 2016, IEEE Access.

[16]  Yang Shi,et al.  Secure Mobile Agents in eCommerce with Forward‐Secure Undetachable Digital Signatures , 2015 .

[17]  Satoshi Hada,et al.  Secure Obfuscation for Encrypted Signatures , 2010, EUROCRYPT.

[18]  Mihai Horia Zaharia,et al.  Research stakeholders identification using an mobile agent's framework , 2017, Expert Syst. Appl..

[19]  Jose L. Muñoz,et al.  An infrastructure for detecting and punishing malicious hosts using mobile agent watermarking , 2011, Wirel. Commun. Mob. Comput..

[20]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[21]  Panayiotis Kotzanikolaou,et al.  Secure Transactions with Mobile Agents in Hostile Environments , 2000, ACISP.

[22]  Yang Shi,et al.  An Undetachable Threshold Digital Signature Scheme Based on Conic Curves , 2013 .

[23]  Jacques Stern,et al.  Security Arguments for Digital Signatures and Blind Signatures , 2015, Journal of Cryptology.

[24]  Byoungcheon Lee,et al.  Secure Mobile Agent Using Strong Non-designated Proxy Signature , 2001, ACISP.