Electronic Commerce Research and Applications, vol. 3, no. 2, Elsevier, pp. 152-162, 2004. More..
Non-repudiation is a security service that provides cryptographic evidence to support the settlement of disputes in electronic commerce. In commercial transactions, an intermediary (or agent) might be involved to help transacting parties to conduct their business. Nevertheless, such an intermediary may not be fully trusted. In this paper, we propose agent-mediated non-repudiation protocols and analyze their security requirements. We first present a simple scenario with only one recipient, followed by a more complicated framework where multiple recipients are involved and collusion between them is possible. We also identify applications that could take advantage of these agent-mediated non-repudiation protocols.
6th Conference on E-Commerce (CEC’04), IEEE Computer Society, pp. 221-226, June, 2004. More..
Mobile agents play an important role in electronic commerce. Security in free-roaming agents is especially hard to achieve when the mobile code is executed in hosts that may behave maliciously. Some schemes have been proposed to protect agent data (or computation results). However, a known vulnerability of these techniques is the truncation attack where two visited hosts (or one revisited host) can collude to discard the partial results collected between their respective visits. Cheng and Wei proposed a scheme in ICICS’02 to defense against the truncation of computation results of free-roaming agents. Cheng-Wei scheme is effective against such an attack in most cases. However, we demonstrate that it still suffers from the truncation attack when a special loop is established on the path of a free-roaming agent. We further propose two amendments to Cheng-Wei scheme to avoid such an attack.
Proceedings of 6th International Conference on Cryptology in India, LNCS 3797, Springer, pp. 311–321, Decemeber, 2005. More..
Contract signing is a fundamental service in doing business. The Internet has facilitated the electronic commerce, and it is necessary to find appropriate mechanisms for contract signing in the digital world. From a designing point of view, digital contract signing is a particular form of electronic fair exchange. Protocols for generic exchange of digital signatures exist. There are also specific protocols for two-party contract signing. Nevertheless, in some applications, a contract may need to be signed by multiple parties. Less research has been done on multi-party contract signing. In this paper, we analyze an optimistic N-party contract signing protocol, and point out its security problem, thus demonstrating further work needs to be done on the design and analysis of secure and optimistic multi-party contract signing protocols.
XIII Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2014), Universidad de Alicante, pp. 333-338, 09/2014. More..
Continuamente aparecen nuevos estudios así como nuevos desarrollos de canales encubiertos. Como veremos, existen más de cien diseños distintos para redes de ordenadores, pero no hemos encontrado en la literatura ningún análisis, diseño e implementación de canales encubiertos sobre redes de sensores. En este artículo presentamos los resultados del diseño e implementación de un canal multitasa basado en los tiempos de monitorización sobre una red de sensores. En este proceso se han establecido las principales propiedades necesarias y, en base a ellas, se desarrolla e implementa el canal encubierto. Se describe el proceso de desarrollo y se analiza su detectabilidad.