Upload
chung-ming-ou
View
212
Download
0
Embed Size (px)
Citation preview
Expert Systems with Applications 38 (2011) 11048–11054
Contents lists available at ScienceDirect
Expert Systems with Applications
journal homepage: www.elsevier .com/locate /eswa
Adaptation of agent-based non-repudiation protocol to mobile digital rightmanagement (DRM)
Chung-Ming Ou a,⇑, C.R. Ou b
a Department of Information Management, Kainan University, Luchu 338, Taiwanb Department of Electrical Engineering, Hsiuping Institute of Technology, Taichung 412, Taiwan
a r t i c l e i n f o
Keywords:Mobile agentNon-repudiationPKIDigital right managementProxy certificate
0957-4174/$ - see front matter � 2011 Elsevier Ltd. Adoi:10.1016/j.eswa.2011.02.149
⇑ Corresponding author.E-mail addresses: [email protected] (C.-M
(C.R. Ou).
a b s t r a c t
Non-repudiation of a mobile digital rights management (DRM) ensures that when a user (U) sends somemessage to a rights issuer (RI), neither U nor RI can deny having participated in this transaction. An evi-dence of a transaction is generated by wireless PKI mechanism such that U and RI cannot repudiate send-ing and receiving the message respectively. U generates a mobile agent which carries encrypted paymentinformation to RI. This mobile agent is also issued a proxy certificate by U; this certificate guarantees thebinding relationship between them. One trusted third party acts as a lightweight notary for evidence gen-eration. One advantage of this agent-based non-repudiation protocol is to reduce inconvenience formobile clients such as connection time; it causes difficulty for fair transaction for mobile DRM.
� 2011 Elsevier Ltd. All rights reserved.
1. Introduction
Recently, varied concepts of intelligent agents are experiencedgrowing applications in many areas related to network manage-ment. Grossklags and Schmidt introduced software agents withmarket efficiency (Grossklags & Schmidt, 2006). Wang proposedan agent-based control of traffic management system (Wang,2005). Hamdi proposed a multiagent-based approach to informa-tion customization (Hamdi, 2006), etc. On the other hand, agent-based E-commerce systems provide some advantages over theconventional client and server-based E-commerce systems; it isalso a promising architecture for peers to peers (P2P) E-commercesystems and cloud computing. According to Borrell, Robles, Serra,and Riera (1999), they reduce network traffics, provide efficient re-source access and dynamic system adaptations, and particularlysupport mobile transactions. The agent-based system is becominga framework for both E-commerce and mobile commerce (M-commerce).
Wireless devices which communicate with application serversover the air are highly exposed to potential security threats. Theyrequire enhanced security and authenticity services for mobiletransactions which are not properly supported by the originalGSM and UMTS security mechanisms. For example, Stach, Park,and Makki (1999) proposed an enhanced GSM protocol supportingnon-repudiation of services. Moreover, as M-commerce
ll rights reserved.
. Ou), [email protected]
applications increases, further sensitive services such as paymentand billing are needed. Tseng, Yang, and Su (2004) proposed aPKI-based protocol of authentication and billing for WLAN and3G integrations. This scheme can provide non-repudiation billingservice based on digital signatures. According to M’Raihi and Yung(2001), smart cards (SIMs for GSM and USIMs for UMTS) are crucialin allowing safe operations for these mobile telecom applications.Dispute of mobile transactions is a common problem that couldjeopardize the mobile commerce (Zhou, Deng, & Bao, 1999). Thepurpose of non-repudiation is to collect, maintain, make availableand validate irrefutable evidence concerning a claimed event or ac-tion in order to resolve disputes on the occurrence or non-occur-rence of the event or action (ITU-T., 1996; Li & Luo, 2004). Anyevidence has to be verified by some fair arbitrator once disputearises.
One motivation for this paper is the mobile TAIWAN project(mTAIWAN). Since 2005, mTAIWAN is one major nation-wide pro-ject of establishing seamless and ubiquitous wireless infrastruc-ture. This next generation communication network combinesmobile communication systems such as 2G (GSM), 2.5G (GPRS),3G (UMTS), wireless network systems such as WiFi and WiMAXtechnologies. One major goal for mTAIWAN project is to promotethe ubiquitous mobile applications using varied mobile devicessuch as mobile phone, PDA, laptop PC, etc. Combining these moti-vations, we propose an agent-based architecture and protocol toimplement the non-repudiation mechanism over the mobile appli-cation systems, which includes the digital right management(DRM); this will also improve the security mechanisms of thoseexisting electronic invoice systems. On the other hand, mobile
C.-M. Ou, C.R. Ou / Expert Systems with Applications 38 (2011) 11048–11054 11049
applications need to be user-friendly and convenient for mobileclients via their mobile handsets; this investigation leads to the re-search of agent-based mobile applications.
DRM is a technology to solve the issues of transferring copy-right-protected information. Many multimedia contents are dis-tributed without any copyright protection via digitalization andcommunication network. Among them, medical data from unau-thorized peers, copyright-protected music or books, must be onlyconsumed by users who paid for it (Onieva, Lopez, Roman, Zhou,& Gritzalis, 2007). In this paper, we show how to establish a simpleagent-based protocol integrated existing DRM architecture basedon the OMA (open mobile alliance) DRM specification 2.0. This pro-tocol provides the secure mechanism between the mobile user andthe right issuer (RI) through the mobile network provider, whilethey are exchanging a right object (RO) according to agreed pur-chase order. Non-repudiation services must ensure that when mo-bile consumer U sends some content right request to rights issuerRI over a network, neither U nor RI can deny having participated ina part or the whole of this transaction. The basic idea is the follow-ing: an evidence of origin (EOO) is generated for U and an evidenceof receipt (EOR) is generated for RI. In general, evidences are gener-ated via PKI-based digital signatures. Disputes arise over the originor the receipt of messages. For the case of origin dispute, U deniessending message while RI claims having received it. As for the re-ceipt dispute, RI denies receiving any message while U claims hav-ing sent it.
Many non-repudiation protocols have been proposed in a so-called ‘‘wrapper context’’, for example, the one proposed by Zhouand Gollman (Zhou & Gollmann, 1996). In this situation, a partyA wants to send a message M to B to enforce non-repudiation onM; namely, non-repudiation is enforced for one message (M). Stachet al. (1999) focus on non-repudiation of GSM service based onone-way hash function in order to preventing mobile subscribersfrom denying initiating this GSM service. However, this is moreauthentication rather than non-repudiation from applicationspoint of view. Liew, Ng, Lim, Tan, and Ong (1999) proposed anon-repudiation protocol for communication sessions rather thanmessages in an agent-based E-commerce system. Their protocolis a general-purposed one for any E-commerce system. Lee andYeh (Lee & Yeh, 2005) proposed a delegation-based authenticationprotocol for mobile devices; it is achieved by utilizing proxy signa-tures which basically delegates signing power to other end-entities.
Mobile agents are considered to be an alternative to client andserver-based mobile commerce where mobile devices have limitedcomputing resource. A mobile agent of the host is a set of code anddata which can execute codes with data as parameter in sometrusted processing environment (TPE) or on some merchant hosts.However, there are several issues related to security and trustwhile considering mobile agent-based E-commerce (Esparza, Mu-noz, Soriano, & Forne, 2003; Pagnia, Vogt, Gartner, & Wilhelm,2000; Wilhelm, Staamann, & Buttyan, 1998), such as the non-repu-diation. We consider brokerage rather than TPE in our mobile DRM.One advantage of adopting this mobile agent architecture to non-repudiation protocol is the following: Mobile devices simply sendtheir agents with (digital) right request to the broker; they neednot to connect to specific application servers throughout the wholetransacting activity. The wireless public key infrastructure (WPKI)adoptable for this non-repudiation mechanism relies on sometrusted third party (TTP) which generates the final evidence for dig-ital right request. The identity binding of a mobile agent and itsowner is a major security concern from M-commerce point ofview; this issue can be reasonably solved by using proxy certifi-cates within the WPKI. Mobile agent systems provide platformsallowing mobile agents autonomously migrating between differenthosts. While migrating between hosts, these agents are under
security threats with different scenarios. Borrell et al. (1999) pro-posed a PKI-based cryptographic solution with some trustedauthority (TA) launching agents. Bamasak and Zhang (Bamasak &Zhang, 2005) have proposed a distributed reputation managementscheme to reduce the risk of malicious hosts. We propose a revoca-tion mechanism of host certificates to help brokers from sendingagents to malicious hosts.
The arrangement of this paper is as follows. In Section 2, weintroduce the architecture of an agent-based mobile applicationsystem. In Section 3, we propose an agent-based non-repudiationprotocol suitable for mobile digital right management; we alsoanalyze security mechanisms of this agent-based non-repudiationprotocol, namely, dispute resolutions.
2. Preliminary knowledge
An efficient and fair non-repudiation protocol was proposed byZhou and Gollmann where TTP acts as a lightweight notary (wename it ZGP) (Zhou & Gollmann., 1996). This protocol is suitablefor 3G communication by analyzing the capability of implementingcryptographic operations such as digital signature, symmetric keyencryption/decryption, hash function and random number genera-tions (WPKI., 2004). According to this investigation, we design anon-repudiation protocol adaptive to agent-based mobile digitalright management systems.
2.1. Basic structure for 3G mobile digital right management services
DRM is defined as a set of technologies and systems that cancollectively support the entire life cycle (creation, manipulation,distribution and consumption) of contents by preventing illegalcopying (Onieva et al., 2007).
The architecture for mobile digital right management system iscomposed of the following entities: a user represented by mobileequipment (ME), WPKI, a content provider and corresponding (dig-ital) rights issuer, a bank and a broker, see Fig. 1. These entities arealso issued certificates by some certification authority (CA) withinthis WPKI. ME utilizes the USIM (Universal Subscriber IdentityModule) to store mobile client’s information such as IMSI (Interna-tional Mobile Subscriber Identity) and WPKI components. ME iscapable of verifying digital signatures to authenticate other enti-ties, if necessary. We also deploy a middleware called the brokerto help ME authenticate the merchant server such that attackerscannot impersonate this seller. Merchant servers can perform PKIoperations for evidence generations.
2.2. WPKI
The WPKI is the core cryptographic mechanism for non-repudi-ation protocol; it consists of two parts, one is the operation; theother is the entity. WPKI entities must contain at least two pub-lic–private key pairs for encryption/decryption and signature gen-eration/verification, respectively. These key pairs are generated bysome CAs whose major task is to bind public key, private key andentity together. The public key will be stored in some certificatefield; CA will issue (subscriber) certificates and server certificatesto buyers and varied servers, respectively, see Fig. 2. Users may is-sue proxy certificates to their mobile agents for transaction delega-tions. The digital signature of a message is generated by using theprivate key of message owner and some hash function. Withoutloss of generality, we may assume that one of the standard hashfunction is applied, which is denoted by H.
2.2.1. WPKI operationsMajor WPKI operation in our non-repudiation protocol is the
digital signature-based evidence generation and verification. Let
wireless Network
BROKERUSER
Internet
Mobile agentContent Provider
Rights Issuer
Fig. 1. The architecture of an agent-based mobile DRM.
wireless Network
Broker
CONTENT Provider
USER
Internet
Mobile agent
WPKI
Transfer Money
Open account
BANK
Open account
Saving Money
Issuing certificate
Fig. 2. The architecture of an agent-based mobile content service.
11050 C.-M. Ou, C.R. Ou / Expert Systems with Applications 38 (2011) 11048–11054
X be a certificate subscriber and Y the certificate issuer of X. Let KX
and K�1X be the public key and the corresponding private key of X,
respectively. Let M be a message and sSXðMÞ the digital signature ofM generated by the private key K�1
X .We define signature and cer-tificate verification as follows.
1. Signature verification of sSXðMÞ: sig_ver(sSX(M)) is successful ifand only if KX(sSX(M)) = H(M).
2. Verification of subscriber certificate CfX;KxgK�1Y
: Cert VerðCfX;KxgK�1
YÞ is successful if and only if sig verðCfX;KxgK�1
YÞ is
successful, namely, KYðCfX;KxgK�1YÞ ¼ HðCfX;KxgK�1
YÞ.
2.2.2. WPKI Entities2.2.2.1. Certificate authority (CA). A CA issues (subscriber) certifi-cates to mobile subscribers and server certificates to merchantservers, TTP, Home Revocation Authority (HoRA) and banks. Theseentities can authenticate each other and transmit encryptedinformation. CA needs to provide certificate management service
to ensure the validity of certificate. These entities would continueWPKI operations if and only if related certificates are valid.
2.2.2.2. Mobile client. We suggest that a mobile client be a USIM-based 3G mobile equipment for efficient signature generationand verification. Related public-key certificates are all issued bysome CA within this WPKI. Private keys should be generated withinUSIMs and contained in them afterwards.
2.2.2.3. Trusted third party (TTP). The trusted third party here is anotary server which simply generates necessary evidences for buy-ers and sellers. TTP needs to perform WPKI operations according tothe non-repudiation protocol described in the next section. There-fore TTP needs to access CA’s repository to retrieve necessary cer-tificates of users’ (rights issuers’) and verify digital signatures.TTP needs to store the broker’s public-key certificates and plays arole as the time stamp authority if necessary. For those generatedevidences, TTP will store these information in its public directoryfrom which users and rights issuers may fetch evidences.
C.-M. Ou, C.R. Ou / Expert Systems with Applications 38 (2011) 11048–11054 11051
TTP acts as a lightweight notary in this WPKI-based non-repudi-ation protocol that only notarizes digital rights requests by re-quests. TTP also provides directory services accessible to thepublic. For the non-repudiation protocols introduced in the nextsection, TTP only deal with ‘‘keys’’ rather than purchase order, thatis, TTP does not know any information of this order. Therefore thecommunications overheads between parties and TTP are reduced,and the user’s purchasing privacy is also guaranteed.
2.2.2.4. Host revocation authority (HoRA). HoRA issues host certifi-cates (HC) to RIs; these certificates bind mobile agent executioncapability to the RI’s identity. When a RI acts maliciously, HoRAonly needs to revoke this RI’s HC to prevent the broker from direct-ing agents to it. The functionality of HoRA to detect the status ofmerchant servers can be referred to (M’Raihi and Yung, 2001).
HoRA issues the host revocation list (HRL), which is a digital-signed list of revoked HCs. Before sending an agent of user to somemerchant server, the broker must check the status of all servers onthis agent’s itinerary to see if any server is on the HRL. If the checkis positive, broker will stop sending this agent to the merchant ser-ver; this mobile transaction is terminated.
2.3. Broker
Broker acts as a mediator between the mobile users in the wire-less network and the content provider in the Internet, see Fig. 3.Broker must distinguish malicious content provider from the hon-est ones according to HRL to avoid sending agents to them. It ispossible that honest server become malicious before HRL is up-dated. Esparza et al. (2003) provides solutions to solve this agentsecurity issue. HoRA will issue an updated HRL to broker if a con-tent provider is detected to be malicious. Broker needs to authen-ticate TTP on behalf of ME before non-repudiation protocol runs.
2.4. Mobile agent
A mobile agent consists of the following components: agentowner, identifier, goal/result, life time and states. Each agent car-ries items which are intended to be exchanged. These items in-clude purchase orders and payment information (e.g. bankaccount number, credit card number, or micro payments accountnumber, etc). When the user’s agent enters the rights issuer, broker
wireless Network
BR
LDAP Repository
CA
USER
HoRA
Mobile agent
Payment Info. + proxy cert.
Fig. 3. Architecture of agent-based mo
must ensure that they play fair. Furthermore, none of these agentsis allowed to communicate with any other party except its host ortransacted seller. The following steps are a general guideline forprotecting these mobile agents using WPKI.
1. Broker obtains the certified public key of the merchant server.2. Broker encrypts this mobile agent using RI’s public key and
sends it to the RI.
2.5. Proxy certificates
The proxy certificate basically follows standard certificate for-mat (such as ITU-X.509) with minor change. The major differenceis the subject identifier (SID), which is the certificate field recordedthe owner of this certificate. In proxy certificate, its subject identi-fier is equal to the certificate issuer (Romao & da Silva, 2001).
A proxy certificate of a mobile agent is issued and digitallysigned by its owner. Beside standard certificate fields, this certifi-cate contains a set of constraints which specifies valid operationsthat the agent is allowed to perform while using this certificate(Romao & da Silva, 2001). We use the notation PCfB;KA; ½D�gK�1
Bto
represent the proxy certificate of a mobile agent A belonging toits owner B with additional data D. This proxy certificate is carriedby this mobile agent along with its owner certificate such that abinding of mobile agent A with its owner B can be verified by appli-cations through certificate validation process.
When migrating to an application server, mobile agent will car-ry its proxy certificate. Verification of proxy certificate can be de-fined as follows.
cert ver PCfB;KA; ½D�gK�1B
� �is successful if and only if
sig ver PCfB;KA; ½D�gK�1B
� �is successful; namely;
KB PCfB;KA; ½D�gK�1B
� �¼ H PCfB;KA; ½D�gK�1
B
� �:
For our agent-based mobile DRM system, RI needs to verify mo-bile agents by checking its proxy certificate and its owner certifi-cate (which is the user’s certificate) according to standardcertificate chain validation, see Fig. 4.
OKER
TTP
Internet
Certificate retrieval
Content Provider
bile content services with WPKI.
CA Certificate
Subscriber Certificate
Proxy Certificate
Agent signature
Payment Information
Sub signature
SID:Sub
SID:Sub
Agent PK
Sub. PK
S signatureS signatureS signatureCA signature
SID:CA
CA signatureCA signatureCA PK
constraints
Certificate chain
Fig. 4. Signature verification with proxy certificate.
11052 C.-M. Ou, C.R. Ou / Expert Systems with Applications 38 (2011) 11048–11054
3. Non-repudiation of agent-based mobile digital rightmanagement
In this section, we focus on evidence generations of exchanginga right object between a mobile client and a rights issuer. Theseevidences are the foundation of the mobile DRM system.
3.1. Fair non-repudiation protocol with timeliness
Time evidence of sending and receiving a right object is crucialin mobile DRM. It could be achieved by adding some time stampsto evidences. Li and Luo (Li & Luo, 2004) improved ZGP by consid-ering the time span for evidence preservation. This improvementneeds only TTP plays the role of time stamping authority whileusers and rights issuers just define their intended time spans.
A non-repudiation protocol is fair if it can ensure that at the endof a protocol execution, none or both of the two entities, the senderand the receiver, can retrieve all the evidences it expects (Li & Luo,2004). Fairness guarantees that neither sender nor receiver cangain advantage over the other.
The user (U) access a web server to find what right object (RO)should purchase in order to access a protected content. Then thisuser contacts RI through the mobile network operator, sendingthe request of right (RORequest). RI will send response of right(ROResponse) to TTP, which will wait for U to take it, if the pay-ment information is verified.
Now we design a fair non-repudiation protocol suitable foragent-based mobile DRM; this protocol also relies on the trust thatbroker will act according to the HRLs. Trust is more a social issuethan a technical one. We may assume reasonably that mobile oper-ators or some service providers provide brokers which are com-pletely trusted by mobile subscribers. The purpose of this non-repudiation protocol is to transmit encrypted payment informationM and obtain non-repudiation evidences for U and RI. M containstwo parts, one is a commitment C, and the other is a key K. Nota-tions are as follows.
� M: Payment information being sent from U to RI.� K: Key generated by U.� A: Mobile agent generated by its owner U.� C = eK(M): Commitment for payment information M (eK repre-
sents encryption by key K).
� sSU(M): Signature of message M signed by U’s private key.� L = H(M, K): A label linking C and K (H represents a hash
function).� fi: Flag indicating the purpose of a signed message.� EOO_C: Evidence of origin of C, which is equal to
sSU(fEOO, RI, L, C).� EOR_C: Evidence of receipt of C, which is equal
tosSRI(fEOR, U, L, tRI, C).� sub_K: Authenticator of receipt of C, which is equal to
sSU(fSUB, RI, L, tU, K, EOO_C).� con_K: Evidence of confirmation of K issued by the TTP with
time stamp T, which is equal tosSTTP(fCON, U, RI, L, T, tU, tRI, K, EOO_C, EOR_C).
We include time information in this protocols; tU is a time spandefined by user U indicating that sub_K will be kept in TTP’s privatedirectory for tB time units; tS is a time span defined by RI indicatingthat TTP will keep EOR_C in its private directory for tRI time units. Tis the time stamp indicating the actual time TTP generate key con-firmation con_K and make it public. This non-repudiation protocolis as follows (also see Fig. 5).
3.1.1. Initiation phaseU generates a mobile agent A and its proxy certificate
PCfU;KA; ½D�gK�1U
. U also generates EOO_C according to M, and fEOO,RI, L, C.
3.1.2. Evidence exchange phaseNow U starts the process of right object request with this spe-
cific RI by delegating agent A.
1. A ? c RI: fEOO, RI, L, C, RORequest, EOO_C, PCfU;KA; ½D�gK�1U
.2. U ? TTP: fSUB, RI, L, tU, K, EOO_C, sub_K, PCfU;KA; ½D�gK�1
U.
3. RI ? TTP: fEOR, U, L, tRI, ROResponse, EOO_C, EOR_C.4. TTP U: fCON, U, RI, L, T, tU, tRI, K, ROResponse, EOR_C, con_K.5. TTP RI: fCON, R, RI, L, T, tU, tRI, K, ROResponse, EOR_C, con_K.
‘‘A ? c RI: M’’ means agent A carries information M to RI;‘‘U ? TTP: M’’ means U sends message M to TTP; ‘‘TTP U’’ meansU fetches messages from TTP. The basic idea is that user U is able tosend K, sub_K and tU to TTP in exchange for con_K; on the otherhand, RI sends EOO_C, EOR_C and tRI to TTP in exchange for con_K.
wireless Network
BROKER
Rights Issuer
LDAP Repository
CA
USER
TTPHoRA
Internet
Mobile agent
Certificate retrieval
Fetch evidence from TTP
Fetch evidence from TTP
Payment Info. + proxy cert.
Content Provider
Fig. 5. Agent-based mobile DRM with non-repudiation mechanism.
C.-M. Ou, C.R. Ou / Expert Systems with Applications 38 (2011) 11048–11054 11053
In step 1, S needs to verify EOO_C by retrieving U’s (signature) pub-lic key from CA; EOO_C is saved as an evidence of origin for RI. RIalso needs to verify the proxy certificate of A. In step 2, after receiv-ing sub_K, TTP keeps it in its private directory and delete it after tU
time units or until con_K is generated and published. In step 3, afterreceiving EOO_C, EOR_C and tRI from RI, TTP needs to verify EOR_Cusing S’s (signature) public key and compare EOO_C with the onesent by U in step 2. If either one is not true, TTP concludes thatat least one party is cheating and it will not generate con_K. We call{fCON, U, RI, L, T, tU, tRI, K, ROResponse, EOR_C, con_K} the evidenceof this M. TTP also check if labels L from step 2 and 3 are coincident.If not, user U and rights issuer RI must be disagreed with this orderM. TTP will stop this protocol.
If steps 1–3 are shown positive results, TTP starts to generatecon_K with time stamp T attached. In step 4, U fetches K and con_Kfrom TTP. In step 5, RI fetches con_K from TTP to prove that K isavailable for RI.
3.2. Security of non-repudiation protocols
The most important security issue of a non-repudiation proto-col is the dispute resolution. We analyze the generated evidencesof step 4–5 in the above non-repudiation protocol, dispute resolu-tion mechanisms of user and rights issuer to see whether non-repudiation can be reached. A trusted arbitrator will help solvethe dispute according to submitted evidences.
RI also checks if the constraint data D is bound by U. Namely, itwill first verify if
cert ver CfU;KUgK�1CA
n o¼ H CfU;KUgK�1
CA
n o;
Then RI also verifies the proxy certificate of the mobile agent A bychecking if
cert verfCfU;KA; ½D�gK�1Ug ¼ HfCfU;KA; ½D�gK�1
Ug:
3.2.1. Security of the payment informationThe payment information is well protected by encryption and
not revealed to other entities including TTP and broker. Moreover,user and rights issuer can reach secure communications, i.e. end-to-end security, for further transactions by sharing common ses-sion keys which is not known by other parties.
3.2.2. Validity of evidenceNon-repudiation service will fail if bogus evidence is accepted
or no evidence is received by either user or rights issuer. Validityof non-repudiation evidence depends on the security of crypto-graphic keys used for generating evidences. These keys need tobe revoked if they are compromised according to WPKI certificatepolicy practice.
According to WPKI, U, RI and TTP could retrieve certificates ofeach other’s from CA’s repository to verify digital signatures. Bythe nature of hash functions, it is computationally hard to findtwo different key K and K’ (with reasonable key length) with thesame labels, namely L = H(M, K) = H(M, K0) = L0 andM = dK(C) = dK0(C) = M0, where dK represents decryption using keyK. Therefore, TTP can investigate the validity of evidences by check-ing these labels.
3.2.3. Dispute of originWhen U denies having sent payment information M to RI, RI
may present EOO_C, EOR_C and con_K to some arbitrator in the fol-lowing way:
S ? arbitrator: EOO_C, EOR_C, con_K, sSRI(EOO_C, EOR_C, con_K),L, K, M, C, PCfU;KA; ½D�gK�1
U.
This arbitrator first verify the signature of RI, sSRI(EOO_-C, EOR_C, con_K); if the verification is positive, the arbitrator checksthe following six steps:
step 1: if EOO_C is equal to sSU(fEOO, RI, L, C).step 2: if A is generated by U; namely, verification of proxy cer-tificate, if
sig ver PCfU;KA; ½D�gKU�1
� �¼ H PCfU;KA; ½D�gK
U�1
n o
step 3: if EOR_C is equal to sSRI(fEOR, U, L, tRI, C).step 4: if con_K is equal tosSTTP(fCON, U, RI, L, T, tU, tRI, K, EOO_C, EOR_C).step 5: if L is equal to H(M, K).step 6: if M is equal to dK(C).
If step 1 is checked positive, this arbitrator concludes that U hassent RI the encrypted payment information C. If step 2 is checkedpositive, this arbitrator ensures that mobile agent A is generatedby U. If step 3 is checked positive, arbitrator concludes that RIhas sent all the correct payment information to TTP. For all 5 steps
11054 C.-M. Ou, C.R. Ou / Expert Systems with Applications 38 (2011) 11048–11054
being checked positive, this arbitrator finally concludes that U hassent RI the purchase order M, which is encrypted by K and pre-sented to be C.
3.2.4. Dispute of receiptWhen RI denies receiving M from U, U may present EOO_C,
EOR_C, con_K to the arbitrator in the following way:B ? arbitrator: EOO_C, EOR_C, con_K, sSU(EOO_C, EOR_C, con_K),
L, K, M, C, PCfU;KA; ½D�gK�1U
.The arbitrator first verifies the signature of U, sSU(EOO_-
C, EOR_C, con_K); if the verification is positive, the arbitrator checksall six steps same as those in the dispute of origin. For all six stepsbeing checked positive, arbitrator concludes that RI has received M,which is encrypted by K and presented to be C.
4. Conclusion
We propose a fair non-repudiation protocol based on mobileagents and proxy certificates. An evidence of mobile transactionis generated by WPKI mechanism such that user and rights issuercannot repudiate sending and receiving payment information,respectively. One challenge of non-repudiation protocols is toavoid any entity to cheat and gain advantage over the other. Mo-bile DRMs need time information included in evidences for disputeresolutions. Users generate mobile agents which carry encryptedpayment information to RIs. Mobile agent carries proxy certificateissued by its owner. The advantage of this agent-based protocol isto provide a convenient way for mobile clients to reach non-repu-diation for mobile DRMs. According to binding mechanism of theproxy certificate and its corresponding subscriber certificate, mo-bile agent and its owner cannot repudiate their relationship; thisis crucial for agent-based mobile DRM systems.
References
Bamasak, O., Zhang, N. (2005). A distributed reputation management scheme formobile agent-based e-commerce applications. In IEEE International Conferenceon e-Technology, e-Commerce and e-Service.
Borrell, J., Robles, S., Serra, J., Riera, A. (1999). Securing the itinerary of mobile agentsthrough a non-repudiation protocol, In IEEE 33rd Annual 1999 InternationalCarnahan Conference on Security Technology.
Esparza, O., Munoz, J., Soriano, M., Forne, J. (2003). Host revocation authority: a wayof protecting mobile agents from malicious hosts, ICWE 2003, LNCS 2722, pp.289–292.
Grossklags, J., & Schmidt, C. (2006). Software agents and market (in) efficiency: Ahuman trader experiment. IEEE Transactions on Systems, Man and CyberneticsPart C, 36(1), 1–13.
Hamdi, M. S. (2006). MASACAD: A multiagent-based approach to informationcustomization. IEEE Intelligent System, 21(1), 60–67.
ITU-T. (1996). Recommendation, X.813: information technology-open systemsinterconnection- security frameworks in open systems. Non-repudiationframework.
Lee, W.-B., & Yeh, C.-K. (2005). A new delegation-based authentication protocol foruse in portable communication systems. IEEE Transactions on WirelessCommunications, 4(1).
Li, B., & Luo, J. (2004). On timeliness of a fair on-repudiation protocol. InfoSecu’04,14-16, 99–106.
Liew, C.-C., Ng, W.-K., Lim, E.-P., Tan, B.-S., Ong, K.-L. (1999). Non-repudiation in anagent-based electronic commerce system, DEXW Workshop.
M’Raihi, D., & Yung, M. (2001). E-commerce applications of smart cards. ComputerNetworks, 36, 453–472.
Onieva, J., Lopez, J., Roman, R., Zhou, J., & Gritzalis, S. (2007). Integration of non-repudiation services in mobile DRM scenarios. Telecommunication Systems, 35,161–1765.
Pagnia, H., Vogt, H., Gartner, F., Wilhelm, U. (2000). Solving fair exchange with mobileagents, ASA/MA 2000, LNCS 1882, pp. 57–72.
Romao, A., & da Silva, M. (2001). Secure mobile agent digital signatures with proxycertificates. E-Commerce Agents, LANI, 2033, 206–220.
Stach, J. F., Park, E. K., & Makki, K. (1999). Performance of an enhanced GSM protocolsupporting non-repudiation of service. Computer Communications, 22, 675–680.
Tseng, Y.-M., Yang, C.-C., & Su, J.-H. (2004). Authentication and billing protocols forthe integration of WLAN and 3G networks. Wireless Personal Communications,29, 351–366.
Wang, F.-Y. (2005). Agent-based control for networked traffic managementsystems. IEEE Intelligent System, 20(5), 92–96.
Wilhelm, U., Staamann, S., Buttyan, L. (1998). On the problem of trust in mobileagent systems, In Symposium on Network and Distributed System Security,Internet Society, March, pp. 114–124.
WPKI. (2004). Implementation, initial stage, testing and experiments (Internal Reportand Discussion), Chunghwa Telecom Lab, Taiwan.
Zhou, J., Gollmann, D. (1996). A Fair non-repudiation protocol. In Proceedings of 1996IEEE Symposium on Security and Privacy, Oakland, California, May, pp.55–61.
Zhou, J., Deng, R., & Bao, F. (1999). Evolution of fair non-repudiation with TTP,ACISP’99. Lecture Notes in Computer Science (LNCS), 1587, 258–269.