An Electronic Contract Signing Protocol Using Fingerprint Biometrics

Fair exchange between a pair of parties can be defined as the fundamental concept of trade where none of the parties involved in the exchange have an unfair advantage over the other once the transaction completes. Fair exchange protocols are a group of protocols that provide means for accomplishing such fair exchanges. In this chapter we analyze one such protocol which offers means for fair contract signing, where two parties exchange their commitments over a pre-negotiated contract. We show that this protocol is not entirely fair and illustrate the possibilities of one party cheating by obtaining the other’s commitment and not providing theirs. We also analyze a revised version of this protocol which offers better fairness by handling many of the weaknesses. Both these protocols however fail to handle the possibilities of replay attacks where an intruder replays messages sent earlier from one party to the other. Our proposed protocol improves upon these protocols by addressing to the weaknesses which leads to such replay attacks. We implement a complete working system which provides fair contract signing along with properties like user authentication and efficient password management achieved by using a fingerprint based authentication system and features like confidentiality, data-integrity and non-repudiation accomplished through implementation of cryptographic algorithms based on elliptic curves.

Applied Cryptography in Wireless Sensor Networks

It is challenging to secure a wireless sensor network (WSN) because of its use of inexpensive sensor nodes of very limited processing capability, memory capacity, and battery life that preclude using traditional security solutions. Due to perceived excessive computational and architectural overhead, public key algorithms are altogether avoided for WSNs. Currently security in WSNs is provided using only symmetric key cryptography, but it requires keys to be embedded in sensor nodes before deployment and the entire network has to go through a key establishment phase after deployment. Accordingly, in this chapter, we summarize, discuss, and evaluate recent results reported in literature on sensor network security protocols such as for key establishment, random key pre-distribution, data confidentiality, and broadcast authentication. In addition, we discuss promising research results in public key cryptography for WSNs, particularly related to elliptic curve cryptography and its application for identity based encryption.

Applied Cryptography in E-mail Services and Web Services

E-mail services are the method of sending and receiving electronic messages over communication networks. Web services on the other hand provide a channel of accessing interlinked hypermeida via the World Wide Web. As these two methods of network communications turn into the most popular services over the Internet, applied cryptography and secure authentication protocols become indispensable in securing confidential data over public networks. In this chapter, we first review a number of cryptographic ciphers widely used in secure communication protocols. We then discuss and compare the popular trust system Web of Trust, the certificate standard X.509, and the standard for public key systems Public Key Infrastructure (PKI). Two secure e-mail standards, OpenPGP and S/MIME, are examined and compared. The de facto standard cryptographic protocol for e-commerce, Secure Socket Layer (SSL) / Transport Layer Security (TLS), and XML Security Standards for secure web services are also discussed.

Cryptography in E-Mail and Web Services

Cryptography has been used since ancient times in many different shapes and forms to protect messages from being intercepted. However, since 1976, cryptography started to be part of protected public communication when e-mail became commonly used by the public. Webmail (or Web-based e-mail) is an e-mail service intended to be primarily accessed via a web browser, as opposed to through an e-mail client, such as Microsoft Outlook, Mozilla‘s Thunderbird Mail. Very popular webmail providers include Gmail, Yahoo! Mail, Hotmail and AOL. Web based email has its advantages, especially for people who travel. Email can be collected by simply visiting a website, negating the need for an email client, or to logon from home. Wherever a public terminal with Internet access exists one can check, sends and receive email quickly and easily. Another advantage of web based email is that it provides an alternate address allowing user to reserve his/her ISP address for personal use. If someone would like to subscribe to a newsletter, enter a drawing, register at a website, participate in chats, or send feedback to a site, a web based email address is the perfect answer. It will keep non-personal mail on a server for you to check when you wish, rather than filling up your private email box. Web service is defined as “a software system designed to support interoperable machine-to-machine interaction over a network”. Web services are frequently just Internet application programming interfaces (API) that can be accessed over a network, such as the Internet, and executed on a remote system hosting the requested services. Other approaches with nearly the same functionality as web services are Object Management Group‘s (OMG) Common Object Request Broker Architecture (CORBA), Microsoft‘s Distributed Component Object Model (DCOM) or SUN‘s Java/Remote Method Invocation (RMI). Integrating Encryption with web service could be performing in many ways such as: XML Encryption and XML Signature. In this article we present client and Web-based E-mail, next generation E-mail and secure E-mail, followed by cryptography in web service and the last part is the future of web service security. The article start with the integration of cryptography with E-mail client and web base then the integration of cryptography and web service is presented. At the end of the major two sections: e-mail service and web service there is a general prospect vision of encryption future for e-mail service and web service. This section presents our view for the cryptography integration with the second generation of e-mail and web service.

E-Mail, Web Service and Cryptography

Cryptography is the study and practice of protecting information and has been used since ancient times in many different shapes and forms to protect messages from being intercepted. However, since 1976, when data encryption was selected as an official Federal Information Processing Standard (FIPS) for the United States, cryptography has gained large attention and a great amount of application and use. Furthermore, cryptography started to be part of protected public communication when e-mail became commonly used by the public. There are many electronic services. Some are based on web interaction and others are used as independent servers, called e-mail hosting services, which is an Internet hosting service that runs e-mail servers. Encrypting e-mail messages as they traverse the Internet is not the only reason to understand or use various cryptographic methods. Every time one checks his/her e-mail, the password is being sent over the wire. Many Internet service providers or corporate environments use no encryption on their mail servers and the passwords used to check mail are submitted to the network in clear text (with no encryption). When a password is put into clear text on a wire, it can easily be intercepted. Encrypting email will keep all but the most dedicated hackers from intercepting and reading a private communications. Using a personal email certificate one can digitally sign an email so that recipients can verify that it’s really from the sender as well as encrypt the messages so that only the intended recipients can view it. Web service is defined as “a software system designed to support interoperable machine-to-machine interaction over a network” and e-mail is “communicate electronically on the computer”. This chapter focus on introduce three topics: E-mail structure and organization, web service types, their organization and cryptography algorithms which integrated in the E-mail and web services to provide high level of security. The main issue in this article is to build the general foundation through Definitions, history, cryptography algorithms symmetric and asymmetric, hash algorithms, digital signature, suite B and general principle to introduce the use of cryptography in the E-mailand web service

Secure and Private Service Discovery in Pervasive Computing Environments

With the convergence of embedded computers and wireless communication, pervasive computing has become the inevitable future of computing. Every year, billions of computing devices are built. They are ubiquitously deployed and are gracefully integrated with people and their environments. Service discovery is an essential step for the devices to properly discover, configure, and communicate with each other. Authentication for pervasive service discovery is difficult. In this chapter, we introduce a user-centric service discovery model, called PrudentExposure, which automates authentication processes. It encodes hundreds of authentication messages in a novel code word form. Perhaps the most serious challenge for pervasive service discovery is the integration of computing devices with people. A critical privacy challenge can be expressed as a “chicken-and-egg problem”: both users and service providers want the other parties to expose sensitive information first. We discuss how a progressive and probabilistic model can protect both users’ and service providers’ privacy.

Cryptography-Based Authentication for Protecting Cyber Systems

Entity authentication is a fundamental building block for system security and has been widely used to protect cyber systems. Nonetheless, the role of cryptography in entity authentication is not very clear, although cryptography is known for providing confidentiality, integrity, and non-repudiation. This chapter studies the roles of cryptography in three entity authentication categories: knowledge-based authentication, token-based authentication, and biometric authentication. For these three authentication categories, we discuss (1) the roles of cryptography in the generation of password verification data, in password-based challenge/response authentication protocol, and in password-authenticated key exchange protocols; (2) the roles of cryptography in both symmetric key-based and private key-based token authentications; (3) cryptographic fuzzy extractors, which can be used to enhance the security and privacy of biometric authentication. This systematic study of the roles of cryptography in entity authentication will deepen our understanding of both cryptography and entity authentication and can help us better protect cyber systems.

Biometric Security in the E-World

The rising number of networked computers and the evolution of the WWW have witnessed the emergence of an E-World where the users are often referred to as e-people. In the new e-world, the evolution of WWW and Internet applications has become a focal point to the question of sustainable competitive advantage (Brennan & Johnson,2001).The increase in information access terminals along with the growing use of information sensitive applications such as e-commerce, e-learning, e-banking and e-healthcare have generated a real requirement of reliable, easy to use, and generally acceptable control methods for confidential and vital information. On the other hand, the necessity for privacy must be balanced with security requirements for the advantage of the general public. Current global events have shown the significance to provide the police, airport area, and other exposed area, new reliable component security tools such as biometrics. Access to systems that need security from unauthorized access is generally restricted by requesting the user to confirm her identity and to authenticate. Payment systems are undergoing radical changes stirred largely by technical advancement such as distributed network technology, real-time processing and online consumers’ inclination to use e-banking interfaces making the study of biometrics even more important in this new E-World.

Secure Electronic Voting with Cryptography

In recent years, computer and network-based voting technologies have been gradually adopted for various elections. However, due to the fragile nature of electronic ballots and voting software, computer voting has posed serious security challenges. This chapter studies the security of computer voting and focuses on a cryptographic solution based on mix-nets. Like traditional voting systems, mix-net-based computer voting provides voter privacy and prevents vote selling/buying and vote coercion. Unlike traditional voting systems, mix-net-based computer voting has several additional advantages: 1) it offers vote verifiability, allowing individual voters to directly verify whether their votes have been counted and counted correctly; 2) it allows voters to check the behavior of potentially malicious computer voting machines and thus does not require voters to blindly trust computer voting machines. In this chapter, we give the full details of the building blocks for the mix-net-based computer voting scheme, including semantically secure encryption, threshold decryption, mix-net, and robust mix-net. Future research directions on secure electronic voting are also discussed.

Multimedia Information Security

Information security has traditionally been ensured with data encryption techniques. Different generic data encryption standards, such as DES, RSA, AES, have been developed. These encryption standards provide high level of security to the encrypted data. However, they are not very efficient in the encryption of multimedia contents due to the large volume of digital image/video data. In order to address this issue, different image/video encryption methodologies have been developed. These methodologies encrypt only the key parameters of image/video data instead of encrypting it as a bitstream. Joint compression-encryption is a very promising direction for image/video encryption. Nowadays, researchers start to utilize information hiding techniques to enhance the security level of data encryption methodologies. Information hiding conceals not only the content of the secret message, but also its very existence. In terms of the amount of data to be embedded, information hiding methodologies can be classified into low bitrate and high bitrate algorithms. In terms of the domain for embedding, they can be classified into spatial domain and transform domain algorithms. In this chapter, we have reviewed various data encryption standards, image/video encryption algorithms, and joint compression-encryption methodologies. Besides, we have also presented different categories of information hiding methodologies as well as data embedding strategies for digital image/video contents. This chapter is organized as following: in Section-1, we give a brief introduction to data encryption system as well as the state-of-the-art encryption standards; Section-2 presents a review of representative image encryption algorithms; Section-3 first gives a brief introduction of lossless compression and then moves to joint compression-encryption algorithms; Section-4 presents different video encryption methodologies; Section-5 gives a brief introduction to information hiding techniques; Section-6 presents different categories of low bitrate information algorithms; Section-7 presents different categories of high bitrate information algorithms; Section-8 discusses the embedding strategies within digital video contents; this chapter is summarized in Section-9.