Table of Contents Author Guidelines Submit a Manuscript
Mobile Information Systems
Volume 2016, Article ID 4375072, 18 pages
http://dx.doi.org/10.1155/2016/4375072
Research Article

Key-Insulated Undetachable Digital Signature Scheme and Solution for Secure Mobile Agents in Electronic Commerce

1School of Software Engineering, Tongji University, 4800 Cao’an Highway, Shanghai 201804, China
2School of Economics and Management, Tongji University, 4800 Cao’an Highway, Shanghai 201804, China
3Department of Computer Science and Technology, Tongji University, 4800 Cao’an Highway, Shanghai 201804, China

Received 17 September 2015; Revised 30 March 2016; Accepted 11 April 2016

Academic Editor: Laurence T. Yang

Copyright © 2016 Yang Shi et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

Considering the security of both the customers’ hosts and the eShops’ servers, we introduce the idea of a key-insulated undetachable digital signature, enabling mobile agents to generate undetachable digital signatures on remote hosts with the key-insulated property of the original signer’s signing key. From the theoretical perspective, we provide the formal definition and security notion of a key-insulated undetachable digital signature. From the practical perspective, we propose a concrete scheme to secure mobile agents in electronic commerce. The scheme is mainly focused on protecting the signing key from leakage and preventing the misuse of the signature algorithm on malicious servers. Agents do not carry the signing key when they generate digital signatures on behalf of the original signer, so the key is protected on remote servers. Furthermore, if a hacker gains the signing key of the original signer, the hacker is still unable to forge a signature for any time period other than the key being accessed. In addition, the encrypted function is combined with the original signer’s requirement to prevent the misuse of signing algorithm. The scheme is constructed on gap Diffie–Hellman groups with provable security, and the performance testing indicates that the scheme is efficient.