Research On Secure E-Auction Protocol Based On Digital Signature

As one of the important components of electronic commerce, Electronic Auction(E-Auction) protocols provide a very competitive way to sell and buy a variety of goods and services conveniently and have received a lot of attention recently. Bid privacy, security and anonymity have become extremely important and frequently desired properties in E-Auction to defend against malicious attack from fraudsters, dishonest bidders and auctioneers. Satisfying all these requirements have become a great challenge with the rapid and widespread development of e-commerce technologies. Furthermore, digital signature, a fundamental primitive of cryptography, offers non-repudiation, unforgeability,public verifiability and authenticity of transmitted messages. In this thesis, we propose secure and privacy-preserving E-Auction protocol by incorporating the idea of digital signature in order to address the aforementioned challenges. For this purpose, the thesis has provided the following contributions.Firstly, a taxonomy of secure electronic English auction protocols is outlined. These protocols are classified into three classes according to their design philosophy: grouporiented signature-based protocols, trusted third party-based protocols and pseudonym identity-based protocols. Then, the pros and cons of these schemes are identified and compared in light of different viewpoints. Furthermore, we analyze the performance of these protocols, and we proposed new directions based on the insightful analysis of the existing work. These directions include improving e-auction efficiency and reduction of trust on third party.Secondly, a novel electronic English auction protocol based on certificateless signature scheme is proposed. This protocol provides many attractive features which include:reducing the trust on third party, dispute protocol and on-shelf mechanism. These features make our protocol quite similar to an actual E-Auction. Furthermore, our protocol satisfies all electronic English auction security requirements, such as bid privacy, anonymity,verifiability and so on. Moreover, the unforgeability of our protocol against adversary I and II attacks are proven in the Random Oracle Model(ROM).Thirdly, we present a Mobile English Auction Agent Model(MoEAAM), a nextgeneration E-Auction that allows mobile agents to navigate on E-Auction houses and participate in auctions on the user’s behalf even when the user is disconnected from the network. This reduces network latency and bandwidth consumption. Furthermore,MoEAAM provides many significant benefits. These include, mobility, high reactivity, anonymity and privacy for buyers; on-shelf mechanism for seller; high revenue and dispute protocol for auction houses. MoEAAM is designed based on identity-based signature scheme, which allows mobile agents to participate anonymously, and to ensure their privacy and confidentiality. MoEAAM offers strong security without sacrificing efficiency. Indeed, the analyses demonstrate that the computational costs and communication overheads in our protocol are reduced significantly while ensuring system security.Our security proof holds in the Random Oracle Model(ROM).