An Efficient Electronic Marketplace Bidding Auction Protocol with Bid Privacy
We modified the multi-agent negotiation test-bed which was proposed by Collins et al. In 2004, Jaiswal et al. have modified Collins’s scheme, but Jaiswal’s scheme still has some security weaknesses: such as replay data attack and DOS (denial-of-service) a
- PDF / 306,694 Bytes
- 12 Pages / 430 x 660 pts Page_size
- 29 Downloads / 182 Views
Abstract. We modified the multi-agent negotiation test-bed which was proposed by Collins et al. In 2004, Jaiswal et al. have modified Collins’s scheme, but Jaiswal’s scheme still has some security weaknesses: such as replay data attack and DOS (denial-of-service) attack, anonymity disclosure, collision between customers and a certain supplier. So the proposed protocol tries to reduce DOS attack and avoids replay data attack by providing ticket token and deal sequence number to the supplier. It utilizes efficient LPN-based authentication method to accomplish lightweight authentication. And it publishes an interpolating polynomial for sharing the determination process data and avoids collusion between a customer and a certain supplier. Also the proposed scheme relaxes the trust assumptions for three-party in Jaiswal’s scheme. According to comparison and analysis with other protocols, our proposed protocol shows good security and less computation cost.
1 Introduction In 2002, Collins et al. presented a multi-agent marketplace, MAGNET (Multi-Agent Negotiation Test-bed) for electronic business-to-business market [1]. Jaiswal et al. proposed security protocol and put it into real-world networks and analyze security problem to improve MAGNET in 2004 [2]. The proposed major modification is the use of a publish/subscribe system by the market to notify the agents about the auctions. Also they adopted time-release cryptography to guarantee non-disclosure of the bids and anonymous communication to hide the identities of the bidders. According to this, the MAGNET is improved in security. But the improved protocol still has some weaknesses: vulnerable to the replay data attack, DOS (denial-of-service) attack, anonymity disclosure weakness, collusion between a customer and a certain supplier. The proposed protocol utilizes ticket token to restrict download, also market generates deal sequence number (dsn) and random number (r) for suppliers who have download requests for quotes (RFQ). It utilizes efficient LPN-based authentication method to accomplish lightweight authentication. When auction is closed, market constructs a simple interpolating polynomial for sharing the determination process data in supplier group who have taken part in this auction. Sharing the determination process data can totally avoid collusion between a customer and a certain supplier. Y. Zhang et al. (Eds.): APWeb 2008, LNCS 4976, pp. 297–308, 2008. © Springer-Verlag Berlin Heidelberg 2008
298
W. Shi, I. Jang, and H.S. Yoo
In 2003, Chang et al. proposed an anonymous auction protocol, they applied a simple method for ensuring anonymity of bidders, and it also provided some important properties of auction protocol [3]. However, Jiang et al. found there were still some weaknesses in initial phase of Chang et al.’s protocol, so they improved it and proved its security in 2005 [4]. Because computation cost is not taken into account in their improvement, Chang et al. proposed the enhancement with the alias in their protocol and analyzed the computation cost
Data Loading...
