Online Oral Defense System Based on Threshold Proxy Signature

3 downloads 42967 Views 215KB Size Report
advanced information technology Efficiently makes people better acquire useful ... As a kind of novel digital signature, proxy signature has a bright future of.
Online Oral Defense System Based on Threshold Proxy Signature Fengying Li1 and Qingshui Xue2 1

Dept. of Education Information Technology, East China Normal University, 200062, Shanghai, China 2 Technical School Shanghai Jiaotong University, 201101, Shanghai, China [email protected]

Abstract. Nowadays, proxy signature is one of research hotspots in the field of information technology. However, most researches focus on the theory and its analysis, there is few application researches, in particular, applications based on threshold proxy signature are less than others. In the real life, there are many drawbacks in the local oral defense system and more and more unfairness has been shown. Based on the threshold proxy signature scheme from the bilinearpairing, online oral defense system is proposed. The system consists of main sever, oral defense experts, oral defense students, oral defense secretary and CA (Certificate Authority). It mainly characterizes easily confirming oral defense experts authorized by main server and the oral defense experts can’t deny their own oral defense suggestions submitted. Threshold is a practical processing way in the system. As long as the number of oral defense experts agreeing reaches the number requested, i.e., the threshold value t, related students pass the oral defense procedure. The research opens a new windows for the application of proxy signature technology in remote education and it is very important for us to popularize online oral defense system and enhance the security of modern remote education including online oral defense system. Keywords: Online oral defense system, proxy signature, threshold proxy signature.

1 Introduction Information is one of the useful resources in history. With information technology rapidly developing, it is changing people’s living, working and studying. Utilizing advanced information technology Efficiently makes people better acquire useful information. Although open Internet network which now is the main information media and platform, brings people huge advantages, it also brings tremendous menaces. For example, in the beginning of the Gulf War, the military army headed by the united states launched the electronic war named by White Snow. 24 hours before the flight war, the spy and alertness power of Iraq’s military power are paralysed by the united army. Sometimes, for one day, there would be nearly 150 thousand dummy Y. Wu (Ed.): ICCIC 2011, Part IV, CCIS 234, pp. 110–119, 2011. © Springer-Verlag Berlin Heidelberg 2011

Online Oral Defense System Based on Threshold Proxy Signature

111

and wild information flooding into Iraq’s information receivers. The flood of information made Iraq’s information system paralysed, command control disordered and aerial system unuseful. The problem of information security has been key and strategic one related with social safety, cultural safety, economical safety, military safety and even national safety. The aim of protecting information to be legally used is to solve the problem. Cryptography technology is the key one of information security. Not only can it provide the secret property of information, but also it can provide the security properties of authentication, integrity, undeniablity and so forth. The secret property can be acquired by encryption technology and the latter three properties can be gotten by digital signature technology. The research and application of digital signature in the field of education are widely eyed by domestic and oversea scholars and they have been generally applied to. Authorization and transferring of digital signature are currently needed to be urgently solved. Proxy signature [2] is a kind of most efficient and potential technology. As a kind of novel digital signature, proxy signature has a bright future of applications in remote education, mobile learning, virtual learning and so on. But, there is few application of proxy signature in remote education and other fields[4-7]. In the paper, we will apply it to design an online oral defense system based on threshold proxy signature [8]. The new application model will be constructed and implemented. In the paper, we will organize the content as follows. In section 2, we will detail the background of online oral defense system. We will state the proxy signature and threshold proxy signature in section 3. In section 4, some knowledge on bilinear pairing will be described. The model of online oral defense system will be detailed in section 5. In section 6, the implement of online oral defense system will be stated. In section 7, we will summarize the advantages of online oral defense system. Finally, the conclusion is given.

2 The Background of Online Oral Defense System Last several years, the quantity of Chinese master students has reached very high level in the world, however, the quality of education can’t make the same progress. In order to improve the education quality of master students, all levels of education departments adopt all kinds of policies related to strictly control the quantity of diplomas. For instance, there are some systems including blind reviewers and papers selected for survey. These systems for sure can improve the nature and fairness of paper reviewing to some extent and make masters write better dissertations, as enhances the quality of masters’ dissertations in some aspects. However, the nature is not so simple. The systems can’t put an end to falsification at all. For example, not all of dissertations will be blindly reviewed and there exist other fraudulent practices. Therefore, oral defense is one very important activity to masters’ education. Oral defense should be solemn, sacred and fair. However, there exists something bad such as only for the course during the oral defense. Due to too many masters who will graduate, there often are many students for oral defense for one time. Thus, as far

112

F. Li and Q. Xue

as each student is concerned, he or she has no much time for oral defense and the procedure is only one procedure. The experts for oral defense are generally invited by the tutor. For the sake of face, generally speaking, they will not baffle the students for oral defense. Naturally, some fraudulent practices will inevitably take place. Moreover, the personal relationship between tutors and students also leads to some unfairness for the judgment of dissertations. In addition, inviting experts from other cities will bring low efficiency and some waste of manpower, material resources and money. In order to solve the problems, we will propose the online oral defense system. Then, what’s the online oral defense system? Oral defense system is one virtual oral defense meeting by the technology of network communication. In the system, experts for oral defense and students for oral defense may be in different geographical places. From the network, they will be able to stay in the same place. By various kinds of ways of communication such as graph and voice, they can talk with each other, share information and cooperate to work. The application system can finish the actual oral defense. The system will bring great conveniences for experts and students for their oral defense in real and intuitional communication, and it is vital to overcome the drawbacks of oral defense on the spot.

3 Proxy Signature and Threshold Proxy Signature In 1996, Mambo, Usuda and Okamoto[2] proposed the conception of proxy signature. In the system, a signer named by the original signer can delegate another signer, named by the proxy signer, to produce valid signature in behalf of the original signer and the signature produced is called proxy signature. Proxy signature needs some security properties-unforgeability, verifiability, undeniability, distinguishability, proxy signer’s deviation, identifiability, prevention of misuse and so forth[2]. It seems to us that efficient proxy signature, in addition, should have the security properties of withdrawal of proxy signing power, simplicity of schemes, high efficiency of implementation and so on. According to different standards classified, proxy signature can be divided into different classes [2,4-8]. Threshold proxy signature is one of its varieties. In threshold proxy signature, t or more proxy signers of n proxy signers will sign messages in behalf of the original signer. The kind of proxy signature possesses the advantages as follows: (a) If attackers want to produce proxy signature, they have to get t sub-proxy private keys. Generally speaking, it is very tough; (b) Even if one or some proxy signers are unwilling to cooperate or show, leak or tamper sub-proxy keys, it will not influence the comeback of the proxy signature key; (c) Authority is distributed and avoided to misuse. Some key decisions may need some members of directorate to cooperate to sign. Due to these good security properties, threshold proxy signature gets much attention. In the system, the knowledge of bilinear pairings is used. In the following, bilinear pairings will simply be stated.

Online Oral Defense System Based on Threshold Proxy Signature

113

4 Bilinear Pairing

G1 and G2 be a additive group and a multiple group with the same prime order q respectively. P is the generation element of G1 . Suppose that the discrete logarithm problem on G1 and G2 is difficult. Bilinear pairing e : G1 × G1 → G2 meets the Let

three properties as follows [1,3]. 1) Bilinearity. For each P, P '∈ G1 and each a, b ∈ Z , e( aP, bP' ) = e( P, P ' ) holds. 2) Nondegeneration. For ∀P '∈ G1 , if e( aP, bP ' ) = 1 , then P = O . 3) Calculability. For each

ab

P, P'∈ G1 , there exists an efficient algorithm to

compute e( aP, bP' ) . We can construct bilinear pairings from Weil pairings or Tate pairings modified on supersingular ellipse curves. Based on this kind of group G1 , difficult cryptographic problems are defined as follows.

P, P'∈ G1 , find an integer n such

1) Discrete Logarithm Problem (DLP): Given that P = nP ' . 2) Computational

Diffie-hellman

Problem

(CDH):

Given

( P, aP, bP) ∈ G (a, b ∈ Z ) , calculate abP . * q

3 1

3)

Decisive

Diffie-hellman

Problem

(DDP):

Given

( P, aP, bP, cP) ∈ G (a, b, c ∈ Z ) , judge if c = ab(mod q ) holds or not. 4 1

* q

4) Gap Diffie-hellman Problem (GDH): a kind of problem that CDH problem is difficult while DDH problem is easy. A group that CDH problem is difficult while DDH problem is easy is called Gap Diffie-hellman group.

5 The Model of Online Oral Defense System The system is composed of main server, oral defense experts, oral defense students, oral defense secretary and certificate authority (CA). Main server as the original signer, is charge of system initialization and delegates its signing power to oral defense experts, and/or collects and verifies oral defense experts’ suggestions. That’s to say, main sever will pass its signing power to all of oral defense experts on behalf of school oral defense committee. If the number of experts agreeing exceeds the number specified (threshold value), main sever will finish one student’s oral defense. Certificate authority (CA) in the system releases and authenticates certificates of the public key of each participator. Oral experts will check students’ oral defense. In the implementation, oral defense students are able to visually communicate with oral

114

F. Li and Q. Xue

expert5 expert1

expert2

CA

Internet

server

expert 3

secretary

expert4

student

Fig. 1. The model of online oral defense system

defense experts by network. During the course, oral defense students introduce their own research results, then oral defense experts ask some questions related online and oral defense students answer these questions online. After each student finishes answering the questions asked, according to students’ answer, oral defense experts give them score online or pressed corresponding button which shows PASS or NOPASS. By doing so, oral defense experts sign their suggestions, then pass them to main server or oral defense secretary. Main servers or oral defense secretary can verify oral defense experts’ identities and the message signed. Meanwhile, oral defense students’ identities need also be identified during the implementation. Threshold is one efficient way in the system. If only the number of experts agreeing reaches specified one, i.e., threshold value t, students will pass the oral defense. If schools, i.e., main servers, want to know the suggestions of oral defense experts, they will be able to verify them.

6 Implementation of Online Oral Defense System In the system, main sever as the school and the original signer owns private key

xo ∈ Z q* and corresponding public key YO = xo P , which is issued and verified by CA. Each of oral defense experts as proxy signers,

Pi (i = 1,2,..., n) has private key

xi ∈ Z q* and corresponding public key Yi = xi P verified by CA. mw is the

Online Oral Defense System Based on Threshold Proxy Signature

115

delegation information which main server passes to oral defense experts. It includes the identities of main server and oral defense experts, threshold value t, n, the valid period and so on. ASID (Actual Signers’ ID) denotes actual signers, i.e., identities of oral defense experts agreeing. ASID can be gotten by related buttons in front of oral

G0 and G1 have the same prime order of q . P is one generation element of group G0 . e : G0 × G0 → G1 is a secure bilinear pairing. In defense experts. Group

addition,

H 1 : {0,1}* × G0 → Z q* and H 2 : {0,1}* → G0 \ {1} are two secure hash

functions. The system consists of three phases as follows. A. Oral Defense Experts Acquire Proxy Share The phase is the initial one of the system. Main sever will select n experts in expert databases at random as the oral defense experts for the time and will delegate signing power to the n oral defense experts on behalf of main servers or schools. The phase is detailed as follows. Step 1. Main sever, i.e., original signer, chooses a random integer computes

U = rP

, h = H (m 1

w

,U ) , Q = H 2 ( m w )

r ∈ Z q* and

, V = (r + hx )Q , o

σ = (U ,V ) and s = n (hr + xo ) .Then, main sever passes message (mw ,σ , s) −1

to

each of oral defense experts, i.e., proxy signers by Internet, Extranet, Intranet and so forth. Step 2. Each of oral defense experts Pi , i.e., proxy signers, verifies (m w , σ , s ) by equation (1) and (2).

e( P,V ) = e(U + hYO , H 2 (mw ))

(1)

nsP = hU + YO

(2)

If both equation (1) and (2) hold, each oral defense expert accepts message

(mw ,σ , s ) and calculates si = s + xi + ki defense expert

, k ∈Z i

chosen at random by oral

Pi .

Step 3. Each of oral defense experts polynomial

* q

Pi selects one (t − 1) -degree

f i ( x) = si + ai ,1 x + ai , 2 x 2 + ... + ai ,t −1 x t −1 ,here ai ,0 = si

, thus,

f i (0) = si . Then Pi computes and broadcasts ai, j P ( j = 1,2,..., t − 1) and k i P to other oral defense experts. Furthermore, exert

Pi calculates and safely passes

f i ( j ) ( j = 1,2,..., n; j ≠ i ) to other (n − 1) oral defense experts.

116

F. Li and Q. Xue

Step 4. Once expert

Pi receives f j (i ) ( j = 1,2,..., n; j ≠ i )

, P verifies i

f j (i )

by equation (3). t −1

f j (i ) P = ∑ i k ⋅ a j ,k P

(3)

k =0

here,

a j , 0 P = n −1hU + n −1Yo + Y j + k j P .

If equation (3) holds, expert meanwhile, computes Let as xi ' =

Pi computes xi ' = ∑k =1 f k (i ) as secret proxy share, n

Yi '= xi ' P as public proxy share.

f ( x) = ∑k =1 f k ( x) n





then

we

can

rewrite

xi ' = ∑k =1 f k (i ) n

f (i ) and Yi '= xi ' P as Yi '= f (i ) P respectively.

B. Oral Defense Experts Threshold Proxy Signature Generation Without Leaking Secrets Let

m be the message to be signed. The message is the suggestions of oral defense P1 , P2 ,...., Pt is t experts,

experts agreeing. Without loss of generalization, suppose

i.e., proxy signers, to cooperate to sign,. The phase will work as follows. Step 1. Each expert

Pi (i = 1,2,..., t ) calculates wi = ∏ j =1, j ≠i t

j and j −i

σ i = ( xi ' wi + xi ) H 2 (m) . Thus, expert Pi ’s proxy signature on message m is partial proxy signature σ i . Pi passes σ i to main server or oral defense secretary. Step 2. After receiving σ i from expert Pi , main server or oral defense secretary will check its validation by equation (4).

e( P, σ i ) = e( wiY 'i +Yi , H 2 (m)) If all of

σ i (i = 1,2,..., t )

(4)

from all of oral defense experts are valid, main server or

oral defense secretary computes σ ' =



t i =1

secretary gets the threshold proxy signature

σi .

Finally, main server or oral defense

(m, mw , ASID,U ,σ ' , k1 P,..., k n P) on

message m. C. Oral Defense Experts Threshold Proxy Signature Verification After receiving the threshold proxy signature

(m, mw , ASID,U ,σ ' , k1 P,..., k n P)

on m, any verifier can judge its validation and identify the oral defense experts agreeing, i.e., proxy signers. The phase is stated as follows.

Online Oral Defense System Based on Threshold Proxy Signature

Step 1. From warrant

117

mw and ASID, any verifier can identify main server, i.e.,

original signer, and oral defense experts agreeing. Thus, their public keys can be gotten from CA. ASID includes the identities of oral defense experts agreeing. Step 2. Any verifier including main sever or oral defense secretary will check the validation of ( m, mw , ASID,U , σ ' , k1 P,..., k n P ) by equation (5). n

e( P, σ ' ) = e( H1 (mw ,U )U + YO + ∑Yi + i =1

t

n

∑ Y + ∑ k P, H i

i =1

i

2

(5)

(m))

i =1

If equation (5) holds, the threshold proxy signature (m, mw , ASID,U ,σ ' , k1 P,..., k n P ) from oral defense experts is valid. Threshold proxy signature ( m, mw , ASID,U , σ ' , k1 P,..., k n P ) can be proved by equation (6).

7 Advantages of Online Oral Defense System 1) Schools can select oral defense experts at random in all kind of fields from experts library. By proxy signing delegation, oral defense experts can pass their advices to schools. Schools can verify and confirm the oral defense advices from oral defense experts. Meanwhile, oral defense experts can’t deny their suggestions related with oral defense students. 2) Rights can be fairly distributed. Information can be uniformly provided in time. Virtual communication by face to face helps mutual understanding and individuation, quickens decision-making, simplifies negotiation, lessens confusion and misapprehending, improves persons’ responsibility and weakens some sublime experts’ advices. According to the threshold value, t out of n experts agreeing, imply students related pass the oral defense. In the real world, it should be fair. 3) Save manpower, material resource and money. Due to convenience of oral defense system, the traveling time and cost are reduced. It’s possible for oral defense experts to rapidly gather in short time. Thus, time, resources and money are saved and working efficiency is greatly increased. 4) Remote control and checking can efficiently decrease fraudulent practices. Direct and virtual communication with oral defense experts make credit standing to be constructed and are efficiently supervised. The system makes decision-making and sealed transaction more rapid and convenient. 5) Better quality of oral defense system. In the case of not adding cost, more participation and more transparent to the course of oral defense. Under strict control and monitoring, decisions are made. It is an unprecedented challenge to both students and experts. Therefore, the quality of online oral defense system is high.

118

F. Li and Q. Xue t

t

e( P,σ ' ) = e( P, ∑ σ i ) = e( P, ∑ ( xi ' wi + xi ) H 2 (m)) i =1

i =1

t

t

= e( P, (∑ ( xi ' wi ) + ∑ xi ) H 2 (m)) i =1

i =1

t

= e( P, ( f (0) + ∑ xi ) H 2 (m)) i =1

n

t

= e( P, (∑ f i (0) + ∑ xi ) H 2 (m)) i =1

i =1

n

t

= e( P , ( ∑ s i + ∑ x i ) H 2 ( m ) ) i =1

(6)

i =1

n

n

t

i =1

i =1

i =1

= e( P, (ns + ∑ xi + ∑ k i + ∑ xi ) H 2 (m)) n

t

n

= e( P , ( H 1 ( m w , U ) r + x o + ∑ xi + ∑ xi + ∑ k i ) H 2 ( m ) ) i =1

i =1

i =1

n

t

n

i =1

i =1

i =1

n

t

n

i =1

i =1

i =1

= e(( H 1 (mw ,U )r + xo + ∑ xi + ∑ xi + ∑ k i ) P, H 2 (m)) = e( H 1 (mw ,U )U + YO + ∑ Yi + ∑ Yi + ∑ k i P, H 2 (m))

8 Conclusions Online oral defense system makes oral defense experts and students who are in different places in the same virtual oral defense meeting. After opening the website or system client, the system can be logged in. Thus, PPT can be showed at the same time; multimedia can be played; communication will take place by Peer to Peer; multiple persons can discuss; files will be transferred; remote control and cooperation are made; poll will be voted; in addition, suggestion can be made by proxy signers and meeting can be recorded and replayed, without the limit of time and places. Therefore, the efficiency can be increased on the double. The oral defense system will efficiently accelerate the application of IT network by school users. While we know many advantages of the system, we predict there exist some disadvantages in the online oral defense system. For instance, by remote transferring, the acting of mouths may mismatch the voice and the picture may be delayed. The question focuses on bandwidth and transferring. However, the paper will not discuss the kind of problem. As far as threshold proxy signature is concerned, in the system, there are some open questions which are urgent to solve. For example, how to realize anonymous voting, how to realize modifiable voting, how to withdraw the proxy signing power, and so on. These problems will be further researched in the future in the system.

Online Oral Defense System Based on Threshold Proxy Signature

119

Acknowledgment. We thank the reviewers for their valuable comments that helped us improve the quality and presentation of our work.

References [1] Cha, J.C., Cheon, J.H.: An identity-based signature from gap diffie-hellman groups. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 18–30. Springer, Heidelberg (2002) [2] Mambo, M., Usuda, K., Okamoto, E.: Proxy Signature for Delegating Signing Operation. In: Proceedings of the 3rd ACM Conference on Computer and Communications Security, New Dehli, India, pp. 48–57. ACM Press, New York (1996) [3] Boneh, D., Lynn, B., Shacham, H.: Short Signature from the Well Pairing. In: Advances in Cryptology-Asiacrypt 2001, Springer, Heidelberg (2001) [4] Wang, C.: Study on the Applications of Undeniable Signature and Proxy Signature. XIDIAN University, Xi’an (2003) (in Chinese) [5] Yi, L.: Study on Proxy Signature Schemes and Their Applications. Xi’an XIDIAN University, Xi’an (2000) [6] Zhang, J., Wang, H.: New proxy blind signature scheme and its application in electronic cash. Application Research of Computers 26(1), 347–358 (2009) [7] Wu, M., Wang, R.: A study on the Application of proxy blind signature in electronic commerce based on mobile agent technology. Journal of Nanjing University of Posts and Telecommunications 25(5), 84–94 (2005) [8] Xue, Q.S.: Design, Cryptanalysis and Implementation of Novel Proxy Signature Protocols. Shanghai Jiaotong University (2005)