Information security and assurance are new frontiers for collaborative design. In this context, information assurance (IA) refers to methodologies to protect engineering information by ensuring its availability, confidentiality, integrity, non-repudiation, authentication, access control, etc. In collaborative design, IA techniques are needed to protect intellectual property, establish security ...

The SET payment protocol uses digital signatures to authenticate messages and authorize transactions. It is assumed that these digital signatures make authorizations non-repudiable, i.e., provable to a third-party veri er. This paper evaluates what can be proved with the digital signatures in SET. The analysis shows that even a successful and completed SET protocol run does not give the parties...

We describe Shibboleth, a program to manage private Internet mailing lists. Differing from other mailing list managers, Shibboleth manages lists or groups of lists that are closed, or have membership by invitation only. So instead of focusing on automating the processes of subscribing and unsubscribing readers, we include features like SMTP forgery detection, prevention of outsiders’ ability to...

Authenticated encryption schemes allow the signer to generate an authenticated ciphertext such that only the designated recipient has the ability to recover the message and verify its corresponding signature. It can be seen that authenticated encryption schemes are applicable to lots of E-Commerce applications like credit card transactions, since these schemes simultaneously fulfill the securit...

The aim of timestamping systems is to provide a proof-ofexistence of a digital document at a given time. Such systems are important to ensure integrity and non-repudiation of digital data over time. Most of the existing timestamping schemes use the notions of round (a period of time) and round token (a single value aggregating the timestamping requests received during one round). Such schemes h...

Advances in mobile networking and information processing technologies have triggered vehicular ad hoc networks (VANETs) for traffic safety and value-added applications. Most efforts have been made to address the security concerns while little work has been done to investigate security and privacy for value-added applications in VANETs. To fill this gap, we propose a value-added application, spe...

We can find many cases where a spontaneous wireless ad-hoc network must be built for a limited period of time in a wireless mesh network: meetings, conferences, etc. One of the main aspects in a spontaneous network is to provide security mechanisms to the users. Confidentially, integrity, authentication, availability and no-repudiation should be provided for all the users in the network and the...

The digital signature provides the functions of integration, authentication, and non-repudiation for the signing message. In some applications, however, the signature only needs to be verified by some specified recipients while keeping the message secret from the public. The authenticated encryption schemes can be used to achieve this purpose. To protect the recipient’s benefit in the case of a...

Wireless sensor network is usually composed of a large number of sensor nodes which are interconnected through wireless links to perform distributed sensing tasks. When a sensor node generates report after being triggered by a special event, it will send the report to a data collection unit (also known as sink) through an established routing path. Wireless sensor networks are usually deployed a...

Current large-scale authentication and non-repudiation systems offer various security measures, but do not meet the needs of today’s Internet-scale applications. Though several designs exist, there have been no significant deployments of Internet-scale security infrastructures. In this paper we propose a novel concept called the public-space that makes complete information of digital entities’ ...