Two Factor Authentication Based Contract Signing Protocol

(1)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 4, Issue 8, August 2014)

380

Two Factor Authentication Based Contract Signing Protocol

Charu Bamboriya

1

, Prof. S. R. Yadav

2

1_{M.Tech. Research Scholar, Millenium Bhopal} 2_{Professor, Millenium Bhopal} Abstract-- During the transmission of message from

sender to receiver security from various attacks is important. Contract signing protocol is a new way of signing between two parties over internet so that fairness between parties is maintained. Although there are various techniques implemented for providing security and fairness between two parties [1]. Here in this paper a new and efficient technique of contract signing is implemented using hybrid technique of authentication using one time password and true random number generation. The technique implemented here provides security from various attacks and also provides fairness between two parties.

I. INTRODUCTION

With the huge use of data and information transfer in today life, the exchange of information is essential that demands the efficient and reliable transfer media. During the exchange of information among two parties fairness between the parties is important because one party can‟t trust on the other party. Hence the solution is to build a contract signing protocol for the parties that needs to exchange the information or needs to contract anything. Contracts play an important role in many business transactions. Traditionally, paper-based contracts are signed by the transacting parties who need to be present at the same venue and at the same time. Each party signs a copy of the contract for every contracting party so that every party has a copy of the signed contract. If the parties, however, are not able to meet to sign the paper-based contract, then signing an electronic contract is an alternative [1].

The problem with signing electronic contracts, however, is exchanging the signatures of the parties, especially where there is a lack of trust between parties. One party may send the other party their signature on the contract but may not receive the signature of the other party in return. To solve the problems of exchanging digital signatures, contract signing protocols are used. Contract Signing Protocols ensure that either contracting parties receive each other‟s signature or none does. With the enhancement of e-commerce, it is advantageous to have a system that permits parties to sign a digital contract by means of the Internet or network [1].

Optimistic fair exchange protocol utilizes a trusted third party, except only in a very limited manner. The third party is only needed in situations anywhere one player attempts to defraud or simply crashes; as a result, in the immense preponderance of transactions, the third party will not necessitate to be concerned at all.

Compared to a protocol with an on-line third party, the optimistic approach appreciably reduces the load on the third party that in turn reduces the cost and uncertainty involved in replicating the service in order to preserve accessibility. A fair protocol permits two parties to exchange digital signatures over the Internet in a realistic technique, so that either each party gets the other‟s signature or neither party can does it [2].

Contract signing protocol allows two potentially suspicion parities to swap their commitments to a decided contract over the Internet in a well known means. Signing Protocols guarantee that either contracting parties receive each other's signature or no exchange will occurred. In this paper, a new, efficient contract signing protocol is proposed. This protocol is based on offline trusted third party (TTP) that is capable to brought into participate only if one party not succeed to send their signature on the contract. In the normal execution of the protocol, the two parties will exchange their signatures directly.

(2)

International Journal of Emerging Technology and Advanced Engineering

381

Individuals and businesses square measure trying forward to World Wide Web for conducting differing types of transactions. One in all these transactions is that the exchange of valuable documents (such as electronic payment and products) between the parties. That is, party A will exchange its valuable document for party B‟s valuable document. As associate example of such associate exchange, party A would adore to buy for associate electronic product (e-product like computer game) from party B. As parties pattern communication networks, they'll not send their documents at identical time. Rather, one party sends its document at a time. Once receiving the document of the first party, the second party sends its document [4].

A fair exchange protocol could be a protocol that implements the subsequent 3 requirements namely effectiveness, termination and fairness. Properties of changed things certain item properties is exploited by truthful exchange protocols. Some of these properties refer to the item descriptions which participating parties must give before engaging in fair exchange [5].

II. BACKGROUND

The majority of password-based user authentication systems consign total trust on the authentication server where passwords or even easily derived password verification data are stored in a fundamental database. These systems could be easily compromised by offline dictionary attacks initiated at the server side. A Contract Signing protocol is a novel and efficient way of securing the exchange of data information online i.e through network or internet, although the chance of cheating and different attack over the network has been increased so the solution is implement a new and efficient protocols for the prevention from various attacks in the network as well as different online applications such as E-commerce can be done securely. Also during the exchange of information between two parties fairness is maintained and no party can cheat the other in an optimistic manner.

III. RELATED WORK

In 2010 by Guilin Wang present the abuse-free fair contract signing protocol i.e. based on the RSA signature. This protocol shows that it is both secure and efficient. Their primary target is to provide digital contract signing among parties. The digital contract signing is effectively implied by fair exchange of digital signatures among two potentially mistrusted parities [1]. Alfin Abrahamet al [2] proposed a survey of the entire contract signing protocols that are already been implemented and proposed. Here in this paper the main survey is on fairness an optimistic involved during the contract signing of the two parties so that if any party failed to get the signature then the other party also doesn‟t get the signature of the other party.

The TTP in the signing of the two parties is involved only when one party is cheating.

Vinod Moreshwar Vaze explored the method of one time password key as a secure and trusted certification scheme for authentication. OTPK provides facility to choose user‟s own signing key and used it as strong authentication key for signing online document or contracts. In this the generation of key is one time and as soon as the sender and the receiver uses this key it will automatically gets destroyed so that the storage cost is reduced as well as the chances of eaves dropping as well as different attacks as been reduced. It works similar to the digital signatures which can be used for the authentication of the sender and then receiver. The main advantages of key generation using OTPK is that the time complexity is reduced, storage cost gets reduced as well as prevention from various attacks sin the network also gets reduced [3]. Abdullah M. Alaraj presented an efficient fair document exchange protocol and document will be done between two parties. In the time of exchanging document the document‟s key will allow one party to verify the encrypted key. Here the main idea based on the enforcing the honesty of one party to the method of supportable and recoverable encryption of keys. The result of this application is a more efficient reasonable document exchange protocol [4].

H. Pagnia recommended fair exchange concept and

talking about secure online transaction where

transactions over the Internet how to per- form safe and secure online business. A main problem in this context is fair exchange, i.e., how to exchange two electronic items in a fair manner. Here compositional approach is now possible to select exchange protocols for a given level of fairness and given item properties energetically [5].

In 2011 Harn and Lin recommended a contract signature scheme based on the discrete logarithm assumption. This scheme adopts a digital multi-signature scheme in public-key cryptography to facilitate fair signature exchange over network. This solution allows multiple signers of a contract signature to exchange their partial signatures that are full ambiguous for any third party to construct a valid contract signature. Since this contract signature has no keystone, security problems can be avoided. Besides the length of a contract signature is identical to the length of a single digital signature and the verification time of a contract signature is fixed [6].

(3)

International Journal of Emerging Technology and Advanced Engineering

382

Informally, in a DAFE protocol, if a participant fails to send a correctly formed message, the other party must contact some subset of the arbiters and get correctly formed responses from them. The optimistic fair exchange protocols are employed multiple autonomous arbiters and does not have timeout mechanisms. It is also unable to provide fairness in a realistic setting. They showed that timeouts and dynamic resolution sets play an important role in the design of such distributed arbiter fair exchange protocols [7].

A new digital anonymous contract signing protocol consents to two potentially mistrusted parities to swap over digital signatures to a decided contract over the Internet in a fair mode, consequently that either all of them acquires the other‟s signature, or neither party can do it. It is based on the LUCAS signature scheme; this protocol satisfied a new property namely abuse-free. It means if the protocol is performing unproductively either of the two parties can not show the legitimacy of intermediate results to others. In this protocol the contract is known to both parties where the attacker can be another party in the network or the person you think you want to sign a contract with. A fair exchange between two parties is always needed in this protocol so that if party fails to receive the signatures the other also can‟t access the signatures. But the true Fair exchange always needs a Trusted Third Party [8]. The free fair exchange of contract signing protocol between two parties is an abuse free contract protocol is given using the concept of generation of digital signatures by RSA technique. During the exchange of the signatures between the two parties multiple TTP‟s have been involved so that the chances of attacks on the signatures have been reduced [9].

Escrows Protocol [10] has proposed a new protocol for the fair exchange between two parties. A fair protocol is given so that if one of the parties doesn‟t get the signature of the other party then the other party also doesn‟t get the signatures of the other. It also uses a TTP but is only involved during the cheating of one party. The indispensable idea is that Alice, the originator, encrypts her signature underneath the public key of the TTP. Therefore Bob, the responder can have it decrypted by the TTP. The escrows protocol makes use of three other sub protocols called an abort protocol, a determine protocol for the receiver and a determination protocol for the initiator. The signatures generated by the sender can be encrypted and then the receiver uses the TTP for the decryption of these signatures for a fair exchange [10].

Park et al [11] proposed a protocol of contract signing using RSA signatures but for the E-commerce via Distributed Systems. There are various applications running over internet that needs a fair exchange of information such as E-commerce. Here in these techniques uses multi signatures using RSA.

This scheme uses multi signatures that are companionable with the essential standard signature method that is used to integrate the fair-exchange feature by way of existing e-commerce systems. Zero-knowledge proofs are not employed in the exchange protocol, which drastically increases effectiveness [11]. Fair Contract Signing Protocol had suggested to distributed exchange of parties for the contract signing and their assurances to a contract in an efficient and reliable way such that each of them can gain the other‟s commitment, if it is not happened then neither of them does. A realistic and proficient method for fair contract signing is via an imperceptible trusted third party. This protocol conserves even-handedness while remaining confident in the intelligence that the trusted party necessitate not is involved in the protocol except a certain disagreement occurs [12].

Generic Fair Non-Repudiation Protocols through Transparent Off-Line TTP recommended by Guiling Wang [13]. It is in non-repudiation facility indisputable confirmations necessitate be generating, exchanging, and validating using computer networks. Subsequent to the completion of such a transaction, every involved party should attain the predictable items. If any untruthful party denies its involvement in an explicit transaction, others can disprove such a claim by offering electronic evidences to a judge. This protocol is a nonspecific fair protocol along with transparent off-line TTP. A digital message is implemented and an unquestionable receipt among two mistrusting parties in excess of the Internet. After the execution of this protocol, the fairness is maintained i.e. no party will get the information regarding the other if the contract fails to proceed. TTP works as a third participant in scenarios where two parties need additional trust between them, for instance when it comes to contract signing. This trusted third party can in real life be compared to the post office receiving registered mail, and getting a receipt from the receiver before delivering the registered mail [13].

(4)

International Journal of Emerging Technology and Advanced Engineering

383

Debajyoti Konar and Chandan Mazumdar introduced a novel Fair Gradual Secrete Release (GSR) protocol that is used for contract signing against intense money among an originator and a responder connecting their banks as transacting parties. These protocols comprise money atomicity, validated agreement and the equality in true sense. This uses originator, originator‟s bank, responder, responder‟s bank as transacting parties exclusive of by means of an supplementary trusted third party. It defend the validity of the contract by ensuring that the pre-signed contract the responder is about to receive from an originator, is the same as that the responder intended to sign, before the responder pays the earnest money. The Ecommerce scenario also needs an contract signing protocols against earnest money that holds the validated contract property [16].

Rohit Chadha el al [17] [18] analysed the multi-party contract-signing protocols. They used a finite-state tool, Mocha. This allows specification of protocol properties in a branching-time temporal logic with game semantics. While analysis does not reveal any errors in the BW protocol, in the GM protocol they also discovered serious problems with fairness for four signers and an oversight regarding abuse-freeness for three signers. They also present a complete revision of the GM sub protocols in order to restore fairness [17]. They showed that a contract signing protocol lets two parties swap over digital signatures on a pre-agreed text. Optimistic contract signing protocols facilitates the signers to do accordingly without invoking a TTP. An arbitrating third party remains obtainable should one or both signers request suitable resolution. This protocol used a

game-theoretic approach and proves a fundamental

impossibility result in any fair, optimistic, timely protocol; an optimistic player yields a merit to the antagonist. The evidence relies on a cautious characterization of optimistic play that postpones communication to the third party [18].

IV. PROPOSED METHODOLOGY

The proposed methodology implemented here consists of following phases:

1.If both parties P1 and P2 are new then both needs to

be registered on Central Authority.

2.Both parties P1 and P2 send their identity „Id1‟ and

„Id2‟ to the CA.

3.The CA in respond sends a password to the parties.

4.Both parties enter their password which is then

sending to the CA.

5.The CA verifies both password and authenticates

both parties and generates a secrete random value to both parties.

6.Both parties then generates secrete master key from

the random number and send to the CA.

7.CA also generate master key and verifies parties.

8.The second factor authentication is done using

generation of key from image using true random number generation.

Image based Authentication

Scan pixel values of image from top to bottom and left to right.

1.Concatenating the value to generate random number

consisting of 0‟s & 1‟s.

2.We can apply any rule for deriving random

numbers like XOR, mapping, discarding etc.

3.Random value can be generated by concatenating

columns only or rows only or rows and columns.

4.Similarly unique values can be generated for two

parties from the same image for authentication.

[image:4.595.312.564.427.645.2]

V. RESULT ANALYSIS

Table 1.

Key Generation from various Images

Images

Image Size

Image key

size(bits)

Time in ms

image1 25KB 7567 104

image2 674KB 597852 285

image3 285KB 365475 238

image4 385KB 417495 385

image5 475KB 438596 493

image6 501KB 593759 274

image7 684KB 619375 310

(5)

International Journal of Emerging Technology and Advanced Engineering

[image:5.595.40.291.130.736.2]

384

Table 2.

Comparison of different Contract Signing Protocols

Paramete rs Protocols Escr ows Base d Proto col Park et. al,’s RSA base d proto col Bao et. al.’s Proto col Contr act Signin g Proto col based on RSA Propose d Scheme

Fairness YES YES YES YES YES Timelines

s

YES YE YES(

weak)

YES YES

Multiple TTP

YES YES YES YES YES

Replay attack

YES YES YES YES NO

Confident iability

NO NO NO YES YES

Additiona l

Authentic ation

NO NO NO NO YES

Storage Cost MOR E MOR E MOR E MOR E LESS Identity disclosure attack

YES YES YES YES YES

Insider attack

YES YES YES YES YES

Outsider attack

YES YES YES YES YES

Online/off line dictionary attack

YES YES YES YES YES

Table 3.

Security Attack from various Attacks

Security Parameter Prevented by proposed technique

Insider Attack Yes

Replay Attack Yes

Dictionary Attack Yes

DOS Attack Yes

DDOS Attack Yes

Identity Disclosure Attack

Yes

VI. CONCLUSION

The proposed technique implemented here for the signing between two parties is efficient in terms of security from various attacks and fairness factor. The proposed technique implemented here provides security from DOS, DDOS, replay, identity disclosure attacks.

REFERENCES

[1] Guilin Wang “An Abuse-Free Fair Contract-Signing Protocol Based on the RSA Signature”, IEEE Transactions on Information Forensics and Security, Vol. 5, No. 1, March 2010.

[2] Alfin Abraham, Vinodh Ewards, Harlay Maria Mathew “A Survey on Optimistic Fair Digital Signature Exchange Protocols”, International Journal on Computer Science and Engineering (IJCSE), ISSN: 0975-3397, Vol. 3, No. 2, pp. 821 – 825, Feb 2011.

[3] Vinod Moreshwar Vaze “Digital Signature on-line, One Time Private Key [OTPK]”, International Journal of Scientific & Engineering Research, ISSN 2229-5518, Volume 3, Issue 3, March -2012.

[4] Abdullah M. Alaraj “Optimizing One Fair Document Exchange Protocol”, International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.1, January 2012.

[5] H. Pagnia, H. Vogt and F. C. Gartner, “Fair Exchange” The Computer Journal, 2003.

[6] Lein Harn a,Chu-Hsing Lin “Contract signature in e-commerce”, Computers and Electrical Engineering, vol.-37, pp-169–173, 2011.

[7] Kupcu, Alptekin, and Anna Lysyanskaya "Optimistic fair exchange with multiple arbiters." In Computer Security– ESORICS 2010, pp. 488-507, Springer Berlin Heidelberg, 2010. [8] H. Jayasree and Dr. A. Damodaram “A Novel Fair Anonymous

Contract Signing Protocol for E-Commerce Applications”, 2012 International Journal of Network Security & Its Applications (IJNSA), Vol. 4, No. 5, September 2012.

[9] Alfin Abraham, “An Abuse-Free Optimistic Contract Signing Protocol with Multiple TTPs”, IJCA Special Issue on “Computational Science – New Dimensions & Perspectives” NCCSE, 2011.

[10] Asokan, Nadarajah, Victor Shoup, and Michael Waidner. "Optimistic fair exchange of digital signatures," IEEE Journal on Selected Areas in Communications, vol. 18, no. 4, pp. 593-610, 2000.

[11] Park, Jung Min, Edwin KP Chong, and Howard Jay Siegel "Constructing fair-exchange protocols for E-commerce via distributed computation of RSA signatures," In Proceedings of the twenty-second annual symposium on Principles of distributed computing, pp. 172-181, ACM, 2003.

[12] Bao, Feng, Guilin Wang, Jianying Zhou, and Huafei Zhu. "Analysis and improvement of Micali‟s fair contract signing protocol." In Information Security and Privacy, pp. 176-187, Springer Berlin Heidelberg, 2004.

[13] Wang, Guilin "Generic non-repudiation protocols supporting transparent off-line TTP." Journal of Computer Security, vol.14, no. 5, pp. 441-467, 2006.

(6)

International Journal of Emerging Technology and Advanced Engineering

385

[15] Aizatulin, Mihhail, Henning Schnoor, and Thomas Wilke. “Computationally sound analysis of a probabilistic contract signing protocol”, Springer Berlin Heidelberg, 2009.

[16] Debajyoti Konar and Chandan Mazumdar “A Novel Fair GSR Contract Signing Protocol Against Earnest Money” 2007 IJCSNS International Journal of Computer Science and Network Security, VOL.7 No.11, November 2007.

[17] Chadha, Rohit, John C. Mitchell, Andre Scedrov, and Vitaly Shmatikov. "Contract signing, optimism, and advantage." In CONCUR 2003-Concurrency Theory, pp. 366-382, Springer Berlin Heidelberg, 2003.