Showing papers by "Jarrod Trevathan published in 2005"

Security, anonymity and trust in electronic auctions

Abstract: Auctioning items over the Internet is a popular and lucrative industry.There are now many companies that conduct auctions online such as eBay [5] and onSale [10]. Online auctions have geographical advantages over traditional auctions as buyers and sellers are not required to be physically present at a central location (such as a hall or open air venue). This allows online auctions to be much larger and more elaborate than traditional auctions.However, it also provides opportunities for the auction participants to cheat. A bidder can cheat by repudiating bids, failing to pay, or colluding with other bidders to affect the settlement price.Likewise, the seller of the item might fail to deliver the goods, or could be in collusion with some of the bidders.Someone could also forge a bid in an attempt to frame a bidder, or introduce fake bids in order to influence the auction proceedings. Furthermore, bidders are required to trust the auctioneer with their identity and bid information.A corrupt auctioneer could award the auction to someone other than the legitimate winner.A bidder's personal information could also be sold to marketing agencies, or used for malicious purposes. Commercial auction sites fail in many of the aforementioned circumstances. These sites only offer basic solutions that are designed to "clean up" after wrongdoing has taken place.However, cryptography can be used to solve some of these problems up-front.An "electronic auction" is a cryptographic scheme designed to securely conduct auctions while protecting the identities of the bidders. In this article we describe two popular types of electronic auctions. We discuss the security issues associated with conducting these auctions and contrast the differing anonymity requirements.We also identify four main strategies for reducing the trust that bidders must place in the auctioneer.Furthermore, we present a basic example of an electronic auction scheme.This is used to illustrate the complexity involved in designing a secure and anonymous auction scheme. Finally, we discuss some of our research with regard to using group signature schemes to constructelectronic auctions.

Remote handwritten signature authentication

Abstract: This paper presents a secure real time remote user authentication system based on dynamic handwritten signature verification. The system allows users to establish their identities to other parties in real-time via a trusted verification server. The system can be used to gain remote access to restricted content on a server or to verify a signature on a legal document. State of the art dynamic verification techniques are combined with proven cryptographic methods to develop a secure model for remote handwritten signature verification.

Design issues for electronic auctions

Abstract: Extensive research has been conducted in order to improve the security and efficiency of electronic auctions. However, little attention has been paid to the design issues. This paper discusses design issues and contrasts the differing security requirements between various auction types. We demonstrate that poor design for an electronic auction breaches the security of the system and degrades its practicality, irrespective of how secure/efficient the building blocks of an electronic auction are. This is accomplished by illustrating design flaws in several existing electronic auction schemes. Furthermore, we provide a solution to these flaws using a group signature scheme and give recommendations for sound auction design.