Trusted third party

About: Trusted third party is a research topic. Over the lifetime, 2919 publications have been published within this topic receiving 60935 citations.

Hope or Hype: On the Viability of Escrow Services as Trusted Third Parties in Online Auction Environments

Abstract: Internet fraud has been on the rise in online consumer-to-consumer (C2C) auction markets, posing serious challenges to people's trust in electronic markets. Among various remedies to promote trust and reduce trader's risk, online escrow service has been proposed as a trusted third party to protect online transactions from Internet fraud. However, whether an escrow service constitutes a viable business model for a trusted third party to effectively block Internet fraud remains an open question. This research proposes a dynamic game model for online traders and a profit maximization model for the escrow service provider. Through the investigation of the optimal strategies of online traders, we explore the relationships among traders' decision making, escrow service fee rates, and adoption rates. We reveal the demand for escrow services and establish the optimal pricing rule for the escrow service provider. A numerical study based on the theoretical analysis is conducted to provide detailed guidelines of the model application for an escrow service provider and to explore if the escrow service is a viable business model in C2C auction markets.

Secure Device Pairing based on a Visual Channel.

Abstract: Recently several researchers and practitioners have begun to address the problem of secure device pairing or how to set up secure communication between two devices without the assistance of a trusted third party. McCune, et al. [12] proposed Seeing-is-Believing (SiB), a system which uses a visual channel. The SiB visual channel consists of one device displaying the hash of its public key in the form of a two-dimensional barcode, and the other device reading this information using a photo camera. Strong mutual authentication in SiB requires running two separate unilateral authentication steps. In this paper, we show how strong mutual authentication can be achieved even with a unidirectional visual channel, where SiB could provide only a weaker property termed as presence. This could help reduce the SiB execution time and improve usability. By adopting recently proposed improved pairing protocols, we propose how visual channel authentication can be used even on devices that have very limited displaying capabilities, all the way down to a device whose display consists of a cheap single light-source, such as an LED. We also describe a new video codec that may be used to improve execution time of pairing in limited display devices, and can be used for other applications besides pairing.

Potential of critical e-applications for engaging SMEs in e-business: a provider perspective

Abstract: Against a background of the low engagement of small and medium-sized enterprises (SMEs) in e-business, this paper investigates the emergence of, and potential for, critical e-applications defined as 'an e-business application, promoted by a trusted third party, which engages a significant number of SMEs by addressing an important shared business concern with an aggregation.' By a review of secondary data and empirical investigation with service providers and other intermediaries, the research shows that such applications can facilitate the engagement of SME aggregations. There are three key findings, namely: the emergence of aggregation-specific e-business applications; the emergence of collaboratively based 'one to many' business models; and the importance of trusted third parties in the adoption of higher-level complexity e-business applications by SMEs. Significantly, this work takes a deliberately provider perspective and complements the already considerable literature on SME IT adoption from a user and network perspective. In terms of future research, the importance of a better conceptual understanding of the impact of complexity on the adoption of information technologies by SMEs is highlighted.

Authorized Public Auditing of Dynamic Big Data Storage on Cloud with Efficient Verifiable Fine-Grained Updates

Abstract: Cloud computing opens a new era in IT as it can provide various elastic and scalable IT services in a pay-as-you-go fashion, where its users can reduce the huge capital investments in their own IT infrastructure. In this philosophy, users of cloud storage services no longer physically maintain direct control over their data, which makes data security one of the major concerns of using cloud. Existing research work already allows data integrity to be verified without possession of the actual data file. When the verification is done by a trusted third party, this verification process is also called data auditing, and this third party is called an auditor. However, such schemes in existence suffer from several common drawbacks. First, a necessary authorization/authentication process is missing between the auditor and cloud service provider, i.e., anyone can challenge the cloud service provider for a proof of integrity of certain file, which potentially puts the quality of the so-called ‘auditing-as-a-service’ at risk; Second, although some of the recent work based on BLS signature can already support fully dynamic data updates over fixed-size data blocks, they only support updates with fixed-sized blocks as basic unit, which we call coarse-grained updates. As a result, every small update will cause re-computation and updating of the authenticator for an entire file block, which in turn causes higher storage and communication overheads. In this paper, we provide a formal analysis for possible types of fine-grained data updates and propose a scheme that can fully support authorized auditing and fine-grained update requests. Based on our scheme, we also propose an enhancement that can dramatically reduce communication overheads for verifying small updates. Theoretical analysis and experimental results demonstrate that our scheme can offer not only enhanced security and flexibility, but also significantly lower overhead for big data applications with a large number of frequent small updates, such as applications in social media and business transactions.

SeDaSC: Secure Data Sharing in Clouds

Abstract: Cloud storage is an application of clouds that liberates organizations from establishing in-house data storage systems. However, cloud storage gives rise to security concerns. In case of group-shared data, the data face both cloud-specific and conventional insider threats. Secure data sharing among a group that counters insider threats of legitimate yet malicious users is an important research issue. In this paper, we propose the Secure Data Sharing in Clouds (SeDaSC) methodology that provides: 1) data confidentiality and integrity; 2) access control; 3) data sharing (forwarding) without using compute-intensive reencryption; 4) insider threat security; and 5) forward and backward access control. The SeDaSC methodology encrypts a file with a single encryption key. Two different key shares for each of the users are generated, with the user only getting one share. The possession of a single share of a key allows the SeDaSC methodology to counter the insider threats. The other key share is stored by a trusted third party, which is called the cryptographic server. The SeDaSC methodology is applicable to conventional and mobile cloud computing environments. We implement a working prototype of the SeDaSC methodology and evaluate its performance based on the time consumed during various operations. We formally verify the working of SeDaSC by using high-level Petri nets, the Satisfiability Modulo Theories Library, and a Z3 solver. The results proved to be encouraging and show that SeDaSC has the potential to be effectively used for secure data sharing in the cloud.