A Group Signature Based Electronic Toll Pricing System Proof of Theorem 1

Lemma 1 Let L′ be the set of fee tuples sent to the authority in phase 4. If the server wants to collect the right tolls from clients and clients have no intention to pay more than their tolls, then our protocol guarantees: 1. for any two sets of fee tuples L′1 and L′2 sent to clients c1 and c2 from G in phase 3, we have L′1 = L′2 = L′ ; 2. for each (ℓ, t, fee, G) ∈ L′ , we have fee = f (ℓ, t); 3. L′ consists of all location tuples sent by clients. Proof. We prove the three sub-lemmas one by one. 1. Suppose L′1 , L′2 and L′ are not equivalent to each other. If a dishonest client c sends Cost(c) to the server which is less than Cost r (c), the server can initiate the dispute solving protocol. The authority will perform two checks according to Alg. 1, which can be instantiated as follows: checksign(Sigc1 (Cost(c1 ), SigS (L′1 , sid )), (Cost(c1 ), SigS (L′ , sid )), pkc )) checksign(Sigc2 (Cost(c2 ), SigS (L′2 , sid )), (Cost(c2 ), SigS (L′ , sid )), pkc )) If L′1 , L′2 and L′ are not equal to each other, then these two checks never pass. The protocol terminates. Thus the server has to accept the loss of clients’ tolls, i.e., toll(G) < tollr (G). This contradicts with our assumption that the server wants no loss of tolls. 2. Suppose a fee tuple (ℓ, t, fee, G) with fee 6= f (ℓ, t). From the first sub-lemma, all clients receive the same set of fee tuples. According to the toll calculation protocol, clients check the correctness of fees before computing their payments. They will refuse to commit payments to the server as fee 6= f (ℓ, t). Furthermore, since the server cannot start the dispute resolving protocol without any client’s payment commitment, the server loses all clients’ payments. This contradicts our assumptions. 3. Suppose in L′ , the server removes a fee tuple ϕ = (ℓ, t, fee, G) which belongs to client c. Form the first two sub-lemmas, client c receives the same set of correct fee tuples without ϕ as the others. Thus, Cost(c) = Cost r (c) − fee. The server initiates dispute resolving protocol. The authority gives no results saying that client c paid less (according to Alg. 1, the authority computes from L′ T (c) which is equal to Cost(c)). Thus, the server has to accept pay(c) = Cost(c) and suffer the loss of f ee. This contradicts our assumptions. Proof of Theorem 1: Proof. We first prove the correctness of our protocol and then the accountability.

Correctness. We divide the proof into two parts in terms of the correctness with regards to clients and the server. 1. We start by proving ∀c∈G pay(c) = Cost r (c). Suppose client c pays fewer tolls, i.e., pay(c) < Cost rP (c). It follows that Cost(c) < Cost r (c). From Lemma 1, we can infer that (ℓ,t,fee,G)∈L′ fee = P ′ ′ ′ ′ c′ ∈G Cost r (c ) and ∀c ∈G T (c ) = Cost r (c ). As no clients pay more than their tolls, the server starts the dispute resolving protocol. The authority computes T (c) and compares it with Cost(c). As T (c) = Cost r (c) and Cost(c) < Cost r (c), the authority returns the tolls client c still needs to pay, i.e., Cost r (c) − Cost(c). The final payment of c (pay(c)) is Cost(c) + (Cost r (c) − Cost(c)) = Cost P r (c). Contradiction. 2. We prove that toll(G) = c∈G Cost r (c). From the above proof, we get all clients pay their P tolls correctly. Thus, we have ∀c∈GP pay(c) = Costr (c). From toll(G) = c∈G pay(c) we can conclude toll(G) = c∈G Cost r (c). Accountability. We prove accountability is secured against misbehaviors in B. 1. Assume attack α = (β1 , c) happens, i.e.,Cost(c) < Cost r (c). Then after phase 4, the server can receive two messages from communication with client c in phase 3 and with the authority in phase 4: Sigc (Cost(c), SigS (L′ , sid)) and SigA (c, Cost r (c) − Cost(c)). The first message proves that client c sent Cost(c) as his payment commitment for session sid. The second message proves that after the server sends m1 and other correct data to the authority, the authority concludes that Cost(c) < Cost r (c). With the perfect cryptographic assumption and the assumption of the trusted authority, c is counted as the originator. 2. Assume either (β2 , c) or (β5 , S) happens. In both cases, the authority issues signed resolution results – SigA (c, Costr (c)). In the first case, client c does not have the response from the server – SigS (Cost(c), sid, c) which can prove c has sent his payment. Thus, c is found to refuse to pay his tolls. However, in the second case, client c has the response from the server, which proves it is the server who did not send in c’s commitment. 3. Assume (β3 , S) happens. There are two cases. First, the server sends a set of fee tuples with mistakes L′ to clients. Clients would terminate the toll calculation protocol as soon as they find the mistakes. In this case, the set of evidences is {SigS (L′ , sid)}. With the perfect cryptography assumption, the server is determined as the originator. Second, the server sends L′ with mistakes to the authority. According to Alg. 1, the authority issues a signed message M – ‘Incorrect location fee computation’. With the evidences {SigS (L′ , sid), SigA (M, sid)}, the server is counted as the originator. 4. Assume (β4 , S) happens. Let (ℓ, t, G) be one of the faked location tuples and gsign be the corresponding faked group signature. From the property of Exculpability of the group signature scheme we have that the server cannot sign the location tuples on behalf of any group member. Thus, according to Alg. 1, the operation Verify(gsign, ℓ, t, G) outputs f alse. A signed message

– SigA (‘Faked location signatures’, sid) is issued by the authority. As the communication channels in driving phase is assumed to be reliable, the data transmitted is integral. Together with the trust in the authority, the server is counted as the originator who fakes group signatures.

A Group Signature Based Electronic Toll Pricing ...

Proof. We first prove the correctness of our protocol and then the accountability. ... We prove accountability is secured against misbehaviors in B. 1. Assume ...
Download PDF
52KB Sizes 6 Downloads 242 Views
Report

Recommend Documents

Electronic Signature or Electronic Authentication Technique and ...
Electronic Signature or Electronic Authentication Technique and Procedure Rules, 2016.pdf. Electronic Signature or Electronic Authentication Technique and ...
Enhanced Group Signature Based Intruder Detection System ... - IJRIT
IJRIT International Journal of Research in Information Technology, Volume 2, Issue 4, ... (MANET) is a collection of mobile nodes equipped with both a wireless.
Enhanced Group Signature Based Intruder Detection System ... - IJRIT
Keywords- Digital signature, digital signature algorithm (DSA), Enhanced Group Signature Based Intruder Detection System (EGIDS), Mobile. Ad hoc NETwork ...
pdf electronic signature mac
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. pdf electronic ...
electronic signature in pdf
electronic signature in pdf. electronic signature in pdf. Open. Extract. Open with. Sign In. Main menu. Displaying electronic signature in pdf.
pdf electronic signature tutorial
There was a problem previewing this document. Retrying... Download. Connect more ... pdf electronic signature tutorial. pdf electronic signature tutorial. Open.
More than Electronic Toll Booths: Singapore's ...
or slowing down the vehicle) when the taxi passes through the Electronic Road. Pricing (ERP) gantries erected on ..... (located at the overhead ERP gantries) senses the passage of the vehicle. The antennae at the two ..... 2000, pp. 40–. 5. London'
Group Travel Award Pricing Options
Agencies can negotiate with suppliers for lower costs ... will eat breakfast at $10 but know that only ... and can actually make more money by increasing costs.
Medicaid Electronic Signature Form (1).pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. Medicaid ...
how to create an electronic signature in pdf
signature in pdf. Download now. Click here if your download doesn't start automatically. Page 1 of 1. how to create an electronic signature in pdf. how to create ...
a Delay-Centric, Pricing-Based User Cooperation ...
2. Two-User Cooperation Model. 3. Distributed Cooperation Strategy. 4. Performance Evaluation. 5. Conclusions. C. Chen, S. Kishore (Lehigh University).
Initiative: 1786, Related to Electronic Signature ... - State of California
Apr 6, 2016 - (If the Proponent files the petition with the county on a date prior to. 10/03/16, the county has eight working days from the filing of the petition to determine the total number of signatures affixed to the petition and to transmit the
1786, Related to Electronic Signature Gathering - State of California
Apr 6, 2016 - of notification). (Elections Code §§ 9030(d) and (e).) f. If the signature count is more than 402,468 or less than. 347,586 then the Secretary of ...
how to insert electronic signature in pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. how to insert ...
A Multilayer Topic-Group based P2P Network
managed distribution is more efficient and reliable than the mass and .... operator) the summaries in the Local Peers or ones in the low layer of Delegate Peers.
questions: group a group b problems: group a
measured by comparison with a physi· cal object? Why? 4. A box of crackers at the grocery store is labeled "1 pound (454 g)." What is wrong with this label?
Creating a Signature in Thunderbird
2. 3. 4. 5. 6. 7. Configuring Thunderbird. Select Tools > Account Settings. ... with Thunderbird available from http://www.lclark.edu/~infotech/HELP/hsindex.html.