A New Approach for Electronic Signature

Gianluca Lax, Francesco Buccafurri, Serena Nicolazzo, Antonino Nocera and Lidia Fotia DIIES Department, University of Reggio Calabria, Reggio Calabria, Italy

Keywords: Electronic Signature, Digital Signature, Online Social Network, Twitter.

Abstract: There are many application contexts in which guaranteeing authenticity and integrity of documents is essential. In these cases, the typical solution relies on digital signature, which is based on the use of a PKI infrastructure and suitable devices (smart card or token USB). For several reasons, including certificate and device cost, many countries, such as the United States, the European Union, India, Brazil and Australia, have introduced the possibility to use simple generic electronic signature, which is less secure but reduces the drawbacks of digital signature.In this paper, we propose a new type of electronic signature that is based on the use of social networks. We formalize the proposal in a generic scenario and then, show a possible implementation on Twitter. Our proposal is proved to be secure, cheap and simple to adopt.

1 INTRODUCTION vices, such as HSM, does not help. Hardware Secu- rity Modules (HSMs) (Sustek, 2011; Mavrovouniotis Digital signature is a tool used in several contexts to and Ganley, 2014; Kim et al., 2014) are devices used exchange documents by guaranteeing their authentic- for data encryption and decryption and host one or ity and integrity. As digitally signed documents have more cryptographic keys that respond to automated full legal validity, they can be used in e-commerce, e- or manual commands. They safeguards and man- government, dematerialization processes, and so on. ages digital keys for strong authentication and have the capability to detect an attack on their surface and To be used in open environments like the Inter- securely delete the sensitive content stored in their net, digital signature needs a public key infrastructure memory. to identify the signer. Public key infrastructure (PKI) (Ko´scielny et al., 2013; He et al., 2014) was designed Due to the drawbacks derived from the use of dig- to permit the binding between the subject and the pub- ital signature, in several countries, such as the United lic key by means of a digital certificate issued by the States, the European Union, India, Brazil and Aus- Certification Authority (CA). PKI relies on a hierar- tralia, the possibility to use simple generic electronic chical architecture and a strong trust-based model. In signature has been introduced. Differently from digi- particular, a digital certificate includes a serial num- tal signature, electronic signature is a weaker way of ber (i.e. an identifier unique within the CA scope), the signing documents, because it does not require any subject identity, the issuer identity, the validity period, additional measure of security (in particular, a public the certificate policies of applicability, the usages for key infrastructure and a physical device). No stan- which the key has been authorized by the digital sig- dard technology or implementation of electronic sig- nature of the CA that issued the certificate. An advan- nature exists, so that proprietary software to gener- tage of PKI is that a smart card or similar device can ate and validate is used. The most important advan- store the user’s certificate and corresponding private tage of electronic signature is that it can be imple- key. mented more easily than digital signature, but accept- The main drawback of digital signature is the need ing a lower level of security. of having a public key infrastructure (PKI) and/or Electronic signatures can be used in closed do- a physical device (typically a smart card or a token mains where users agree on a signature protocol that USB), or the need of securely storing a private key. (1) allows the identification of the signer, (2) creates a This can increase the cost of this solution or reduce connection between signer and document and (3) de- its usability. tects any change to the document after the signature is Also the possibility of using remote signing ser- applied. Clearly, the security of the protocol depends

440

Lax, G., Buccafurri, F., Nicolazzo, S., Nocera, A. and Fotia, L. A New Approach for Electronic Signature. DOI: 10.5220/0005743404400447 In Proceedings of the 2nd International Conference on Information Systems Security and Privacy (ICISSP 2016), pages 440-447 ISBN: 978-989-758-167-0 Copyright c 2016 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved

A New Approach for Electronic Signature

on its implementation and must be evaluated. nal. Since it may be infeasible for C to store large In this paper, we propose a new approach for e- message, this problem can be solved by outsourcing signature solutions that does not rely on a public key the logging function to an external logserver. There- infrastructure or device or private keys, which are fore, even though the required hardware is the stan- substituted by the use of social networks (Buccafurri dard one, a trusted third party is required. et al., 2014c). Social networks have grown massively The drawback of conditional signature is to re- (Nocera and Ursino, 2012) and nowadays most of the quire a significant load for the user, who has to split people has at least an account in one of them (Buc- the signature task into two phases, delaying the effec- cafurri et al., 2013; Buccafurri et al., 2014d). In this tive conclusion of the procedure at validation-time. paper, the social network is used as “device” enabling Weak signature was introduced by T. Rabin and the generation of the signature and also as trusted- Ben-Or (Rabin and Ben-Or, 1989; Rabin, 1994) to third-party allowing signature sharing. Our approach solve a problem (Verifiable Secret Sharing (Chor shows important characteristics of cheapness, usabil- et al., 1985))motivated by a question of generalmulti- ity, and, more importantly, security. party secure computation in the unconditional setting The analysis of protocol security shows that the (network of untappable channels). They provide a proposed e-signature approach is able to guarantee form of authentication for which the on-line partici- document authenticity, document integrity and non- pation of a third party is needed. repudiation against attacks that an adversary can carry Check vectors are related to work on authenti- out. cation codes (Gilbert et al., 1974; Simmons, 1985) The paper is organizedas follows. In the next sec- and on universal classes of hash functions (Carter and tion, we discuss related work. In Section 3, we define Wegman, 1977). The weak signature scheme relies on the model and describe how to generate and verify a the presence of an on-line trusted server that partici- signature. In Section 4, we analyze the security of our pates in the creation of every signature, and also par- solution. Section 5 shows an instantiation of the so- ticipates whenever a signed message holder wishes to lution that uses Twitter as social network. Finally, in prove to anyone that a signature is valid. This trusted Section 6, we draw our conclusions and sketch possi- server stores and retrieves information received from ble future work. the signing agency and the message holder, and com- putes certain linear combinations of values it receives. Using the idea of check vectors, T. Rabin (Rabin 2 RELATED WORKS and Ben-Or, 1989) presents a weak signature scheme, called Information Checking Protocol. Consider that In this section, we survey the most relevant signature the intermediary wishes to have a message s signed techniques proposed in the literature. by the dealer. In the first phase, the original message Conditional Signatures were originally introduced holder intermediary ends up with the “signed mes- by Lee et al. (Lee and Kim, 2002) to implement fair sage” s, y, while a third party RCV ends up with the exchange of digital signatures in untrusted environ- check information a, b. Anyone can determine the ments and do not require the card to have a user in- validity of the signature by asking RCV to reveal the terface or any special peripheral (like Clarke et al. check information. The signature is weak, because (Clarke et al., 2002)). the assistance of this third party is needed to verify a Berta et al. (Berta et al., 2004) propose a method signature. to generate, instead of an ordinary signature, a condi- Another signature scheme in the unconditional tional signature such that it is guaranteed that the con- setting was introduced by Chaum and Roijakkers dition can not become true before a certain amount (Chaum and Roijakkers, 1991). It satisfies a stronger of time has passed. This should leave time for the set of conditions than Rabin’s Information Checking user to move to a trusted terminal for checking the Protocol, at a great increase in communication cost. signatures generated by the card and to enforce that Visual cryptography (Sharma and Srivastava, the conditions of the fake signatures can ever become 2014; Shaji et al., 2014; Naor and Shamir, 1995) is a true. Since this approach requires the smart card to type of cryptographic scheme which can decode con- know the current time but most smart cards have no cealed images without any cryptographic computa- internal clock, it could be acquired from a secure time tion. Naor et al. (Naor and Pinkas, 1997) suggest a servers as described in Berta et al. (Berta and Va- number of transparency-based methods for visual au- jda, 2003). Moreover, this proposal requires the user thentication and identification, and give rigorous anal- to store every signed message, because this message ysis of their security. has to be checked later by means of a trusted termi- (Matsumoto, 1998) presents human-friendly iden-

441 ICISSP 2016 - 2nd International Conference on Information Systems Security and Privacy

tification schemes such that a human prover knowing the set of persons who can sign and verify a sig- a secret key in his brain is asked a visual questionby a • nature. In the following, we will denoted by S the verifier, which then checks if an answer sent from the signer of a document. prover matches the question with respect to the key. The model is composed of the following proce- Ateniese et al. (Ateniese et al., 1996) propose a dures: visual cryptography scheme for a set of participants to encode a secret image into many secondary im- Registration. The procedure is carried out when • ages in such a way that any participant receives one a new person is added in such a way that he/she secondary image and only qualified subsets of par- is enable to sign a document. In this phase, this ticipants can “visually” recover the secret image, but person is identified and associated with a profile non-qualified sets of participants have no information, in the social network SN. Moreover, the company in an informationtheoretical sense, on the original im- requires to be notified about any posting activity age. This scheme does not require the participants to of this person in SN. perform any cryptographic computation. Then, the person posts on SN the first message, say The methods of visual cryptography can be bro- registration message of the type I,IDS , where I h i ken by attacker exploiting human interaction. More- contains the real-life identity of S and IDS is the over the user load can be considered very relevant. identifier of S in the social network SN. This al- In this context, our paper proposes a lightweight lows us to establish a trusted relationship between protocol that allows us to know who created an elec- the external user account that pertains to the com- tronic document and to ensure that this document has pany and the registered Twitter account. For ex- not been altered since that person created it. Differ- ample, the email address of a user could be used ently from the above solutions (conditional signature as identifier to be associated with the Twitter ac- and weak signature), our proposal does not rely on count. certification authority, asymmetric cryptography, or The company is notified about this post and, in signature device. turn, posts the same message in its public space. Signature. This procedure is carried out by the • signer S on the document D to be signed. Let IDS 3 A MODEL FOR E-SIGNATURE be the identifier of S in the social network SN and h be a cryptographic hash function. In this section, we present the abstract model to real- This procedure is composed of two steps. In the ize e-signatures by social networks. We observe that first step, S posts on SN the signature message de- this is the main added value w.r.t. the proposal de- fined as h(D),IDS (i.e., the document digest and scribed in (Buccafurri et al., 2014a), in which no the- his accounth identifier).i oretic model has been considered. In the second step, the company is notified about The main entities of our model are: this post and, in turn, posts the same message a social network SN that supports the following h(D),ID . We denoted the latter message • S features: postedh by Ci as confirmation message. 1. the possibility to post textual information after Verification. This procedure is used to check the authentication for registered users; • validity of a signature. Let D be the document 2. the automatical notification about the post ac- whose signature has to be verified. The protocol tivity of other selected users; works as follow. First, the digest h(D) is com- 3. the possibility to search for an information puted. Then, h(D) is searched among the pub- SN posted by a user. lic information posted in the social network . If h(D) is not found, then the signature on the docu- Observe that the first characteristic is common ment D is detected as invalid (i.e., either wrong or to the most social networks, whereas the remain- absent signature). Otherwise, ing ones are not supported by all social networks. we have two possibilities: Twitter is an example of social networks support- 1. Both a signature message and a confirmation ing these three features: indeed, users are noti- message h(D),IDS are found. In this case, the fied about tweets coming from their follows and a verificationh procedurei returns that the signature search is done by hashtags. on D is valid. a company C, the environment in which this kind 2. Either a signature message or a confirmation • of signature has validity. message h(D),IDS is found. In this case, the h i

442 A New Approach for Electronic Signature

verification procedure returns that an attack oc- meaningless (indeed, in a typical scenario this does curred. Section 4 is devoted to describe how to not give them any advantage – they could agree to ob- detect the type of attack and how to decide if tain the same result without carry out any attack). the signature can be considered valid or not. Now, we analyze the security properties of our It is worth noting that, in case of multiple signers proposal with respect to several attacks (Lax et al., and, thus, of multiple signature messages found, 2015). the above verification is repeated for each signer, Document Authenticity. A document is authentic if thus obtaining a result (valid, invalid or attack) for it has been signed by the claimed signer. In our each signer. solution, once a signature is verified valid for a signer S, the personal information of S (name, sur- Revocation. This procedure is carried out to re- • name, etc.) can be found in the registration mes- voke the signature grant to a person (for example, sage posted by both the signer and the company. in case of dismissal of an employee). We recall This allows us to associate a document signature that in the registration procedure of a person, the with a real-life identity. company requires to be notified about any posting An attack on document authenticity is carried out SN activity in of this person in such a way to gen- in different ways (we consider only the most sig- erate the confirmation message for each signature nificant cases): message produced by this person. By the proce- dure of revocation, this notification is removed so The adversary creates a fake account on SN • that no confirmation message will be produced by by using the personal information of a victim. the company. Consequently, any successive sig- However, because the registration protocol has nature message posted by this person will not be not been done, the company is not notified of confirmed by the company and, thus, the verifica- signatures produced by this fake account so that tion of this signature will fail. no confirmation messages will be generated. Consequently, a signature done by the adver- The conceptual model underlying our proposal of sary is not considered valid. e-signature requires message exchanges among the The adversary adds or corrupts an already parties, message search in the social network, and en- • posted signature message and the correspond- abling activity notification. ing confirmation message by substituting h(D) Clearly, how to technically implement these fea- with h(D ), where D is a new document, in tures is strongly related to the actually social network ′ ′ such a way that it appears a valid signature of on which such a proposal is implemented, so that this the victim on D . However, an external adver- aspect is not addressed in this section. However, in ′ sary cannot modify posted message due to As- Section 5, we will instantiate our proposal on a real sumption 2. Moreover, whenever the adversary social network and these issues will be faced. is the company, it is able to modify only the confirmation message, not the signature (As- sumption 2). Therefore the attack fails. 4 SECURITY ANALYSIS Document Integrity. This property ensures that any modification of the binary representation of the In this section, we prove that the model defined above document done after the signature is detected. guarantees the security properties required for digi- This property is guaranteed by the presence of the tal signature, which are document authenticity, docu- document digest h(D) both in the signature mes- ment integrity and non-repudiation. sage and the confirmation message. Any change In our analysis, our (realistic) assumptions are: to the document after the signature results in the 1. the cryptographic hash function h withstands all change of the digest, which, thus, will be different known types of attacks in such a way that pre- from h(D). image, second pre-image and collision resistance are assured; An attack on document integrity would success • only if the attacker is able to modify the signed 2. the social network SN is a trusted party; document yet keeping its digest equal to h(D). 3. the information posted by the users on the social However, this is unfeasible thanks to Assump- network cannot be compromise. tion 1, which guarantees that the cryptographic In our threat model, the attacker is either the com- hash function has pre-image resistance. pany, or a signer, or a third person. We do notconsider Another possibility of attack is that the digest the collusion between company and signer as this is • of the document is modified in the signature

443 ICISSP 2016 - 2nd International Conference on Information Systems Security and Privacy

or/and the confirmation message. In this case, real social network to use as underlying layer. an external attacker cannot modify such mes- The scenario considered is that of a university sages thank to assumption 2. If the signer or the that needs an e-signature procedure for internal docu- company can act as attacker, the modification ments (learning plans, exam results, travel reimburse- of only one of such messages is possible, so that ment requests, and so on). the signature is not considered valid. Moreover, In this case, the actors are the university, which the mismatch between signature and confirma- plays the role of the company C of our model, and tion message is used to detect this attack. its students and employees, who compose the set of Non-repudiation. This property assures that the real persons who can sign and verify a signature. signer cannot challenge the authorship or validity The social network SN underlying the proposal of the signature. In this case, the attacker is clearly should: 1. allow registered users to post textual information the signer. after authentication; A first possibility of attack is to claim that the 2. allow users to be automatically notified about the • signature message has been produced by some- post activity of other selected users; one else who violated his/her account. As- sumption 1 assures that this is unfeasible, so 3. allow for the search for an information posted by that repudiation is not admitted. a user. The signer deletes the signature message from Among all social networks, Twitter is one of • the posted information. As a consequence, now the most famous complying such requirements. In- only the confirmation message for that signa- deed, (1) registered users can post textual informa- ture is found. The signature is not considered tion, named tweet, and they must be authenticate to valid, however a warning for a possible (repu- post anything; (2) users can add friendship relations diation) attack is raised. with other users in such a way to be automatically Document Immutability. This property requires that notified about their tweets, and (3) Twitter supports the content shown by the signed document can- textual search among tweets by means of a mecha- not change after the signature. It is worth noting nism based on hashtags. Concerning this aspect, in that this property is different from the document Twitter people use the hashtag symbol # before a rele- integrity discussed above, because document in- vant keyword or phrase (no spaces) to categorize their tegrity refers to changes in the bits composing the tweets by keywords. Moreover, hashtags are indexed document. In contrast, document immutability is to make it easier to find a conversation about a topic. related to the possibility for documents of hav- In the implementation of our solution, the first step ing an ambiguous presentation depending on sys- is the registration. Each student and employee is iden- tem or external parameters (Alsaid and Mitchell, tified and associated with a profile in Twitter. Also 2005). The typical case is that of digital docu- the university has its Twitter profile, and adds a fol- ments containing macros or JavaScript, which es- low relationship towards registered students and em- tablish what should be displayed on the basis of ployees, in such a way that the university account re- some conditions (for example, a date). Clearly, ceives their tweets. Assume that @univ is the account this does not produce any change on the bits of of the university in Twitter (we recall that a Twitter the signature, so that document integrity property screen-name starts with the symbol @ and represents is satisfied. the unique Twitter identifier for a given user). As done for digital signature, this attack is con- Each registered student and employee posts the trasted by forcing that signed document cannot registration message on Twitter: an example of this contain dynamic content. Interestingly, the pres- message for the user John Smith is John Smith, @John Smith , where the first item ish the real-life ence of dynamic content can be detected, so that i a signature done on a non-static document is con- identity of the user, whereas the second item is his sidered not valid. identifier on Twitter. The university account receives this tweet and, in turn, posts the same information in its public space. A snapshot of the publication of the registration 5 AN INSTANTIATION OF THE message on Twitter is illustrated in Figure 1. MODEL Consider now the instantiation of the signa- ture procedure. When an employee or a stu- In this section, we show an application of ourproposal dent, say John Smith, needs to sign a document in a real-life case, and discuss the requirements of the D, first the digest of D is computed by SHA-256,

444 A New Approach for Electronic Signature

Figure 1: An instantiation of the registration procedure. which is considered robust against all known attacks. according to the security analysis provided in Section Then, he posts on Twitter the signature message 4. #5WKm+A0+9X51DtyLKxaB6myoC6uHrbZ+Oc+ Finally, consider the revocation procedure. When ZKFuRFMY,h @John Smith , where the first item is it is necessary to revoke the permission of signature to the base64 representation ofi the document digest. a student or an employee, then the following relation Observe that the digest of the document is hashtagged from @univ to the Twitter account of such a person (see the symbol # at the beginning): this results in the is removed. Then, @univ will be not notified about indexing of this tweet in such a way to be found in any tweet posted by this person and no confirmation case of search. message will be produced. Consequently, if this per- Next, the university account receives this tweet son tries to sign a document, the signature verification and, in turn, posts the same tweet in its public space procedure will fail (no confirmation message for this as confirmation message. person is found). A snapshot of the result of the signature procedure Finally, it is worth noting that the use of Twitter as on Twitter is illustrated in Figure 2, where the tweet social network producesan interesting side effect, that posted by the signer and that posted by the university is the timestamp of the signature generation. Observe are reported. that this is a feature usually not required in digital sig- nature, and typically provided not for free by a trusted Consider now the procedure used to check the va- third party. This is another characteristic that makes lidity of a signature. When a user has to check the sig- our proposal more interesting also from the cost point nature on a document D, the digest h(D) is computed. of view. Then, the hashtag #h(D) is searched on Twitter. If no tweet is found, then the document is consid- ered never signed. If a pair of equal tweets signature message, confirmation message , the firsth posted by 6 DISCUSSION AND a user S, the second posted byi @univ is found, and CONCLUSIONS if @univ follows the Twitter account of S, then D is considered signed by S. Finally, if a signature mes- The need of guaranteeing authenticity and integrity sage without the corresponding confirmation message of digital documents is high in many application con- is found or if a confirmation message without the cor- texts, such as e-commerce and e-government. The responding signature message is found, the verifica- tool typically used for this purpose relies on digi- tion procedure notifies a possible attack and the type, tal signature, which provides high security standards.

445 ICISSP 2016 - 2nd International Conference on Information Systems Security and Privacy

Figure 2: An instantiation of the signature procedure.

However, due to some drawbacks of digital-signature- in a scenario related to an university, where the social based solutions, the request of more simple and cheap network considered is Twitter. solutions is growing. The concept of electronic signature has been intro- duced in many country to simplify and make more ef- ACKNOWLEDGEMENTS fective the process of dematerialization of documents and transactions, both in the public sector and in busi- ness. This work has been partially supported by the TENACE PRIN Project (n. 20103P34XC) funded In this paper, we presented a new form of elec- by the Italian Ministry of Education, University and tronic signature which overcomes the drawbacks of Research and by the Program “Programma Operativo digital signature. Our approach is based on the use Nazionale Ricerca e Competitivit`a” 2007-2013, Dis- of social networks to share the information necessary tretto Tecnologico CyberSecurity funded by the Ital- to sign and verify a signature. Thus, a first advantage ian Ministry of Education, University and Research. is related to the user-friendliness, as people are well disposed to work in an environment they well know (i.e., social network). The fact that, in our solution no private key or PKI infrastructure has to be managed, REFERENCES is a great advantage. From this point of view, our pro- posal overcomes other solutions such as those using Alsaid, A. and Mitchell, C. J. (2005). Dynamic content at- PKI technology within OpenSSL. tacks on digital signatures. Information Management The security analysis of the approach showed that & Computer Security, 13(4):328–336. it is able to guarantee authenticity, integrity and non- Ateniese, G., Blundo, C., De Santis, A., and Stinson, D. R. repudiation, and to be resistant against a large number (1996). Constructions and bounds for visual cryptog- raphy. In Automata, Languages and Programming, of attacks, which are also detected (Buccafurri et al., pages 416–428. Springer. 2014b; Buccafurri et al., 2015). Berta, I. Z., Butty´an, L., and Vajda, I. (2004). Mitigating the The effectiveness of our proposal has been shown untrusted terminal problem using conditional signa- by describing an instantiation of our generic approach tures. In Information Technology: Coding and Com-

446 A New Approach for Electronic Signature

puting, 2004. Proceedings. ITCC 2004. International In Information and Communication Technology Con- Conference on, volume 1, pages 12–16. IEEE. vergence (ICTC), 2014 International Conference on, Berta, I. Z. and Vajda, I. (2003). Documents from malicious pages 555–556. IEEE. terminals. In Microtechnologies for the New Millen- Ko´scielny, C., Kurkowski, M., and Srebrny, M. (2013). nium 2003, pages 325–336. International Society for Public key infrastructure. In Modern Cryptography Optics and Photonics. Primer, pages 175–191. Springer. Buccafurri, F., Fotia, L., and Lax, G. (2014a). Social signa- Lax, G., Buccafurri, F., and Caminiti, G. (2015). Digi- ture: Signing by tweeting. In Electronic Government tal document signing: Vulnerabilities and solutions. and the Information Systems Perspective, pages 1–14. Information Security Journal: A Global Perspective, Springer. pages 1–14. Buccafurri, F., Lax, G., Nicolazzo, S., and Nocera, A. Lee, B. and Kim, K. (2002). Fair exchange of digital sig- (2014b). A Privacy-Preserving Solution for Tracking natures using conditional signature. In Symposium on People in Critical Environments. In Proc. of the In- Cryptography and Information Security, pages 179– ternational Workshop on Computers, Software & Ap- 184. plications (COMPSAC’14), pages 146–151, Va ¨stera ˙s, Matsumoto, T. (1998). Human–computer cryptography: An Sweden. IEEE Computer Society. attempt. Journal of Computer Security, 6(3):129–149. Buccafurri, F., Lax, G., Nicolazzo, S., and Nocera, A. Mavrovouniotis, S. and Ganley, M. (2014). Hardware se- (2014c). A model to support multi-social-network curity modules. In Secure Smart Embedded Devices, applications. In On the Move to Meaningful Inter- Platforms and Applications, pages 383–405. Springer. net Systems: OTM 2014 Conferences, pages 639–656. Naor, M. and Pinkas, B. (1997). Visual authentica- Springer. tion and identification. In Advances in Cryptology- Buccafurri, F., Lax, G., Nicolazzo, S., and Nocera, A. CRYPTO’97, pages 322–336. Springer. (2015). Accountability-preserving anonymous deliv- Naor, M. and Shamir, A. (1995). Visual cryptography. ery of cloud services. In Trust, Privacy and Security In Advances in CryptologyEUROCRYPT’94, pages 1– in Digital Business, pages 124–135. Springer. 12. Springer. Buccafurri, F., Lax, G., Nicolazzo, S., Nocera, A., and Nocera, A. and Ursino, D. (2012). PHIS: a system for scout- Ursino, D. (2013). Measuring betweenness centrality ing potential hubs and for favoring their “growth” in in social internetworking scenarios. In On the Move to a Social Internetworking Scenario. Knowledge-Based Meaningful Internet Systems: OTM 2013 Workshops, Systems, 36:288–299. Elsevier. pages 666–673. Springer. Rabin, T. (1994). Robust sharing of secrets when the dealer Buccafurri, F., Lax, G., Nicolazzo, S., Nocera, A., and is honest or cheating. Journal of the ACM (JACM), Ursino, D. (2014d). Driving global team formation 41(6):1089–1109. in social networks to obtain diversity. In Web Engi- neering, pages 410–419. Springer. Rabin, T. and Ben-Or, M. (1989). Verifiable secret sharing and multiparty protocols with honest majority. In Pro- Carter, J. L. and Wegman, M. N. (1977). Universal classes ceedings of the twenty-first annual ACM symposium of hash functions. In Proceedings of the ninth annual on Theory of computing, pages 73–85. ACM. ACM symposium on Theory of computing, pages 106– 112. ACM. Shaji, S. et al. (2014). Anti phishing approach using visual cryptography and iris recognition. IJRCCT, 3(3):088– Chaum, D. and Roijakkers, S. (1991). Unconditionally- 092. secure digital signatures. In Advances in Cryptology- Sharma, A. and Srivastava, D. K. (2014). A comprehen- CRYPT090, pages 206–214. Springer. sive view on encryption techniques of visual cryptog- Chor, B., Goldwasser, S., Micali, S., and Awerbuch, B. raphy? International Journal of Recent Research and (1985). Verifiable secret sharing and achieving simul- Review, 7(2). taneity in the presence of faults. In Foundations of Simmons, G. J. (1985). Authentication theory/coding the- Computer Science, 1985., 26th Annual Symposium on, ory. In Advances in Cryptology, pages 411–431. pages 383–395. IEEE. Springer. Clarke, D., Gassend, B., Kotwal, T., Burnside, M., Sustek, L. (2011). Hardware security module. In Encyclo- Van Dijk, M., Devadas, S., and Rivest, R. (2002). pedia of Cryptography and Security, pages 535–538. The untrusted computer problem and camera-based Springer. authentication. In Pervasive Computing, pages 114– 124. Springer. Gilbert, E. N., MacWilliams, F. J., and Sloane, N. J. (1974). Codes which detect deception. Bell System Technical Journal, 53(3):405–424. He, D., Chan, S.-C., Zhang, Y., Guizani, M., Chen, C., and Bu, J. (2014). An enhanced public key infras- tructure to secure smart grid wireless communication networks. Network, IEEE, 28(1):10–16. Kim, D., Jeon, Y., and Kim, J. (2014). A secure channel establishment method on a hardware security module.

447