Proceeding of the 3rd International Conference on Informatics and Technology, 2009

Proxy delegation with warrant using RSA signature scheme for Mobile Ad-Hoc network.

Asmidar Abu Bakar1, Roslan Ismail2, Abdul Rahim Ahmad3, Jamalul-lail Abdul Manan4,Jamilin Jais5
1,2,3
College of Information Technology,
Universiti Tenaga Nasional,Malaysia. Email: Asmidar@uniten.edu.my,Roslan@uniten.edu.my, Abdrahim@uniten.edu.my
4
MIMOS BERHAD ,Malaysia ,Email: jamalul.lail@mimos.my
5
Imam Muhammad Ibn Saud Islamic University, Riyadh
Saudi Arabia,Email:jamijais@gmail.com

ABSTRACT

We proposed a proxy delegation with warrant using RSA signature scheme to work in MANET environment. MANET
network is volatile and fragile, therefore in order to support access to information sharing among entities in the network, a
delegation of access right needs to be introduced. In our scheme, we have transient central authority that works only
during its active time thus new central authority needs to be appointed to make sure the continuity of the sharing process.
Hence the former needs to delegate his signing capability to new central authority which is the proxy signer. In our
scheme also, original signer may not be active anymore thus proxy signer may needs to delegate signing capability to the
other new proxy signer. We used RSA as it is simple and efficient to apply as compared to other cryptographic scheme.

Keywords: proxy signer, central authority, RSA signature scheme, MANET, proxy signature

1.0 INTRODUCTION

Mobile ad hoc network (MANET) is formed in spontaneous and ad hoc manner to meet an immediate demand and goal,
in situation such as a group of laptop computers in conference or meeting room or connected to Internet like VANET -
Vehicular Ad Hoc network, one type of MANET that allow vehicles to communicate with the roadside equipment [1]. As
MANET is easy to setup, it becomes an attractive choice for used in commercial application such as in rescue mission at
disaster areas. In disaster areas such as flood, hurricanes, large scale accidents where infrastructure is
destroyed/partially destroyed [2], the rescue teams such as army, policeman, medical officer, construction engineer etc.
required a platform or some sort of network can be configured fast so that they can communicate and share information
in distributed and effective manner in order to make the rescue mission successful. The information sharing must be
among trusted and valid entities in the network. If only this information discontinues in the middle and get accessed by
unauthorized party i.e. worst group of terrorist it may jeopardize the rescue mission.

In emergency rescue mission (ERM), MANET can be constructed via few groups of ad-hoc networks such as a group of
fireman, a group of policeman etc. All these groups can be joined together to form one scalable network. Each group is a
network by itself and each has Master Group (MG) . Fig.I shows the groups that creates scalable MANET in ERM
scenario.

Fig I: MANET comprises of multiple ad-hoc groups

MG act as trusted central authority (CA) in MANET and it is transient since nodes in MANET may have energy
constraints. We define transient CA as an active CA/MG for the duration of time. Once the original MG/CA which was

©Informatics '09, UM 2009 RDT6 - 190

 Proceeding of the 3rd International Conference on Informatics and Technology, 2009

created prior to network setup becomes exhausted due to i.e. energy constraint, it needs to hand over all documents it
hold, its task such as creating digital tag for new entities joining the network, signing the request document for sharing etc
to new MG/CA. The original MG/CA needs to delegate its signing capability to the new MG/CA. The delegation of signing
capability needs to be done since prior to network setup, only the original signer which is original CA/MG, is known to
other entities in the groups. Since MG/CA is the one that handles all requests for sharing information therefore once
original signer is no longer active, the successor (new MG) will need to attain all these requests. Thus to make the latter
MG trusted and other entities able to verify the integrity of the documents send by new MG/CA then the former must
delegate his signing capability.

In this paper we proposed a proxy delegation with warrant that is able to work in MANET environment. We used ERM as
a scenario to show the need to have a proxy signer. Since MANET is very volatile and CA is transient thus we introduce
new concept whereby a proxy is delegating signing capability to another proxy. We will show the use of our scheme using
two cases in section 3. Section 2 we briefly describe RSA signature scheme and related works on proxy signature based
on RSA. The proposed scheme is documented in section 3 and we conclude our paper in section 4.

2. 0 PRELIMINARIES

2.1 RSA signature scheme [3]

Let p, q, be a large prime numbers and an exponent e is 1< e<(p-1)(q-1) and gcd (e,(p-1)(q-1)) =1.
Let n = p* q and d Z with 1 < d<(p-1)(q-1) and de ≡ 1 mod(p-1)(q-1).
The public key created is (n,e) and secret key is d.
Signature generation on message m is using secret key such as s= md mod n
The verification of signature s on message m is by using the public key, e of the signer, m = se mod n

2.2 Related works on Proxy Signature

Proxy signature allows an entity called the original signer, to delegate his signing capability to another entity called the
proxy signer, who cans latter sign messages on behalf of original signer [13]. The idea of proxy signature is introduced by
Mambo et al. [5]. In their work, they classified proxy signatures based on delegation types which are full delegation,
partial delegation and delegation by warrant. In full delegation, a proxy signer is given the same secret key, s as the
original signer therefore both can create the same proxy signature. This is dangerous if either one of them created
unfavorable documents it is hard to find who actually do it. As for partial delegation, the original signer creates a new
secret key α from original’s secret key, s, which follows the modification of a verification equation. The original signer
securely gives α to proxy signer. To verify this signature one needs to use the modified version of verification equation.
This type of delegation is far more secure than the full one, since the signature is created using two different key. Hence
if the original signer found unfavorable contents in a document signed by proxy signer it will be distinguishable. The last
type of delegation is the delegation by warrant. A warrant is composed of a message part and an original signer’s
signature and warrant can contains the proxy signature’s identity such as name , type of message that proxy signer can
sign, number of message etc. Delegation by warrant is appropriate for restricting number of documents that proxy signer
can sign.

There are many proxy signature schemes have been proposed and most of them are based on the works of Schnorr[3] or
DSA scheme which is based on discrete logarithms such as Mambo et al [5], Lee et al.,[6] , Boldyreva et al. [4] , and
many more. There are not many researchers using RSA cryptography in their proposed scheme. Okamoto et al.[8]
applied the scheme in the smart card. Lee et al.,[7] used it in secure mobile agent and Shao et al.,[9] used factoring in
their scheme and it proved to be effective. However no formal security proof was presented in their work. Das et al.[10]
applied RSA cryptosystem with revocation and without revocation. The proposed scheme that was involved in revocation
is using trusted server that is responsible to maintain a public key revocation list. Our works is differing from the above as
we focus on delegating an access right to a proxy signer and this proxy signer may delegate an access right to another
selected proxy signer in the case the former one is not active. Thru this way, the information/message availability is able
to sustain in MANET.

3.0 PROPOSED PROXY SIGNATURE IN MANET

The proposed scheme pursues the works in [10] that used RSA signature scheme; yet we had tailored it to work best in
MANET environment. We used RSA signature scheme [3] as it is proven performed better [12] and also it save more
battery as compared to DSA in portable devices such as laptop and personal data assistant (PDA)[11]. We assume these
two devices are common devices used in the ERM.

©Informatics '09, UM 2009 RDT6 - 191

 Proceeding of the 3rd International Conference on Informatics and Technology, 2009

CA in MANET is transient, therefore before any CA collapse/step out from network, it needs to select new CA when
its battery level reaching 50% of overall capacity. All related documents belong to groups will be transferred to new
CA, and new CA will up once former CA released his power. The broadcast delegation packet will be sending out by
current CA once the battery level reaching 90% of overall capacity. There are 5 algorithms in delegating tasks, which are
key creation, proxy key, proxy key verification, proxy signature creation and proxy signature verification. The first 3
algorithms will run once current CA selects proxy signer while the last two only works once there is request for document
sharing. In our scheme also, we used hash function such as SHA-1 or MD5 [3] to sustain the message/information
integrity. We also used h ( || ) symbol to show the message concatenates. To illustrate the used of proxy signer in
MANET, we have derive two cases. Both cases are discussed below.

3.1 Case 1: The original signer A, delegates his signing capability to the proxy signer, C.

Fig.II below shows that, A the original signer delegate his signing capability to C. When B request to share information,
says X, it will attained by C and C will sign this document on behalf of A. Therefore B needs to verify C as a valid proxy
signer.

Fig II: Proxy signature delegation and verification

Protocol to delegate signing capability, from A to C, and verify by B.

1. A sends to C warrant (mw) with his signature.

2. C upon receiving the warrant and signature from A, create the proxy signature.
3. The original signer A, broadcast a delegation packet which contains the following message, to network.
{ A delegates to C signing capability, C is proxy signer of GF}
4. B request document M1 from C.
5. C sends document M1 and attached with C’s signature, A’s signature and warrant to B.
6. B verifies document M1 with the signatures attached to it. If this is hold, B accepts this as valid proxy
signature and valid document is send by valid entity.

Below are the algorithms to generate key, proxy key, verify proxy key, proxy signature creation and verification.

i. Key generation:

A, the original signer generates RSA public key and secret key.
 A chooses two distinct large prime numbers, p and q.
 A choose an exponent eA with 1< eA<(p-1)(q-1) and gcd(eA,(p-1)(q-1))=1
 A computes nA = p.q , nA is the RSA modulus.
 A computes dA Z with 1 <dA<(p-1)(q-1) and dAeA ≡ 1 mod(p-1)(q-1)
 A’s public key is (eA, nA) and her secret key is dA.
C, the proxy signer generates RSA public key and secret key.
 C choose two distinct large prime numbers, p and q
 C choose an exponent eC with 1< eC<(p-1)(q-1) and gcd(eC,(p-1)(q-1))=1
 C computes nC = p.q, nC is the RSA modulus
 C computes dC Z with 1 <dC<(p-1)(q-1) and dCeC ≡ 1 mod(p-1)(q-1)

©Informatics '09, UM 2009 RDT6 - 192

 Proceeding of the 3rd International Conference on Informatics and Technology, 2009

 C’s public key is (eC,nC) and his secret key is dC.

ii. Proxy key generation:

A creates a signature sA on the warrant, mw, that contains the information about A and also C.
The information in warrant (mw ) contains the identity of A and C such as their name and their public keys and
also message indicating A delegates her signing ability to C.

A’s name C’s name A’s eA,nA C’s eC,nC Msg

mw
dA
1. A compute sA = h(mw) mod nA
2. A sends the signature sA and the warrant, mw to proxy signer, C over a public channel.

iii. Proxy key verification:

C, upon receiving sA and mw needs to confirm that sA comes from A.

C checks, h(mw)dA mod nA = sAeA mod nA.
If this congruence holds, C accepts it as a valid proxy key.

Proof:
C compute m = sA eA mod nA and compares this value with the hash value of mw.
Since hash function is public then C can use it to compute the hash value of mw.
Therefore if m and h(mw) are equal, C accepts this as valid.

iv. Proxy signature generation:

Now, B request document m1 from C. To sign document m1 on behalf of A, C the proxy signer used A’s
signature with C’s secret key. The reason for incorporating A’s signature together in the creation of proxy
signature is to C prove that he is the valid signer and obtained the right to sign from original signer A.

C compute: sC = sA + h(m1)dC mod nC

C sends the signature, sC , the message, m1 and the warrant mw to B.

v. Proxy signature verification:

B needs to verify sC as valid proxy signature. B computes:

m1’ = sCeC mod nC +

sA = (h(mw)dA mod nA = sAeA mod nA

Proof:
Hash function is public then B can use it to compute the hash value of m1.
eC
B compute m1’ = sC mod nC, and compares this value with the hash value of m1, h(m1)
B computes mw’ = sA eA mod nA, and compares this value with the hash value of mw
If (m1’ and h (m1)) are equal, and (mw’ and h(mw)) are also equal then B accepts this as valid proxy signature.

3.2 Case 2: The Proxy signer C delegates his signature to new proxy signer, D.

MANET is comprises of many mobile nodes and these nodes have the energy constraint. There is a situation where by
the original signal will be inactive from the network and the delegated proxy signer will become exhausted. Therefore the
first delegated proxy signer, C needs to delegate his signing capability to new selected proxy signer D, before he step
out. This is important in order to make sure sharing information between group works smoothly and continuously. In fig II,
it showed that A the original signer is not active in the network and the first delegated proxy signer C, almost reaching
50% of battery usage and he needs to delegate his signing capability to some other nodes to make sure the continuity of
the sharing process. Here, C chooses D as new proxy signer and performed the following actions.

Protocol: Delegate signing capability from C to D, verify by B.

©Informatics '09, UM 2009 RDT6 - 193

 Proceeding of the 3rd International Conference on Informatics and Technology, 2009

1. C needs to select new proxy signer, D once his battery showed 50% of usage and before he can steps out
from network (when his battery power reaching 90%).
2. C sends to D message with his signature.
3. D upon receiving the message and signature from C, create the proxy signer key.
4. The first proxy signer, C broadcast delegation packet which contains the following message, to network.
{ A delegates to C, C delegates to D, signing capability,
D is new proxy signer of GF}
5. B request document y from D.
6. D sends document y and attached with D’s signature (proxy signature) and C’s signature
7. B verifies document y with the signatures attached to it. If this is hold, B accepts this as valid proxy signature
and valid document is send by valid entity.

Fig III: Proxy signature delegation from C the former proxy signer to new proxy signer D

i. Key generation:

C, the proxy signer generates RSA public key and secret key.
 C choose two distinct large prime numbers, p and q
 C choose an exponent eC with 1< eC<(p-1)(q-1) and gcd(eC,(p-1)(q-1))=1
 C computes nC = p.q, nC is the RSA modulus
 C computes dC Z with 1 <dC<(p-1)(q-1) and dCeC ≡1 mod(p-1)(q-1)
C’s public key is (eC,nC) and his secret key is dC.

D, the second proxy signer generates RSA public key and secret key.
 D choose two distinct large prime numbers, p and q
 D choose an exponent eD with 1< eD<(p-1)(q-1) and gcd(eD,(p-1)(q-1))=1
 D computes nD = p.q, nD is the RSA modulus
 D computes dD Z with 1 <dD<(p-1)(q-1) and dDeD ≡ 1 mod(p-1)(q-1)
D’s public key is (eD,nD) and his secret key is dD.

ii . Proxy key generation:

C creates a signature sC on the warrant, mw2 that contains the information about C and also D.
The information in warrant is the identity of C such as their name and also C and D public key.
The mw2 also contains information, Msg which stated that C delegate her signing ability to D. C notify that D
is the new proxy signer. C concatenates the first warrant, mw1 that he obtained from A with new warrant, mw2
that C created for D.

A’s name C’s name A’s eA,nA C’s eC,nC Msg mw1
C’s name D’s name C’s eC,nC D’s eD,nD Msg mw2

©Informatics '09, UM 2009 RDT6 - 194

 Proceeding of the 3rd International Conference on Informatics and Technology, 2009

We concatenate warrant 1 and warrant 2 as h(mw1|| mw2) = h(m).

C computes new signature, sC on (h(mw1|| mw2)=h(m))dC mod nC
C sends sC, warrant, mw1 and warrant mw2 to new proxy signer, D over a public channel.

iii. Proxy key verification:

D, upon receiving sC , mw1, mw2 needs to confirm that sC comes from C.
dC eC
D checks, h(m)) mod nC = sC mod nC.
If this congruence holds, D accepts it as a valid proxy key.

Proof:
eC
D compute m = sC mod nC and compares this value with the hash value of mw1 and mw2 .
Hash function is public then D can use it to compute the hash value of mw1and mw2 ..
If mw1 , mw2 and h(mw1) h(mw2) are equal, D accepts this as valid.

iv. Proxy signature generation:

Assume now, B request document y. To sign document y on behalf of C, D the new proxy signer used C’s
signature with D’s secret key. D compute, sD = sC + h(y)dD mod nD
D sends the signature, sD and attached to message, y with warrant mw1 and mw2 to B.

v. Proxy signature verification:

B needs to verify sD as valid proxy signature.

B computes, y’ = sDeD mod nD=h(y) + sC = (h(mw2)dC mod nC = sCec mod nC

Proof:
B compute y’ = sDeD mod nD and compares this value with the hash value of y
Hash function is public then B can use it to compute the hash value of y.
B computes mw’ = sA eA mod nA, and compares this value with the hash value of mw1
B computes mw2 = sCeC mod nC, and compares this value with the hash value of mw2
If (y’ and h (y)) are equal, and (mw’1 and h(mw1)) and mw’2 and h(mw2)) are also equal then B accepts this as valid
proxy signature on message y.

4.0 CONCLUSION

We proposed an access control scheme that applied proxy signature based on RSA signature scheme in delegating an
access right to second entity in MANET environment. In this scheme a proxy signer may also dispense a new delegation
right to new proxy signer in case the original signer is not active. The purpose is to make sure the continuity of access of
information sharing especially in ERM scenario can be prolonged and works smooth. The choice of RSA signature
scheme is because it can save battery consumption better than other scheme such as DSA. RSA also works well in
mobile devices such as laptop and PDA. As in MANET where energy constraint is one of major issues, then by using
scheme that consume less battery is practical and workable.

REFERENCES

[1] MANET (Mobile Ad Hoc Network)- http://www.techterms.com/definition/manet

[2] K. Hoeper, and G. Gong, “Models of Authentications in Ad Hoc Networks and their Related
Network Properties,” International Association for Cryptologic Research, http://www.iacr.org/, 2004.

[3] J.A.Buchmann , Introduction To Cryptography, Springer-Verlag, 2001

[4] A. Boldyreva et al., “Secure proxy signature schemes for delegation of signing rights”,
http://eprint.iacr.org/2003/096, 2003
rd
[5] M. Mambo et al., “Proxy signatures for delegating signing operation”, in Proceedings of 3 ACM Conference
on Computer and Communications Security , New Delhi, ACM Press, 1996, pp. 48-57

©Informatics '09, UM 2009 RDT6 - 195

 Proceeding of the 3rd International Conference on Informatics and Technology, 2009

[6] B. Lee et al., “Strong proxy signature and its applications”, in Proceedings of the 2001 Symposium on
Cryptography and Information Security, Japan, 2001, pp.603-608

[7] B. Lee et al.,” Secure mobile agent using non-designated proxy signature”, in Proceedings of ACISP’01,
LNCS, 2119, Springer-Verlag, pp. 474-486

[8] T. Okamoto et al., “Extended proxy signatures for smart card”, in Proceedings of Information Security
Workshop, LNCS, 1729, Springer-Verlag,pp. 247-258

[9] Z.Shao et al., “ Proxy signature schemes based on factoring”, Information Processing Letters, Vol. 85, No.3,
14 February 2003, pp. 137-143

[10] M.L.Das et al., “An efficient proxy signature scheme with revocation”, Informatica, 2004, Vol.15, No. 4,
pp. 455-464

[11] D.Shah et al.,”Benchmarking Security Computation on Wireless Devices”,

http://www.cse.buffalo.edu/tech-reports/2006-19.pdf, 2006.

[12] M.Othman et al., “Developing A Secure Mechanism for Bluetooth based Wireless Personal Area Networks”,
International Conference on Electrical Engineering, 2007.

[13] N.R.Sunitha et al., “Proxy Signature Schemes for Controlled Delegation”, Journal of Information Assurance and
Security (2), 2008, Dynamic Publishers, Inc. pp.159-174

BIOGRAPHY

Asmidar Abu Bakar is a senior lecturer at College of Information Technology, UNIVERSITI Tenaga Nasional and currently
she is pursuing PhD in wireless security. Her research interests are access control, security in mobile ad-hoc network ,
Cryptography and trust.

Roslan Ismail is an associate Professor,Dr at College of Information Technology, UNIVERSITI Tenaga Nasional. He
obtained his Doctor of Philosophy from Queensland University of Technology. His research interests are Data Security,
Computer Forensic, Information Systems Auditing, Network Security, E-commerce Security and Cryptology.

Abdul Rahim Ahmad,Dr is a principle lecturer at College of Information Technology, UNIVERSITI Tenaga Nasional.
He obtained his Doctor of Philosophy from Ph.D. (Electrical Engineering) Univ. Teknologi Malaysia and Univ. of
Nantes, FRANCE. His research interests are Computer Systems and Networks, Distributed Systems, Intelligent systems,
Pattern recognition, Kernel methods, Applications of Artificial Intelligence.

Jamilin Jais is an Assoc. Prof. Dr and he is currently working at Imam Muhammad Ibn Saud Islamic University,Riyadh.
His research interest is more on software engineering areas.

Dr.Jamalul-lail Abdul Manan is a Head of Applied Research Department, Information Security Cluster at MIMOS Berhad.
His research interests are on trusted Computing and Privacy preserving technologies.

©Informatics '09, UM 2009 RDT6 - 196