On the security of fair non-repudiation protocols

Gürgens, Sigrid; Rudolph, Carsten; Vogt, Holger

doi:10.1007/s10207-004-0063-7

Cited by 33 publications

(61 citation statements)

References 25 publications

(44 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We have chosen this protocol as a case study to demonstrate our analysis approach because of the existence of significant related work [4,10,21,25]. The protocol is presented below in Alice&Bob notation, where fNRO, fNRR, fSUB and fCON are labels used to identify the purpose of messages.…”

Section: Running Example: the Fairzg Protocolmentioning

confidence: 99%

“…In order to avoid this kind of problems we need to prove that Bob could only own N RO if Alice has actually sent the correct protocol messages. This may be done as for example in [25], [27] or [10] but this is not trivial. 2.…”

Section: Limitations and Difficultiesmentioning

confidence: 99%

“…A session label typically consists of a hash of all message components. Gürgens et al [10] have shown a number of vulnerabilities associated to the use of session labels and, to our knowledge, the CCD protocol is the only optimistic non-repudiation protocol that avoids altogether the use of session labels. This paper presents a method for automatically verifying non-repudiation protocols in presence of an active intruder.…”

Section: Introductionmentioning

confidence: 96%

“…The TTP can be used as a delivery agent to provide simultaneous share of evidences. The Fair Zhou-Gollmann protocol [30] is a well known example using a TTP as a delivery agent; a significant amount of work has been done over this protocol and its derivations [4,10,21,25,31]. However, instead of passing the complete message through the TTP and thus creating a possible bottleneck, recent evolution of protocols resulted in efficient, optimistic versions, in which the TTP is only involved in case something goes wrong.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Automatic Methods for Analyzing Non-repudiation Protocols with an Active Intruder

Klay

Vigneron

2009

Formal Aspects in Security and Trust

View full text Add to dashboard Cite

Abstract. Non-repudiation protocols have an important role in many areas where secured transactions with proofs of participation are necessary. Formal methods are clever and without error, therefore using them for verifying such protocols is crucial. In this purpose, we show how to partially represent non-repudiation as a combination of authentications on the Fair Zhou-Gollmann protocol. After discussing the limitations of this method, we define a new one, based on the handling of the knowledge of protocol participants. This second method is general and of natural use, as it consists in adding simple annotations in the protocol specification. It is very easy to implement in tools able to handle participants knowledge. We have implemented it in the AVISPA Tool and analyzed the Fair Zhou-Gollmann protocol and the optimistic Cederquist-Corin-Dashti protocol, discovering attacks in each. This extension of the AVISPA Tool for handling non-repudiation opens a highway to the specification of many other properties, without any more change in the tool itself.

show abstract

Section: Running Example: the Fairzg Protocolmentioning

confidence: 99%

Section: Limitations and Difficultiesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 96%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Automatic Methods for Analyzing Non-repudiation Protocols with an Active Intruder

Klay

Vigneron

2009

Formal Aspects in Security and Trust

View full text Add to dashboard Cite

show abstract

“…Ever since then, subsequent efforts in this approach resulted in efficient and fair protocols (Asokan et al [3], S. Kremer and O. Markowitch [14], we call them as AK protocol) that can guarantee that both parties can terminate the protocol timely while assuring fairness (called property of timeliness). Although they were attacked for some designing details (see [12]), their messages & rounds optimality (see [23] for detailed discussions) and basic building blocks (main protocol, resolve and abort sub-protocols) are well analyzed and widely accepted.…”

Section: Related Workmentioning

confidence: 99%

Fair Payment Protocols for E-Commerce

Wang

Guo

Building the E-Service Society

View full text Add to dashboard Cite

Abstract:It has been widely accepted that fairness is a critical property for electronic commerce. Fair payment protocol is designed to guarantee fairness in a payment process over asynchronous network. Fairness means that when the protocol terminates, either both parties get their expected items, or neither does. In this paper we first present a new generic offline fair payment protocol with fairness, timeliness and invisibility of TTP. Then we introduce the property of abuse-freeness into electronic payment and implement a fair abuse-free payment protocol.

show abstract