Abstract
Classical security protocols aim to achieve authentication and confidentiality under the assumption that the peers behave honestly. Some recent protocols are required to achieve their goals even if the peer misbehaves. Accountability is a protocol design strategy that may help. It delivers to peers sufficient evidence of each other's participation in the protocol. Accountability underlies the nonrepudiation protocol of Zhou and Gollmann and the certified email protocol of Abadi et al. This paper provides a comparative, formal analysis of the two protocols, and confirms that they reach their goals under realistic conditions. The treatment, which is conducted with mechanized support from the proof assistant Isabelle, requires various extensions to the existing analysis method. A byproduct is an account of the concept of higher-level protocol.
- Abadi, M. and Blanchet, B. 2003. Computer-assisted verification of a protocol for certified email. In Static Analysis, 10th International Symposium (SAS'03), R. Cousot, Ed. Lecture Notes in Comp. Sci., vol. 2694. Springer-Verlag, New York. 316--335.]]Google Scholar
- Abadi, M., Glew, N., Horne, B., and Pinkas, B. 2002. Certified email with a light on-line trusted third party: Design and implementation. In Proceedings of the 11th International Conference on Wold Wide Web (WWW-02). ACM Press, New York and Addison Wesley, Reading, MA.]] Google Scholar
Digital Library
- Asokan, N., Shoup, V., and Waidner, M. 1998a. Asynchronous protocols for optimistic fair exchange. In Proc. of the 17th IEEE Sym. on Sec. and Privacy. IEEE Comp. Society Press, New York. 86--99.]]Google Scholar
- Asokan, N., Shoup, V., and Waidner, M. 1998b. Asynchronous protocols for optimistic fair exchange. In Proc. of the 17th IEEE Sym. on Sec. and Privacy. IEEE Comp. Society Press.]]Google Scholar
- Bella, G. 2000. Inductive Verification of Cryptographic Protocols. Ph.D. thesis, Research Report 493, Computer Laboratory, University of Cambridge. An extended version to appear as a Monograph by Springer-Verlag.]]Google Scholar
- Bella, G. 2003. Inductive verification of smart card protocols. J. Comp. Sec. 11, 1, 87--132.]] Google Scholar
Digital Library
- Bella, G., Longo, C., and Paulson, L. C. 2003. Verifying second-level security protocols. In Theorem proving in higher order logics: TPHOLs 2003, D. Basin and B. Wolff, Eds. LNCS 2758. Springer-Verlag, New York. 352--366.]]Google Scholar
- Bella, G. and Paulson, L. C. 2001. Mechanical proofs about a nonrepudiation protocol. In Theorem proving in higher order logics: TPHOLs 2001, R. J. Boulton and P. B. Jackson, Eds. Lecture Notes in Comp. Sci., vol. 2152. Springer-Verlag, New York. 91--104.]] Google Scholar
Digital Library
- Blanchet, B. 1998. An efficient cryptographic protocol verifier based on Prolog rules. In Proc. of the 14th IEEE Comp. Sec. Found. Workshop. IEEE Comp. Society Press.]] Google Scholar
Digital Library
- Burrows, M., Abadi, M., and Needham, R. M. 1989. A logic of authentication. Proceedings of the Royal Society of London 426, 233--271.]]Google Scholar
Cross Ref
- Cohen, E. 2000. TAPS: A first-order verifier for cryptographic protocols. In Proc. of the 13th IEEE Comp. Sec. Found. Workshop. IEEE Comp. Society Press. 144--158.]] Google Scholar
Digital Library
- Deng, R. H., Gong, L., Lazar, A. A., and Wang, W. 1996. Practical protocols for certified electronic mail. Journal of Network and System Management 4, 3, 279--297.]]Google Scholar
Cross Ref
- Fábrega, F. J. T., Herzog, J. C., and Guttman, J. D. 1998. Strand Spaces: Why is a Security Protocol Correct? In Proc. of the 17th IEEE Sym. on Sec. and Privacy. IEEE Comp. Society Press.]]Google Scholar
Cross Ref
- Gürgens, S. and Rudolph, C. 2002. Security analysis of (un-) fair non-repudiation protocols. In Formal Aspects of Security, A. Abdallah, P. Ryan, and S. Schneider, Eds. Technical Report CSD-TR-02-13.]]Google Scholar
- Mastercard & VISA 1997. SET Secure Electronic Transaction Specification: Business Description. Mastercard & VISA. On the Internet at http://www.setco.org/set_specifications.html.]]Google Scholar
- Nenadic, A., Zhang, N., and Barton, S. 2004. Fair certified e-mail delivery. In Proc. of the 18th ACM Symposium on Applied Computing (ACM SAC'04). ACM Press, New York and Addison Wesley, Reading, MA. 391--396.]] Google Scholar
Digital Library
- Nipkow, T., Paulson, L. C., and Wenzel, M. 2002. Isabelle/HOL: A Proof Assistant for Higher-Order Logic. Springer. LNCS Tutorial 2283.]]Google Scholar
- Paulson, L. C. 1998. The inductive approach to verifying cryptographic protocols. J. Comp. Sec. 6, 85--128.]] Google Scholar
Digital Library
- Ryan, P. Y. A. and Schneider, S. A. 2000. The Modelling and Analysis of Security Protocols: the CSP Approach. Addison Wesley, Reading, MA.]]Google Scholar
- Schneider, S. 1998. Formal analysis of a nonrepudiation protocol. In 11th Computer Security Foundations Workshop. IEEE Computer Society Press. 54--65.]] Google Scholar
Digital Library
- VISA 2002. 3-D Secure Introduction. VISA. On the Internet at http://international.visa.com/fb/paytech/secure/pdfs/3DS_70001-01_Intro%duction_v1.0.2.pdf.]]Google Scholar
- Zhou, J. and Gollmann, D. 1996. A fair nonrepudiation protocol. In Symposium on Security and Privacy. IEEE Computer Society.]] Google Scholar
Digital Library
- Zhou, G. and Gollmann, D. 1998. Towards verification of nonrepudiation protocols. In International Refinement Workshop and Formal Methods Pacific, J. Grundy, M. Schwenke, and T. Vickers, Eds. Springer-Verlag, New York. 370--380.]]Google Scholar
Index Terms
Accountability protocols: Formalized and verified
Recommendations
Inductive analysis of the Internet protocol TLS
Internet browsers use security protocols to protect sensitive messages. An inductive analysis of TLS (a descendant of SSL 3.0) has been performed using the theorem prover Isabelle. Proofs are based on higher-order logic and make no assumptions ...
Two-phase Nonrepudiation Protocols
ICCCNT '16: Proceedings of the 7th International Conference on Computing Communication and Networking TechnologiesA nonrepudiation protocol from party S to party R performs two tasks. First, the protocol enables party S to send to party R some text x along with a proof (that can convince a judge) that x was indeed sent by S. Second, the protocol enables party R to ...
Undeniable fair exchange
MIV'06: Proceedings of the 6th WSEAS International Conference on Multimedia, Internet & Video TechnologiesFair exchange is an electronic data exchange protocol that allows both sender and receiver to exchange information such that either all of parties have the exchanged information or none of them do. All existing approaches to fair exchange achieve the ...






Comments