Security Analysis of (Un-) Fair Non-repudiation Protocols

An approach to protocol analysis using asynchronous product automata (APA) and the simple homomorphism verification tool (SHVT) is demonstrated on several variants of the well known Zhou-Gollmann fair non-repudiation protocol. Attacks on these protocols are presented, that, to our knowledge, have not been published before. Finally, an improved version of the protocol is proposed.

[1]  Robert H. Deng,et al.  Evolution of Fair Non-repudiation with TTP , 1999, ACISP.

[2]  Olivier Markowitch,et al.  Optimistic non-repudiable information exchange , 2000 .

[3]  Jean-François Raskin,et al.  A Game-based Verification of Non-repudiation and Fair Exchange Protocols , 2001, J. Comput. Secur..

[4]  Jianying Zhou,et al.  An intensive survey of fair non-repudiation protocols , 2002, Comput. Commun..

[5]  Olivier Markowitch,et al.  Selective Receipt in Certified E-mail , 2001, INDOCRYPT.

[6]  Dieter Gollmann,et al.  Towards Verification of Non-repudiation Protocols , 1998 .

[7]  N. Asokan,et al.  Optimistic protocols for fair exchange , 1997, CCS '97.

[8]  Dieter Gollmann,et al.  An efficient non-repudiation protocol , 1997, Proceedings 10th Computer Security Foundations Workshop.

[9]  Carsten Rudolph,et al.  On the security of fair non-repudiation protocols , 2003, International Journal of Information Security.

[10]  Colin Boyd,et al.  Exploring Fair Exchange Protocols Using Specification Animation , 2000, ISW.

[11]  Carsten Rudolph,et al.  Role based specification and security analysis of cryptographic protocols using asynchronous product automata , 2002, Proceedings. 13th International Workshop on Database and Expert Systems Applications.

[12]  Olivier Markowitch,et al.  An Optimistic Non-repudiation Protocol with Transparent Trusted Third Party , 2001, ISC.

[13]  Steve A. Schneider,et al.  Formal analysis of a non-repudiation protocol , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[14]  Lawrence C. Paulson,et al.  Mechanical Proofs about a Non-repudiation Protocol , 2001, TPHOLs.

[15]  Jianying Zhou Non-Repudiation in Electronic Commerce , 2002, DEXA Workshops.

[16]  Roland Rieke,et al.  Abstraction and composition: a verification method for co-operating systems , 2000, J. Exp. Theor. Artif. Intell..

[17]  Paul F. Syverson,et al.  On unifying some cryptographic protocol logics , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[18]  Carsten Rudolph,et al.  Authenticity and Provability - A Formal Framework , 2002, InfraSec.

[19]  Lawrence C. Paulson,et al.  Proving properties of security protocols by induction , 1997, Proceedings 10th Computer Security Foundations Workshop.

[20]  Steve A. Schneider Verifying authentication protocols with CSP , 1997, Proceedings 10th Computer Security Foundations Workshop.

[21]  Olivier Markowitch,et al.  A Multi-party Optimistic Non-repudiation Protocol , 2000, ICISC.

[22]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[23]  Robert H. Deng,et al.  Some Remarks on a Fair Exchange Protocol , 2000, Public Key Cryptography.

[24]  G. Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol using CSP and FDR , 1996 .

[25]  Joonsang Baek,et al.  Improving fairness and privacy of Zhou-Gollmann's fair non-repudiation protocol , 1999, Proceedings of the 1999 ICPP Workshops on Collaboration and Mobile Computing (CMC'99). Group Communications (IWGC). Internet '99 (IWI'99). Industrial Applications on Network Computing (INDAP). Multime.

[26]  Jianying Zhou Achieving Fair Nonrepudiation in Electronic Transactions , 2001, J. Organ. Comput. Electron. Commer..

[27]  Ulrich Ultes-Nitsche,et al.  The SH-Verification Tool — Abstraction-Based Verification of Co-operating Systems , 1998, Formal Aspects of Computing.

[28]  Dieter Gollmann,et al.  A fair non-repudiation protocol , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[29]  Michael Goldsmith,et al.  Modelling and analysis of security protocols , 2001 .