A formal model of rational exchange and its application to the analysis of Syverson's protocol

We propose a formal model of rational exchange and exchange protocols in general, which is based on game theory. In this model, an exchange protocol is represented as a set of strategies in a game that is played by the protocol parties and the network that they use to communicate with each other. Within this model, we give a formal definition for rational exchange and various other properties of exchange protocols, including fairness. In particular, rational exchange is defined in terms of a Nash equilibrium in the protocol game. We also study the relationship between rational and fair exchange, and prove that fairness implies rationality, but not vice versa. Finally, we illustrate the usage of our formal model for the analysis of existing rational exchange protocols by analyzing a protocol proposed by Syverson. We show that the protocol is rational only under the assumption that the network is reliable.

[1]  Rohit Chadha,et al.  Inductive methods and contract-signing protocols , 2001, CCS '01.

[2]  N. Asokan,et al.  Optimistic fair exchange of digital signatures , 1998, IEEE Journal on Selected Areas in Communications.

[3]  Seif Haridi,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[4]  Vitaly Shmatikov,et al.  Finite-state analysis of two contract signing protocols , 2002, Theor. Comput. Sci..

[5]  Srdjan Capkun,et al.  A formal analysis of Syverson's rational exchange protocol , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[6]  Olivier Markowitch,et al.  Probabilistic Non-Repudiation without Trusted Third Party , 1999 .

[7]  J.-Y. Le Boudec,et al.  Toward self-organized mobile ad hoc networks: the terminodes project , 2001, IEEE Commun. Mag..

[8]  Levente Buttyán,et al.  Enforcing service availability in mobile ad-hoc WANs , 2000, MobiHoc.

[9]  N. Asokan,et al.  Key agreement in ad hoc networks , 2000, Comput. Commun..

[10]  Nadarajah Asokan,et al.  Fairness in electronic commerce , 1998, Research report / RZ / IBM / IBM Research Division / Zürich Research Laboratory.

[11]  Srdjan Capkun,et al.  Self-Organized Public-Key Management for Mobile Ad Hoc Networks , 2003, IEEE Trans. Mob. Comput..

[12]  Ariel Rubinstein,et al.  A Course in Game Theory , 1995 .

[13]  Levente Buttyán,et al.  Rational Exchange - A Formal Model Based on Game Theory , 2001, WELCOM.

[14]  Jiejun Kong,et al.  Providing robust and ubiquitous security support for mobile ad-hoc networks , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[15]  Chunming Qiao,et al.  Integrated cellular and ad hoc relaying systems: iCAR , 2001, IEEE J. Sel. Areas Commun..

[16]  Henning Pagnia,et al.  On the Impossibility of Fair Exchange without a Trusted Third Party , 1999 .

[17]  Zygmunt J. Haas,et al.  Securing ad hoc networks , 1999, IEEE Netw..

[18]  Felix C. Freiling,et al.  Approaching a formal definition of fairness in electronic commerce , 1999, Proceedings of the 18th IEEE Symposium on Reliable Distributed Systems.

[19]  Levente Buttyán,et al.  BUILDING BLOCKS FOR SECURE SERVICES: AUTHENTICATED KEY TRANSPORT AND RATIONAL EXCHANGE PROTOCOLS , 2002 .

[20]  Jean-François Raskin,et al.  Formal verification of non-repudiation protocols-a game approach , 2000 .

[21]  Steve A. Schneider,et al.  Formal analysis of a non-repudiation protocol , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[22]  Jean-Pierre Hubaux,et al.  The quest for security in mobile ad hoc networks , 2001, MobiHoc '01.

[23]  Markus Jakobsson,et al.  Ripping Coins For a Fair Exchange , 1995, EUROCRYPT.

[24]  Levente Buttyán,et al.  Report on a working session on security in wireless ad hoc networks , 2003, MOCO.

[25]  Srdjan Capkun,et al.  Mobility helps security in ad hoc networks , 2003, MobiHoc '03.

[26]  Paul F. Syverson,et al.  Weakly secret bit commitment: applications to lotteries and fair exchange , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[27]  Levente Buttyán,et al.  Stimulating Cooperation in Self-Organizing Mobile Ad Hoc Networks , 2003, Mob. Networks Appl..

[28]  Richard Cleve,et al.  Controlled Gradual Disclosure Schemes for Random Bits and Their Applications , 1989, CRYPTO.

[29]  Ying-Dar Lin,et al.  Multihop cellular: a new architecture for wireless communications , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[30]  J. V. D. Merwe,et al.  Self-Organized Public Key Management for Mobile Ad Hoc Networks , 2002 .

[31]  Tuomas Sandholm,et al.  Unenforced E-Commerce Transactions , 1997, IEEE Internet Comput..

[32]  Frank Stajano,et al.  Security for Ubiquitous Computing , 2002, ICISC.