Accountability in Electronic Commerce Protocols

In most commercial and legal transactions, the ability to hold individuals or organizations accountable for transactions is important. Hence, electronic protocols that implement commercial transactions must be designed to provide adequate accountability assurances for transacting parties. A framework is proposed for the analysis of communication protocols that require accountability, such as those for electronic commerce. This framework can be used to analyze protocol designs to detect accountability (or lack thereof). Arguments are presented to show that a heretofore unexplored property "provability" is pertinent to examining the potential use of communication protocols in the context of litigation, and in the context of audit. A set of postulates which are applicable to the analysis of proofs in general and the proofs of accountability in particular, are proposed. The proposed approach is more natural for the analysis of accountability than the existing belief logics (e.g., M. Burrows et al., 1990) that have been used in the past for the analysis of key distribution protocols. Some recently proposed protocols for electronic commerce and public key delegation are analyzed to illustrate the use of the new analysis framework in detecting (and suggesting remedies for eliminating) their lack of accountability, and in detecting and eliminating redundancies.

[1]  David Chaum,et al.  Efficient Offline Electronic Checks (Extended Abstract) , 1989, EUROCRYPT.

[2]  Jean-Jacques Quisquater,et al.  A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge , 1988, CRYPTO.

[3]  Li Gong,et al.  Reasoning about belief in cryptographic protocols , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[4]  Paul F. Syverson The use of logic in the analysis of cryptographic protocols , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  David Chaum,et al.  Advances in Cryptology: Proceedings Of Crypto 83 , 2012 .

[6]  Virgil D. Gligor,et al.  On belief evolution in authentication protocols , 1991, Proceedings Computer Security Foundations Workshop IV.

[7]  B. Clifford Neuman,et al.  Requirements for network payment: the NetCheque perspective , 1995, Digest of Papers. COMPCON'95. Technologies for the Information Superhighway.

[8]  Tatsuaki Okamoto,et al.  Universal Electronic Cash , 1991, CRYPTO.

[9]  J.J. Tardo,et al.  SPX: global authentication using public key certificates , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[10]  Ross J. Anderson Why cryptosystems fail , 1994, CACM.

[11]  Richard J. Lipton,et al.  Social processes and proofs of theorems and programs , 1977, POPL.

[12]  Virgil D. Gligor,et al.  On the Security Effectiveness of Cryptographic Protocols , 1995 .

[13]  Mark R. Tuttle,et al.  A Semantics for a Logic of Authentication , 1991, PODC 1991.

[14]  Li Gong,et al.  Logics for cryptographic protocols-virtues and limitations , 1991, Proceedings Computer Security Foundations Workshop IV.

[15]  Martín Abadi,et al.  A Calculus for Access Control in Distributed Systems , 1991, CRYPTO.

[16]  Amos Fiat,et al.  Untraceable Electronic Cash , 1990, CRYPTO.

[17]  Martín Abadi,et al.  A semantics for a logic of authentication (extended abstract) , 1991, PODC '91.

[18]  B. Clifford Neuman,et al.  NetCash: a design for practical electronic currency on the Internet , 1993, CCS '93.

[19]  Rajashekar Kailar Reasoning about accountability in protocols for electronic commerce , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[20]  Stephen T. Kent,et al.  Security Mechanisms in High-Level Network Protocols , 1983, CSUR.

[21]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[22]  Birgit Pfitzmann,et al.  How To Break and Repair A "Provably Secure" Untraceable Payment System , 1991, CRYPTO.

[23]  David Chaum,et al.  Undeniable Signatures , 1989, CRYPTO.

[24]  Jonathan K. Millen,et al.  The Interrogator: Protocol Secuity Analysis , 1987, IEEE Transactions on Software Engineering.

[25]  P.W. Brown Digital signatures: are they legal for electronic commerce? , 1994, IEEE Communications Magazine.

[26]  B. Clifford Neuman,et al.  Endorsements, licensing, and insurance for distributed system services , 1994, CCS '94.

[27]  Catherine A. Meadows,et al.  Using narrowing in the analysis of key management protocols , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[28]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[29]  Patrick W. Brown Digital signatures: can they be accepted as legal signatures in EDI? , 1993, CCS '93.