1 / 22

CSC 774 Advanced Network Security

CSC 774 Advanced Network Security. Topic 3.3: Fair Exchange. Outline. Overview of Fair Exchange Optimistic Fair Exchange A General Protocol Optimized Protocol Contract signing Self-study Optimized Protocols Certified mail Payment for receipt Fair purchase. Fair Exchange.

jerry
Download Presentation

CSC 774 Advanced Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSC 774 Advanced Network Security Topic 3.3: Fair Exchange CSC 774 Adv. Net. Security

  2. Outline • Overview of Fair Exchange • Optimistic Fair Exchange • A General Protocol • Optimized Protocol • Contract signing • Self-study • Optimized Protocols • Certified mail • Payment for receipt • Fair purchase CSC 774 Adv. Net. Security

  3. Fair Exchange • A fair exchange should guarantee that at the end of the exchange • Either each party has received what it expects to receive, • Or no party has received anything • Examples • Certified mail • Contract signing • Payment CSC 774 Adv. Net. Security

  4. Trusted Third Party (TTP) Originator Responder Traditional Fair Exchange • ISO proposals • Use a TTP to ensure fairness • Limitations • TTP is heavily involved • Bottleneck • Single point of failure CSC 774 Adv. Net. Security

  5. Optimistic Fair Exchange • Assumptions • Most participants are honest • Allow participants to exchange without TTP • Fall back to TTP when there are failures • Dishonest participants, communication failures, etc. Trusted Third Party (TTP) Originator Responder CSC 774 Adv. Net. Security

  6. Three Phases of Optimistic Fair Exchange • Phase 1 • The parties try to exchange items without a TTP • Phase 2 • The parties try to exchange items through a TTP • Phase 3 • Each computer outputs all evidence and any participant may visit a court CSC 774 Adv. Net. Security

  7. Degree of Fairness • Strong (true) fairness • If the TTP is able to • Undo a transfer of an item (revocability) • Example: revoke a signed contract • Produce a replacement for it (Generatability) • Example: generate a replacement of a receipt • Weak fairness • If the TTP can only produce affidavits • Requires an external dispute resolution system • Example: court CSC 774 Adv. Net. Security

  8. Generic Exchange Protocol • Two stages • Stage 1 (Two flows) • The originator O and the recipient R promise each other an exchange of items • Stage 2 (Three flows) • Exchange the items along with non-repudiation tokens CSC 774 Adv. Net. Security

  9. Notations • itemX: the item X wants to send • descrX: a description of itemX • expectX(descrX, descrY): • Evaluate to true if X is satisfied with exchanging itemX with itemY. • fits(descr, item) • Evaluate to true if the description fits the item • h(): hash function • (key, comm) = commit(item) • Generate a commitment comm to item, and also generate a key, without which it’s impossible to get the item. • Verifiable encryption. • open(item, key, comm) • Use key to open the item whose commitment is comm. CSC 774 Adv. Net. Security

  10. Generic Exchange Protocol (Cont’) O T R In: itemR, descrR, expectR In: itemO, descrO, expectO Choose yO (recovery authenticator) rO (NRR authenticator) randomly; determine T (keyO, comO) := commit (itemO) m1:=signO(T, R, h(yO), h(rO), t, comO, descrO) If not expectR(descrR, descrO) then Abort; Choose yR (recovery authenticator) rR (NRR authenticator) randomly; (keyR, comR) := commit (itemR) m2:=signR(O, h(m1), h(yR), h(rR), comR, descrR) CSC 774 Adv. Net. Security

  11. Generic Exchange Protocol (Cont’d) O T R expectO(descrO, descrR) m3:=itemO, keyO open (itemO, keyO, comO)? fits(descrO, itemO)? m4:=itemR, rR, keyR If fits (itemR, descrR) and open (itemR, keyR, comR) and [no timeout] then m5:=rO else [Recovery for O] If [timeout] then [Recovery for R] CSC 774 Adv. Net. Security

  12. Generic Exchange Protocol (Cont’d) • Question: • Why can these tokens guarantee NRO or NRR? O R Output: itemR NRO Token: (m2, keyR, comR) NRR Token: (m1, m2, rR) Output: itemO NRO Token: (m1, keyO, comO) NRR Token: (m1, m2, rO) CSC 774 Adv. Net. Security

  13. Recovery for O O R T If [the received messages fit together] then retransmit m3, observable by T If [retransmit invalid] then abort elseif not [timeout] then open (itemO, keyO, comO)? fits(descrO, itemO)? retransmit m4, observable by T open (itemR, keyR, comR)? fits (itemR, descrR)? m5 else CSC 774 Adv. Net. Security

  14. Question • Can this recovery protocol guarantee • Strong fairness for O? • ______ • Weak fairness for O? • ______ CSC 774 Adv. Net. Security

  15. Recovery for R O R T If [the received messages fit together] then retransmit m4, observable by T open (itemR, keyR, comR)? fits (itemR, descrR)? If [retransmit invalid] then abort if not [timeout] then m5 else CSC 774 Adv. Net. Security

  16. Question • Can this recovery protocol guarantee • Strong fairness for R? • ______ • Weak fairness for R? • ______ CSC 774 Adv. Net. Security

  17. Types of items • Confidential data • Data that will be released during the protocol • Example: Software • Public data • Data that will be released even if the protocol execution fails • Purpose: fair exchange of non-repudiation tokens. • Example: contract • Payments • A payment sub-protocol that is executed to transfer value from payer to payee • Example: PayWords CSC 774 Adv. Net. Security

  18. Types of Items (Cont’d) • Generatable • The TTP can produce a replacement of the item • Revocable • The TTP can undo the transfer of the item CSC 774 Adv. Net. Security

  19. Exchange Types CSC 774 Adv. Net. Security

  20. Optimized Protocol -- Contract Signing O T R In: contractR In: contractO Choose oO randomly; determine T m1:=signO(T, R, h(oO), t, contractO) Choose yR randomly. contractR=contractO? m2:=signR(h(m1), h(yR) m3:= oO CSC 774 Adv. Net. Security

  21. Contract Signing (Cont’d) O T R If [timeout] then If [the received messages fit together] then m2 If [response] then m3 else CSC 774 Adv. Net. Security

  22. Contract Signing (Cont’d) O R Output: contractR, (m1, m2) Output: contractR, (m1, oO) • Question: • Why can these tokens guarantee NRO or NRR? CSC 774 Adv. Net. Security

More Related