1 / 42

Enforcing honesty in fair exchange protocols

Enforcing honesty in fair exchange protocols. Asandei George Ilascu Marian. Master Securitatea Informa tiei , An I, Facultatea de Informatica. Universitatea Alexandru Ioan Cuza, Iasi , 2014. Structura. Introducere Tipuri de protocoale „Fair exchange” Optimistic Fair Exchange Protocol

karen-horn
Download Presentation

Enforcing honesty in fair exchange protocols

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Enforcing honesty in fair exchange protocols Asandei George Ilascu Marian Master SecuritateaInformatiei, An I, Facultatea de Informatica Universitatea Alexandru Ioan Cuza, Iasi, 2014

  2. Structura • Introducere • Tipuri de protocoale „Fair exchange” • Optimistic Fair Exchange Protocol • Comparatii intre protocoale • Q&A • Referinte

  3. Certified Email – Nenadic et al.[2] • S -> R : {h(Message), SigS(h(Message))} • R -> S : {Enc.kR(Receipt)} • S -> R : {Message} • R -> S : {kR}

  4. Certified Delivery - Nenadic et al.[3] DP = Digital product • M -> C : {Enc.kM(DP), Cert(DP) SigM(DP))} • C -> M : {Enc.kC(SigC(ReceiveDP))} • M -> C: {kM} • C -> M : {kC}

  5. Certified Delivery Asokan et al. [4] Contract N is previously agreed on by both parties A and B. a = random generated by A b = random generated by B • A -> B : {SigA(h(a), N)} • B -> A : {SigB(h(b), {SigA(h(a), N)}} • A -> B : {a} • B -> A : {b}

  6. Types of fairness • Strong fairness • Weak fairness

  7. TTP involvement • No TTP • TTP • Inline • Online • Offline

  8. Protocoale ce nu implica TTP-uri • Protocoale „gradual exchange” • Parti mici din produs is trimise in mai multe runde • Jakobson prpoune impartirea datelor in doua bucati ce pot fi interpretate doar cand sunt • Protocoale probabilistice • Probabilitatea corectitudinii creste cu fiecare runda

  9. Protocolul Zhang et al. [5] • C -> M : Request product • M -> C : Invoice • C-> M : Enc.kC(Payment) • C -> B : Enc.kC(Payment) • B -> M : Enc.kC(Payment) • M -> C : Product • C -> M : kC

  10. Protocolul Ray et al.[6] • Comerciantul M se inregistreaza la un TTP. • TTP-ul genereaza kM1 si dkM1 • Similar pentru clientul C (inregistrare + generare chei) • TTP-ul va stoca produsul, descrierea si pretul acestuia

  11. Protocolul Ray et al.[6] • C -> M : {Purchase order, Enc.C1xC2(Payment)} • M -> C : {Enc.M1xM2(Product)} • C -> M : C2 • M -> C : M2

  12. Protocolul Asokan et al.[7] • C -> M : Request product • M -> C : Invoice • C-> M : Payment • C -> B : Product TTP will cancel the payment if the product is not as described in the description.

  13. Protocolul Devane et al.[8] • C -> M : SigC(Purchase request) • M -> C : SigM(Invoice), Enc.kM(DP) • C-> M : SigC(Payment) • M -> B : kM, SigB(SigC(Payment)) • B -> M : kM, SigB(SigC(Payment)) • M -> C : kM, SigB(SigC(Payment)) • C -> B: Aknowledgement

  14. Protocolul EMH (Enforcing Merchant Honesty) • Utilizat pentru schimbul de plati si produse intre un cumparator si un vanzator • Forteaza comportamentul corect al vanzatorului • Contine un mecanism de rezolvare al disputelor, in urma caruia ambele parti sunt multumite

  15. Agentisiroluri • C -> cumparator • Efectueazacererea de achizitionare a unuiprodus • M -> vanzator • Detine un anumitproduspe care ilcomercializeazaclientului in schimbuluneiplati

  16. Agentisiroluri • TTP -> terta parte in care C si M au incredere • Genereaza o cheiepublicapkctsi o cheieprivataskctpe care le partajeaza cu C • Genereaza un certificatC.ctpentruskctcecontinesemnaturalui TTP skct ->cripteazacheiasimetricautilizata pt. decriptareaplatii • Rezolvaanumiteconflicte initiate de M

  17. Agentisiroluri • CB -> bancaundeclientuldetine un cont • Genereazaplataprin care care clientulvaachizitionaprodusul • Genereaza un certificat P-Cert al platiicecontine: • Suma de plata • Identitateavanzatorului M • hP -> un hash al platii • heP -> un hash al platiicriptate cu cheiasimetricakc • heKc -> un hash al platiicriptate cu cheiapublicapkct • Semnaturabancii CB

  18. Agentisiroluri • CA -> autoritatea care certificaprodusul • Genereaza un certificat DG-Cert pentruprodusuldetinut de M cecontine: • Pret • d -> Descriereasau ID-ulprodusului D • hDG -> Hash-ulprodusului D • Sig.CA -> Semnaturaautoritatiipecertificat • M vafolosiacestcertificatpentru a comercializaprodusul

  19. Fazeleprotocolului 1. Faza de pre-exchange

  20. Fazeleprotocolului 2. Faza de exchange

  21. Fazeleprotocolului 2. Faza de exchange • E-M1: C-> M: • desc: specificaprodusuldorit de client, contine: • Descriere + ID • hDG: hash-ulprodusului D • enc.kc(P): plata. criptata cu kc • P-Cert • C.ct • enc.pkct(kc): cheiasimetricagenerata de C • enc.pkm(km): cheiesimetrica km ceva fi utilizata de vanzatorpentru a criptaprodusul • Sig.c(P): semnatura RSA a clientuluiceasigura non-repudierea

  22. Fazeleprotocolului 2. Faza de exchange • M verifica: • P-Cert prinverificareasemnaturiilui CB • C.ctprinverificareasemnaturiilui TTP • enc.kc(P) prin: • HP = hP? (verificareaegalitatiidintre hash-ullui P din sig.C(P) hP din P-Cert) • HeP = heP? (calculeaza h(enc.kc(P) sicompara cu heP din P-Cert) • HeKc = heKc? (calculeaza h(enc.pkct(kc)) sicompara cu heKc din P-Cert)

  23. Fazeleprotocolului 2. Faza de exchange • E-M2: M -> C: • enc.km(D) – M obtine km din pkm(km) sicripteazaprodusul • Sig.m(D) – asigura non-repudierea • E-M3: C -> M: • Enc.pkm(skct) – C trimitecheiaprivataskct pt. ca M sadecriptezeplata

  24. Rezolvareadisputelor • Modalitati: • Arbitration: existentaunui mediator cecolecteazainformatii din ambelepartisiia o decizieasuprarezolvariidisputei • Evaluation: mediatorulcontineinformatii din ambeleparti, insadoarrecomanda o solutiepentrurezolvareadisputei • Mediation: ajutapartilesacomuniceintreelepentrurezolvareadisputei • Automated negotiation: se refera la rezolvareaconflictelor cu privire la suma de baninegociataintreparti, fiecare parte ofera o anumitacantitate din bani/produs, faracacealaltasastie. Mediatorulrezolvadisputacandceidoiofera in mod egal.

  25. Rezolvareadisputelor • Modalitati: • Mock trial: Existentaunuijuriuceofera o sugestieasuprarezolvariidisputei • Complaint Assistance: Instrument ceajuta la creareacererii de rezolvare a disputei, precumsi la rezolvareaacestuia • Credit card charge back: Mediatorulconstaintr-un furnizor de card-uri de credit cevainmanasuma de banicuvenitapartiivictime

  26. Rezolvareadisputelor • In EMH: • Rezolvareaeste in modul Arbitration, insainformatiilesuntpreluatedintr-o singura parte: M • Disputapoate fi datorata de contestareacomportamentului ne-onest al cumparatorului C cu privire la (ne)trimitereacheii de decriptare a platii, precumsi a comportamenului ne-onest al lui M in vedereaobtineriiuneiplati in plus • Cererea de rezolvare a disputeipoate fi emisadoar de vanzatorul M

  27. Rezolvareadisputelor

  28. Rezolvareadisputelor • DR-M1: M -> TTP: • desc • P-Cert • C.ct • Sig.c(P) • enc.pkt(km) • enc.km(D) • TTP verifica P-Cert, C.ct, semnaturalui C pedescsidecripteaza km

  29. Rezolvareadisputelor • DR-M2: TTP -> C: enc.km(D) + enc.pkc(km) • Motive: • M a trimisprodusulincorect D in E-M2 • M nu a trimisprodusuldeloc (M a contactat TTP inaintea E-M2) • M nu a criptatprodusul D cu km trimis in E-M1 de client • DR-M3: TTP -> M: enc.pkm(skct) sau abort

  30. Rezolvareadisputelor

  31. Scenarii de executie • C si M se comportaonest • C se comporta ne-onestiar M onest • C onest, M ne-onest • C si M nu se comportaonest

  32. Scenarii de executie

  33. Scenarii de executie • (1): C si M onesti executienormala • (2): Dupareceptialui E-M1, M opresteexecutiaprotocolului • (3): M receptioneaza E-M1 sicontacteaza TTP inainteatrimiterii E-M2. TTP retureaza abort => M triseaza • (4): Similar (3) insa DR-M1 estecorect, TTP rezolvadisputa • (5): M receptioneaza E-M1, verificasitrimite E-M2, insa nu maiprimeste E-M3. M contacteaza TTP, dar DR-M1 esteincorect. Motive: E-M2 nu estecorectsau C ne-onest(M treb. satrimita DR- M1 corectpentrurezolvare) • (6): Asemanator (5) insa DR-M1 estecorectsi TTP rezolvadisputa in cazul in care E-M2 estecorect

  34. Scenarii de executie • (7): Protocolul se executapana la capat, insa M contacteaza TTP, dar DR-M1 esteincorect -> TTP returneaza abort • Motive: • E-M3 incorect • M vreasaobtina un avantaj fata de C • (8): Asemanator (7), insa DR-M1 estecorectsi TTP rezolvadisputa

  35. Comparatie cu alteprotocoale

  36. Referinte • [1] Enforcing Honesty in Fair Exchange Protocols - Abdullah M. Alaraj and Malcolm Munro • [2] Nenadic, A., Zhang, N., Barton, S.: Fair certified email delivery. • [3] Nenadic, A., Zhang, N., Cheetham, B., Goble, C.: RSA-based certified delivery of e-goods using verifiable and recoverable signature encryption. • [4] Asokan, N., Shoup, V.,Waidner, M.: Asynchronous protocols for optimistic fair exchange. • [5] Zhang, Q., Markantonakis, K., Mayes, K.: A practical fair exchange e-payment protocol for anonymous purchase and physical delivery.

  37. Referinte • [6] Ray, I., Ray, I., Narasimhamurthy, N.: An anonymous failure resilient fair-exchange ecommerce protocol. • [7] Asokan, N., Schunter, M., Waidner, M.: Optimistic protocols for fair exchange. • [8] Devane, S., Chatterjee, M., Phatak, D.: Secure e-commerce protocol for purchase of e-goods using smart card.

More Related