Automatic Methods for Analyzing Non-repudiation Protocole with an Active Intruder

International audienceNon-repudiation protocols have an important role in many areas where secured transactions with proofs of participation are necessary. Formal methods are clever and without error, therefore using them for verifying such protocols is crucial. In this purpose, we show how to partially represent non-repudiation as a combination of authentications on the Fair Zhou-Gollmann protocol. After discussing the limitations of this method, we define a new one based on the handling of the knowledge of protocol participants. This second method is general and of natural use, as it consists in adding simple annotations in the protocol specification. It is very easy to implement in tools able to handle participants knowledge. We have implemented it in the AVISPA Tool and analyzed the optimistic Cederquist-Corin-Dashti protocol, discovering two attacks. This extension of the AVISPA Tool for handling non-repudiation opens a highway to the specification of many other properties, without any more change in the tool itself

Automatic Methods for Analyzing Non-Repudiation Protocols with an Active Intruder

Non-repudiation protocols have an important role in many areas where secured transactions with proofs of participation are necessary. Formal methods are clever and without error, therefore using them for verifying such protocols is crucial. In this purpose, we show how to partially represent non-repudiation as a combination of authentications on the Fair Zhou-Gollmann protocol. After discussing its limits, we define a new method based on the handling of the knowledge of protocol participants. This method is very general and is of natural use, as it consists in adding simple annotations, like for authentication problems. The method is very easy to implement in tools able to handle participants knowledge. We have implemented it in the AVISPA Tool and analyzed the optimistic Cederquist-Corin- Dashti protocol, discovering two unknown attacks. This extension of the AVISPA Tool for handling non-repudiation opens a highway to the specification of many other properties, without any more change in the tool itself

Study for Automatically Analysing Non-repudiation

While security issues such as secrecy and authentication have been studied intensively, most interest in non-repudiation protocols has only come in recent years. Non-repudiation services must ensure that when two parties exchange informations over a network, neither one nor the other can deny having participated in this communication. Consequently a non-repudiation protocol has to generate evidences of participation to be used in the case of a dispute. In this paper, we present a description of non-repudiation services, and illustrate them on the Fair Zhou-Gollmann protocol. Then we show how to define non-repudiation properties with the AVISPA tool and explain how they can be automatically verified

A Unlinkable Delegation-based Authentication Protocol with Users’ Non-repudiation for Portable Communication Systems

[[abstract]]For portable communication systems, the delegation-based authentication protocol provides efficient subsequent login authentication, data confidentiality, user privacy protection, and non-repudiation. However, in all proposed protocols, the non-repudiation of mobile users is based on an unreasonable assumption that home location registers are always trusted. To weaken this assumption and enhance the nonrepudiation of mobile users, a new delegation-based authentication protocol is proposed. The new protocol also removes the exhaustive search problem of the subsequent login authentication to improve the subsequent login authentication performance. Moreover, the user unlinkability in the subsequent login authentication is also provided to enhance the user identity privacy protection.[[incitationindex]]EI[[incitationindex]]CEPS[[booktype]]紙

A Formal Model of Rational Exchange and Its Application to the Analysis of Syverson's Protocol

We propose a formal model of rational exchange and exchange protocols in general, which is based on game theory. In this model, an exchange protocol is represented as a set of strategies in a game that is played by the protocol parties and the network that they use to communicate with each other. Within this model, we give a formal definition for rational exchange and various other properties of exchange protocols, including fairness. In particular, rational exchange is defined in terms of a Nash equilibrium in the protocol game. We also study the relationship between rational and fair exchange, and prove that fairness implies rationality, but not vice versa. Finally, we illustrate the usage of our formal model for the analysis of existing rational exchange protocols by analyzing a protocol proposed by Syverson. We show that the protocol is rational only under the assumption that the network is reliable

Endeavouring to be in the good books : awarding DTN network use for acknowledging the reception of bundles

This paper describes an incentive scheme for promoting the cooperation, and, therefore, avoiding selfish behaviours, in Delay Tolerant Networks (DTN) by rewarding participant nodes with cryptographic keys that will be required for sending bundles. DTN are normally sparse, and there are few opportunistic contacts, so forwarding of other's bundles can be left out. Moreover, it is difficult to determine the responsible nodes in case of bundle loss. The mechanism proposed in this paper contributes to both problems at the same time. On one hand, cryptographic receipts are generated using time-limited Identity Based Cryptography (IBC) keys to keep track of bundle transmissions. On the other hand, these receipts are used to reward altruistic behaviour by providing newer IBC keys. Finally, these nodes need these IBC keys to send their own bundles. When all nodes behave in a cooperative way, this incentive scheme works as a virtuous circle and achieves a Nash equilibrium, improving very much the network performance in terms of latency. The scheme is not difficult to implement, and it can use an already existing IBC infrastructure used for other purposes in a DTN