130 research outputs found

    Fair exchange in e-commerce and certified e-mail, new scenarios and protocols

    Get PDF
    We are witnessing a steady growth in the use of Internet in the electronic commerce field. This rise is promoting the migration from traditional processes and applications (paper based) to an electronic model. But the security of electronic transactions continues to pose an impediment to its implementation. Traditionally, most business transactions were conducted in person. Signing a contract required the meeting of all interested parties, the postman delivered certified mail in hand, and when paying for goods or services both customer and provider were present. When all parties are physically present, a transaction does not require a complex protocol. The participants acknowledge the presence of the other parties as assurance that they will receive their parts, whether a signature on a contract, or a receipt, etc. But with e-commerce growing in importance as sales and business channel, all these transactions have moved to its digital counterpart. Therefore we have digital signature of contracts, certified delivery of messages and electronic payment systems. With electronic transactions, the physical presence is not required,moreover, most of the times it is even impossible. The participants in a transaction can be thousands of kilometers away from each other, and they may not even be human participants, they can be machines. Thus, the security that the transaction will be executed without incident is not assured per se, we need additional security measures. To address this problem, fair exchange protocols were developed. In a fair exchange every party involved has an item that wants to exchange, but none of the participants is willing to give his item away unless he has an assurance he will receive the corresponding item from the other participants. Fair exchange has many applications, like digital signature of contracts, where the items to be exchanged are signatures on contracts, certified delivery of messages, where we exchange a message for evidence of receipt, or a payment process, where we exchange a payment (e-cash, e-check, visa, etc.) for digital goods or a receipt. The objective of this dissertation is the study of the fair exchange problem. In particular, it presents two new scenarios for digital contracting, the Atomic Multi- Two Party (AM2P) and the Agent Mediated Scenario (AMS), and proposes one optimistic contract signing protocol for each one. Moreover, it studies the efficiency of Multi-Party Contract Signing (MPCS) protocols from their architecture point of view, presenting a new lower bound for each architecture, in terms of minimum number of transactions needed. Regarding Certified Electronic Mail (CEM), this dissertation presents two optimistic CEMprotocols designed to be deployed on thecurrent e-mail infrastructure, therefore they assume the participation of multiple Mail Transfer Agents (MTAs). In one case, the protocol assumes untrusted MTAs whereas in the other one it assumes each User Agent (UA) trusts his own MTA. Regarding payment systems, this dissertation presents a secure and efficient electronic bearer bank check scheme allowing the electronic checks to be transferred fairly and anonymously.L’ús d’Internet en l’àmbit del comerç electrònic està experimentant un creixement estable. Aquest increment d’ús està promovent lamigració de processos tradicionals i aplicacions (basades en paper) cap a un model electrònic. Però la seguretat de les transaccions electròniques continua impedint la seva implantació. Tradicionalment, la majoria de les transaccions s’han dut a terme en persona. La firma d’un contracte requeria la presència de tots els firmants, el carter entrega les cartes certificades enmà, i quan es paga per un bé o servei ambdós venedor i comprador hi són presents. Quan totes les parts hi són presents, les transaccions no requereixen un protocol complex. Els participants assumeixen la presència de les altres parts com assegurança que rebran el que esperen d’elles, ja sigui la firma d’un contracte, un rebut d’entrega o un pagament. Però amb el creixement del comerç electrònic com a canal de venda i negoci, totes aquestes transaccions s’hanmogut al seu equivalent en el món electrònic. Així doncs tenim firma electrònica de contractes, enviament certificat de missatges, sistemes de pagament electrònic, etc. En les transaccions electròniques la presència física no és necessària, de fet, la majoria de vegades és fins it tot impossible. Els participants poden estar separats permilers de kilòmetres, i no és necessari que siguin humans, podrien sermàquines. Llavors, la seguretat de que la transacció s’executarà correctament no està assegurada per se, necessitem proporcionar mesures de seguretat addicionals. Per solucionar aquest problema, es van desenvolupar els protocols d’intercanvi equitatiu. En un intercanvi equitatiu totes les parts involucrades tenen un objecte que volen intercanviar, però cap de les parts implicades vol donar el seu objecte si no té la seguretat que rebrà els objectes de les altres parts. L’intercanvi equitatiu té multitud d’aplicacions, com la firma electrònica de contractes, on els elements a intercanviar son firmes de contractes, enviament certificat demissatges, on s’intercanvien unmissatge per una evidència de recepció, o un procés de pagament, on intercanviemun pagament (e-cash, visa, e-xec, etc.) per bens digitals o per un rebut. L’objectiu d’aquesta tesi és estudiar el problema de l’intercanvi equitatiu. En particular, la tesi presenta dos nous escenaris per a la firma electrònica de contractes, l’escenari multi-two party atòmic i l’escenari amb agents intermediaris, i proposa un protocol optimista per a cada un d’ells. A més, presenta un estudi de l’eficiència dels protocols de firma electrònica multi-part (Multi-Party Contract Signing (MPCS) protocols) des del punt de vista de la seva arquitectura, presentant una nova fita per a cada una, en termes de mínim nombre de transaccions necessàries. Pel que fa al correu electrònic certificat, aquesta tesi presenta dos protocols optimistes dissenyats per a ser desplegats damunt l’infraestructura actual de correu electrònic, per tant assumeix la participació demúltiples agents de transferència de correu. Un dels protocols assumeix que cap dels agents de transferència de correu participants és de confiança,mentre que l’altre assumeix que cada usuari confia en el seu propi agent. Pel que fa a sistemes de pagament, la tesi presenta un esquema de xec bancari al portador, eficient i segur, que garanteix que la transferència dels xecs es fa demanera anònima i equitativa

    Implementation of a Secure Internet Voting Protocol

    Get PDF
    Voting is one of the most important activities in a democratic society. In a traditional voting environment voting process sometimes becomes quite inconvenient due to the reluctance of certain voters to visit a polling booth to cast votes besides involving huge social and human resources. The development of computer networks and elaboration of cryptographic techniques facilitate the implementation of electronic voting. In this work we propose a secure electronic voting protocol that is suitable for large scale voting over the Internet. The protocol allows a voter to cast his or her ballot anonymously, by exchanging untraceable yet authentic messages. The e-voting protocol is based on blind signatures and has the properties of anonymity, mobility, efficiency, robustness, authentication, uniqueness, and universal verifiability and coercion-resistant. The proposed protocol encompasses three distinct phases - that of registration phase, voting phase and counting phase involving five parties, the voter, certification centre, authentication server, voting server and a tallying server

    Efficient, Coercion-free and Universally Verifiable Blockchain-based Voting

    Get PDF
    Most electronic voting systems today satisfy the basic requirements of privacy, unreusability, eligibility and fairness in a natural and rather straightforward way. However, receipt-freeness, incoercibility and universal verifiability are much harder to implement and in many cases they require a large amount of computation and communication overhead. In this work, we propose a blockchain-based voting system which achieves all the properties expected from secure elections without requiring too much from the voter. Coercion resistance and receipt-freeness are ensured by means of a randomizer token -- a tamper-resistance source of randomness which acts as a black box in constructing the ballot for the user. Universal verifiability is ensured by the append-only structure of the blockchain, thus minimizing the trust placed in election authorities. Additionally, the system has linear overhead when tallying the votes, hence it is scalable and practical for large scale elections

    Legally Fair Contract Signing Without Keystones

    Get PDF
    International audienceIn two-party computation, achieving both fairness and guaranteed output delivery is well known to be impossible. Despite this limitation , many approaches provide solutions of practical interest by weakening somewhat the fairness requirement. Such approaches fall roughly in three categories: " gradual release " schemes assume that the aggrieved party can eventually reconstruct the missing information; " optimistic schemes " assume a trusted third party arbitrator that can restore fairness in case of litigation; and " concurrent " or " legally fair " schemes in which a breach of fairness is compensated by the aggrieved party having a digitally signed cheque from the other party (called the keystone). In this paper we describe and analyse a new contract signing paradigm that doesn't require keystones to achieve legal fairness, and give a concrete construction based on Schnorr signatures which is compatible with standard Schnorr signatures and provably secure

    Electronic money and the derived applications: anonymous micropayment, receipt-free electronic voting and anonymous internet access.

    Get PDF
    by Chan Yuen Yan.Thesis (M.Phil.)--Chinese University of Hong Kong, 2000.Includes bibliographical references (leaves 91-[97]).Abstracts in English and Chinese.Chapter 1 --- Introduction --- p.1Chapter 1.1 --- Transition to a New Monetary System --- p.3Chapter 1.2 --- Security and Cryptography --- p.3Chapter 1.3 --- Electronic Cash: More than an Electronic Medium of Transaction --- p.4Chapter 1.4 --- Organisation of the Thesis --- p.5Chapter 2 --- Cryptographic Primitives --- p.7Chapter 2.1 --- One-way Hash Functions --- p.7Chapter 2.2 --- The Bit Commitment Protocol --- p.8Chapter 2.3 --- Secret Splitting --- p.8Chapter 2.4 --- Encryption / Decryption --- p.9Chapter 2.4.1 --- Symmetric Encryption --- p.10Chapter 2.4.2 --- Asymmetric Encryption --- p.10Chapter 2.5 --- The RSA Public Key Cryptosystem --- p.11Chapter 2.6 --- Blind Signature --- p.12Chapter 2.7 --- Cut-and-choose procotol --- p.13Chapter 2.8 --- The Elliptic Curve Cryptosystem (ECC) --- p.14Chapter 2.8.1 --- The Elliptic Curve Discrete Logarithm Problem --- p.15Chapter 2.8.2 --- Cryptographic Applications Implemented by ECC --- p.15Chapter 2.8.3 --- Analog of Diffie-Hellman Key Exchange --- p.15Chapter 2.8.4 --- Data Encryption [11] --- p.16Chapter 2.8.5 --- The ECC Digital Signature --- p.17Chapter 3 --- What is Money? --- p.18Chapter 3.1 --- Money --- p.18Chapter 3.1.1 --- The History of Money [17] --- p.19Chapter 3.1.2 --- Functions of Money --- p.20Chapter 3.2 --- Existing Payment Systems --- p.22Chapter 3.2.1 --- Cash Payments --- p.22Chapter 3.2.2 --- Payment through Banks --- p.22Chapter 3.2.3 --- Using Payment Cards --- p.23Chapter 4 --- Electronic Cash --- p.24Chapter 4.1 --- The Basic Requirements --- p.24Chapter 4.2 --- Basic Model of Electronic Cash --- p.25Chapter 4.2.1 --- Basic Protocol --- p.26Chapter 4.2.2 --- Modified Protocol --- p.27Chapter 4.2.3 --- Double Spending Prevention --- p.30Chapter 4.3 --- Examples of Electronic Cash --- p.31Chapter 4.3.1 --- eCash --- p.31Chapter 4.3.2 --- CAFE --- p.31Chapter 4.3.3 --- NetCash --- p.32Chapter 4.3.4 --- CyberCash --- p.32Chapter 4.3.5 --- Mondex --- p.33Chapter 4.4 --- Limitations of Electronic Cash --- p.33Chapter 5 --- Micropayments --- p.35Chapter 5.1 --- Basic Model of Micropayments --- p.36Chapter 5.1.1 --- Micropayments generation --- p.37Chapter 5.1.2 --- Spending --- p.37Chapter 5.1.3 --- Redemption --- p.38Chapter 5.2 --- Examples of Micropayments --- p.39Chapter 5.2.1 --- Pay Word --- p.39Chapter 5.2.2 --- MicroMint --- p.40Chapter 5.2.3 --- Millicent --- p.41Chapter 5.3 --- Limitations of Micropayments --- p.41Chapter 5.4 --- Digital Money - More then a Medium of Transaction --- p.42Chapter 6 --- Anonymous Micropayment Tickets --- p.45Chapter 6.1 --- Introduction --- p.45Chapter 6.2 --- Overview of the Systems --- p.46Chapter 6.3 --- Elliptic Curve Digital Signature --- p.48Chapter 6.4 --- The Micropayment Ticket Protocol --- p.49Chapter 6.4.1 --- The Micropayment Ticket --- p.50Chapter 6.4.2 --- Payment --- p.51Chapter 6.4.3 --- Redemption --- p.52Chapter 6.4.4 --- Double Spending --- p.52Chapter 6.5 --- Security Analysis --- p.52Chapter 6.5.1 --- Conditional Anonymity --- p.53Chapter 6.5.2 --- Lost Tickets --- p.53Chapter 6.5.3 --- Double Spending --- p.53Chapter 6.5.4 --- Collusion with Vendors --- p.53Chapter 6.6 --- Efficiency Analysis --- p.55Chapter 6.7 --- Conclusion --- p.56Chapter 7 --- Anonymous Electronic Voting Systems --- p.57Chapter 7.1 --- Introduction --- p.57Chapter 7.2 --- The Proposed Electronic Voting System --- p.58Chapter 7.2.1 --- The Proposed Election Model --- p.58Chapter 7.3 --- Two Cryptographic Protocols --- p.60Chapter 7.3.1 --- Protocol One - The Anonymous Authentication Protocol --- p.61Chapter 7.3.2 --- Protocol Two - Anonymous Commitment --- p.64Chapter 7.4 --- The Electronic Voting Protocol --- p.65Chapter 7.4.1 --- The Registration Phase --- p.66Chapter 7.4.2 --- The Polling Phase --- p.66Chapter 7.4.3 --- Vote-Opening Phase --- p.67Chapter 7.5 --- Security Analysis --- p.68Chapter 7.5.1 --- Basic Security Requirements --- p.68Chapter 7.5.2 --- Receipt-freeness --- p.71Chapter 7.5.3 --- Non-transferability of Voting Right --- p.72Chapter 7.6 --- Conclusion --- p.72Chapter 8 --- Anonymous Internet Access --- p.74Chapter 8.1 --- Introduction --- p.74Chapter 8.2 --- Privacy Issues of Internet Access Services --- p.75Chapter 8.2.1 --- Present Privacy Laws and Policies --- p.75Chapter 8.2.2 --- Present Anonymous Internet Services Solutions --- p.76Chapter 8.2.3 --- Conditional Anonymous Internet Access Services --- p.76Chapter 8.3 --- The Protocol --- p.77Chapter 8.3.1 --- ISP issues a new pass to Alice using blind signature [1] scheme --- p.77Chapter 8.3.2 --- Account Operations --- p.78Chapter 8.4 --- Modified Version with Key Escrow on User Identity --- p.79Chapter 8.4.1 --- Getting a new pass --- p.79Chapter 8.4.2 --- Account operations --- p.82Chapter 8.4.3 --- Identity revocation --- p.83Chapter 8.5 --- Security Analysis --- p.83Chapter 8.5.1 --- Anonymity --- p.83Chapter 8.5.2 --- Masquerade --- p.84Chapter 8.5.3 --- Alice cheats --- p.84Chapter 8.5.4 --- Stolen pass --- p.84Chapter 8.6 --- Efficiency --- p.85Chapter 8.6.1 --- Random number generation --- p.85Chapter 8.6.2 --- Signing on the pass --- p.86Chapter 8.6.3 --- Pass validation --- p.86Chapter 8.6.4 --- Identity recovery --- p.87Chapter 8.7 --- Conclusion --- p.87Chapter 9 --- Conclusion --- p.88Bibliography --- p.9

    Beyond Subterm-Convergent Equational Theories in Automated Verification of Stateful Protocols (extended version)

    Get PDF
    International audienceThe TAMARIN prover is a state-of-the-art protocol verification tool. It supports verification of both trace and equivalence properties, a rich protocol specification language that includes support for global, mutable state and allows the user to specify cryptographic primitives as an arbitrary subterm convergent equational theory, in addition to several built-in theories, which include, among others, Diffie-Hellman exponentiation. In this paper, we improve the underlying theory and the tool to allow for more general user-specified equational theories: our extension supports arbitrary convergent equational theories that have the finite variant property, making TAMARIN the first tool to support at the same time this large set of user-defined equational theories, protocols with global mutable state, an unbounded number of sessions, and complex security properties. We demonstrate the effectiveness of this generalization by analyzing several protocols that rely on blind signatures, trapdoor commitment schemes, and ciphertext prefixes that were previously out of scope

    Automated Verification of Exam, Cash, aa Reputation, and Routing Protocols

    Get PDF
    Security is a crucial requirement in the applications based on information and communication technology, especially when an open network such as the Internet is used.To ensure security in such applications cryptographic protocols have been used.However, the design of security protocols is notoriously difficult and error-prone.Several flaws have been found on protocols that are claimed secure.Hence, cryptographic protocols must be verified before they are used.One approach to verify cryptographic protocols is the use of formal methods, which have achieved many results in recent years.Formal methods concern on analysis of protocol specifications modeled using, e.g., dedicated logics, or process algebras.Formal methods can find flaws or prove that a protocol is secure under ``perfect cryptographic assumption" with respect to given security properties. However, they abstract away from implementation errors and side-channel attacks.In order to detect such errors and attacks runtime verification can be used to analyze systems or protocols executions.Moreover, runtime verification can help in the cases where formal procedures have exponential time or suffer from termination problems.In this thesis we contribute to cryptographic protocols verification with an emphasis on formal verification and automation.Firstly, we study exam protocols. We propose formal definitions for several authentication and privacy propertiesin the Applied Pi-Calculus. We also provide an abstract definitions of verifiability properties.We analyze all these properties automatically using ProVerif on multiple case studies, and identify several flaws.Moreover, we propose several monitors to check exam requirements at runtime. These monitors are validated by analyzing a real exam executions using MARQ Java based tool.Secondly, we propose a formal framework to verify the security properties of non-transferable electronic cash protocols.We define client privacy and forgery related properties.Again, we illustrate our model by analyzing three case studies using ProVerif, and confirm several known attacks.Thirdly, we propose formal definitions of authentication, privacy, and verifiability properties of electronic reputation protocols. We discuss the proposed definitions, with the help of ProVerif, on a simple reputation protocol.Finally, we obtain a reduction result to verify route validity of ad-hoc routing protocols in presence of multiple independent attackers that do not share their knowledge.La sécurité est une exigence cruciale dans les applications basées sur l'information et la technologie de communication, surtout quand un réseau ouvert tel que l'Internet est utilisé. Pour assurer la sécurité dans ces applications des protocoles cryptographiques ont été développé. Cependant, la conception de protocoles de sécurité est notoirement difficile et source d'erreurs. Plusieurs failles ont été trouvées sur des protocoles qui se sont prétendus sécurisés. Par conséquent, les protocoles cryptographiques doivent être vérifiés avant d'être utilisés. Une approche pour vérifier les protocoles cryptographiques est l'utilisation des méthodes formelles, qui ont obtenu de nombreux résultats au cours des dernières années.Méthodes formelles portent sur l'analyse des spécifications des protocoles modélisées en utilisant, par exemple, les logiques dédiés, ou algèbres de processus. Les méthodes formelles peuvent trouver des failles ou permettent de prouver qu'un protocole est sécurisé sous certaines hypothèses par rapport aux propriétés de sécurité données. Toutefois, elles abstraient des erreurs de mise en ouvre et les attaques side-channel.Afin de détecter ces erreurs et la vérification des attaques d'exécution peut être utilisée pour analyser les systèmes ou protocoles exécutions. En outre, la vérification de l'exécution peut aider dans les cas où les procédures formelles mettent un temps exponentielle ou souffrent de problèmes de terminaison. Dans cette thèse, nous contribuons à la vérification des protocoles cryptographiques avec un accent sur la vérification formelle et l'automatisation. Tout d'abord, nous étudions les protocoles d'examen. Nous proposons des définitions formelles pour plusieurs propriétés d'authentification et de confidentialité dans le Pi-calcul Appliqué.Nous fournissons également une des définitions abstraites de propriétés de vérifiabilité. Nous analysons toutes ces propriétés en utilisant automatiquement ProVerif sur plusieurs études de cas, et avons identifié plusieurs failles. En outre, nous proposons plusieurs moniteurs de vérifier les exigences d'examen à l'exécution. Ces moniteurs sont validés par l'analyse d'un exécutions d'examen réel en utilisant l'outil MARQ Java.Deuxièmement, nous proposons un cadre formel pour vérifier les propriétés de sécurité de protocoles de monnaie électronique non transférable. Nous définissons la notion de vie privée du client et les propriétés de la falsification. Encore une fois, nous illustrons notre modèle en analysant trois études de cas à l'aide ProVerif, et confirmons plusieurs attaques connues.Troisièmement, nous proposons des définitions formelles de l'authentification, la confidentialité et les propriétés de vérifiabilité de protocoles de réputation électroniques. Nous discutons les définitions proposées, avec l'aide de ProVerif, sur un protocole de réputation simple. Enfin, nous obtenons un résultat sur la réduction de la vérification de la validité d'une route dans les protocoles de routage ad-hoc, en présence de plusieurs attaquants indépendants qui ne partagent pas leurs connaissances
    corecore