Design and implementation of extensible middleware for non-repudiable interactions

PhD ThesisNon-repudiation is an aspect of security that is concerned with the creation of irrefutable audits of an interaction. Ensuring the audit is irrefutable and verifiable by a third party is not a trivial task. A lot of supporting infrastructure is required which adds large expense to the interaction. This infrastructure comprises, (i) a non-repudiation aware run-time environment, (ii) several purpose built trusted services and (iii) an appropriate non-repudiation protocol. This thesis presents design and implementation of such an infrastructure. The runtime environment makes use of several trusted services to achieve external verification of the audit trail. Non-repudiation is achieved by executing fair non-repudiation protocols. The Fairness property of the non-repudiation protocol allows a participant to protect their own interests by preventing any party from gaining an advantage by misbehaviour. The infrastructure has two novel aspects; extensibility and support for automated implementation of protocols. Extensibility is achieved by implementing the infrastructure in middleware and by presenting a large variety of non-repudiable business interaction patterns to the application (a non-repudiable interaction pattern is a higher level protocol composed from one or more non-repudiation protocols). The middleware is highly configurable allowing new non-repudiation protocols and interaction patterns to be easily added, without disrupting the application. This thesis presents a rigorous mechanism for automated implementation of non-repudiation protocols. This ensures that the protocol being executed is that which was intended and verified by the protocol designer. A family of non-repudiation protocols are taken and inspected. This inspection allows a set of generic finite state machines to be produced. These finite state machines can be used to maintain protocol state and manage the sending and receiving of appropriate protocol messages. A concrete implementation of the run-time environment and the protocol generation techniques is presented. This implementation is based on industry supported Web service standards and services.EPSRC, The Hewlett Packard Arjuna La

Design and implementation of extensible middleware for non-repudiable interactions

Non-repudiation is an aspect of security that is concerned with the creation of irrefutable audits of an interaction. Ensuring the audit is irrefutable and verifiable by a third party is not a trivial task. A lot of supporting infrastructure is required which adds large expense to the interaction. This infrastructure comprises, (i) a non-repudiation aware run-time environment, (ii) several purpose built trusted services and (iii) an appropriate non-repudiation protocol. This thesis presents design and implementation of such an infrastructure. The runtime environment makes use of several trusted services to achieve external verification of the audit trail. Non-repudiation is achieved by executing fair non-repudiation protocols. The Fairness property of the non-repudiation protocol allows a participant to protect their own interests by preventing any party from gaining an advantage by misbehaviour. The infrastructure has two novel aspects; extensibility and support for automated implementation of protocols. Extensibility is achieved by implementing the infrastructure in middleware and by presenting a large variety of non-repudiable business interaction patterns to the application (a non-repudiable interaction pattern is a higher level protocol composed from one or more non-repudiation protocols). The middleware is highly configurable allowing new non-repudiation protocols and interaction patterns to be easily added, without disrupting the application. This thesis presents a rigorous mechanism for automated implementation of non-repudiation protocols. This ensures that the protocol being executed is that which was intended and verified by the protocol designer. A family of non-repudiation protocols are taken and inspected. This inspection allows a set of generic finite state machines to be produced. These finite state machines can be used to maintain protocol state and manage the sending and receiving of appropriate protocol messages. A concrete implementation of the run-time environment and the protocol generation techniques is presented. This implementation is based on industry supported Web service standards and services.EThOS - Electronic Theses Online ServiceEPSRC : Hewlett Packard Arjuna LabGBUnited Kingdo

Rational cryptography: novel constructions, automated verification and unified definitions

Rational cryptography has recently emerged as a very promising field of research by combining notions and techniques from cryptography and game theory, because it offers an alternative to the rather inflexible traditional cryptographic model. In contrast to the classical view of cryptography where protocol participants are considered either honest or arbitrarily malicious, rational cryptography models participants as rational players that try to maximize their benefit and thus deviate from the protocol only if they gain an advantage by doing so. The main research goals for rational cryptography are the design of more efficient protocols when players adhere to a rational model, the design and implementation of automated proofs for rational security notions and the study of the intrinsic connections between game theoretic and cryptographic notions. In this thesis, we address all these issues. First we present the mathematical model and the design for a new rational file sharing protocol which we call RatFish. Next, we develop a general method for automated verification for rational cryptographic protocols and we show how to apply our technique in order to automatically derive the rational security property for RatFish. Finally, we study the intrinsic connections between game theory and cryptography by defining a new game theoretic notion, which we call game universal implementation, and by showing its equivalence with the notion of weak stand-alone security.Rationale Kryptographie ist kürzlich als ein vielversprechender Bereich der Forschung durch die Kombination von Begriffen und Techniken aus der Kryptographie und der Spieltheorie entstanden, weil es eine Alternative zu dem eher unflexiblen traditionellen kryptographischen Modell bietet. Im Gegensatz zur klassischen Ansicht der Kryptographie, nach der Protokollteilnehmer entweder als ehrlich oder willkürlich bösartig angesehen werden, modelliert rationale Kryptografie die Protokollteilnehmer als rationale Akteure, die versuchen ihren Vorteil zu maximieren und damit nur vom Protokoll abweichen, wenn sie dadurch einen Vorteil erlangen. Die wichtigsten Forschungsziele rationaler Kryptographie sind: das Design effizienterer Protokolle, wenn die Spieler ein rationale Modell folgen, das Design und die Implementierung von automatisierten Beweisen rationaler Sicherheitsbegriffe und die Untersuchung der intrinsischen Verbindungen zwischen spieltheoretischen und kryptographischen Begriffen. In dieser Arbeit beschäftigen wir uns mit all diesen Fragen. Zunächst präsentieren wir das mathematische Modell und das Design für RatFish, ein neues rationales Filesharing-Protokoll. Dann entwickeln wir eine allgemeine Methode zur automatischen Verifikation rationaler kryptographischer Protokolle und wir zeigen, wie man unsere Technik nutzen kann, um die rationale Sicherheitseigenschaft von RatFish automatisch abzuleiten. Abschließend untersuchen wir die intrinsische Verbindungen zwischen Spieltheorie und Kryptographie durch die Definition von game universal implementation, einem neuen spieltheoretischen Begriff, und wir zeigen die Äquivalenz von game universal implementation und weak stand-alone security

Fair multi-party non-repudiation protocols

info:eu-repo/semantics/publishe