Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 3.3: Fair Exchange.

Published byEvelyn Morrish Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 3.3: Fair Exchange."— Presentation transcript:

1 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 3.3: Fair Exchange

2 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security2 Outline Overview of Fair Exchange Optimistic Fair Exchange –A General Protocol –Optimized Protocol Contract signing Self-study –Optimized Protocols Certified mail Payment for receipt Fair purchase

3 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security3 Fair Exchange A fair exchange should guarantee that at the end of the exchange –Either each party has received what it expects to receive, –Or no party has received anything Examples –Certified mail –Contract signing –Payment

4 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security4 Traditional Fair Exchange ISO proposals –Use a TTP to ensure fairness Limitations –TTP is heavily involved –Bottleneck –Single point of failure Trusted Third Party (TTP) OriginatorResponder

5 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security5 Optimistic Fair Exchange Assumptions –Most participants are honest Allow participants to exchange without TTP Fall back to TTP when there are failures –Dishonest participants, communication failures, etc. Trusted Third Party (TTP) OriginatorResponder

6 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security6 Three Phases of Optimistic Fair Exchange Phase 1 –The parties try to exchange items without a TTP Phase 2 –The parties try to exchange items through a TTP Phase 3 –Each computer outputs all evidence and any participant may visit a court

7 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security7 Degree of Fairness Strong (true) fairness –If the TTP is able to Undo a transfer of an item (revocability) –Example: revoke a signed contract Produce a replacement for it (Generatability) –Example: generate a replacement of a receipt Weak fairness –If the TTP can only produce affidavits –Requires an external dispute resolution system Example: court

8 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security8 Generic Exchange Protocol Two stages –Stage 1 (Two flows) The originator O and the recipient R promise each other an exchange of items –Stage 2 (Three flows) Exchange the items along with non-repudiation tokens

9 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security9 Notations item X : the item X wants to send descr X : a description of item X expect X (descr X, descr Y ): –Evaluate to true if X is satisfied with exchanging item X with item Y. fits(descr, item) –Evaluate to true if the description fits the item h(): hash function (key, comm) = commit(item) –Generate a commitment comm to item, and also generate a key, without which it’s impossible to get the item. –Verifiable encryption. open(item, key, comm) –Use key to open the item whose commitment is comm.

10 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security10 Generic Exchange Protocol (Cont’) OTR In: item O, descr O, expect O In: item R, descr R, expect R Choose y O (recovery authenticator) r O (NRR authenticator) randomly; determine T (key O, com O ) := commit (item O ) If not expect R (descr R, descr O ) then Abort; Choose y R (recovery authenticator) r R (NRR authenticator) randomly; (key R, com R ) := commit (item R ) m 1 :=sign O (T, R, h(y O ), h(r O ), t, com O, descr O ) m 2 :=sign R (O, h(m 1 ), h(y R ), h(r R ), com R, descr R )

11 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security11 Generic Exchange Protocol (Cont’d) OTR expect O (descr O, descr R ) open (item O, key O, com O )? fits(descr O, item O )? m 3 :=item O, key O m 4 :=item R, r R, key R If fits (itemR, descrR) and open (item R, key R, com R ) and [no timeout] then m 5 :=r O If [timeout] then [Recovery for R] else [Recovery for O]

12 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security12 OR Output: item R NRO Token: (m 2, key R, com R ) NRR Token: (m 1, m 2, r R ) Output: item O NRO Token: (m 1, key O, com O ) NRR Token: (m 1, m 2, r O ) Generic Exchange Protocol (Cont’d) Question: –Why can these tokens guarantee NRO or NRR?

13 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security13 Recovery for O O T R If [the received messages fit together] then retransmit m 3, observable by T If [retransmit invalid] then abort elseif not [timeout] then open (item O, key O, com O )? fits(descr O, item O )? retransmit m 4, observable by T open (item R, key R, com R )? fits (itemR, descrR)? m5m5 else

14 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security14 Question Can this recovery protocol guarantee –Strong fairness for O? ______ –Weak fairness for O? ______

15 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security15 Recovery for R O T R If [the received messages fit together] then If [retransmit invalid] then abort if not [timeout] then retransmit m 4, observable by T open (item R, key R, com R )? fits (item R, descr R )? m5m5 else

16 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security16 Question Can this recovery protocol guarantee –Strong fairness for R? ______ –Weak fairness for R? ______

17 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security17 Types of items Confidential data –Data that will be released during the protocol –Example: Software Public data –Data that will be released even if the protocol execution fails –Purpose: fair exchange of non-repudiation tokens. –Example: contract Payments –A payment sub-protocol that is executed to transfer value from payer to payee –Example: PayWords

18 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security18 Public DataConf. DataPayment Generatable Revocable Types of Items (Cont’d) Generatable –The TTP can produce a replacement of the item Revocable –The TTP can undo the transfer of the item

19 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security19 Exchange Types Public DataConf. DataPayment Public DataContract Signing Certified Mail Payment with Receipt Conf. DataExchange of Goods Fair Purchase PaymentCurrency Exchange

20 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security20 Optimized Protocol -- Contract Signing OTR In: contract O In: contract R Choose o O randomly; determine T Choose yR randomly. contract R =contract O ? m 1 :=sign O (T, R, h(o O ), t, contract O ) m 2 :=sign R (h(m 1 ), h(y R ) m 3 := o O

21 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security21 Contract Signing (Cont’d) OTR If [timeout] then If [the received messages fit together] then m2m2 If [response] then else m3m3

22 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security22 Contract Signing (Cont’d) OR Output: contractR, (m1, m2) Output: contractR, (m1, o O ) Question: –Why can these tokens guarantee NRO or NRR?

Download ppt "Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 3.3: Fair Exchange."

Similar presentations

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Atomic Transactions CS523 - Spring 2006 - Brian Schmidt.

Atomic Transactions CS523 - Spring Brian Schmidt.
Multi-Party Contract Signing Sam Hasinoff April 9, 2001.

Multi-Party Contract Signing Sam Hasinoff April 9, 2001.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
1 9 4 5 1 8 8 6 E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April. 30. 2003 Seo, Seung-Hyun Dept. of Computer Science and.

E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April Seo, Seung-Hyun Dept. of Computer Science and.
Computer Science Dr. Peng NingCSC 774 Advanced Network Security1 Topic 3.1: NetBill.

Computer Science Dr. Peng NingCSC 774 Advanced Network Security1 Topic 3.1: NetBill.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 4.2 BiBa.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 4.2 BiBa.
Secure Multiparty Computations on Bitcoin

Secure Multiparty Computations on Bitcoin
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.
CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Computer Science Dr. Peng NingCSC 774 Advanced Network Security1 Topic 3.2: Micro Payments.

Computer Science Dr. Peng NingCSC 774 Advanced Network Security1 Topic 3.2: Micro Payments.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Preparation for In-class Presentations.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Preparation for In-class Presentations.

Similar presentations

Ads by Google