Abstract
Recently, Nenadić et al. (2004) proposed the RSA-CEGD protocol for certified delivery of e-goods. This is a relatively complex scheme based on verifiable and recoverable encrypted signatures (VRES) to guarantee properties such as strong fairness and non-repudiation, among others. In this paper, we illustrate how an extended logic of beliefs can be helpful to analyze in a formal manner these security properties. This approach requires the previous definition of some novel constructions to deal with evidences exchanged by parties during the protocol execution. The study performed within this framework reveals the lack of non-repudiation in RSA-CEGD and points out some other weaknesses.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alcaide, A., Estévez, J.M.: Formal Analysis of the RSA-CEGD protocol. Technical Report (January 2005)
Bella, G., Paulson, L.: Mechanical Proofs about a Non-repudiation Protocol. In: Boulton, R.J., Jackson, P.B. (eds.) TPHOLs 2001. LNCS, vol. 2152, pp. 91–104. Springer, Heidelberg (2001)
Denning, D.E.: The Limits of Formal Security Models. National Computer Systems Security Award Aceptance Speech (October 1999), Available online at http://www.cs.georgetown.edu/~denning/infosec/award.html
Dolev, D., Yao, A.C.: On the Security of Public Key Protocols. IEEE Trans. Inf. Theory IT-29(12), 198–208 (1983)
Gürgens, S., Rudolph, C.: Security Analysis of (Un-) Fair Non-repudiation Protocols. In: Abdallah, A.E., Ryan, P.Y.A., Schneider, S. (eds.) FASec 2002. LNCS, vol. 2629, pp. 97–114. Springer, Heidelberg (2003)
Kailar, R.: Reasoning about accountability in protocols for electronic commerce. In: Proc. IEEE Symp. Security and Privacy, pp. 236–250. IEEE Computer Security Press, Los Alamitos (1995)
Kailar, R.: Accountability in electronic commerce protocols. IEEE Trans. Software Engineering 5(22), 313–328 (1996)
Louridas, P.: Some guidelines for non-repudiation protocols. Computer Communication Review 30(5), 29–38 (2000)
Kremer, S., Markowitch, O., Zhou, J.: An intensive survey of fair nonrepudiation protocols. Computer Comunications 25(17), 1606–1621 (2002)
Kremer, S., Raskin, J.F.: A game approach to the verification of exchange protocols - application to non-repudiation protocols. In: Workshop on Issues in the Theory of Security (WITS 2000) (July 2000)
Kremer, S., Raskin, J.F.: A Game-Based Verification of Non-Repudiation and Fair Exchange Protocols. Journal of Computer Security 11(13), 399–429 (2003)
Nenadić, A., Zhang, N., Barton, S.: A Security Protocol for Certified E-goods Delivery. In: Proc. IEEE Int. Conf. Information Technology, Coding, and Computing (ITCC 2004), Las Vegas, NV, USA, pp. 22–28. IEEE Computer Society, Los Alamitos (2004)
Ray, I., Ray, I.: An Optimistic Fair Exchange E-commerce Protocol with Automated Dispute Resolution. In: Bauknecht, K., Madria, S.K., Pernul, G. (eds.) EC-Web 2000. LNCS, vol. 1875, pp. 84–93. Springer, Heidelberg (2000)
Schneider, S.: Formal Analysis of a Non-repudiation Protocol. In: IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, Los Alamitos (1998)
Syverson, P., Cervestato, I.: The Logic of Authentication Protocols. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 63–136. Springer, Heidelberg (2001)
Zhou, J., Gollman, D.: A fair non-repudiation protocol. In: Proc. 1996 Symp. on Research in Security and Privacy, Oakland, CA, USA, pp. 55–61. IEEE Computer Society Press, Los Alamitos (1996)
Zhou, J., Gollman, D.: Towards verification of non-repudiation protocols. In: Proc. 1998 Intl. Refinement Workshop and Formal Methods Pacific, pp. 370–380 (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Alcaide, A., Estévez-Tapiador, J.M., Izquierdo, A., Sierra, J.M. (2005). A Formal Analysis of Fairness and Non-repudiation in the RSA-CEGD Protocol. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2005. ICCSA 2005. Lecture Notes in Computer Science, vol 3483. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11424925_136
Download citation
DOI: https://doi.org/10.1007/11424925_136
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25863-6
Online ISBN: 978-3-540-32309-9
eBook Packages: Computer ScienceComputer Science (R0)