Abstract
We analyzed two non-repudiation protocols and found some new attacks on the fairness and termination property of these protocols. Our attacks are enabled by several inherent design weaknesses, which also apply to other non-repudiation protocols. To prevent these attacks, we propose generic countermeasures that considerably strengthen the design and implementation of non-repudiation protocols. The application of these countermeasures is finally shown by our construction of a new fair non-repudiation protocol.
Similar content being viewed by others
References
Abadi M, Needham R (1996) Prudent engineering practice for cryptographic protocols. IEEE Trans Softw Eng 22(1):6–15
Asokan N (1998) Fairness in electronic commerce. PhD thesis, University of Waterloo, Canada
Asokan N, Schunter M, Waidner M (1997) Optimistic protocols for fair exchange. In: Matsumoto T (ed) 4th ACM conference on computer and communications security, Zürich, Switzerland, April 1997. ACM Press, New York, pp 6–17
Asokan N, Shoup V, Waidner M (1998) Asynchronous protocols for optimistic fair exchange. In: Proceedings of the IEEE symposium on research in security and privacy, Oakland, CA, May 1998. IEEE Press, New York,hack pp 86–99
Asokan N, Shoup V, Waidner M (1998) Optimistic fair exchange of digital signatures. In: Nyberg K (ed) Advances in Cryptology – EUROCRYPT ’98, Espoo, Finland, June 1998. Lecture notes in computer science, vol 1403. Springer, Berlin Heidelberg New York, pp 591–606
Ateniese G (1999) Efficient verifiable encryption (and fair exchange) of digital signatures. In: Proceedings of the 6th ACM conference on computer and communications security (CCS ’99), Singapore, November 1999. ACM Press, New York, pp 138–146
Ateniese G, Nita-Rotaru C (2002) Stateless-recipient certified e-mail system based on verifiable encryption. In: Topics in Cryptology – CT-RSA, San Jose, CA, 18–22 February 2002. Lecture notes in computer science, vol 2271. Springer, Berlin Heidelberg New York, pp 182–199
Boyd C, Foo E (1998) Off-line fair payment protocol using convertible signatures. In: Advances in Cryptology – ASIACRYPT ’98, Beijing, China, October 1998. Lecture notes in computer science, vol 1514. Springer, Berlin Heidelberg New York, pp 271–285
Boyd C, Kearney P (2000) Exploring fair exchange protocols using specification animation. In: Information Security – ISW 2000, Wollongong, Australia, December 2000. Lecture notes in computer science, vol 1975. Springer, Berlin Heidelberg New York, pp 209–223
Coffey T, Saidha P (1996) Non-repudiation with mandatory proof of receipt. ACM SIGCOMM Comput Commun Rev 26(1):6–17
Deng RH, Gong L, Lazar AA, Wang W (1996) Practical protocols for certified electronic mail. J Netw Syst Manage 4(3):279–297
Ferrer-Gomila JL, Payeras-Capellà M, Huguet i Rotger L (2000) An efficient protocol for certified mail. In: Information Security – ISW 2000, Wollongong, Australia, December 2000. Lecture notes in computer science, vol 1975. Springer, Berlin Heidelberg New York, pp 237–248
Gürgens S, Rudolph C (2002) Security analysis of (un-) fair non-repudiation protocols. In: Formal Aspects of Security 2002 – BCS FASec 2002, London, UK, 18–20 December 2002. Lecture notes in computer science, vol 2629. Springer, Berlin Heidelberg New York, pp 97–114
Kremer S, Markowitch O (2000) Optimistic non-repudiable information exchange. In: Biemond J (ed) 21st symposium on information theory in the Benelux, Wassenaar, The Netherlands, May 2000, Werkgemeenschap Informatieen Communicatietheorie, Enschede, pp 139–146
Kremer S, Markowitch O (2001) Selective receipt in certified e-mail. In: Progress in Cryptology – INDOCRYPT 2001, Chennai, India, 16–20 December 2001. Lecture notes in computer science, vol 2247. Springer, Berlin Heidelberg New York, pp 136–148
Kremer S, Markowitch O (2003) Fair multi-party non-repudiation protocols. Int J Inf Secur 1(4):223–235
Kremer S, Markowitch O, Zhou J (2002) An intensive survey of fair non-repudiation protocols. Comput Commun 25(17):1606–1621
Kremer S, Raskin J-F (2001) A game-based verification of non-repudiation and fair exchange protocols. In: CONCUR 2001 – Concurrency Theory, Aalborg, Denmark, August 2001. Lecture notes in computer science, vol 2154. Springer, Berlin Heidelberg New York, pp 551–565
Louridas P (2000) Some guidelines for non-repudiation protocols. Comput Commun Rev 30(5):29–38
Markowitch O, Saeednia S (2001) Optimistic fair exchange with transparent signature recovery. In: Financial Cryptography – FC 2001, Grand Cayman, British West Indies, 19–22 February 2001. Lecture notes in computer science, vol 2339. Springer, Berlin Heidelberg New York, pp 339–350
Markowitch O, Kremer S (2000) A multi-party optimistic non-repudiation protocol. In: Information Security and Cryptology – ICISC 2000, Seoul, Korea, December 2000. Lecture notes in computer science, vol 2015. Springer, Berlin Heidelberg New York, pp 109–122
Markowitch O, Kremer S (2001) An optimistic non-repudiation protocol with transparent trusted third party. In: Information Security – ISC 2001, Malaga, Spain, October 2001. Lecture notes in computer science, vol 2200. Springer, Berlin Heidelberg New York, pp 363–378
Zhou J (1996) Non-repudiation. PhD thesis, University of London, December 1996
Zhou J (2001) Achieving fair non-repudiation in electronic transactions. J Organiz Comput Electron Commerce 11(4):253–267
Zhou J, Deng R, Bao F (1999) Evolution of fair non-repudiation with TTP. In: Information Security and Privacy – ACISP ’99, Wollongong, Australia, 7–9 April 1999. Lecture notes in computer science, vol 1587. Springer, Berlin Heidelberg New York, pp 258–269
Zhou J, Deng R, Bao F (2000) Some remarks on a fair exchange protocol. In: Public Key Cryptography – PKC 2000, Melbourne, Australia, January 2000. Lecture notes in computer science, vol 1751. Springer, Berlin Heidelberg New York, pp 46–57
Zhou J, Gollmann D (1996) A fair non-repudiation protocol. In: Proceedings of the IEEE symposium on security and privacy, Oakland, CA, May 1996. IEEE Press, New York, pp 55–61
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Gürgens, S., Rudolph, C. & Vogt, H. On the security of fair non-repudiation protocols. Int J Inf Secur 4, 253–262 (2005). https://doi.org/10.1007/s10207-004-0063-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-004-0063-7