Exploring Fair Exchange Protocols Using Specification Animation
Fair exchange protocols are a mechanism to ensure that items held by two parties are exchanged without one party gaining an advantage. Several such protocols have been proposed in recent years. We used the Possum animation tool to explore these protocols to examine whether they achieve their security goals. Our experiments revealed some new attacks and helped to gain other useful insights into various fair exchange protocols.
KeywordsSecurity Protocol Generic Protocol Exchange Protocol Fair Exchange Insecure State
Unable to display preview. Download preview PDF.
- 1.N. Asokan, Victor Shoup and Michael Waidner, “Asynchronous Protocols for Optimistic Fair Exchange”, IEEE Symposium on Security and Privacy, 1998, IEEE Computer Society Press, 1998. Corrected version available at http://www.zurich.ibm.com/Technology/Security/publications/1998/ASW98.ps.gz.
- 3.Josep Lluís Gomila, Llorenç Huguet i Rotger, “An Efficient Asynchronous Protocol for Optimistic Certified Electronic Mail”, CRYPTEC’99 Proceedings, City University of Hong Kong Press, 1999, pp.147–154.Google Scholar
- 4.Dan Hazel, Paul Strooper and Owen Traynor, “Possum: An animator for the Sum specification language”, Asia-Pacific Software Engineering Conference and International Computer Science Conference, IEEE Computer Society, 1997, pp.42–51.Google Scholar
- 5.Catherine Meadows,“Open Issues in Formal Methods for Cryptogra-phic Protocol Analysis”, Proceedings of DISCEX 2000, IEEE Computer Society Press, pp. 237–250, January, 2000. Also available at http://chacs.nrl.navy.mil/publications/CHACS/2000/2000meadowsdiscex.ps.
- 6.B. Potter, J. Sinclair and D. Till, An Introduction to Formal Specification and Z, Prentice Hall, 1991.Google Scholar
- 7.S. Schneider, Formal Analysis of a Non-Repudiation Protocol, 11th IEEE Computer Security Foundations Workshop, 1998. Also available at http://www.dcs.rhbnc.ac.uk/research/formal/steve/papers/csfw98.ps.gz.
- 8.Owen Traynor, Peter Kearney, Ed Kazmierczak, Li Wang and Einar Karlsen, “Extending Z with Modules”, Australasian Computer Science Communications, 17, 1, pp.513–522, 1995.Google Scholar
- 9.J. Zhou and D. Gollman, “A Fair Non-Repudiation Protocol”, IEEE Symposium on Security and Privacy, pp.56–61, IEEE Computer Society Press, 1996.Google Scholar
- 10.J. Zhou and D. Gollman, “An Efficient Non-Repudiation Protocol”, IEEE Computer Security Foundations Workshop, IEEE Computer Society Press, pp.126–132, 1997Google Scholar
- 11.J. Zhou and D. Gollmann, “Towards Verification of Non-repudiation Protocols”, Proceedings of 1998 International Refinement Workshop and Formal Methods Pacific, pp. 370–380, Canberra, Australia, September 1998, Springer. Also available at http://homex.s-one.net.sg/user/jyzhou/IRW98.ps.
- 12.Jianying Zhou, Robert Deng and Feng Bao, “Some Remarks on a Fair Exchange Protocol”, Public Key Cryptography 2000, Springer-Verlag, 2000, pp.46–57.Google Scholar