A New Approach to Reasoning About Accountability in Cryptographic Protocols for E-Commerce
This chapter presents a generic belief logic and demonstrates how it can be used to reason about accountability in cryptographic protocols for electronic commerce. First, we explain why the analysis of accountability properties can be treated in terms of belief. Different from other logics that have been proposed earlier to deal with accountability, our logic uses more general logical terms to deal with accountability, instead of the specific predicate “canprove”. We argue that the essence of accountability is actually the ability to “make” someone “believe” something, and the notion of “make” is just another modal operator in a generic belief logic. We then describe our belief logic and present an axiomatization system for analyzing cryptographic protocols for e-commerce. Finally, we illustrate with two examples how our logic can be used for our intended purpose.
KeywordsInference Rule Cryptographic Protocol Computer Security Foundation Workshop Belief Logic Service Acknowledgement
Unable to display preview. Download preview PDF.
- [AT91]M. Abadi and M. Tuttle, A semantics for a logic of authentication. In Proceedings of the Tenth ACM Symposium on Principles of Distributed Computing, pp.201–216, 1991.Google Scholar
- [B97]D. Bolignano, Towards the formal verification of electronic commerce protocols, Proc. of the tenth computer security foundations workshop, pp133–146, Rockport, IEEE Computer Society Press, 1997.Google Scholar
- [BAN89]M. Burrows, M. Abadi, and R. Needham, A logic of authenti-cation. Research Report 39, Digital Systems Research Centre, 1989.Google Scholar
- [C95]B. F. Chellas, Modal Logic—an introduction, pp.26, Cambridge University Press, 1995.Google Scholar
- [CH73]Chin-Liang Chang and Richard Char-Tung Lee, Symbolic Logic and Mathematical Theorem Proving, Academic Press, 1973.Google Scholar
- [DS81]D.E. Denning and G.M. Sacco. Timestamps in Key distribution protocols. CA CM, vol. 24, No. 8, pp.533–536, August 1981.Google Scholar
- [G90]L. Gong, Cryptographic Protocols for Distributed Systems, Ph.D. dissertation, University of Cambridge, April, 1990.Google Scholar
- [GNY90]L. Gong, R. Needham, and R. Yahalom, Reasoning about belief in cryptographic protocols. In Proceedings of the 1990 IEEE Computer Society Symposium on Research in Security and Privacy, pp.234–248, 1990.IBM Zurich Research, iKP — a family of secure electronic payment protocols. http://www.zurich.ibm.com/Technology/Security/extern/ecommerce/.
- [K95]R. Kailar, Reasoning about accountability in protocols for electronic commerce, in Proceedings of IEEE Symposium on Security and Privacy, pp.236–250, IEEE Computer Society Press, 1995.Google Scholar
- [KN98]V. Kessler and H. Neumann, A sound logic for analyzing electronic commerce protocols, Fifth European Symposium on Research in Computer Security: ESORICS 98 (Springer LNCS 1485, 1998), pp345–360, Springer 1998.Google Scholar
- [OT94]Kevin O’Toole, The Internet Billing Server Transaction Protocol Alternatives, Technical Report INI TR 1994–1, Carnegie Mellon University1994.http://www.ftp.ini.cmu.edu/billing_server/Transaction_Protocol/billing_server/Transaction_ProtocolGoogle Scholar
- [RSW96]R. L. Rivest, A. Shamir, and D. A. Wagner, Time-lock puzzles and timed-release crypto, Technical Report, MIT Laboratory for Computer Science, 1996.Google Scholar
- [S90]P. Syverson, Formal Semantics for Logics of Cryptographic Protocols, Proceedings of the Computer Security Foundations Workshop III, Franconia, NH June 1990. IEEE CS Press, Los Alamitos CA, 1990.Google Scholar
- [SVO94]P. Syverson and P.C. Van Oorschot, On unifying some cryptographic protocol logics, In Proceedings of the Computer Security Foundations Workshop VII(CSFW’94), (IEEE), pp.14–28, 1994.Google Scholar
- [VO93]P.C. Van Oorschot. Extending Cryptographic Logics of Belief to Key Agreement Protocols (Extended Abstract). In proceedings of the first ACM conference on Computer and Communication Security, pages 232–234, November 1993.Google Scholar
- [VWZ00]V. Varadharajan, H. Wang and Y. Zhang, Towards a generic logic for the analysis of cryptographic protocols, to appear in Proceedings of the 20th International Conference on Distributed Computing Systems, IEEE Computer Society, April 2000.Google Scholar
- [VWZ01]V. Varadharajan, H. Wang and Y. Zhang, a generic logic for the analysis of cryptographic protocols, manuscript, 2000.Google Scholar