Replay Attack in a Fair Exchange Protocol
A fair multi-party exchange protocol provides equal treatment to all users, in such a way that at the end of the execution of the exchange, all parties have the element that wished to obtain, or none of them has obtained any valid item. In this paper, we analyse a well-known multi-party fair exchange protocol and, in spite of the formal proof of its correctness given in , we demonstrate that the protocol has a flaw. The weakness provoked by this flaw made possible a replay attack that breaks the fairness of the exchange. We will see as a group of colluding participants in the exchange can get the item from an honest participant and this participant will get nothing. In addition to that, we propose a new protocol to solve the problem of the potential replay attack which preserves the property of semi-trusted neutral party. The property was introduced in the original protocol so as to improve the user confidence in the trusted third party (TTP). Our solution not only preserves this property but also introduces the property of verifiable TTP. The property guaranties evidences from each TTP operation to the users. The evidences can be used to get compensation and correct any wrong situation caused by an incorrect operation of the TTP; for instance, in case of a passive conspiracy of the TTP.
Unable to display preview. Download preview PDF.
- 1.Aura, T.: Strategies against replay attacks. In: 10th IEEE Computer Society Foundations Workshop (CSFW 1997), pp. 59–68. IEEE Computer Society Press, Los Alamitos (1997)Google Scholar
- 2.Bao, F., Deng, R.H., Nguyen, K.Q., Varadharanjan, V.: Multi-party Fair Exchange with an Off-line Trusted Neutral Party. In: DEXA 1999 Workshop on Electronic Commerce and Security, Italy (1999)Google Scholar
- 3.European Commission Information Society DG. Open Information Interchange (OII) service: OII Guide to Trust Services, http://www.diffuse.org/oii/en/trust.html
- 4.European Telecommunications Standard Institute (ETSI): Telecommunications Security; Trusted Third Parties (TTP); Requirements for TTP Services; ETSI Guide EG 2001 057 v1.1.2 (1997-2007)Google Scholar
- 6.Gong, L., Syverson, P.: Fail-stop protocols: An approach to designing secure protocols. In: 5th International Working Conference on Dependable Computing for Critical Applications, pp. 44–55 (1995)Google Scholar
- 8.Internet Policy Institute. Report of the National Workshop on Internet Voting: Issues and Research Agenda (March 2001), http://www.internetpolicy.org
- 9.ITU-T: Recommendation X.842: Information technology – Security techniques – Guidelines on the use and management of trusted third party services (October 2000)Google Scholar
- 11.Mukhamedov, A., Kremer, S., Ritter, E.: Analysis of a Multi-Party Fair Exchange Protocol and Formal Proof of Correctness in the Strand Space model. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 225–269. Springer, Heidelberg (2005)Google Scholar
- 12.Mut Puigserver, M., Ferrer Gomila, J.L., Huguet i Rotger, L.: Certified e-mail Protocol with Verifiable Third Party. In: IEEE International Conference on e-Technology, e-Commerce and e-Service EEE 2005, Hong Kong, pp. 548–551 (2005)Google Scholar
- 13.Syverson, P.: A Taxonony of replay attacks. In: 10th IEEE Computer Society Foundations Workshop (CSFW 1997), pp. 187–191. IEEE Computer Society Press, Los Alamitos (1997)Google Scholar