Replay Attack in a Fair Exchange Protocol

  • Macià Mut-Puigserver
  • Magdalena Payeras-Capellà
  • Josep Lluís Ferrer-Gomila
  • Llorenç Huguet-Rotger
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5037)

Abstract

A fair multi-party exchange protocol provides equal treatment to all users, in such a way that at the end of the execution of the exchange, all parties have the element that wished to obtain, or none of them has obtained any valid item. In this paper, we analyse a well-known multi-party fair exchange protocol and, in spite of the formal proof of its correctness given in [11], we demonstrate that the protocol has a flaw. The weakness provoked by this flaw made possible a replay attack that breaks the fairness of the exchange. We will see as a group of colluding participants in the exchange can get the item from an honest participant and this participant will get nothing. In addition to that, we propose a new protocol to solve the problem of the potential replay attack which preserves the property of semi-trusted neutral party. The property was introduced in the original protocol so as to improve the user confidence in the trusted third party (TTP). Our solution not only preserves this property but also introduces the property of verifiable TTP. The property guaranties evidences from each TTP operation to the users. The evidences can be used to get compensation and correct any wrong situation caused by an incorrect operation of the TTP; for instance, in case of a passive conspiracy of the TTP.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Aura, T.: Strategies against replay attacks. In: 10th IEEE Computer Society Foundations Workshop (CSFW 1997), pp. 59–68. IEEE Computer Society Press, Los Alamitos (1997)Google Scholar
  2. 2.
    Bao, F., Deng, R.H., Nguyen, K.Q., Varadharanjan, V.: Multi-party Fair Exchange with an Off-line Trusted Neutral Party. In: DEXA 1999 Workshop on Electronic Commerce and Security, Italy (1999)Google Scholar
  3. 3.
    European Commission Information Society DG. Open Information Interchange (OII) service: OII Guide to Trust Services, http://www.diffuse.org/oii/en/trust.html
  4. 4.
    European Telecommunications Standard Institute (ETSI): Telecommunications Security; Trusted Third Parties (TTP); Requirements for TTP Services; ETSI Guide EG 2001 057 v1.1.2 (1997-2007)Google Scholar
  5. 5.
    Franklin, M.K., Tsudik, G.: Secure Group Barter: Multi-Party Fair Exchange with semitrusted neutral parties. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 90–102. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  6. 6.
    Gong, L., Syverson, P.: Fail-stop protocols: An approach to designing secure protocols. In: 5th International Working Conference on Dependable Computing for Critical Applications, pp. 44–55 (1995)Google Scholar
  7. 7.
    Gonzalez-Deleito, N., Markowitch, O.: Exclusion-freeness in Multi-party Exchange Protocols. In: Chan, A.H., Gligor, V.D. (eds.) ISC 2002. LNCS, vol. 2433, pp. 200–209. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Internet Policy Institute. Report of the National Workshop on Internet Voting: Issues and Research Agenda (March 2001), http://www.internetpolicy.org
  9. 9.
    ITU-T: Recommendation X.842: Information technology – Security techniques – Guidelines on the use and management of trusted third party services (October 2000)Google Scholar
  10. 10.
    Markowitch, O., Gollmann, D., Kremer, S.: On fairness in exchange protocols. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 451–464. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Mukhamedov, A., Kremer, S., Ritter, E.: Analysis of a Multi-Party Fair Exchange Protocol and Formal Proof of Correctness in the Strand Space model. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 225–269. Springer, Heidelberg (2005)Google Scholar
  12. 12.
    Mut Puigserver, M., Ferrer Gomila, J.L., Huguet i Rotger, L.: Certified e-mail Protocol with Verifiable Third Party. In: IEEE International Conference on e-Technology, e-Commerce and e-Service EEE 2005, Hong Kong, pp. 548–551 (2005)Google Scholar
  13. 13.
    Syverson, P.: A Taxonony of replay attacks. In: 10th IEEE Computer Society Foundations Workshop (CSFW 1997), pp. 187–191. IEEE Computer Society Press, Los Alamitos (1997)Google Scholar
  14. 14.
    Zhou, J., Deng, R.H., Bao, F.: Evolution of Fair Non-repudiation with TTP. In: Pieprzyk, J.P., Safavi-Naini, R., Seberry, J. (eds.) ACISP 1999. LNCS, vol. 1587, pp. 258–269. Springer, Heidelberg (1999)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Macià Mut-Puigserver
    • 1
  • Magdalena Payeras-Capellà
    • 1
  • Josep Lluís Ferrer-Gomila
    • 1
  • Llorenç Huguet-Rotger
    • 1
  1. 1.Universitat de les Illes BalearsPalma de MallorcaSpain

Personalised recommendations