Supervisory control of a class of discrete event processes
SIAM Journal on Control and Optimization
On the synthesis of a reactive module
POPL '89 Proceedings of the 16th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The temporal logic of reactive and concurrent systems
The temporal logic of reactive and concurrent systems
Languages, automata, and logic
Handbook of formal languages, vol. 3
Athena: a novel approach to efficient automatic security protocol analysis
Journal of Computer Security
Inductive methods and contract-signing protocols
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Finite-state analysis of two contract signing protocols
Theoretical Computer Science
Abuse-Free Optimistic Contract Signing
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
MOCHA: Modularity in Model Checking
CAV '98 Proceedings of the 10th International Conference on Computer Aided Verification
An Optimistic Non-repudiation Protocol with Transparent Trusted Third Party
ISC '01 Proceedings of the 4th International Conference on Information Security
Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic
Logic of Programs, Workshop
An Efficient Non-repudiation Protocol
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Game Analysis of Abuse-free Contract Signing
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
A game-based verification of non-repudiation and fair exchange protocols
Journal of Computer Security - IFIP 2000
Theoretical Computer Science - Components and objects
The temporal logic of programs
SFCS '77 Proceedings of the 18th Annual Symposium on Foundations of Computer Science
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
On fairness in exchange protocols
ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
Design and formal verification of a CEM protocol with transparent TTP
Frontiers of Computer Science: Selected Publications from Chinese Universities
Hi-index | 0.00 |
We study the automatic synthesis of fair non-repudiation protocols, a class of fair exchange protocols, used for digital contract signing. First, we show how to specify the objectives of the participating agents, the trusted third party (TTP) and the protocols as path formulas in Linear Temporal Logic (LTL) and prove that the satisfaction of the objectives of the agents and the TTP imply satisfaction of the protocol objectives. We then show that weak (co-operative) co-synthesis and classical (strictly competitive) co-synthesis fail in synthesizing these protocols, whereas assume-guarantee synthesis (AGS) succeeds. We demonstrate the success of assume-guarantee synthesis as follows: (a) any solution of assume-guarantee synthesis is attack-free ; no subset of participants can violate the objectives of the other participants without violating their own objectives; (b) the Asokan-Shoup-Waidner (ASW) certified mail protocol that has known vulnerabilities is not a solution of AGS; and (c) the Kremer-Markowitch (KM) non-repudiation protocol is a solution of AGS. To our knowledge this is the first application of synthesis to fair non-repudiation protocols, and our results show how synthesis can generate correct protocols and automatically discover vulnerabilities. The solution to assume-guarantee synthesis can be computed efficiently as the secure equilibrium solution of three-player graph games.