Communicating sequential processes
Communicating sequential processes
Security without identification: transaction systems to make big brother obsolete
Communications of the ACM
CRYPTO '88 Proceedings on Advances in cryptology
Communication and concurrency
Fair exchange with a semi-trusted third party (extended abstract)
Proceedings of the 4th ACM conference on Computer and communications security
The inductive approach to verifying cryptographic protocols
Journal of Computer Security
The Theory and Practice of Concurrency
The Theory and Practice of Concurrency
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Analyzing the Needham-Schroeder Public-Key Protocol: A Comparison of Two Approaches
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Analysis of Abuse-Free Contract Signing
FC '00 Proceedings of the 4th International Conference on Financial Cryptography
The Murphi Verification System
CAV '96 Proceedings of the 8th International Conference on Computer Aided Verification
Towards a Mechanization of Cryptographic Protocal Verification
CAV '97 Proceedings of the 9th International Conference on Computer Aided Verification
Modelling and verifying key-exchange protocols using CSP and FDR
CSFW '95 Proceedings of the 8th IEEE workshop on Computer Security Foundations
Formal Analysis of a Non-Repudiation Protocol
CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
Efficient Finite-State Analysis for Large Security Protocols
CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
A Meta-Notation for Protocol Analysis
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A fair non-repudiation protocol
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Automated analysis of cryptographic protocols using Mur/spl phi/
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Model checking electronic commerce protocols
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
NetBill security and transaction protocol
WOEC'95 Proceedings of the 1st conference on USENIX Workshop on Electronic Commerce - Volume 1
Finite-state analysis of SSL 3.0
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Game Analysis of Abuse-free Contract Signing
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
A game-based verification of non-repudiation and fair exchange protocols
Journal of Computer Security - IFIP 2000
Science of Computer Programming - Special issue on 12th European symposium on programming (ESOP 2003)
Security analysis of network protocols: logical and computational methods
PPDP '05 Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming
Constraint solving for contract-signing protocols
CONCUR 2005 - Concurrency Theory
Computer-assisted verification of a protocol for certified email
Science of Computer Programming - Special issue: Static analysis symposium (SAS 2003)
An intruder model for verifying liveness in security protocols
Proceedings of the fourth ACM workshop on Formal methods in security
Compositional analysis of contract-signing protocols
Theoretical Computer Science - Automated reasoning for security protocol analysis
Analysis of probabilistic contract signing
Journal of Computer Security
A formal model of rational exchange and its application to the analysis of Syverson's protocol
Journal of Computer Security - Special issue on CSFW15
Information and Software Technology
Nuovo DRM Paradiso: Designing a Secure, Verified, Fair Exchange DRM Scheme
Fundamenta Informaticae - Fundamentals of Software Engineering 2007: Selected Contributions
Finite-state verification of the ebXML protocol
Electronic Commerce Research and Applications
The ASW Protocol Revisited: A Unified View
Electronic Notes in Theoretical Computer Science (ENTCS)
Automated Security Protocol Analysis With the AVISPA Tool
Electronic Notes in Theoretical Computer Science (ENTCS)
Deciding strategy properties of contract-signing protocols
ACM Transactions on Computational Logic (TOCL)
Computer-assisted verification of a protocol for certified email
SAS'03 Proceedings of the 10th international conference on Static analysis
Nuovo DRM paradiso: towards a verified fair DRM scheme
FSEN'07 Proceedings of the 2007 international conference on Fundamentals of software engineering
On-the-fly model checking of fair non-repudiation protocols
ATVA'07 Proceedings of the 5th international conference on Automated technology for verification and analysis
Games for non-repudiation protocol correctness
International Journal of Wireless and Mobile Computing
A new method for formalizing optimistic fair exchange protocols
ICICS'10 Proceedings of the 12th international conference on Information and communications security
A dolev-yao-based definition of abuse-free protocols
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
Usable optimistic fair exchange
Computer Networks: The International Journal of Computer and Telecommunications Networking
Deciding properties of contract-signing protocols
STACS'05 Proceedings of the 22nd annual conference on Theoretical Aspects of Computer Science
Fairness electronic payment protocol
International Journal of Grid and Utility Computing
On the quest for impartiality: design and analysis of a fair non-repudiation protocol
ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
FMOODS'10/FORTE'10 Proceedings of the 12th IFIP WG 6.1 international conference and 30th IFIP WG 6.1 international conference on Formal Techniques for Distributed Systems
Cryptanalysis of the n-party encrypted diffie-hellman key exchange using different passwords
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
Usable optimistic fair exchange
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Synthesizing protocols for digital contract signing
VMCAI'12 Proceedings of the 13th international conference on Verification, Model Checking, and Abstract Interpretation
Game-based verification of contract signing protocols with minimal messages
Innovations in Systems and Software Engineering
Nuovo DRM Paradiso: Designing a Secure, Verified, Fair Exchange DRM Scheme
Fundamenta Informaticae - Fundamentals of Software Engineering 2007: Selected Contributions
From model-checking to automated testing of security protocols: bridging the gap
TAP'12 Proceedings of the 6th international conference on Tests and Proofs
Intrusion attack tactics for the model checking of e-commerce security guarantees
SAFECOMP'07 Proceedings of the 26th international conference on Computer Safety, Reliability, and Security
A cryptographic model for branching time security properties: the case of contract signing protocols
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Wireless Personal Communications: An International Journal
Distributing trusted third parties
ACM SIGACT News
Hi-index | 5.23 |
Optimistic contract signing protocols allow two parties to commit to a previously agreed upon contract, relying on a third party to abort or confirm the contract if needed. These protocols are relatively subtle, since there may be interactions between the subprotocols used for normal signing without the third party, aborting the protocol through the third party, or requesting confirmation from the third party. With the help of Mur, a finite-state verification tool, we analyze two related contract signing protocols: the optimistic contract signing protocol of Asokan, Shoup, and Waidner, and the abuse-free contract signing protocol of Garay, Jakobsson, and MacKenzie. For the first protocol, we discover that a malicious participant can produce inconsistent versions of the contract or mount a replay attack. For the second protocol, we discover that negligence or corruption of the trusted third party may allow abuse or unfairness. In this case, contrary to the intent of the protocol, the cheated party is not able to hold the third party accountable. We present and analyze modifications to the protocols that avoid these problems and discuss the basic challenges involved in formal analysis of fair exchange protocols.