Strand spaces and fair exchange: More on how to trace attacks and security problems

  • Fabio R. Piva UNICAMP
  • José R. M. Monteiro UNICAMP / CEPESC / Abin
  • Ricardo Dahab UNICAMP

Resumo


In this work we use our proposed adaptation of the strand spaces method in the analysis of a fair exchange protocol for payment, proposed in [Zuo and Li 2005]. The protocol fails to provide timeliness and fairness to the buyer (Downloader), and four previously unreported attacks are traced regarding those properties. This is a continuation of the work started in [Piva et al. 2006].

Referências

A. Nenadic, N. Zhang, Q. S. and Goble, C. (2005). DSA-based verifiable and recoverable encryption of signatures and its application in certified e-goods delivery. In EEE ’05: Proceedings of IEEE Conference on e-Technology, e-Commerce and e-Service. IEEE Computer Society.

Asokan, A. (1998). Fairness in Electronic Commerce. PhD thesis, University ofWaterloo. Guttman, J. D. and Thayer, F. J. (2002). Authentication tests and the structure of bundles. Theor. Comput. Sci., 283(2):333–380.

Piva, F. R., Monteiro, J. R. M., Devegili, A. J., and Dahab, R. (2006). Applying strand spaces to certified delivery proofs. In Anais do IV SBSeg, Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais.

Thayer, F. J., Herzog, J. C., and Guttman, J. D. (1999a). Mixed strand spaces. I Computer Security Foundations Workshop, 1999, pages 72–82.

Thayer, F. J., Herzog, J. C., and Guttman, J. D. (1999b). Strand spaces: Proving security protocols correct. Journal of Computer Security, 7(2–3):191–230.

Zuo, M. and Li, J. (2005). Constructing fair-exchange p2p file market. In Proceedings of the 4th International Conference on Grid and Cooperative Computing, pages 941–946.
Publicado
27/08/2007
PIVA, Fabio R.; MONTEIRO, José R. M.; DAHAB, Ricardo. Strand spaces and fair exchange: More on how to trace attacks and security problems. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 7. , 2007, Rio de Janeiro. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2007 . p. 149-162. DOI: https://doi.org/10.5753/sbseg.2007.20924.

Artigos mais lidos do(s) mesmo(s) autor(es)

1 2 3 > >>