Strand spaces and fair exchange: More on how to trace attacks and security problems
ResumoIn this work we use our proposed adaptation of the strand spaces method in the analysis of a fair exchange protocol for payment, proposed in [Zuo and Li 2005]. The protocol fails to provide timeliness and fairness to the buyer (Downloader), and four previously unreported attacks are traced regarding those properties. This is a continuation of the work started in [Piva et al. 2006].
Asokan, A. (1998). Fairness in Electronic Commerce. PhD thesis, University ofWaterloo. Guttman, J. D. and Thayer, F. J. (2002). Authentication tests and the structure of bundles. Theor. Comput. Sci., 283(2):333–380.
Piva, F. R., Monteiro, J. R. M., Devegili, A. J., and Dahab, R. (2006). Applying strand spaces to certified delivery proofs. In Anais do IV SBSeg, Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais.
Thayer, F. J., Herzog, J. C., and Guttman, J. D. (1999a). Mixed strand spaces. I Computer Security Foundations Workshop, 1999, pages 72–82.
Thayer, F. J., Herzog, J. C., and Guttman, J. D. (1999b). Strand spaces: Proving security protocols correct. Journal of Computer Security, 7(2–3):191–230.
Zuo, M. and Li, J. (2005). Constructing fair-exchange p2p file market. In Proceedings of the 4th International Conference on Grid and Cooperative Computing, pages 941–946.