一种新的多方不可否认协议

首次指出不可否认协议运行结果可分为认证强公平和期望强公平,其中后者优于前者。利用GPS数字签,提出一个新的带离线可信第三方的多方不可否认协议,该协议实现了期望强公平且允许发方给不同的接收方同的消息,突破了先前协议只允许发方给不同的接收方发送同一消息的局限性。协议同时允许发方自由选择,使得交易灵活而符合实际。最后给出协议的安全性分析。     

一个公平的多方不可否认协议

实用的多方不可否认协议必须具备存活性、公平性、时限性、无排斥性和保密性.文中指出现有典型协议,如KM,OZCL和OZL均无法提供时限性和无排斥性,而且易遭受服务失效等攻击,致使它们不能成为实用的协议.为此,给出一个新协议NKM,其基于无需全局时钟同步机制支持的时间段概念实现时限性,借助双重群加密技术确保具备保密性的同时不丢失无排斥性,利用证据链技术既可高效维护协议证据,又能避开服务失效和重放攻击;同时还形式化验证了该协议的安全性,并对协议部署时将牵涉到的安全问题进行了考虑.与现有协议相比,NKM在安全性和性能方面均存在优势,可成为实用的协议.     

公平的非否认密码协议及其形式分析与应用

在安全数据通信中,数据发送和接收的非否认性是一个极为重要的问题.近年来,实现这种类型的密码协议主要是通过可信第三方参与数据的加密与传送,因而,可信第三方的可靠性和安全性是系统性能的瓶颈.提出了一个公平的双方不可否认的密码协议——NCP(non-repudiation cryptographic protocol).这个协议解决了可信第三方的性能瓶颈问题,是一个更为有效的、安全的密码协议.用信任逻辑对其进行了形式分析,最后探讨了它在电子邮件中的应用.     

Smart card-based agents for fair non-repudiation

Non-repudiation protocols are of great importance for electronic interactions. Different protocols have been proposed in this field, progressively relaxing the requirements on the computing power of both parties, and on the load and involvement of a trusted third party (TTP). Besides, there is a need to provide mobile users with a protocol adequate for ad hoc scenarios, where only unreliable channels can be guaranteed, and where the CA may not be reachable. In this paper we propose a new version of the fair non-repudiation protocol proposed by Gürgens et al. in [Sigrid Gürgens, Carsten Rudolph, Holger Vogt, On the security of fair non-repudiation protocols, in: Colin Boyd, Wenbo Mao (Eds.), ISC, Lecture Notes in Computer Science, vol. 2851, Springer, 2003, pp. 193–207]. We show unfair scenarios that can appear if one party controls the communication among the TTP and the other party. We introduce notary agents, which play the TTP role, and run our fair non-repudiation protocol. Notary agents execute inside the smart card, and sign the protocol messages with the user’s private key on his behalf. Our approach enables the protocol to run on unreliable channels, disconnected from the CA.     

Impossibility of unconditionally secure scalar products

The ability to perform scalar products of two vectors, each known to a different party, is a central problem in privacy preserving data mining and other multi-party computation problems. Ongoing search for both efficient and secure scalar product protocols has revealed that this task is not easy. In this paper we show that, indeed, scalar products can never be made secure in the information theoretical sense. We show that any attempt to make unconditionally secure scalar products will inevitably allow one of the parties to learn the other parties input vector with high probability. On the other hand, we show that under various assumptions, such as the existence of a trusted third party or the difficulty of discrete logarithms, both efficient and secure scalar products do exist. We proposed two new protocols for secure scalar products and compare their performance with existing secure scalar products.     

一种新的公平反拒认协议

文章提出了一种公平的依赖可信第三方的反拒认协议,同时解决了收方和发方的拒认问题。它基于条件证据和反拒认服务器思想,既高效又实用。     

不可否认协议分析的扩展ZQZ逻辑方法

不可否认协议必须满足存活性、不可否认性、公平性和时限性,但当前大多数形式化方法只能分析该类协议的部分性质,证明或证伪协议逻辑的部分正确性.本文通过向ZQZ逻辑添加时间表达式,提出了一种适用于不可否认协议建模与分析的扩展ZQZ逻辑方法,包括推理规则和安全性质模型.展示新方法的应用时,使用其分析了ZG和KPB这两个局部逻辑...     

Assume-guarantee synthesis for digital contract signing

We study the automatic synthesis of fair non-repudiation protocols, a class of fair exchange protocols, used for digital contract signing. First, we show how to specify the objectives of the participating agents and the trusted third party as path formulas in linear temporal logic and prove that the satisfaction of these objectives imply fairness; a property required of fair exchange protocols. We then show that weak (co-operative) co-synthesis and classical (strictly competitive) co-synthesis fail, whereas assume-guarantee synthesis (AGS) succeeds. We demonstrate the success of AGS as follows: (a) any solution of AGS is attack-free; no subset of participants can violate the objectives of the other participants; (b) the Asokan–Shoup–Waidner certified mail protocol that has known vulnerabilities is not a solution of AGS; (c) the Kremer–Markowitch non-repudiation protocol is a solution of AGS; and (d) AGS presents a new and symmetric fair non-repudiation protocol that is attack-free. To our knowledge this is the first application of synthesis to fair non-repudiation protocols, and our results show how synthesis can both automatically discover vulnerabilities in protocols and generate correct protocols. The solution to AGS can be computed efficiently as the secure equilibrium solution of three-player graph games.     

Contract signing, optimism, and advantage

A contract signing protocol lets two parties exchange digital signatures on a pre-agreed text. Optimistic contract signing protocols enable the signers to do so without invoking a trusted third party. However, an adjudicating third party remains available should one or both signers seek timely resolution. We analyze optimistic contract signing protocols using a game-theoretic approach and prove a fundamental impossibility result: in any fair, optimistic, timely protocol, an optimistic player yields an advantage to the opponent. The proof relies on a careful characterization of optimistic play that postpones communication to the third party.     

密钥链多方非否认协议

多方非否认协议通常仅考虑一轮消息交换的情况,很少讨论相同参与方进行多轮消息交换的情况。基于后者对多方非否认协议进行优化,提出了一种利用密钥链实现的多方非否认协议,以有效减轻TTP存储负担。协议由Initialization,Exchange,Abort和Recovery4个子协议以及争议处理方案组成。分析表明,协议满足公平性、时限性和机密性。     

公平的多方不可否认协议

电子商务中保证信息交换的不可否认性是一项必不可少的安全服务,而多方不可否认协议则是当前的研究重点之一。论文通过分析当前已发表的多方协议或方案,指出当前多方不可否认协议存在由于发送方占优势导致的不公平问题,并提出了基于双重组加密方法的多方不可否认协议,进一步削弱了发送方的优势。最后用SVO逻辑的形式化分析方法证明了协议的正确性。     

自适应多方非否认协议

多方非否认协议可分为两类：发送相同消息给多个接收者的协议和发送不同消息给多个接收者的协议。本文针对两类多方非否认协议在发送不完全相同消息时效率不高的问题,提出了自适应多方非否认协议。协议首先按照接收消息是否相同,将接收者分别划入不同的集合,然后用相同的密钥与一个随机数的异或作为加密密钥加密消息,最后依次向接收者集合广播消息。分析表明,协议满足公平性,与以往的两类多方非否认协议相比,具有更好的效率。     

一种新的基于用户与事件的安全模型

本文从一个全新的角度出发来建立模型,很好的解决了以往模型中系统管理员有可能不可靠的问题。从用户和事件的角度出发,构建了一种不依赖可信第三方具有抗抵赖功能的全新的安全模型。     

一种可靠的多方不可否认协议的逻辑分析方法

多方不可否认协议需要满足不可否认性、公平性和时限性三大安全目标,但是现有的对多方不可否认协议的形式化分析方法大多是对两方协议分析方法的简单扩展,单一方法不能完整覆盖所有的安全目标分析;同时,对单一安全目标的分析能力有限,分析结果不可靠。首先,综合比较现有的分析技术,选定SVO逻辑进行扩展,显式引入时间因素,给出对应的语法定义和时间演算公理。然后,对改进逻辑的语义模型进行介绍,并证明了逻辑系统的可靠性,使得改进后的逻辑系统支持对多方不可否认协议三大安全目标的分析。最后,选取一个典型的多方不可否认协议,分别对其时限性和公平性进行分析,发现了其中存在的时限性和公平性缺陷,并给出了对应的攻击方法。其中,公平性缺陷是首次被发现。     

基于安全性能的单项竞价交易模式研究与实现

针对大宗商品交易中的数据安全与隐私保护问题,从安全性能的角度进行分析,以单项竞价交易模式为例,在不依赖于第三方认证机构可信的条件下,通过盲签名技术对用户的身份进行认证,实现对其身份信息的保密。交易过程中引用Bit承诺协议,保证交易商双方的不可抵赖性。安全性分析结果表明,此方案在第三方不可信的情况下能够有效保护交易过程的安全进行。     

带有半可信第三方的新的合同签署协议

在公平交换中可验证加密是最重要的基础之一，文中提出一种新的盲解密的可验证加密方案，并在此基础上设计了使用半可信第三方的合同签署协议，此协议尤其是一对多的协议是在交换拓扑不确定情况下的协议，协议中的交换关系对外是保密的，从而解决了Franklin提出的一个公开问题，具有更切合实际、更安全实用等优点，同时这也是首次提出带半可信第三方的多方合同签署协议。     

满足多种安全属性的复合型支付协议及其逻辑分析

针对典型电子支付协议存在的安全目标单一,不能满足日益提高的安全需求等问题,提出了一种能够满足认证性、密钥新鲜性、密钥秘密性、非否认性、公平性、可追究性和原子性等多种安全属性的复合型安全支付协议,该协议的认证子协议基于令牌概念设计,能够实现高效认证及会话密钥协商。通过引入公钥证书证明协议主体的身份、借助可信方传递付款收据以及采用FTP方式传送电子货币和付款收据等方式提出了支付子协议。使用逻辑分析方法对该协议进行严格逻辑推理验证,结果表明该协议能够满足多种安全属性。     

基于同态门限密码体制的投票协议

针对当前存在的投票协议普遍要求一个可信赖的管理机构的问题,提出一种新的投票协议。该协议综合运用同态加密、门限密码体制、盲签名、环签名、零知识证明等密码技术,在假设无人弃权或虽有人弃权但管理者不与其他投票人合谋作弊的情况下,消除了无可信第三方和健壮性共存的矛盾,同时满足了匿名性、合法性、健壮性、可验证性和无可信第三方等安全属性。     

P2P组合交易的公平支付协议

针对P2P交易环境中的多方组合交易模式,提出一个新的乐观公平的离线支付方案。在该方案中,参与协议的任何一方均不具有优势,信任方不需要在线介入支付过程。分析支付中可能出现的争议,并给出解决方案。分析结果验证了该协议的公平性。     

Design and formal verification of a CEM protocol with transparent TTP

In certified email (CEM) protocols, trusted third party (TTP) transparency is an important security requirement which helps to avoid bad publicity as well as protecting individual users’ privacy. Cederquist et al. proposed an optimistic certified email protocol, which employs key chains to reduce the storage requirement of the TTP. We extend their protocol to satisfy the property of TTP transparency, using existing verifiably encrypted signature schemes. An implementation with the scheme based on bilinear pairing makes our extension one of the most efficient CEM protocols satisfying strong fairness, timeliness, and TTP transparency. We formally verify the security requirements of the extended protocol. The properties of fairness, timeliness and effectiveness are checked in the model checker Mocha, and TTP transparency is formalised and analysed using the toolsets µCRL and CADP.