Abstract
Non-repudiation protocols with session labels have a number of vulnerabilities. Recently Cederquist, Corin and Dashti have proposed an optimistic non-repudiation protocol that avoids altogether the use of session labels. We have specified and analysed this protocol using an extended version of the AVISPA Tool and one important fault has been discovered. We describe the protocol, the analysis method, show two attack traces that exploit the fault and propose a correction to the protocol.
Chapter PDF
References
Armando, A., et al.: The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)
Bella, G., Paulson, L.C.: Mechanical Proofs about a Non-repudiation Protocol. In: Boulton, R.J., Jackson, P.B. (eds.) TPHOLs 2001. LNCS, vol. 2152, pp. 91–104. Springer, Heidelberg (2001)
Corin, R., Cederquist, J., Dashti, M.T.: On the Quest for Impartiality: Design and Analysis of a Fair Non-repudiation Protocol. In: Qing, S., et al. (eds.) ICICS 2005. LNCS, vol. 3783, pp. 27–39. Springer, Heidelberg (2005)
Chevalier, Y., et al.: A High Level Protocol Specification Language for Industrial Security-Sensitive Protocols. In: Automated Software Engineering. Proceedings of the Workshop on Specification and Automated Processing of Security Requirements, SAPS’04, September 2004, pp. 193–205. Austrian Computer Society (2004)
Chevalier, Y., Vigneron, L.: A Tool for Lazy Verification of Security Protocols. In: 16th IEEE International Conference on Automated Software Engineering (ASE 2001), San Diego, CA, USA, pp. 373–376. IEEE Computer Society Press, Los Alamitos (2001)
Gürgens, S., Rudolph, C., Vogt, H.: On the Security of Fair Non-repudiation Protocols. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 193–207. Springer, Heidelberg (2003)
Kremer, S., Markowitch, O., Zhou, J.: An Intensive Survey of Fair Non-repudiation Protocols. Computer Communications Journal 25(17), 1606–1621 (2002)
Markowitch, O., Kremer, S.: An Optimistic Non-repudiation Protocol with Transparent Trusted Third Party. In: Davida, G.I., Frankel, Y. (eds.) ISC 2001. LNCS, vol. 2200, pp. 363–378. Springer, Heidelberg (2001)
Markowitch, O., Roggeman, Y.: Probabilistic Non-Repudiation without Trusted Third Party. In: Second Workshop on Security in Communication Networks’99, Amalfi, Italy (1999)
Pagnia, H., Gärtner, F.C.: On the Impossibility of Fair Exchange without a Trusted Third Party. Technical Report TUD-BS-1999-02, Darmstadt University of Technology, Darmstadt, Germany(1999)
Ryan, P., et al.: Modelling & Analysis of Security Protocols. Addison-Wesley, Reading (2000)
Santiago, J., Vigneron, L.: Automatically Analysing Non-repudiation with Authentication. In: Proceedings of 3rd Taiwanese-French Conference on Information Technology (TFIT), Nancy, France, March 2006, pp. 541–554 (2006)
Schneider, S.: Formal Analysis of a Non-Repudiation Protocol. In: Proceedings of The 11th Computer Security Foundations Workshop, pp. 54–65. IEEE Computer Society Press, Los Alamitos (1998)
Shmatikov, V., Mitchell, J.C.: Analysis of Abuse-Free Contract Signing. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 174–191. Springer, Heidelberg (2001)
Turuani, M.: The CL-Atse Protocol Analyser. In: Pfenning, F. (ed.) RTA 2006. LNCS, vol. 4098, pp. 277–286. Springer, Heidelberg (2006)
Zhou, J., Gollmann, D.: A Fair Non-repudiation Protocol. In: 1996 IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp. 55–61. IEEE Computer Society Press, Los Alamitos (1996)
Zhou, J., Gollmann, D.: Towards verification of non-repudiation protocols. In: Proceedings of 1998 International Refinement Workshop and Formal Methods Pacific, Canberra, Australia, September 1998, pp. 370–380 (1998)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 IFIP International Federation for Information Processing
About this paper
Cite this paper
Santiago, J., Vigneron, L. (2007). Optimistic Non-repudiation Protocol Analysis. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, JJ. (eds) Information Security Theory and Practices. Smart Cards, Mobile and Ubiquitous Computing Systems. WISTP 2007. Lecture Notes in Computer Science, vol 4462. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72354-7_8
Download citation
DOI: https://doi.org/10.1007/978-3-540-72354-7_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72353-0
Online ISBN: 978-3-540-72354-7
eBook Packages: Computer ScienceComputer Science (R0)