Title:
Non-repudiation in electronic commerce
Personal Author:
Series:
Artech House computer security series
Publication Information:
Boston, MA : Artech House, 2001
ISBN:
9781580532471
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 30000004886846 | HF5548.32 Z49 2001 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
With more and more businesses shifting emphasis towards the Internet, new ways of protecting transacting parties are needed in the world of e-commerce. This volume shows the reader how to create, collect, validate and maintain cryptographic evidence, such as digital signatures, in order to support the settlement of possible electronic transaction disputes. It presents a systematic description of non-repudiation services, examples on the integration of these services into specific e-commerce applications, and a detailed analysis and comparison of typical non-repudiation mechanisms.
Author Notes
Jianying Zhou holds an M.Sc. in computer science from the Chinese Academy of Sciences and a Ph.D. in information security from the University of London.
Dr. Zhou is project manager at Kent Ridge Digital Labs in Singapore, where he leads an R&D team that develops network security technologies. He is actively involved in the academic world, serving on international conference committees and publishing papers for well-known journals.
050
Table of Contents
| Preface | p. xiii |
| 1 Introduction | p. 1 |
| 1.1 Electronic Commerce and Security | p. 1 |
| 1.2 Repudiation and Dispute Resolution | p. 4 |
| 1.3 Non-repudiation and Network Security | p. 6 |
| 1.4 Non-repudiation in Message-Handling Systems | p. 8 |
| 1.5 Non-repudiation in Electronic Payment Systems | p. 10 |
| 1.6 Book Outline | p. 13 |
| References | p. 15 |
| 2 Fundamentals of Non-repudiation | p. 19 |
| 2.1 Goals of Non-repudiation | p. 20 |
| 2.2 Non-repudiation Services | p. 21 |
| 2.3 Non-repudiation Evidence | p. 23 |
| 2.3.1 Types of Evidence | p. 23 |
| 2.3.2 Elements of Evidence | p. 24 |
| 2.3.3 Validity of Evidence | p. 25 |
| 2.4 Roles of TTPs | p. 26 |
| 2.4.1 Certification Authority | p. 27 |
| 2.4.2 Notary | p. 29 |
| 2.4.3 Delivery Authority | p. 29 |
| 2.4.4 Time-Stamping Authority | p. 30 |
| 2.4.5 Adjudicator | p. 30 |
| 2.5 Phases of Non-repudiation | p. 31 |
| 2.5.1 Evidence Generation | p. 31 |
| 2.5.2 Evidence Transfer | p. 32 |
| 2.5.3 Evidence Verification and Storage | p. 32 |
| 2.5.4 Dispute Resolution | p. 33 |
| 2.6 Non-repudiation Policy | p. 34 |
| 2.7 Requirements for Non-repudiation | p. 35 |
| 2.7.1 Technical Infrastructure | p. 35 |
| 2.7.2 Legal Framework | p. 36 |
| References | p. 37 |
| 3 Securing Digital Signatures for Non-repudiation | p. 41 |
| 3.1 Security Requirements on Digital Signatures | p. 41 |
| 3.1.1 Non-repudiation Versus Authentication | p. 42 |
| 3.1.2 Device for Signature Generation | p. 43 |
| 3.2 Timestamps in Digital Signatures | p. 44 |
| 3.2.1 Ordinary Timestamps | p. 44 |
| 3.2.2 Trusted Timestamps | p. 45 |
| 3.3 Securing TTP's Digital Signatures | p. 45 |
| 3.4 Time-Stamping Approach | p. 46 |
| 3.5 Auditing Approach | p. 47 |
| 3.6 One-Way Sequential Link Approach | p. 48 |
| 3.6.1 Generation of a One-Way Sequential Link | p. 48 |
| 3.6.2 Termination of a One-Way Sequential Link | p. 50 |
| 3.6.3 Dispute Resolution | p. 51 |
| 3.7 Temporary Certificate Approach | p. 53 |
| 3.7.1 Certificate Generation | p. 53 |
| 3.7.2 Signature Generation and Verification | p. 54 |
| 3.7.3 Protection Against Key Compromise | p. 55 |
| 3.7.4 Flexible Expiry Date | p. 56 |
| 3.7.5 Dispute Resolution | p. 57 |
| 3.7.6 Security Analysis | p. 58 |
| 3.8 Comparison | p. 59 |
| 3.8.1 Security | p. 59 |
| 3.8.2 TTP's Involvement | p. 60 |
| 3.8.3 Computation | p. 60 |
| 3.8.4 Storage | p. 61 |
| 3.9 Summary | p. 62 |
| References | p. 63 |
| 4 Achieving Fair Non-repudiation | p. 65 |
| 4.1 Factors Against Fair Non-repudiation | p. 65 |
| 4.2 Approaches to Fair Non-repudiation | p. 68 |
| 4.2.1 Gradual Exchange Approach | p. 69 |
| 4.2.2 Third-Party Approach | p. 70 |
| 4.3 Protocol NR1: Using Lightweight Online TTP | p. 71 |
| 4.3.1 Protocol Description | p. 72 |
| 4.3.2 Dispute Resolution | p. 74 |
| 4.3.3 Time Information | p. 75 |
| 4.3.4 Message Privacy | p. 77 |
| 4.3.5 Evidence Chaining | p. 78 |
| 4.4 Protocol NR2: Using Offline TTP Without Timely Termination | p. 80 |
| 4.4.1 Protocol Description | p. 81 |
| 4.4.2 Dispute Resolution | p. 82 |
| 4.4.3 Limitation | p. 82 |
| 4.5 Protocol NR3: Using Offline TTP with Timely Termination | p. 84 |
| 4.5.1 Protocol Description | p. 84 |
| 4.5.2 Security Analysis | p. 87 |
| 4.6 Protocol NR4: Using Inline TTP for Timely Delivery | p. 90 |
| 4.6.1 Evidence for Timely Message Transfer | p. 90 |
| 4.6.2 Protocol Description | p. 91 |
| 4.6.3 Dispute Resolution | p. 93 |
| 4.7 Summary | p. 94 |
| References | p. 95 |
| 5 Related Work on Fair Non-repudiation | p. 99 |
| 5.1 Protocols Using Inline TTP | p. 99 |
| 5.1.1 Coffey-Saidha Protocol | p. 99 |
| 5.1.2 Bahreman-Tygar Protocol | p. 101 |
| 5.2 Protocols Using Online TTP | p. 102 |
| 5.2.1 Deng-Gong-Lazar-Wang Protocol | p. 102 |
| 5.2.2 Cox-Tygar-Sirbu Protocol | p. 104 |
| 5.3 Protocols Using Offline TTP | p. 106 |
| 5.3.1 Asokan-Schunter-Waidner Protocol | p. 106 |
| 5.3.2 Bao-Deng-Mao Protocol | p. 108 |
| 5.3.3 Asokan-Shoup-Waidner Protocol | p. 110 |
| 5.4 Protocols with Probabilistic Fairness | p. 114 |
| 5.4.1 BenOr-Goldreich-Micali-Rivest Protocol | p. 114 |
| 5.4.2 Olivier-Yves Protocol | p. 117 |
| 5.5 Summary | p. 120 |
| References | p. 122 |
| 6 ISO's Non-repudiation Mechanisms | p. 125 |
| 6.1 Overview of ISO/IEC 13888 | p. 126 |
| 6.1.1 Part 1: General | p. 126 |
| 6.1.2 Part 2: Mechanisms Using Symmetric Techniques | p. 127 |
| 6.1.3 Part 3: Mechanisms Using Asymmetric Techniques | p. 128 |
| 6.2 Mechanisms Using Symmetric Techniques | p. 128 |
| 6.2.1 M1: Mandatory NRO, Optional NRR | p. 129 |
| 6.2.2 M2: Mandatory NRO and NRR | p. 131 |
| 6.2.3 M3: Mandatory NRO and NRR with Intermediary TTP | p. 132 |
| 6.3 Mechanisms Using Asymmetric Techniques | p. 134 |
| 6.4 Time-Stamping Evidence | p. 135 |
| 6.5 Summary | p. 137 |
| References | p. 137 |
| 7 Case Studies | p. 139 |
| 7.1 Non-repudiation in Electronic Payment | p. 139 |
| 7.1.1 Electronic Payment for Internet Lottery | p. 140 |
| 7.1.2 Internet Lottery Service Model | p. 142 |
| 7.1.3 Ticket Purchase Protocol | p. 145 |
| 7.1.4 Winning Number Generation Protocol | p. 148 |
| 7.1.5 Prize Claim Protocol | p. 149 |
| 7.1.6 Security Analysis | p. 151 |
| 7.2 Undeniable Billing in Mobile Communications | p. 154 |
| 7.2.1 Security Requirements on Mobile Communications | p. 155 |
| 7.2.2 Billing Model and Initial Assumptions | p. 156 |
| 7.2.3 Registration Protocol | p. 158 |
| 7.2.4 Service Request Protocol | p. 160 |
| 7.2.5 Undeniable Metering on Local Calls | p. 161 |
| 7.2.6 Payment and Dispute Resolution | p. 162 |
| 7.2.7 Security and Performance Analysis | p. 163 |
| 7.2.8 Related Work | p. 166 |
| 7.3 Summary | p. 171 |
| References | p. 172 |
| 8 Conclusion | p. 175 |
| Appendix Toward Formal Verification of Non-repudiation | p. 181 |
| A.1 The SVO Logic | p. 182 |
| A.2 Formalization of Non-repudiation | p. 185 |
| A.3 Verification of a Non-repudiation Protocol | p. 186 |
| A.4 Summary | p. 189 |
| References | p. 190 |
| About the Author | p. 191 |
