Non-repudiation

Non-repudiation (NR) is one of the security services (or dimensions as defined in the document X.805 by the ITU) for point to point communications. Secure communications need to integrate a service in charge of generating digital evidence (rather than simply information logs) in order to resolve disputes arisen in case of network errors or entities' misbehaviour when digital information is exchanged between both points. This is the case of fair exchange protocols, certified emil applications (in which a digital message is exchanged for a proof of receipt) and contract signing protocols (in which digital signatures on a document need to be fairly exchanged). Research on non-repudiation started with typical security scenario in which Alice and Bob need to exchange information items. But in real applications, in many cases, multiple entities participate in the scenario.

This is the start point of the research performed in NICS. Firstly we have analysed the number of protocol messages as well as the number of evidences to be verified by participating entities. The conclusions show that efficient specific NR protocols need to be designed. The resulting protocols are known as Multiparty Non-Repudiation protocols (MNR). The first step is to review existing NR protocols (and its different versions with respect to TTP involvement) and extend them to multiparty scenarios, improving the efficiency and the need for crypto operations further than using multiple instances of the simple NR protocols. This is done for on-line and optimistic designs of the non-repudiation protocols.

Collect, verify and store transactions' evidence are additional tasks required as part of non-repudiation service, but may be undesirable for end users where such transactions are undertaken with numerous entities. Therefore, intermediary institutions may be useful in these scenarios if they help end entities to make their electronic transactions. Furthermore, these intermediate entities can act as "hubs", increasing the market and opportunities for customers and merchants. Therefore, we analysed a new entity that participates in the non-repudiation protocol. This intermediary institution may be just another module in an existing system, facilitating and helping agencies to conduct electronic transactions. We provide different scenarios in which our solution can be easily adapted, and demonstrate the benefits to end users in the use of intermediary service in reducing the storage of evidence and contact with various recipientss. In our intermediary protocol, the originator can remain anonymous with respect to recipients, and vice versa, since the originator and the receivers do not need to check each other's evidence. Even without putting complete trust on the intermediary, our solution maintains the security requirements defined for non-repudiation.

With the advent of wireless technology, grid computing and other technologies in which storage and data transmission is performed without a centralized server, it is clear that new models of payment and distribution should not only conform with the requirements of this new topology but also provide an efficient and practical solution. Therefore we introduce a new entity that without being completely reliable, helps distributors in the possibly small collection of payments and in the announcement of such digital content. We use an underlying P2P payment protocol and applies it to our content distribution in P2P networks where the originator's workload relies heavily on a broker, so that each entity may well be involved in distributing digital content and collecting payment through this agent. We also discussed the trust that is presumed to each of the entities in our model and integrate a non-repudiation security service design [1].

Although we omit the details of implementation, Intermediary entities in non-repudiation protocols can be implemented as mobile agents (in fact its function is independent of how they are implemented). The development of mobile agents needs careful design of protocols with free roaming agents to meet the desired characteristics, or otherwise, truncation attacks in the path of a free-roaming agent could be successful. Moreover, as digital evidence could be truncated, the user can deny sending a specific offer (or message). Therefore, NICS also investigated in the field of free-roaming mobile agents for the implementation of intermediary entities in multiparty non-repudiation protocols [2].

Undoubtedly, the role of TTP is essential for many Internet security protocols. Moreover, we have seen that most of the non-repudiation protocols include parameters whose values are not easy to specify, and some of these parameters are directly related to the operation of TTP. We have shown how event-driven simulation can be considered as a tool to estimate the temporal parameters of non-repudiation protocols. We have proposed a simulation model to estimate appropriate values for the efficient use of a TTP in MNR protocols. In addition, the model has been checked with some tests that have helped us to estimate the parameter values simulated.

As in the case of P2P applications, the designs of this security service need to be integrated into real life applications. We have designed a non-repudiation protocol for DRM platforms [3] in which all participants were considered during the acquisition of rights, namely the user, the network operator and the issuer of digital rights, thus providing everyone with sufficient evidence to be used in case of any conflict during acquisition. At the same time, the protocol has been implemented, tested and integrated in a mobile DRM framework designed for the UBISEC project.

Most of the work in this area of research has been published in [4].

In certified email applications (CEM), making an extension that supports multiple entities (receivers) means constructing a notification system (certified and with timeliness property) for users. Pursuing this objective, we have extended a protocol with timeliness property and participation of multiple entities. In other words, protocol allows the distribution of the same email (message) to various entities in a way that is certified so that only those who answer with evidence of receipt will get the message. The timeliness property is also considered here and although the TTP (or digital post office) has to deal with several entities if an error occurs, no significant complexity is introduced. Since NICS research conducted on CEM protocols has been inspired by different perspectives, and in collaboration with other researchers, some results are of key importance to the CEM service (see [5]). In this work different definitions and properties' compatibility are revisited.

The digital signing of contracts is a critical service for businesses. The work so far has been focused primarily on digital contracts involving two entities. In some applications, however, a contract may need to be signed by different users. In fact, we daily sign documents, and in many cases, these documents require the signatures of several entities such as signatures from a distributed committee that examines the online viva of a thesis for obtaining the doctoral degree. NICS has presented a multiparty synchronous contract signing protocol with optimal number of steps. Additionally, in our protocol we consider additional features typical of this type of applications, such as abuse and lack of timeliness property. In relation to timeliness, introducing the concept of threshold subprotocol cancellation, we reach a timeliness property that depends on a threshold. Without additional requirements and, more importantly, without introducing additional steps in the protocol, we avoid the abuse attack, property which is very important in these applications. This property means that no entity can demonstrate to an external entity that the output depends exclusively on the activities it carries out (see [6]).

Our next steps will seek to find a solution in which the mediation of the TTP is as transparent as possible, since the property of transparency becomes more important for digital contract signature protocols. The realignment of the sub-protocol of TTP when considering an asynchronous network model appears to be a logical start. Obtaining the verifiability of the TTP while maintaining the transparency property is an open problem to be investigated further. The work to be done also includes a formal analysis of our protocol.


References

  1. J. A. Onieva, J. Zhou, and J. Lopez, "Practical Service Charge for P2P Content Distribution", In Fifth International Conference on Information and Communications Security, LNCS 2836, Springer, pp. 112 - 123, October, 2003. More..

    Abstract

    With emerging decentralized technologies, peer-to-peer (P2P) content distribution arises as a new model for storage and transmission of data. In this scenario, one peer can be playing different roles, either as a distributor or as a receiver of digital contents. In order to incentivize the legal distribution of these contents and prevent the network from free riders, we propose a charging model where distributors become merchants and receivers become customers. To help in the advertisement of digital contents and collection of payment details, an intermediary agent is introduced. An underlying P2P payment protocol presented in [1] is applied to this scenario without total trust on the intermediary agent.

  2. J. A. Onieva, Multi-Party Non-Repdiation Protocols and Applications , E.T.S.I. Informatica, University of Malaga, July, 2006.
  3. J. A. Onieva, et al., "Integration of non-repudiation services in mobile DRM scenarios", In Telecommunications Systems, vol. 35, pp. 161-176, September, 2007. More..

    Abstract

    In any kind of electronic transaction, it is extremely important to assure that any of the parties involved can not deny their participation in the information exchange. This security property, which is called non-repudiation, becomes more important in Digital Rights Management (DRM) scenarios, where a consumer can freely access to certain contents but needs to obtain the proper Right Object (RO) from a vendor in order to process it. Any breach in this process could result on financial loss for any peer, thus it is necessary to provide a service that allows the creation of trusted evidence. Unfortunately, non-repudiation services has not been included so far in DRM specifications due to practical issues and the type of content distributed. In this paper we analyze how to allow the integration of non-repudiation services to a DRM framework, providing a set of protocols that allows the right objects acquisition to be undeniable, alongside with a proof-of-concept implementation and a validation process.

  4. J. A. Onieva, J. Lopez, and J. Zhou, "Secure Multi-Party Non-Repudiation Protocols and Applications", In Advances in Information Security, vol. 43, Springer, 2009. More..
  5. Citekey Ferrer-Gomilla2009 not found
  6. J. Zhou, J. A. Onieva, and J. Lopez, "A Synchronous Multi-Party Contract Signing Protocol Improving Lower Bound of Steps", In 21st International Information Security Conference (IFIP SEC’06), no. 201, Springer, pp. 221-232, May, 2006. More..

    Abstract

    Contract signing is a fundamental service in doing business. The Internet has facilitated the electronic commerce, and it is necessary to find appropriate mechanisms for contract signing in the digital world. A number of two-party contract signing protocols have been proposed with various features. Nevertheless, in some applications, a contract may need to be signed by multiple parties. Less research has been done on multi-party contract signing. In this paper, we propose a new synchronous multi-party contract signing protocol that, with n parties, it reaches a lower bound of 3(n − 1) steps in the all-honest case and 4n − 2 steps in the worst case (i.e., all parties contact the trusted third party). This is so far the most efficient synchronous multi-party contract signing protocol in terms of the number of messages required. We further consider the additional features like timeliness and abuse-freeness in the improved version.