M. K. Franklin and M. K. Reiter. Fair exchange with a semi-trusted third party. In 4th ACM Conference on Computer and Communications Security, pages 1--5. ACM Press, Apr. 1997.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....is valid only when the secret information is presented together with the message. International Research center for Information Security (IRIS) Information and Communications Univ. ICU) 58 4 Hwaamdong, Yusong gu, Daejeon, 305 732, Korea In online TTP (trusted third party) protocols [FR97], an online TTP acts as a mediator in every transactions of exchange. Both players send their items to TTP, and then TTP veri es the correctness of both items and forwards them to other players. This is a rather straightforward approach, but TTP can be a bottleneck in overall performance. In ....

M. K. Franklin and M. K. Reiter, \Fair exchange with a semi-trusted third party", 4th ACM Conference on Computer and Communications Security, pages 1-5, 1997.

....will always have a small advantage in probability of commitment than the other one and it also requires many rounds of communica tions. Another well known approach to fair exchange is using an on line TTP, see for examples, 20] by Zhou and Gollmann, 6] by Deng, Gong, Laxar, and Wang, and [9] by Franklin and Reiter. In on line TTP based protocols, the TTP acts as a mediator between A and B A and B forward their data to the TTP which first checks the validity of the received data and then relay them to the receiving parties. It is straightforward to design protocols with on line TTP ....

....it. On the other hand, after A sees M, she may refuse to send B the signature. No protocol can solve this dilemma. To avoid A signing on h(M) but receives a message M differ ent from the desired M, we assume that A possesses a one way hash of the message she desires to receive. As pointed out in [9], this assumption is justified in proto cols and applications in which one party is responsible for revealing the input that produces a known output, already validated as part of the protocol or application, from a one way function. Examples include the S KEY user authentication system [11] the ....

M. K. Franklin and M. K. Reiter, "Fair exchange with a semi-trusted third party", Proceedings of the Jth ACM Conferences on Computer and Communications Security, pp. 1-5, April 1-4, 1997, Zurich, Switzerland.

.... of fairness has to be realized with a trusted third party (also called trustee or TTP) as protocols without a TTP (e.g. EGL82,BOGMR90, Jak95, BN00] cannot guarantee this strong notion of fairness [EY80] A simple fair exchange solution is an active TTP that is involved in every exchange (e.g. [BP90, Tyg96, CHTY96, ZG96, FR97]) Much more e cient are optimistic protocols [ASW97] in which the TTP only has to participate if a con ict has to be resolved. Under the assumption that errors occur rarely these optimistic protocols minimize the number of requests to the TTP and thus prevent that it becomes a bottleneck during ....

....strong generatability is available, Asokan s protocol should be used for fair exchange. If neither strong revocability nor strong generatability are given, no satisfactory optimistic fair exchange protocols are known. As a last resort we then can rely on the less e cient active protocols (e.g. [BP90,Tyg96,CHTY96,ZG96,FR97]) which need the active participation of the TTP in every exchange transaction. Asokan s protocol yes yes no item strongly revocable strongly generatable item no Our new protocol Protocol with active TTP Figure 1. How to choose an asynchronous fair exchange protocol depending on the ....

Matthew K. Franklin and Michael K. Reiter. Fair exchange with a semitrusted third party. In Tsutomu Matsumoto, editor, 4th ACM Conference on Computer and Communications Security, pages 15, Zrich, Switzerland, April 1997. ACM Press.

....of a faulty entity is or is not needed when the TTP is requested to help nishing the protocol. Again, this approach described how fairness is obtained. We emphasize once more that when de ning fairness it is necessary to focus on what is fairness and not on how to obtain it. Franklin et al. [14] said that at the end of the fair exchange the following must be true: 1. if A, B, and the TTP are honest, A learns B s information and B learns A s information; For example, in the fairness de nition [23] the statement Veri ability of valid contracts is de ned by If a correct ....

M. K. Franklin and M. K. Reiter. Fair exchange with a semi-trusted third party. In 4th ACM Conference on Computer and Communications Security, pages 1-5. ACM Press, Apr. 1997.

....honest enough to do not need external help in order to achieve fairness; the TTP will be involved only if some problems emerge. Consequently, such protocols are called optimistic. Fair exchange between two parties has been extensively studied and several solutions have been proposed in the online [10,11,7] as in the o ine [12,2,5,3,9] case. The multi party setting has also been studied and it has been noticed that the topology of the exchange plays an important role. In [1] a generic optimistic protocol with a general topology (each entity can communicate with the set of entities of his choice) is ....

....does not respect the fairness property. 4 A Strongly Exclusion Free Fair Exchange Protocol We present now a variant of the multi party fair exchange protocol with an online trusted third party described in the previous section, partially inspired by the two party protocol of Franklin and Reiter [7]. The exchange topology is still a ring. The communication channels between participants are unreliable and those used between each participant and the TTP are supposed to be resilient. Through this section we will use the following additional notations: f x is a ag indicating the purpose of ....

M. K. Franklin and M. K. Reiter. Fair exchange with a semi-trusted third party. In 4th ACM Conference on Computer and Communications Security, pages 15. ACM Press, Apr. 1997.

....to be honest enough to not need external help in order to achieve fairness; the TTP will only be involved if some problem emerges. Protocols with such a TTP are called optimistic. Fair exchange between two parties has been extensively studied and several solutions have been proposed in the online [8,12] as in the o ine case [4,3,6,11] The interest of [11] where an item is exchanged against a digital signature, is that the TTP produces the same signatures as those that would have been produced by the participants in a faultless scenario. Fair exchange of electronic information between more ....

Matthew K. Franklin and Michael K. Reiter. Fair exchange with a semi-trusted third party. In 4th ACM Conference on Computer and Communications Security, Zurich, Switzerland, April 1997.

....For some kind of items, for example digital money or digital signatures, the validation is rather simple. Another example is a widely used software package which can be checked by computing a cryptographic hash value and comparing it against a trusted reference value which is publicly available [25]. Problems with this solution however can occur if the software contains a serial number or an individual watermark for copyright protection. Other items too are dicult to check: For example, a common description of a software package usually contains a list of features which cannot be checked ....

....(expected) behavior is only achievable by detailed code inspection and the use of secured hardware. This task is usually delegated to experts and so trusting the TTP means trusting these experts. Certain protocols can slightly reduce the level of trust in the TTP. For example, in some protocols [25, 39] the TTP alone cannot gain useful information about the exchanged items. Other protocols [7] make certain forms of misbehavior of the TTP detectable by the participants. Availability means that it is not only important to know which protocol the TTP is executing, but also that the TTP will follow ....

[Article contains additional citation context not shown here]

Franklin, M. K. and Reiter, M. K. (1997) Fair exchange with a semi-trusted third party. Matsumoto, T. (ed.), 4th ACM Conference on Computer and Communications Security , Zurich, Switzerland, Apr., pp. 1-5, ACM Press, New York.

....and therefore seem less e#cient and more complicated to deploy than our protocol. The initial work in the area was done by Asokan et al. 1, 2] Pfitzmann et al. 21] present another optimistic protocol; their main emphasis is on finding the correct definitions for the problem. Franklin and Reiter [18] describe a protocol with a semi trusted third party that might misbehave on its own but would not collude with any of the other parties. The Tricert system [3] is a hybrid system that distributes the task of the trusted third party to less trusted postal agents that perform the on line work, and ....

Matthew Franklin and Michael Reiter. Fair exchange with a semi-trusted third party. In Tsutomu Matsumoto, editor, 4th ACM Conference on Computer and Communications Security, pages 1--6, Zurich, Switzerland, April 1997. ACM Press.

....data exchange has been used in many applications such as non repudiation of message transmission [19] certified mail [11] contract signing [6] and electronic payment systems [10] 1. 1 Fair Data Exchange Protocols Existing practical fair exchange protocols that use a Trusted Third Party (TTP) [2, 3, 4, 12, 19] can be summarized by Figure 1 1 where two players, A and B, and two communication channels between A and B, the normal channel and the trusted channel, are involved in an exchange. The normal channel models the direct communication between A and B. Since A and B mutually distrust each other, ....

....for fair exchange protocols is to minimize the use of TTPs as much as possible. There are also some other design goals which are identified: 1) Tolerating temporary communication failures without losing fairness [3] 2) Relaxing the extent to which TTPs can be trusted without losing fairness [12]; 3) Relaxing the fairness requirement to further reduce the overhead of the TTP [3] Note that these goals may conflict with each other, thus trade offs are needed in some situations. 1 Gradual exchange protocols [6] another main class of fair exchange solutions, do not need a TTP; however, ....

[Article contains additional citation context not shown here]

M.K. Franklin and M.K. Reiter. Fair exchange with a semi-trusted third party. In 4th ACM Conference on Computer and Communications Security, pages 1--7, Zurich, Switzerland, April 1997.

....has been forwarded. Our solution requires each hop to send an acknowledgement for the packet it received. Terminodes, however, may be reluctant to send acknowledgements, because sending consumes energy and it does not have any direct advantages. This problem is related to fair exchange [6] [7] (in our case, packets for acknowledgements) and it is usually solved with the involvement of a trusted third party (TTP) We cannot, however, assume the existence of TTPs in terminode networks. The problem of fair exchange without a TTP is analyzed in [8] where it is called unenforced safe ....

M. Franklin and M. Reiter, "Fair exchange with a semi-trusted third party," in Proceedings of the 4th ACM Conference on Computer and Communications Security, pages 1--6, April 1997.

....see also [6, 8, 9, 10] The problem examined by these papers is simpler than the problem we discuss, but nevertheless the protocols suggested are less e#cient in the sense that they require several rounds of communication or sending the entire message to the trusted party. Franklin and Reiter [12] described a protocol for fair exchange using a semi trusted third party, which is semitrusted in the sense that although it might be corrupt it does not conspire with either one of the other two parties. The protocol is rather e#cient, although it requires a few exponentiations and therefore ....

M. Franklin and M. Reiter, Fair exchange with a semi-trusted third party, ACM Conference on Computer and Communications Security 1997, pp. 1-5.

....gradual exchange protocols can expect more real world applications, this paper will focus on third party protocols which have already been widely used in many applications, especially e commerce. Contact Author: Peng Liu 1 Although many practical third party protocols have been proposed [2, 3, 4, 10, 12, 18], most of these protocols depend on certain strong assumptions about the communication channels and the local systems. Speci cally, most of them assume that during an exchange no failures will happen at the local systems of either the players or the TTP. Although all of these protocols can achieve ....

....normal channel models the direct communication between A and B. Since A and B mutually distrust each other, exchange solely dependent on this channel cannot be assured to be fair. The trusted channel between A and B is therefore established with the help of a TTP (A semi trusted TTP is allowed in [12], where the third party may misbehave on its own but will not conspire with either of the players) Items sent via the trusted channel are rst sent to the TTP and then forwarded by the TTP to the recipient. Exchange performed in the trusted channel can be considered fair because of the mediation ....

[Article contains additional citation context not shown here]

M.K. Franklin and M.K. Reiter, Fair exchange with a semi-trusted third party, in: Proceedings of 4th ACM Conference on Computer and Communications Security, pages 1-7, Zurich, Switzerland, April 1997.

....protocol worked optimistically or not. Moreover, the TTP must be directly involved in any secondary adjudication as it must provide, in the case involving dispute resolution, an additional signed proof of mailing with each query or deposit. 3. 1 Prior work on Degree of Trust Franklin and Reiter [11] introduce the notion of a semi trusted third party for the fair exchange problem. Their protocol is online as it requires the TTP to be involved in any transaction. The TTP can sometimes fail or misbehave but it cannot conspire with either of the parties involved in the exchange. Their model is ....

....cryptography. Additionally, the protocol provides TTP s invisibility, and achieves confidentiality from both the TTP and the PAs, which are able to verify the validity of a proof of receipt and proof of origin without knowing the e mail content. We extended the model of Franklin and Reiter [11] as the PAs are semi trusted, in the sense that they can fail or misbehave, but in addition they can conspire with either of the parties involved in the exchange. Before we describe TRICERT, we show, in Section 5, that three messages are sufficient to perform optimistic certified e mail, which is ....

[Article contains additional citation context not shown here]

M. Franklin and M. Reiter. Fair exchange with a semitrusted third party. In Proc. ACM Conference on Computer and Communications Security, 1997.

....for example [CTS95,ZG96,DGLW96] The trusted third party supervises communication between the protocol participants and ensures that no participant receives the item it wants before releasing its own item. Variations of this approach include fair exchange protocols with a semi trusted third party [FR97] The main drawback of the third party solution is that the third party may become the communication bottleneck if it has to be involved in all instances of the protocol in order to guarantee fairness. The protocol may also need to impose demands on the communication channels, e.g. by requiring ....

M. Franklin and M. Reiter. Fair exchange with a semi-trusted third party. In Proc. 4th ACM Conference on Computer and Communications Security, pages 1--6, 1997.

....party protocols. Gradual exchange protocols [4, 6, 10] gradually increase the probability of fair exchange over several rounds of message exchanges; these protocols have extensive communication requirements and assume that both the parties have equal computational power. The third party protocols [8, 9, 11, 19] make use of a trusted on line third party. The idea of using a trusted on line third party to obtain non repudiation of origin and delivery of a mail message was proposed by Deng et al. 9] and Zhou and Gollmann [19] Dispute resolution is outside the scope of these protocols; however, the ....

....the customer after agreeing upon the product and the price sign a contract which is forwarded to the third party. Each party then sends his item to the third party. The third party verifies that the items satisfy the contract, and then forwards them to the respective parties. Franklin and Reiter [11] also propose a set of fair exchange protocols that verify the consistency of a document before the exchange takes place. The protocols use a oneway function f which has the property that there exists another efficiently computable function F such that F x f y f xy . The ....

M. K. Franklin and M. K. Reiter. Fair Exchange with a semi-trusted Third Party. In T. Matsumoto, editor, Proceedings of the 4th ACM Conference on Computer and Communications Security, pages 1--6, Zurich, Switzerland, April 1997.

....the third party, and . it requires the establishment of additional connections between the third party and both the originator and the receiver; it requires an external third party that both parties trust in and a party providing such a trusted service might be expensive. The protocol in [4] does not require a reliable third party (in the sense that it may misbehave on its own but will not conspire with either of the main parites) this protocol ensures fairness as long as the third party treats the two parties equal (i.e. either gives to both of them what they want or does not give ....

Matthew K. Franklin, Michael K. Reiter. Fair Exchange with a Semi Trusted Third Party. AT&T Laboratories --- Research, Murray Hill, New Jersey, USA.

No context found.

M. K. Franklin and M. K. Reiter. Fair exchange with a semi-trusted third party. In 4th ACM Conference on Computer and Communications Security, pages 1--5. ACM Press, Apr. 1997.

No context found.

Matthew K. Franklin and Michael K. Reiter, Fair exchange with a semi-trusted third party, Proc. 4th ACM Conference on Computer and Communications Security, 1997.

No context found.

M. K. Franklin and M. K. Reiter. Fair Exchange with a Semi-trusted Third Party. In Proceedings of The Fourth ACM Conference on Computer and Communications Security, pages 1--6, Zurich, April 1997.

No context found.

Franklin, M. K. and Reiter, M. K. (1997) Fair exchange with a semi-trusted third party. Matsumoto, T. (ed.), 4th ACM Conference on Computer and Communications Security , Zurich, Switzerland, Apr., pp. 1--5, ACM Press, New York.

No context found.

Franklin, M. K. and Reiter, M. K. (1997) Fair exchange with a semi-trusted third party. In Matsumoto, T. (ed.), 4th ACM Conf. on Computer and Communications Security,Zurich, Switzerland, April, pp. 1--5. ACM Press, New York.

No context found.

Franklin, M. and Reiter, M. (1997) Fair exchange with a semi-trusted third party. In Proc. ACM Conf. on Computer and Communications Security, Zurich, Switzerland, April 4-- 7, pp. 1--5. ACM Press, New York.

No context found.

M. K. Franklin and M. K. Reiter. Fair exchange with a semi-trusted third party. In ACM Conference on Computer and Communications Security, pp. 1-5, 1997.

No context found.

M.K. Franklin and M.K. Reiter, \Fair exchange with a semi-trusted third party", in Proceedings of the 4th ACM Conference on Computer and Communication Security, April 1997, pp.1-5.

No context found.

M.K. Franklin and M. K. Reiter. Fair exchange with a semi-trusted third party. In 4th ACM conference on computer and communication security, page 1-5, 1997.

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC