Detailseite
Projekt Druckansicht

Formale und kryptographische Analyse von Protokollen mit spieltheoretischen Sicherheitsanforderungen

Fachliche Zuordnung Theoretische Informatik
Förderung Förderung von 2008 bis 2011
Projektkennung Deutsche Forschungsgemeinschaft (DFG) - Projektnummer 88943336
 
Erstellungsjahr 2011

Zusammenfassung der Projektergebnisse

The goal of our project was to develop models and methods for the rigorous formal and cryptographic analysis of protocols with game-theoretic security requirements, with contract-signing protocols being an important example of such protocols. Our work involved the formalization of such requirements and the development of methods and tools for the rigorous analysis of protocols with such requirements. An important game-theoretic security requirement, which was formalized as part of our project for the first time, is on-line abuse-freeness. Intuitively, this property requires that, even if one of the protocol participants may be able to determine the outcome of the protocol, e.g., whether or not a contract is signed, he/she is not able to demonstrate this to an external party, even though the external party can interact with the protocol participant during the whole protocol execution. This property involves complex reasoning about strategies and knowledge of agents. Our case studies, in which we applied our definition to prominent contract-signing protocols, revealed unexpected results, including a subtle attack on one of the studied protocols. Motivated by the problem of contract signing, we developed a general definition of accountability. Intuitively, accountability means that misbehaving parties, i.e., parties who deviated from the prescribed protocol, can be detected, and hence, blamed for their misbehavior by, for instance, a judge. Our definition turned out to be widely applicable: besides contract signing, we applied it to e-voting and auction protocols, for which we found partly severe problems and weaknesses. We also established relationships between accountability and verifiability. Finally, our project opened the door to the fully automated analysis of game-theoretic security requirements. More specifically, we implemented a constraint-based algorithm for checking game-theoretic security requirements and successfully applied it to non-trivial protocols, including the prominent ASW contract-signing protocols. We also obtained first results on the tool-supported analysis of the mentioned accountability property.

Projektbezogene Publikationen (Auswahl)

  • A Formal Definition of Online Abuse-freeness. Proceedings of the 6th International ICST Conference on Security and Privacy in Communication Networks (SecureComm 2010), Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 50, Springer, 2010, pp. 484–497
    Ralf Küsters, Henning Schnoor, and Tomasz Truderung
  • Accountability: Definition and Relationship to Verifiability. Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS 2010), ACM, 2010, pp. 526–535
    Ralf Küsters, Tomasz Truderung, and Andreas Vogt
  • Implementing a Constraint Solving Algorithm for Checking Game-Theoretic Security Requirements. Tech. report, University of Trier, 2011
    Ralf Küsters, Thomas Schmidt, and Tomasz Truderung
 
 

Zusatzinformationen

Textvergrößerung und Kontrastanpassung