Henning Pagnia

Supporting fair exchange in mobile environments

Mobile commerce over the Internet always includes the exchange of electronic goods. Fair exchange protocols establish fairness and ensure that both participants can engage in the exchange without the risk of suffering a disadvantage (e.g., losing their money without receiving anything for it). In general, fair exchange protocols require the continuous availability of an external trusted third party (TTP), a dedicated site which is trusted by both participants. Implementations of TTPs for fair exchange have been proposed to be based on carefully secured Internet hosts in order to establish trust. In this paper we present solutions to the fair exchange problem in mobile environments, where customers frequently disconnect from the network and thus continuous availability of the external TTP is not given. Our approach utilizes tamper-poof hardware on the customers side partly taking over the duties of the TTP. Besides supporting disconnected operations our approach also allows the proper handling of time-sensitive items (i.e., items which lose value over time), a feature which previous protocols lack.

Modular fair exchange protocols for electronic commerce

Recently, research has focused on enabling fair exchange between payment and electronically shipped items. The reason for this is the growing importance of electronic commerce and the increasing number of applications in this area. Although a considerable number of fair exchange protocols exist, they usually have been defined for special scenarios and thus only work under particular assumptions. Furthermore, these protocols provide different degrees of fairness and cause different communication overhead. The purpose of the paper is to present a unifying solution to the problem. We do this by defining a suite of protocol modules which allow us to compose protocols where the achieved degree of fairness can be enhanced step by step. The advantage of the stepwise approach is that after each step one can decide if the provided degree of fairness is acceptable or if one is willing to spend more in order to reach a higher degree of fairness. We show the applicability of our approach by deriving a novel efficient fair exchange protocol.

Using Smart Cards for Fair Exchange

Fair exchange protocols ensure that the participating parties, customer and vendor, can engage in electronic commerce transactions without the risk of suffering a disadvantage. This means that neither of them delivers his digital item without receiving the other partys item. In general, fair exchange cannot be solved without the help of a trusted third party (TTP), a dedicated computer which is trusted by both participants. Trust can be established by carefully securing the TTP or even better by introducing tamper-proof hardware. However, if the communication to the TTP is unreliable or disrupted, then the exchange cannot be performed in a timely fashion or not at all. Up to now, this has been a problem especially for the exchange of time-sensitive items, i.e., items which lose value over time. We present a novel approach to perform fair exchange using tamper-poof hardware on the customers side. More specifically, co-located to the customers machine we use a smart card which partially takes over the role of the TTP. The challenge of designing protocols in this environment lies in the fact that the communication between the smart card and the vendor is under control of the customer. Our approach has the following benefits: It supports the exchange in mobile environments where customers frequently experience a disconnection from the network. Furthermore, our approach is the first to handle time-sensitive items properly.

Approaching a formal definition of fairness in electronic commerce

The notion of fairness is a very general concept and can be used to coin terms in many different application areas. Recently the term fairness has appeared in the context of electronic commerce. Here, the term fair exchange refers to the problem that two parties want to swap some distinct items in a way which ensures that no participant can gain advantage over the other. Many protocols for fair exchange have been proposed but comparing or formally verifying them has remained rather difficult. The reason for this is that the notion of fairness they use is often different, and exact (i.e., formal) fairness definitions do not exist. We make a first attempt to approach a formal definition of fairness in electronic commerce. We do this by reviewing the established terminology regarding the notion of fairness in concurrency theory and adapting the formal apparatus to derive three precisely separable definitions of fairness in electronic commerce which we call strong, eventually strong and weak fairness.

Solving Fair Exchange with Mobile Agents

Mobile agents have been advocated to support electronic commerce over the Internet. While being a promising paradigm, many intricate problems need to be solved to make this vision reality. The problem of fair exchange between two agents is one such fundamental problem. Informally speaking, this means to exchange two electronic items in such a way that neither agent suffers a disadvantage. We study the problem of fair exchange in the mobile agent paradigm. We show that while existing protocols for fair exchange can be substantially simplified in the context of mobile agents, there are still many problems related to security which remain difficult to solve. We propose three increasingly flexible solutions to the fair exchange problem and show how to implement them using existing agent technology. The basis for ensuring the security properties of fair exchange is a tamper-proof hardware device called a trusted processing environment.

Optimal replica control protocols exhibit symmetric operation availabilities

Replicating data in a distributed system is a suitable means for increasing the availability as well as the performance of data access operations. Unfortunately, there exists a trade-off between these two properties: a replica control protocol which exhibits, e.g., a high read availability and low read operation costs usually suffers from low write availability and high write operation costs. This trade-off is visible for protocols like Weighted Voting for which the above characteristics can be customized by adjusting certain protocol parameters. Changing the read and write quorums of a Weighted Voting protocol while preserving the protocols correct behavior increases either the read availability and the write operation costs or the write availability and the read operation costs but not both at the same time. We prove that for a large class of replica control protocols, a certain symmetry between the read and write operation availability exists. We further demonstrate how a protocol without this symmetry property can be optimized such that the resulting protocol has identical cost but a higher read or write availability or both. We present two design strategies which lead to those optimized replica control protocols. By using the well-known Grid Protocol (which lacks symmetry) as an example, we apply our findings to derive two different replica control protocols with superior characteristics.

Time-efficient self-stabilizing algorithms through hierarchical structures

We present a method of combining a self-stabilizing algorithm with a hierarchical structure to construct a self-stabilizing algorithm with improved stabilization time complexity and fault-containment features. As a case study, a self-stabilizing spanning-tree algorithm is presented which in favorable settings has logarithmic stabilization time complexity.

Bounded dynamic data allocation in distributed systems

Recently, an interesting dynamic data allocation algorithm for the management of replicated data in distributed systems has been presented by Wolfson and Jajodia. We analyze this approach from cost as well as from availability perspectives and suggest an improved algorithm that exhibits superior characteristics. Our approach establishes lower and upper bounds in the number of replicas for guaranteeing minimal availability properties and for restricting operation costs. It additionally exploits an improved replica management that abandons the read-one/write-all approach for all replicas as well as the central server concept used by the original approach, thereby presenting a truly distributed solution. Analyses show that the improved algorithm is superior in terms of costs and availability assuming any reasonable workload.

Sacrificing true distribution for gaining access efficiency of replicated shared objects

True distribution, in general, is a useful property. Nevertheless, problem domains exist, like the management of replicated shared objects in heterogeneous networks, where assumptions fundamental to the justification of truly distributed algorithms simply do not hold any longer. The paper demonstrates how the true distribution property can be sacrificed in exchange for improved access efficiency. It proposes a novel replication control scheme called Second Chance Protocol, which sacrifices true distribution.

Fairer Austausch im Mobile Business

Geschaftsprozesse beinhalten den Fluss von Information, Ware und Geld zwischen den Geschaftspartnern. Im Fall des Mobile Business (mBusiness) unterliegt dieser Fluss den Beschrankungen und Unzulanglichkeiten des verwendeten digitalen Mediums. Der faire Austausch digitaler Guter ist eine wichtige Basisfunktion elektronischer Geschaftsprozesse. Insbesondere beim mBusiness ist die Fairness eines Austauschs — beispielsweise von Ware und Geld — u.a. durch Ubertragungsfehler bedroht. Das folgende Szenario verdeutlicht dies: Ein Anbieter versendet eine digitale Tageszeitung an einen Kunden mit einem mobilen Endgerat, der korrekterweise mit dem Versenden der Bezahlung reagiert. Der mobile Kunde, der uber ein Funknetz mit dem Anbieter kommuniziert, bewegt sich aber nun wahrend der Ubertragung in ein Funkloch, sodass die Konmiunikation gestort wird und der Anbieter das Geld nicht erhalt.