Holger Vogt

Supporting fair exchange in mobile environments

Mobile commerce over the Internet always includes the exchange of electronic goods. Fair exchange protocols establish fairness and ensure that both participants can engage in the exchange without the risk of suffering a disadvantage (e.g., losing their money without receiving anything for it). In general, fair exchange protocols require the continuous availability of an external trusted third party (TTP), a dedicated site which is trusted by both participants. Implementations of TTPs for fair exchange have been proposed to be based on carefully secured Internet hosts in order to establish trust. In this paper we present solutions to the fair exchange problem in mobile environments, where customers frequently disconnect from the network and thus continuous availability of the external TTP is not given. Our approach utilizes tamper-poof hardware on the customers side partly taking over the duties of the TTP. Besides supporting disconnected operations our approach also allows the proper handling of time-sensitive items (i.e., items which lose value over time), a feature which previous protocols lack.

Modular fair exchange protocols for electronic commerce

Recently, research has focused on enabling fair exchange between payment and electronically shipped items. The reason for this is the growing importance of electronic commerce and the increasing number of applications in this area. Although a considerable number of fair exchange protocols exist, they usually have been defined for special scenarios and thus only work under particular assumptions. Furthermore, these protocols provide different degrees of fairness and cause different communication overhead. The purpose of the paper is to present a unifying solution to the problem. We do this by defining a suite of protocol modules which allow us to compose protocols where the achieved degree of fairness can be enhanced step by step. The advantage of the stepwise approach is that after each step one can decide if the provided degree of fairness is acceptable or if one is willing to spend more in order to reach a higher degree of fairness. We show the applicability of our approach by deriving a novel efficient fair exchange protocol.

Using Smart Cards for Fair Exchange

Fair exchange protocols ensure that the participating parties, customer and vendor, can engage in electronic commerce transactions without the risk of suffering a disadvantage. This means that neither of them delivers his digital item without receiving the other partys item. In general, fair exchange cannot be solved without the help of a trusted third party (TTP), a dedicated computer which is trusted by both participants. Trust can be established by carefully securing the TTP or even better by introducing tamper-proof hardware. However, if the communication to the TTP is unreliable or disrupted, then the exchange cannot be performed in a timely fashion or not at all. Up to now, this has been a problem especially for the exchange of time-sensitive items, i.e., items which lose value over time. We present a novel approach to perform fair exchange using tamper-poof hardware on the customers side. More specifically, co-located to the customers machine we use a smart card which partially takes over the role of the TTP. The challenge of designing protocols in this environment lies in the fact that the communication between the smart card and the vendor is under control of the customer. Our approach has the following benefits: It supports the exchange in mobile environments where customers frequently experience a disconnection from the network. Furthermore, our approach is the first to handle time-sensitive items properly.

Approaching a formal definition of fairness in electronic commerce

The notion of fairness is a very general concept and can be used to coin terms in many different application areas. Recently the term fairness has appeared in the context of electronic commerce. Here, the term fair exchange refers to the problem that two parties want to swap some distinct items in a way which ensures that no participant can gain advantage over the other. Many protocols for fair exchange have been proposed but comparing or formally verifying them has remained rather difficult. The reason for this is that the notion of fairness they use is often different, and exact (i.e., formal) fairness definitions do not exist. We make a first attempt to approach a formal definition of fairness in electronic commerce. We do this by reviewing the established terminology regarding the notion of fairness in concurrency theory and adapting the formal apparatus to derive three precisely separable definitions of fairness in electronic commerce which we call strong, eventually strong and weak fairness.

Asynchronous Optimistic Fair Exchange Based on Revocable Items

We study the benefits of revocable items (like electronic payments which can be undone by the bank) for the design of efficient fair exchange protocols. We exploit revocability to construct a new optimistic fair exchange protocol that even works with asynchronous communication channels. All previous protocols with comparable properties follow the idea of Asokan’s exchange protocol for two generatable items [Aso98, ASW98]. But compared to that, our protocol is more efficient: We need less messages in the faultless case and our conflict resolution is less complicated. Furthermore, we show that the generatability, which is required by [Aso98, ASW98], is difficult to implement in the context of some electronic payments. Instead, revocability of payments may be much easier to realize. Thus, our new protocol is very well suited for the fair exchange of revocable payments for digital goods.

Offline payments with auditable tracing

Tracing is an important mechanism to prevent crimes in anonymous payment systems. However, it is also a threat to the customers privacy as long as its application cannot be controlled. Relying solely on trusted third parties for tracing is inadequate, as there are no strong guarantees that deanonymizations are only applied legally. A recent tracing concept is auditable tracing, where the customer has the power to control the deanonymization. With auditable tracing no trust is required, while it offers comparable tracing mechanisms. We present the first off-line payment system with auditable tracing. Our payment system supports coin and owner tracing as well as self deanonymization in the case of blackmailing.

Fair Tracing without Trustees

We present an electronic payment system offering a new kind of tracing mechanism. This mechanism is optimistic fair, as any misuse of the tracing mechanism is prevented by using an audit concept so that a violation of privacy can be detected and will be prosecuted. Thus, compared to previously proposed tracing methods our optimistic fair tracing approach offers more privacy for customers and does not need any trusted third parties, which simplifies the infrastructure of the payment system. Our payment system is able to defend against blackmailing, kidnapping, and bank robberies and can also be used to support investigations of money laundering and illegal purchases.

Solving Fair Exchange with Mobile Agents

Mobile agents have been advocated to support electronic commerce over the Internet. While being a promising paradigm, many intricate problems need to be solved to make this vision reality. The problem of fair exchange between two agents is one such fundamental problem. Informally speaking, this means to exchange two electronic items in such a way that neither agent suffers a disadvantage. We study the problem of fair exchange in the mobile agent paradigm. We show that while existing protocols for fair exchange can be substantially simplified in the context of mobile agents, there are still many problems related to security which remain difficult to solve. We propose three increasingly flexible solutions to the fair exchange problem and show how to implement them using existing agent technology. The basis for ensuring the security properties of fair exchange is a tamper-proof hardware device called a trusted processing environment.

Marking: A Privacy Protecting Approach Against Blackmailing

Electronic payment systems based on anonymous coins have been invented as a digital equivalent to physical banknotes. However, von Solms and Naccache discovered that such anonymous coins are also very well suited to support criminals in blackmailing. In this paper we present a payment system, which has an efficient tracing and revocation mechanism for blackmailed coins. The used tracing method is based on the idea of marking coins similar to marking banknotes with an invisible color. In contrast to previous solutions our payment system is unconditionally anonymous and thus protects the privacy of the users.

Unsichtbare Markierungen in elektronischem Geld

Bei Zahlungen im Internet stellt der Schutz der Privatsphare des Zahlenden eine grose Herausforderung dar. Anonyme elektronische Zahlungssysteme bieten diesen Schutz, aber sie schaffen auch neue Probleme: Im Schutz der Anonymitat kann elektronisches Geld in grosen Mengen unbeobachtbar transferiert werden, wodurch es sich besonders gut fur kriminelle Aktivitaten wie Erpressung oder Geldwasche eignet. In diesem Artikel stellen wir eine neue Losung fur diese Probleme vor, ohne auf Anonymitat zu verzichten. Unser Zahlungssystem besitzt einen effizienten Mechanismus zum gezielten Verfolgen und Invalidieren von digitalen Munzen. Die verwendete Idee beruht auf dem Markieren von Munzen, analog zu dem Markieren von Geldscheinen mit unsichtbarer Farbe.