Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
Implement Online and Offline Protocols
Related Non-Repudiation Web Services
System Design
Protocol Resources
Executing Non-Repudiation Protocols
Project Database
Conclusion
References

Design and Implementation of RESTful Non-repudiation Services

Profile image of Saman BarakatSaman Barakat

Abstract

Security issues can be a barrier to make successful online businesses because the Internet can make critical information vulnerable . Non-repudiation is a security feature that is related to integrity and authenticity . Providing non-repudiation for online communication is a key factor to achieve a successful electronic business . Non-repudiation should ensure that each involvement in an online interaction cannot be denied. Besides, non-repudiation, fairness between the parties also plays an important role to achieve successful electronic businesses. One solution used to achieve fair non-repudiation services is by using a trusted third party (TTP) that implements fair non-repudiation protocols . This project uses work that has been done by Cook et al in 2006 [5] as a starting point, which was a non-repudiation service project that uses SOAP web service technology. However, this project aims to implement non-repudiation services using Representational State Transfer (REST) architecture style principles in order to obtain significant advantages that REST technology provides such as scalability and simplicity. 184 accountability of participating in a transaction can be guaranteed by using the two types of non-repudiation evidences which are non-repudiation of origin (NRO) and non-repudiation of receipt (NRR) . The NRO is digital evidence generated by the originator and entitled to the recipient; while the NRR is digital evidence generated by the recipient and entitled to the originator.

Related papers

Implementing Fair Non-repudiable Interactions with Web Services
Paul Robinson

2005

The use of open, Internet-based communications for business-to-business (B2B) interactions requires accountability for and acknowledgment of the actions of participants. Accountability and acknowledgment can be achieved by the systematic maintenance of an irrefutable audit trail to render the interaction non-repudiable. To safeguard the interests of each party, the mechanisms used to meet this requirement should ensure fairness. That is, misbehaviour should not disadvantage well-behaved parties. Despite the fact that Web services are increasingly used to enable B2B interactions, there is currently no systematic support to deliver such guarantees. This paper introduces a flexible framework to support fair non-repudiable B2B interactions based on a trusted delivery agent. A Web services implementation is presented. The role of the delivery agent can be adapted to different end user capabilities and to meet different application requirements.

View PDFchevron_right
An Extended Payment Model for M-Commerce with Fair Non-Repudiation Protocols
Tran Phuc Nghi Dang

Polibits, 2009

View PDFchevron_right
An intensive survey of fair non-repudiation protocols
Olivier Markowitch

Computer Communications, 2002

With the phenomenal growth of the Internet and open networks in general, security services, such as non-repudiation, become crucial to many applications. Non-repudiation services must ensure that when Alice sends some information to Bob over a network, neither Alice nor Bob can deny having participated in a part or the whole of this communication. Therefore a fair non-repudiation protocol has to generate nonrepudiation of origin evidences intended to Bob, and non-repudiation of receipt evidences destined to Alice. In this paper, we clearly de®ne the properties a fair non-repudiation protocol must respect, and give a survey of the most important non-repudiation protocols without and with trusted third party (TTP). For the later ones we discuss the evolution of the TTP's involvement and, between others, describe the most recent protocol using a transparent TTP. We also discuss some ad-hoc problems related to the management of non-repudiation evidences. q

View PDFchevron_right
Non-repudiation protocols for multiple entities
Javier Miranda López

Computer Communications, 2004

Non-repudiation is a security service that provides cryptographic evidence to support the settlement of disputes. In this paper, we introduce the state-of-the-art of non-repudiation protocols for multiple entities. We extend an existing multi-party non-repudiation (MPNR) protocol to allow an originator to send different messages to many recipients in a single transaction. We further propose an optimistic multi-party nonrepudiation protocol for exchange of different messages. The performance of our protocols with enhanced functionalities is still promising in comparison with existing MPNR protocols. q .sg (J. Zhou), onieva@lcc. uma.es (J.A. Onieva), jlm@lcc.uma.es (J. Lopez).

View PDFchevron_right
An Intensive Survey of Non-Repudiation Protocols
Olivier Markowitch

2002

With the phenomenal growth of the Internet and open networks in general, security services, such as non-repudiation, become crucial to many applications. Non-repudiation services must ensure that when Alice sends some information to Bob over a network, neither Alice nor Bob can deny having participated in a part or the whole of this communication. Therefore a non-repudiation protocol has to generate non-repudiation of origin evidences intended to Bob, and non-repudiation of receipt evidences destined to Alice. In this paper, we clearly define the properties a non-repudiation protocol must respect, and give a survey of the most important non-repudiation protocols without and with trusted third party (TTP). For the later ones we discuss the evolution of the TTP’s involvement and, between others, describe the most recent protocol using a transparent TTP. We also discuss some ad-hoc problems related to the management of non-repudiation evidences and briefly overview several efforts on f...

View PDFchevron_right
Reasoning on properties of non-repudiation security protocols
Thomas Newe

2004

The increasing usage of internet-based services, such as certified e-mails, electronic payment of goods, and non-repudiation require development of security protocols for fair exchange. Non-repudiation is a security service concerned with preventing a denial by one of the principals involved in a communication of having participated in all or part of the communication. This paper discusses the reasoning on security properties of non-repudiation protocols. A case study incorporating the verification of two online nonrepudiation security protocols is presented. The results of the analysis highlight the usefulness of formal verification to increase confidence in the correctness of security protocols.

View PDFchevron_right
Fair multi-party non-repudiation protocols
Olivier Markowitch

International Journal of Information Security, 2003

In this paper we introduce the concept of multi-party nonrepudiation protocols. We define the aims of multi-party non-repudiation protocols, compare them to multi-party fair exchange and show some fundamental differences. We present two protocols, the first one using an online trusted third party and the second one using an offline trusted third party. We also show how to modify each of these protocols in order to provide confidentiality. The definitions and the resulting protocols are more general than the only comparable work, a multi-party certified e-mail protocol.

View PDFchevron_right
A new fair non-repudiation protocol for secure negotiation and contract signing
Antonio Ruiz-Martínez

Proceedings of the …, 2006

The participation of an e-notary, acting as an on-line Trusted Third Party is required in some scenarios, such as Business to Business, Intellectual Property Rights contracting, or even as a legal requirement, in contract signing is frequently necessary. This e-notary gives validity to the contract or performs some tasks related to the contract, e.g. contract registration. In the abovementioned contracting scenarios, two important additional features are needed: the negotiation of the e-contract and confidentiality. However, until now, e-contract signing protocols have not considered these issues as an essential part of the protocol. In this paper, we present a new protocol which is designed to make negotiation and contract signing processes secure and confidential. Moreover, compared to other previous proposals based on an on-line Trusted Third Party, this protocol reduces the e-notary's workload. Finally, we describe how the protocol is being used to achieve agreements on the rights of copyrighted works.

View PDFchevron_right
Non-repudiation in an agent-based electronic commerce system
Ee-Peng LIM

1999

Abstract ABECOS is an agent-based e-commerce system under development at the Nanyang Technological University. A key factor in making this system usable in practice is strict security control. One aspect of security is the provision of non-repudiation services. As protocols for non-repudiation have focused on message non-repudiation, its adaptation to afford non-repudiation in a communication session for two agents in ABECOS is inefficient.

View PDFchevron_right
A Multi-Party Non-Repudiation Protocol for Exchange of Different Messages
Javier Miranda López

Security and Privacy in the Age of Uncertainty, 2003

Non-repudiation is a security service that provides cryptographic evidence to support the settlement of disputes. In this paper, we introduce the state-of-the-art of multi-party non-repudiation protocols, and analyze the previous work where one originator is able to send the same message to many recipients. We propose a new multi-party non-repudiation protocol for sending different messages to many recipients. We also discuss the improvements achieved with respect to the multiple instances of a two-party non-repudiation protocol, and present some applications that would benefit from them.

View PDFchevron_right

References (32)

  1. Jianying, Z. and D. Gollmann. An efficient non-repudiation protocol. in Computer Security Foundations Workshop, 1997. Proceedings., 10th. 1997.
  2. Zhou, J., Non-Repudiation in Electronic Commerce. 1st edition ed2001: Artech House.
  3. Kremer, S., O. Markowitch, and J.Y. Zhou, An intensive survey of fair non-repudiation protocols. Computer Communications, 2002. 25(17): p. 1606-1621.
  4. Bo, M., W. Shaomei, and X. Qianxing. A fair non-repudiation protocol. in Computer Supported Cooperative Work in Design, 2002. The 7th International Conference on. 2002.
  5. Cook, N., P. Robinson, and S.K. Shrivastava, Design and implementation of Web services middleware to support fair non-repudiable interactions. International Journal of Cooperative Information Systems, 2006. 15(4): p. 565- 597.
  6. Liew, C.C., et al. Non-repudiation in an agent-based electronic commerce system. In Database and Expert Systems Applications, 1999. Proceedings. Tenth International Workshop on. 1999.
  7. Coffey, T. and P. Saidha, Non-repudiation with mandatory proof of receipt. Computer Communication Review, 1996. 26(1): p. 6-17.
  8. Jianying, Z. and D. Gollman. A fair non-repudiation protocol. in Security and Privacy, 1996. Proceedings., 1996 IEEE Symposium on. 1996.
  9. Asokan, N., V. Shoup, and M. Waidner. Asynchronous protocols for optimistic fair exchange. in Security and Privacy, 1998. Proceedings. 1998 IEEE Symposium on. 1998.
  10. Fielding, R.T., Architectural Styles and the Design of Network-based Software Architectures, in Information and Computer Science2000, UNIVERSITY OF CALIFORNIA, IRVINE.
  11. Dambal, V. A simple approach to REST-enable Java Business Services. 14 Jun 2010 01/05/2012]; Available from: http://www.ibm.com/developerworks/webservices/library/wsRESTservices/.
  12. Oracle.com. Introduction to RESTful Web Services and Jersey. 2010 15/05/2012]; Available from: http://docs.oracle.com/cd/E19776-01/820-4867/ggnyk/index.html.
  13. Tilkov, S. A Brief Introduction to REST. Dec 10, 2007 01/05/2012]; Available from: http://www.infoq.com/articles/rest-introduction.
  14. Foundation, T.A.S. Proxy Support HOW-TO. 1999-2012 10/05/2012]; Available from: http://tomcat.apache.org/tomcat-7.0-doc/proxy-howto.html.
  15. Foundation, T.A.S. Reverse Proxy HowTo. 1999-2012 20/4/2012]; Available from: http://tomcat.apache.org/connectors-doc/generic_howto/proxy.html.
  16. niq. Running a Reverse Proxy in Apache. 2009 Fri Dec 25 15:37:50 2009 20/04/2012]; Available from: http://www.apachetutor.org/admin/reverseproxies.
  17. Richardson, L. and S. Ruby, RESTful Web Services. 1 edMay 2007, United States of America: O'Reilly Media.
  18. Allamaraju, S., RESTful Web Services Cookbook. 1 edMarch 2010: O'Reilly Media / Yahoo Press.
  19. Masse, M., REST API Design Rulebook. 1 edOctober 2011, United States of America: O'Reilly Media.
  20. Burke, B., RESTful Java with JAX-RS. 1 edNovember 2009, United States of America: O'Reilly Media.
  21. Peiris, H., L. Soysa, and R. Palliyaguru. Non-Repudiation Framework for E-Government Applications. in Information and Automation for Sustainability, 2008. ICIAFS 2008. 4 th International Conference on. 2008.
  22. Chodorow, K. and M. Dirolf, MongoDB: The Definitive Guide. 1 edSeptember 2010, United States of America: O'Reilly Media.
  23. Orend, K., Analysis and Classification of NoSQL Databases andEvaluation of their Ability to Replace an Object- relationalPersistence Layer, 2010, Technical University of Munich: Munich.
  24. MongoDB.org. Querying. 30/07/2012]; Available from: http://www.mongodb.org/display/DOCS/Querying.
  25. MongoDB.org. Indexes. 30/07/2012]; Available from: http://www.mongodb.org/display/DOCS/Indexes.
  26. MongoDB.org. Multikeys. 30/07/2012]; Available from: http://www.mongodb.org/display/DOCS/Multikeys.
  27. MongoDB.org. Sharding Introduction. 30/07/2012]; Available from: http://www.mongodb.org/display/DOCS/Sharding+Introduction.
  28. Oracle.com. Java ™ Cryptography Architecture (JCA) Reference Guide. 25/04/2012]; Available from: http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html.
  29. Schneier, B., Secrets and Lies: Digital Security in a Networked World2000, United States of America: Wiley.
  30. Anderson, R.J., Security Engineering: A Guide to Building Dependable Distributed Systems. 2 ed2008, United States of America: Wiley.
  31. Grant, W., M. Majczyk, and V. Skyttä. Portecle. 10/05/2012]; Available from: http://portecle.sourceforge.net/.
  32. Amazon.com. Amazon Simple Notification Service. 10/08/2012]; Available from: http://aws.amazon.com/sns/.

Related papers

An efficient non-repudiation protocol
Dieter Gollmann

Proceedings 10th Computer Security Foundations Workshop, 1997

Fairness may be a desirable property of a nonrepudiation service. Protocols can achieve fairness through the involvement of a trusted third party but the extent of the trusted third party's involvement can vary between protocols. Hence, one of the goals of designing an efJicient non-repudiation protocol is to reduce the work load of the trusted third party. In this paper we present a variant of our fair non-repudiation protocol [15], where the trusted third party will be involved only in case that one party cannot obtain the expected non-repudiation evidence from the other party. This variant is efJicient in an environment where the two parties are likely to resolve communications problems between themselves.

View PDFchevron_right
Design and Implementation of Web Services Middleware to Support Fair Non-Repudiable Interactions
Paul Robinson

International Journal of Cooperative Information Systems, 2006

The use of open, Internet-based communications for business-to-business (B2B) interactions requires accountability for and acknowledgment of the actions of participants. Accountability and acknowledgment can be achieved by the systematic maintenance of an irrefutable audit trail to render the interaction non-repudiable. To safeguard the interests of each party, the mechanisms used to meet this requirement should ensure fairness. That is, misbehavior should not disadvantage well-behaved parties. Despite the fact that Web services are increasingly used to enable B2B interactions, there is currently no systematic support to deliver such guarantees. This paper introduces a flexible framework to support fair non-repudiable B2B interactions based on a trusted delivery agent. A Web services implementation is presented. The role of the delivery agent can be adapted to different end user capabilities and to meet different application requirements.

View PDFchevron_right
Intermediary non-repudiation protocols
Javier Miranda López

Ieee International Conference on E-Commerce, 2003

In commercial transactions, an intermediary might be involved to help transacting parties to conduct their business. Nevertheless, the intermediary may not be fully trusted. In this paper, we introduce the concept of intermediary (or agent) in a non-repudiation protocol, define the aims of intermediary non-repudiation protocols, and analyze their security requirements. We present a simple scenario with only one recipient, followed by a more complicated framework where multiple recipients are involved and collusion between them is possible.

View PDFchevron_right
BPEL Processes for Non-Repudiation Protocols in Web Services
MUHAMMAD BILAL

International Conference on Next Generation Web Services Practices (NWeSP'05), 2005

BPEL provides a language for the formal specification of business processes and business interaction protocols. In business transactions non-repudiation is a serious security issue in which any involved party denies having participated in a transaction. In this paper we propose and verify novel non-repudiation protocols for business transactions in a number of scenarios and specify them in BPEL. Our proposed protocols fulfill the requirements of security, fairness, protection and timeliness.

View PDFchevron_right
The Rigorous Implementation of a Fair Exchange Protocol for Non-repudiable Web Service Interactions - a case study
Paul Robinson

2007

The correct implementation of security protocols is a challenging task. To achieve a high degree of confidence in an implementation, as with any software, ideally one requires both: (i) a formal specification that has been subjected to verification, and (ii) tool support to generate an implementation from the verified specification. The formal specification and verification of security protocols has attracted considerable attention, with corresponding advances. However, the state of the art in the generation of implementations has not progressed beyond relatively simple protocols. This paper presents a case study on the implementation of a deterministically fair non-repudiation protocol. Such protocols are among the most complex of security protocols. Sub-protocols are typically required to guarantee timely termination. A trusted third party must be involved to guarantee fairness. Finally, to satisfy requirements such as non-repudiable audit, significant infrastructure support is needed. The case study demonstrates an improved approach to protocol implementation. Starting with a formal specification, a rigorous process with considerable tool support leads to the deployment of a protocol implementation in a flexible Web services-based execution framework. The paper concludes with an evaluation of the approach.

View PDFchevron_right
580 California St., Suite 400
San Francisco, CA, 94104
© 2025 Academia. All rights reserved