Formal Verification of e-Reputation Protocols

详细信息    查看全文

• 作者：Ali Kassem (18)
  Pascal Lafourcade (17)
  Yassine Lakhnech (18)
  
  18. CNRS ; VERIMAG ; Universit茅 Grenoble Alpes ; Saint-Martin-d鈥橦猫res ; France
  17. LIMOS ; Universit茅 d鈥橝uvergne ; Clermont-ferrand ; France
  
• 关键词：Reputation protocols ; Formal verification ; Privacy ; Authentication ; Verifiability ; Applied pi ; calculus ; ProVerif
• 刊名：Lecture Notes in Computer Science
• 出版年：2015
• 出版时间：2015
• 年：2015
• 卷：8930
• 期：1
• 页码：247-261
• 全文大小：208 KB
• 参考文献：1. Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Hankin, C., Schmidt, D. (eds.) POPL, pp. 104鈥?15. ACM (2001)
  2. Anceaume, E., Guette, G., Lajoie-Mazenc, P., Prigent, N., Tong, V.V.T.: A privacy preserving distributed reputation mechanism. In: ICC, pp. 1951鈥?956. IEEE (2013)
  3. Anceaume, E, Guette, G, Lajoie-Mazenc, P, Sirvent, T, Viet Triem Tong, V Extending signatures of reputation. In: ditors">Hansen, M, Hoepman, J-H, Leenes, R, Whitehouse, D eds. (2014) Privacy and Identity Management for Emerging Services and Technologies. Springer, Heidelberg, pp. 165-176 dx.doi.org/10.1007/978-3-642-55137-6_13" target="_blank" title="It opens in new window">CrossRef
  4. Androulaki, E, Choi, SG, Bellovin, SM, Malkin, T Reputation systems for anonymous networks. In: ditors">Borisov, N, Goldberg, I eds. (2008) Privacy Enhancing Technologies. Springer, Heidelberg, pp. 202-218 dx.doi.org/10.1007/978-3-540-70630-4_13" target="_blank" title="It opens in new window">CrossRef
  5. Backes, M., Hritcu, C., Maffei, M.: Automated verification of remote electronic voting protocols in the applied pi-calculus. In: CSF, pp. 195鈥?09 (2008)
  6. Bethencourt, J, Shi, E, Song, D Signatures of reputation. In: ditors">Sion, R eds. (2010) Financial Cryptography and Data Security. Springer, Heidelberg, pp. 400-407 dx.doi.org/10.1007/978-3-642-14577-3_35" target="_blank" title="It opens in new window">CrossRef
  7. Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: 14th IEEE Computer Security Foundations Workshop (CSFW-14 2001), Cape Breton, Nova Scotia, Canada, 11鈥?3 June 2001, pp. 82鈥?6. IEEE Computer Society (2001)
  8. Carrara, E., Hogben, G.: Reputation-based systems: a security analysis (2007)
  9. Delaune, S, Kremer, S, Ryan, M (2009) Verifying privacy-type properties of electronic voting protocols. J. Comput. Secur. 17: pp. 435-487
  10. Dellarocas, C.: Immunizing online reputation reporting systems against unfair ratings and discriminatory behavior. In: EC, pp. 150鈥?57 (2000)
  11. Dolev, D, Yao, AC (1983) On the security of public key protocols. IEEE Trans. Inf. Theory 29: pp. 198-208 dx.doi.org/10.1109/TIT.1983.1056650" target="_blank" title="It opens in new window">CrossRef
  12. Dong, N, Jonker, H, Pang, J Analysis of a receipt-free auction protocol in the applied pi calculus. In: ditors">Degano, P, Etalle, S, Guttman, J eds. (2011) Formal Aspects of Security and Trust. Springer, Heidelberg, pp. 223-238 dx.doi.org/10.1007/978-3-642-19751-2_15" target="_blank" title="It opens in new window">CrossRef
  13. Douceur, JR The sybil attack. In: ditors">Druschel, P, Kaashoek, MF, Rowstron, A eds. (2002) Peer-to-Peer Systems. Springer, Heidelberg, pp. 251-260 dx.doi.org/10.1007/3-540-45748-8_24" target="_blank" title="It opens in new window">CrossRef
  14. Dreier, J., Giustolisi, R., Kassem, A., Lafourcade, P., Lenzini, G., Ryan, P.Y.A.: Formal analysis of electronic exams. In: Samarati, P. (ed.) SECRYPT 2014 - Proceedings of the 11th International Conference on Security and Cryptography, Vienna, Austria, 28鈥?0 August, 2014. SciTePress (2014)
  15. Dreier, J., Jonker, H., Lafourcade, P.: Defining verifiability in e-auction protocols. In: Chen, K., Xie, Q., Qiu, W., Li, N., Tzeng, W.-G. (eds.) ASIACCS, pp. 547鈥?52. ACM (2013)
  16. Dreier, J, Lafourcade, P, Lakhnech, Y Vote-independence: a powerful privacy notion for voting protocols. In: ditors">Garcia-Alfaro, J, Lafourcade, P eds. (2012) Foundations and Practice of Security. Springer, Heidelberg, pp. 164-180 dx.doi.org/10.1007/978-3-642-27901-0_13" target="_blank" title="It opens in new window">CrossRef
  17. Dreier, J., Lafourcade, P., Lakhnech, Y.: A formal taxonomy of privacy in voting protocols. In: ICC, pp. 6710鈥?715 (2012)
  18. Dreier, J, Lafourcade, P, Lakhnech, Y Formal verification of e-Auction protocols. In: ditors">Basin, D, Mitchell, JC eds. (2013) Principles of Security and Trust. Springer, Heidelberg, pp. 247-266 dx.doi.org/10.1007/978-3-642-36830-1_13" target="_blank" title="It opens in new window">CrossRef
  19. Hasan, O, Brunie, L, Bertino, E, Shang, N (2013) A decentralized privacy preserving reputation protocol for the malicious adversarial model. IEEE Trans. Inf. Forensics Secur. 8: pp. 949-962 dx.doi.org/10.1109/TIFS.2013.2258914" target="_blank" title="It opens in new window">CrossRef
  20. K眉sters, R, Truderung, T (2011) Reducing protocol analysis with xor to the xor-free case in the horn theory based approach. J. Autom. Reasoning 46: pp. 325-352 dx.doi.org/10.1007/s10817-010-9188-8" target="_blank" title="It opens in new window">CrossRef
  21. Pavlov, E, Rosenschein, JS, Topol, Z Supporting privacy in decentralized additive reputation systems. In: ditors">Jensen, C, Poslad, S, Dimitrakos, T eds. (2004) Trust Management. Springer, Heidelberg, pp. 108-119 dx.doi.org/10.1007/978-3-540-24747-0_9" target="_blank" title="It opens in new window">CrossRef
  22. Resnick, P., Zeckhauser, R.: Trust among strangers in internet transactions: Empirical analysis of ebay鈥檚 reputation system. In: Baye, M.R. (ed.) The Economics of the Internet and E-commerce (Advances in Applied Microeconomics), vol. 11, pp. 127鈥?57. Emerald Group Publishing Limited (2002)
  23. Ryan, M., Smyth, B.: Applied pi calculus. In: Formal Models and Techniques for Analyzing Security Protocols, chapt. 6. IOS Press (2011)
  24. Steinbrecher, S Design options for privacy-respecting reputation systems within centralised internet communities. In: ditors">Fischer-H眉bner, S, Rannenberg, K, Yngstr枚m, L, Lindskog, S eds. (2006) Security and Privacy in Dynamic Environments. Springer, Boston, pp. 123-134 dx.doi.org/10.1007/0-387-33406-8_11" target="_blank" title="It opens in new window">CrossRef
  25. Steinbrecher, S Enhancing multilateral security in and by reputation systems. In: ditors">Maty谩拧, V, Fischer-H眉bner, S, Cvr膷ek, D, 艩venda, P eds. (2009) The Future of Identity in the Information Society. Springer, Heidelberg, pp. 135-150 dx.doi.org/10.1007/978-3-642-03315-5_10" target="_blank" title="It opens in new window">CrossRef
  
• 作者单位：Foundations and Practice of Security
• 丛书名：978-3-319-17039-8
• 刊物类别：Computer Science
• 刊物主题：Artificial Intelligence and Robotics
  Computer Communication Networks
  Software Engineering
  Data Encryption
  Database Management
  Computation by Abstract Devices
  Algorithm Analysis and Problem Complexity
  
• 出版者：Springer Berlin / Heidelberg
• ISSN：1611-3349

文摘

Reputation systems are often useful in large online communities in which most of the users are unknown to each other. They are good tools to force the users to act in truthfulness way. However, for a reputation system to work effectively users have to be willing to provide rates. In order to incentivize the users to provide honest rates, a reputation system have to ensure their privacy and anonymity. Users are also concerned about verifying the correctness of the reputation score. In the applied pi-calculus, we define a formal framework and several fundamental privacy, authentication, and verifiability properties suitable for the security analysis of e-reputation protocols. As proof of concept, using ProVerif, we analyze a simple additive decentralized reputation protocol proposed to ensure rate privacy if all users are honest.