Fabio Piva - Academia.edu (original) (raw)
Papers by Fabio Piva
Proceedings of the International Conference on Security and Cryptography, 2011
Fair exchange protocols have been widely studied since their proposal, but are still not implemen... more Fair exchange protocols have been widely studied since their proposal, but are still not implemented on most e-commerce transactions available. For several types of digital items (e-goods), the current e-commerce business models fail to provide fairness to customers. The item validation problem is a critical step in fair exchange, and is yet to receive the proper attention from researchers. We believe these issues should be addressed in a comprehensive and integrated fashion before fair exchange protocols can be effectively deployed in the marketplace. This is the aim of our research, and drawing attention to these problems and possible solutions is the goal of this paper.
We compare three formal verification techniques for cryptographic protocols: BAN and SVO logics, ... more We compare three formal verification techniques for cryptographic protocols: BAN and SVO logics, and strand spaces, identifying some weaknesses of these logics and advantages of strand spaces. We also present new proofs of modified Yahalom, modified Kerberos and Woo-Lam Π.
In this work we use our proposed adaptation of the strand spaces method in the analysis of a fair... more In this work we use our proposed adaptation of the strand spaces method in the analysis of a fair exchange protocol for payment, proposed in [Zuo and Li 2005]. The protocol fails to provide timeliness and fairness to the buyer (Downloader), and four previously unreported attacks are traced regarding those properties. This is a continuation of the work started in [Piva et al. 2006].
Although fair exchange protocols are being widely implemented, there are few formal methods able ... more Although fair exchange protocols are being widely implemented, there are few formal methods able to verify them. This work introduces the strand spaces method for verifying certified mail delivery protocols, a subclass of fair exchange protocols. Three fair exchange properties are verified: effectiveness, verifiability of TTP and timeliness. For effectiveness and verifiability we used the FPH protocol [Ferrer-Gomila et al. 2000]; for timeliness we use the ZDB protocol [Zhou et al. 1999]. We show that strand spaces can be applied to fair exchange protocols, and present an additional attack to the FPH protocol which was not previously reported.
Os protocolos de trocas justas foram propostos como solucao para o problema da troca de itens vir... more Os protocolos de trocas justas foram propostos como solucao para o problema da troca de itens virtuais, entre duas ou mais entidades, sem que haja a necessidade de confianca entre elas. A popularizacao da internet criou uma crescente classe de usuarios leigos que diariamente participam de transacoes de troca, como comercio eletronico (e-commerce), internet banking, redes ponto-a-ponto (P2P), etc. Com tal demanda por justica, e preciso garantir que os protocolos de trocas justas recebam a mesma atencao academica dedicada aos protocolos classicos. Neste contexto, fazem-se necessarias diretrizes de projeto, ferramentas de verificacao, taxonomias de ataques e quaisquer outros artefatos que possam auxiliar na composicao de protocolos sem falhas. Neste trabalho, apresentamos um estudo sobre o problema de trocas justas e o atual estado da arte das solucoes propostas, bem como a possibilidade de criar, a partir de tecnicas para a verificacao formal e deteccao de falhas em protocolos classicos, metodologias para projeto e correcao de protocolos de trocas justas Abstract
2015 28th SIBGRAPI Conference on Graphics, Patterns and Images, 2015
In this paper we address video-on-demand (VOD) scenarios. Initially, we discuss how previous resu... more In this paper we address video-on-demand (VOD) scenarios. Initially, we discuss how previous results on the unsuitability of the current adopted business model for the e-commerce of digital items affects VOD services. Then, we propose a reversible degradation method in order to address the lack of an accurate item validation step in current e-commerce implementations, thus providing robustness against mistaken purchases, the proposed method exploits the Scalable Video Coding (SVC) extension of the H.264/AVC standard. Finally, we illustrate how the proposed validation method can be used as a component for fair exchange protocol design, with the purpose of enabling unambiguous dispute resolution for unsatisfied buyers.
2014 IEEE Brasil RFID, 2014
In this work, we propose a new model for mobile commerce (m-commerce), which allows users to purc... more In this work, we propose a new model for mobile commerce (m-commerce), which allows users to purchase products on physical stores in a fully decentralized, unassisted fashion. We introduce a new type of electronic article surveillance (EAS) tag, embedded with near field communication (NFC) capabilities, which can be disabled by the user's own mobile device - provided that online payment has been completed1. Our goal is to provide enhanced quality of service for the end-user, by allowing buyers to perform purchases and payments in retail stores without the need of any form of checkout counters.
Anais do IV SBSeg, …, 2006
Applicable Algebra in Engineering, Communication and Computing, 2013
Network and Service …, 2009
In this paper we discuss the often overlooked timeliness property of fair exchange protocols. We ... more In this paper we discuss the often overlooked timeliness property of fair exchange protocols. We gather different available definitions of this property, and propose a new and stronger interpretation for timeliness in the context of security protocols. We discuss common timeliness-related pitfalls in fair exchange protocol design, and show a particular timeliness attack effective in several optimistic protocols proposed in the literature. Finally, we provide guidelines that may help to avoid common mistakes in protocol design, and propose our own protocol that ensures both fairness and timeliness.
Anais do VII SBSeg, …, 2007
In this work we use our proposed adaptation of the strand spaces method in the analysis of a fair... more In this work we use our proposed adaptation of the strand spaces method in the analysis of a fair exchange protocol for payment, proposed in [Zuo and Li 2005]. The protocol fails to provide timeliness and fairness to the buyer (Downloader), and four.
O projeto de solucoes criptograficas seguras a partir de uma perspectiva puramente teorica nao e ... more O projeto de solucoes criptograficas seguras a partir de uma perspectiva puramente teorica nao e suficiente para garantir seu sucesso em cenarios realistas. Diversas vezes, as premissas sob as quais estas solucoes sao propostas nao poderiam estar mais longe das necessidades do mundo real. Um aspecto frequentemente esquecido, que pode influenciar em como a solucao se sai ao ser integrada, e a forma como o usuario final interage com ela (i.e., fatores humanos). Neste trabalho, estudamos este problema atraves da analise de dois cenarios de aplicacao bem conhecidos da pesquisa em Seguranca da Informacao: O comercio eletronico de itens digitais e Internet banking. Protocolos de trocas justas tem sido amplamente estudados, mas continuam nao sendo implementados na maioria das transacoes de comercio eletronico disponiveis. Para diversos tipos de itens digitais (e-goods), o modelo de negocios atual para comercio eletronico falha em garantir justica aos clientes. A validacao de itens e um passo critico em trocas justas, e recebeu pouca atencao dos pesquisadores. Nos acreditamos que estes problemas devam ser abordados de forma integrada, para que os protocolos de trocas justas possam ser efetivamente implementados no mercado. De forma geral, acreditamos tambem que isso seja um reflexo de paradigmas de projeto orientado a sistemas para solucoes de seguranca, que sao centrados em dados em vez de usuarios, o que resulta em metodos e tecnicas que frequentemente desconsideram os requisitos de usuarios. Contextualizamos como, ao subestimar as sutilezas do problema da validacao de itens, o modelo atual para compra e venda de itens digitais falha em garantir sucesso, na perspectiva dos compradores, para as transacoes ? sendo, portanto, injusto por definicao. Tambem introduzimos o conceito de Degradacao Reversivel, um metodo que inerentemente inclui o passo de validacao de itens em transacoes de compra e venda com a finalidade de mitigar os problemas apresentados. Como prova-de-conceito, produzimos uma implementacao de Degradacao Reversivel baseada em codigos corretores de erros sistematicos (SECCs), destinada a conteudo multimidia. Este metodo e tambem o subproduto de uma tentativa de incluir os requisitos do usuario no processo de construcao de metodos criptograficos, uma abordagem que, em seguida, evoluimos para o denominado projeto de protocolos orientado a itens. De uma perspectiva semelhante, tambem propomos um metodo inovador para a autenticacao de usuarios e de transacoes para cenarios de Internet Banking. O metodo proposto, baseado em Criptografia Visual, leva em conta tanto requisitos tecnicos quanto de usuario, e cabe como um componente seguro - e intuitivo - para cenarios praticos de autenticacao de transacoes. Abstract
Proceedings of the International Conference on Security and Cryptography, 2011
Fair exchange protocols have been widely studied since their proposal, but are still not implemen... more Fair exchange protocols have been widely studied since their proposal, but are still not implemented on most e-commerce transactions available. For several types of digital items (e-goods), the current e-commerce business models fail to provide fairness to customers. The item validation problem is a critical step in fair exchange, and is yet to receive the proper attention from researchers. We believe these issues should be addressed in a comprehensive and integrated fashion before fair exchange protocols can be effectively deployed in the marketplace. This is the aim of our research, and drawing attention to these problems and possible solutions is the goal of this paper.
We compare three formal verification techniques for cryptographic protocols: BAN and SVO logics, ... more We compare three formal verification techniques for cryptographic protocols: BAN and SVO logics, and strand spaces, identifying some weaknesses of these logics and advantages of strand spaces. We also present new proofs of modified Yahalom, modified Kerberos and Woo-Lam Π.
In this work we use our proposed adaptation of the strand spaces method in the analysis of a fair... more In this work we use our proposed adaptation of the strand spaces method in the analysis of a fair exchange protocol for payment, proposed in [Zuo and Li 2005]. The protocol fails to provide timeliness and fairness to the buyer (Downloader), and four previously unreported attacks are traced regarding those properties. This is a continuation of the work started in [Piva et al. 2006].
Although fair exchange protocols are being widely implemented, there are few formal methods able ... more Although fair exchange protocols are being widely implemented, there are few formal methods able to verify them. This work introduces the strand spaces method for verifying certified mail delivery protocols, a subclass of fair exchange protocols. Three fair exchange properties are verified: effectiveness, verifiability of TTP and timeliness. For effectiveness and verifiability we used the FPH protocol [Ferrer-Gomila et al. 2000]; for timeliness we use the ZDB protocol [Zhou et al. 1999]. We show that strand spaces can be applied to fair exchange protocols, and present an additional attack to the FPH protocol which was not previously reported.
Os protocolos de trocas justas foram propostos como solucao para o problema da troca de itens vir... more Os protocolos de trocas justas foram propostos como solucao para o problema da troca de itens virtuais, entre duas ou mais entidades, sem que haja a necessidade de confianca entre elas. A popularizacao da internet criou uma crescente classe de usuarios leigos que diariamente participam de transacoes de troca, como comercio eletronico (e-commerce), internet banking, redes ponto-a-ponto (P2P), etc. Com tal demanda por justica, e preciso garantir que os protocolos de trocas justas recebam a mesma atencao academica dedicada aos protocolos classicos. Neste contexto, fazem-se necessarias diretrizes de projeto, ferramentas de verificacao, taxonomias de ataques e quaisquer outros artefatos que possam auxiliar na composicao de protocolos sem falhas. Neste trabalho, apresentamos um estudo sobre o problema de trocas justas e o atual estado da arte das solucoes propostas, bem como a possibilidade de criar, a partir de tecnicas para a verificacao formal e deteccao de falhas em protocolos classicos, metodologias para projeto e correcao de protocolos de trocas justas Abstract
2015 28th SIBGRAPI Conference on Graphics, Patterns and Images, 2015
In this paper we address video-on-demand (VOD) scenarios. Initially, we discuss how previous resu... more In this paper we address video-on-demand (VOD) scenarios. Initially, we discuss how previous results on the unsuitability of the current adopted business model for the e-commerce of digital items affects VOD services. Then, we propose a reversible degradation method in order to address the lack of an accurate item validation step in current e-commerce implementations, thus providing robustness against mistaken purchases, the proposed method exploits the Scalable Video Coding (SVC) extension of the H.264/AVC standard. Finally, we illustrate how the proposed validation method can be used as a component for fair exchange protocol design, with the purpose of enabling unambiguous dispute resolution for unsatisfied buyers.
2014 IEEE Brasil RFID, 2014
In this work, we propose a new model for mobile commerce (m-commerce), which allows users to purc... more In this work, we propose a new model for mobile commerce (m-commerce), which allows users to purchase products on physical stores in a fully decentralized, unassisted fashion. We introduce a new type of electronic article surveillance (EAS) tag, embedded with near field communication (NFC) capabilities, which can be disabled by the user's own mobile device - provided that online payment has been completed1. Our goal is to provide enhanced quality of service for the end-user, by allowing buyers to perform purchases and payments in retail stores without the need of any form of checkout counters.
Anais do IV SBSeg, …, 2006
Applicable Algebra in Engineering, Communication and Computing, 2013
Network and Service …, 2009
In this paper we discuss the often overlooked timeliness property of fair exchange protocols. We ... more In this paper we discuss the often overlooked timeliness property of fair exchange protocols. We gather different available definitions of this property, and propose a new and stronger interpretation for timeliness in the context of security protocols. We discuss common timeliness-related pitfalls in fair exchange protocol design, and show a particular timeliness attack effective in several optimistic protocols proposed in the literature. Finally, we provide guidelines that may help to avoid common mistakes in protocol design, and propose our own protocol that ensures both fairness and timeliness.
Anais do VII SBSeg, …, 2007
In this work we use our proposed adaptation of the strand spaces method in the analysis of a fair... more In this work we use our proposed adaptation of the strand spaces method in the analysis of a fair exchange protocol for payment, proposed in [Zuo and Li 2005]. The protocol fails to provide timeliness and fairness to the buyer (Downloader), and four.
O projeto de solucoes criptograficas seguras a partir de uma perspectiva puramente teorica nao e ... more O projeto de solucoes criptograficas seguras a partir de uma perspectiva puramente teorica nao e suficiente para garantir seu sucesso em cenarios realistas. Diversas vezes, as premissas sob as quais estas solucoes sao propostas nao poderiam estar mais longe das necessidades do mundo real. Um aspecto frequentemente esquecido, que pode influenciar em como a solucao se sai ao ser integrada, e a forma como o usuario final interage com ela (i.e., fatores humanos). Neste trabalho, estudamos este problema atraves da analise de dois cenarios de aplicacao bem conhecidos da pesquisa em Seguranca da Informacao: O comercio eletronico de itens digitais e Internet banking. Protocolos de trocas justas tem sido amplamente estudados, mas continuam nao sendo implementados na maioria das transacoes de comercio eletronico disponiveis. Para diversos tipos de itens digitais (e-goods), o modelo de negocios atual para comercio eletronico falha em garantir justica aos clientes. A validacao de itens e um passo critico em trocas justas, e recebeu pouca atencao dos pesquisadores. Nos acreditamos que estes problemas devam ser abordados de forma integrada, para que os protocolos de trocas justas possam ser efetivamente implementados no mercado. De forma geral, acreditamos tambem que isso seja um reflexo de paradigmas de projeto orientado a sistemas para solucoes de seguranca, que sao centrados em dados em vez de usuarios, o que resulta em metodos e tecnicas que frequentemente desconsideram os requisitos de usuarios. Contextualizamos como, ao subestimar as sutilezas do problema da validacao de itens, o modelo atual para compra e venda de itens digitais falha em garantir sucesso, na perspectiva dos compradores, para as transacoes ? sendo, portanto, injusto por definicao. Tambem introduzimos o conceito de Degradacao Reversivel, um metodo que inerentemente inclui o passo de validacao de itens em transacoes de compra e venda com a finalidade de mitigar os problemas apresentados. Como prova-de-conceito, produzimos uma implementacao de Degradacao Reversivel baseada em codigos corretores de erros sistematicos (SECCs), destinada a conteudo multimidia. Este metodo e tambem o subproduto de uma tentativa de incluir os requisitos do usuario no processo de construcao de metodos criptograficos, uma abordagem que, em seguida, evoluimos para o denominado projeto de protocolos orientado a itens. De uma perspectiva semelhante, tambem propomos um metodo inovador para a autenticacao de usuarios e de transacoes para cenarios de Internet Banking. O metodo proposto, baseado em Criptografia Visual, leva em conta tanto requisitos tecnicos quanto de usuario, e cabe como um componente seguro - e intuitivo - para cenarios praticos de autenticacao de transacoes. Abstract