Solving Fair Exchange with Mobile Agents Henning Pagnia Holger Vogt - - PowerPoint PPT Presentation

solving fair exchange with mobile agents
SMART_READER_LITE
LIVE PREVIEW

Solving Fair Exchange with Mobile Agents Henning Pagnia Holger Vogt - - PowerPoint PPT Presentation

Mar 28, 2024 152 likes •511 views

1 Solving Fair Exchange with Mobile Agents Henning Pagnia Holger Vogt Felix G artner Darmstadt University of Technology, Germany { pagnia|holgervo|felix } @informatik.tu-darmstadt.de Uwe G. Wilhelm Swiss Federal Institute of Technology,

slide-1
SLIDE 1

1

Solving Fair Exchange with Mobile Agents

Henning Pagnia Holger Vogt Felix G¨ artner

Darmstadt University of Technology, Germany {pagnia|holgervo|felix}@informatik.tu-darmstadt.de

Uwe G. Wilhelm

Swiss Federal Institute of Technology, Lausanne, Switzerland Uwe.Wilhelm@epfl.ch

slide-2
SLIDE 2

1

Solving Fair Exchange with Mobile Agents

Henning Pagnia Holger Vogt Felix G¨ artner

Darmstadt University of Technology, Germany {pagnia|holgervo|felix}@informatik.tu-darmstadt.de

Uwe G. Wilhelm

Swiss Federal Institute of Technology, Lausanne, Switzerland Uwe.Wilhelm@epfl.ch

slide-3
SLIDE 3

2

Mobile agents and fair exchange

  • Autonomous

agents roam the web and perform electronic business transactions on behalf of the user.

  • Items (goods, payment) must be exchanged in a fair

manner.

  • Fair exchange problem = how to exchange items

between two parties without either party suffering a disadvantage.

  • Our contribution: three increasingly flexible solutions to

the problem using mobile agents.

slide-4
SLIDE 4

3

What’s the problem with fair exchange?

  • An “unfair” exchange protocol:
  • 1. Agent enters vendor’s host.
  • 2. Agent receives audio file.
  • 3. Agent pays electronically.
  • 4. Agent leaves host.

audio file $ electronic money

$

slide-5
SLIDE 5

3

What’s the problem with fair exchange?

  • An “unfair” exchange protocol:
  • 1. Agent enters vendor’s host.
  • 2. Agent receives audio file.
  • 3. Agent pays electronically.
  • 4. Agent leaves host.

audio file $ electronic money

$

slide-6
SLIDE 6

3

What’s the problem with fair exchange?

  • An “unfair” exchange protocol:
  • 1. Agent enters vendor’s host.
  • 2. Agent receives audio file.
  • 3. Agent pays electronically.
  • 4. Agent leaves host.

audio file $ electronic money

$

slide-7
SLIDE 7

3

What’s the problem with fair exchange?

  • An “unfair” exchange protocol:
  • 1. Agent enters vendor’s host.
  • 2. Agent receives audio file.
  • 3. Agent pays electronically.
  • 4. Agent leaves host.

audio file $ electronic money

$

slide-8
SLIDE 8

3

What’s the problem with fair exchange?

  • An “unfair” exchange protocol:
  • 1. Agent enters vendor’s host.
  • 2. Agent receives audio file.
  • 3. Agent pays electronically.
  • 4. Agent leaves host.

audio file $ electronic money

$

  • Visiting agent can run without paying (after step 2).
  • Vendor can kidnap agent (after step 3).
slide-9
SLIDE 9

4

Solution 1: locked room

  • Locked room protocol:
  • 1. Agents enter.
  • 2. Doors close, agents swap.
  • 3. Agents check and commit.
  • 4. Doors open, agents leave.
  • Ensure

that no information leaves the room!

  • Ensure that agents are destroyed

if one does not commit!

slide-10
SLIDE 10

4

Solution 1: locked room

  • Locked room protocol:
  • 1. Agents enter.
  • 2. Doors close, agents swap.
  • 3. Agents check and commit.
  • 4. Doors open, agents leave.
  • Ensure

that no information leaves the room!

  • Ensure that agents are destroyed

if one does not commit!

A B b a

slide-11
SLIDE 11

4

Solution 1: locked room

  • Locked room protocol:
  • 1. Agents enter.
  • 2. Doors close, agents swap.
  • 3. Agents check and commit.
  • 4. Doors open, agents leave.
  • Ensure

that no information leaves the room!

  • Ensure that agents are destroyed

if one does not commit!

B b a A

slide-12
SLIDE 12

4

Solution 1: locked room

  • Locked room protocol:
  • 1. Agents enter.
  • 2. Doors close, agents swap.
  • 3. Agents check and commit.
  • 4. Doors open, agents leave.
  • Ensure

that no information leaves the room!

  • Ensure that agents are destroyed

if one does not commit!

B a b A Commit Commit

slide-13
SLIDE 13

4

Solution 1: locked room

  • Locked room protocol:
  • 1. Agents enter.
  • 2. Doors close, agents swap.
  • 3. Agents check and commit.
  • 4. Doors open, agents leave.
  • Ensure

that no information leaves the room!

  • Ensure that agents are destroyed

if one does not commit!

B a A b

slide-14
SLIDE 14

4

Solution 1: locked room

  • Locked room protocol:
  • 1. Agents enter.
  • 2. Doors close, agents swap.
  • 3. Agents check and commit.
  • 4. Doors open, agents leave.
  • Ensure

that no information leaves the room!

  • Ensure that agents are destroyed

if one does not commit!

slide-15
SLIDE 15

5

Trusted Processing Environment (TPE)

  • Provides secure execution environment on tamper proof

hardware device.

Hardware OS VM I/O library Crypto library

TPE

  • 1

K

A1 An A2

Agent Owner TPE Owner Communication Infrastructure

  • Protect agents from host and agents from agents.
  • Must be fully certified.
slide-16
SLIDE 16

6

Implementation of solution 1

  • Protection guarantees formalized as policies associated

with underlying hardware.

  • Implement new fair exchange policy based on the

following operations: ⋆ BeginFairExchange(AgentId id) ⋆ CommitFairExchange() ⋆ AbortFairExchange()

  • TPE restricts communication during exchange and

destroys both agents if one doesn’t commit.

slide-17
SLIDE 17

7

Solutions 2 & 3: use fair exchange agent

  • Use an intermediate fair exchange agent (FEA) to

validate and swap items.

  • FEA performs exchange only if items are as expected.

b a B A

slide-18
SLIDE 18

7

Solutions 2 & 3: use fair exchange agent

  • Use an intermediate fair exchange agent (FEA) to

validate and swap items.

  • FEA performs exchange only if items are as expected.

b a B A FEA

slide-19
SLIDE 19

7

Solutions 2 & 3: use fair exchange agent

  • Use an intermediate fair exchange agent (FEA) to

validate and swap items.

  • FEA performs exchange only if items are as expected.

B A FEA a b

slide-20
SLIDE 20

7

Solutions 2 & 3: use fair exchange agent

  • Use an intermediate fair exchange agent (FEA) to

validate and swap items.

  • FEA performs exchange only if items are as expected.

B A FEA a b check(b) check(a)

slide-21
SLIDE 21

7

Solutions 2 & 3: use fair exchange agent

  • Use an intermediate fair exchange agent (FEA) to

validate and swap items.

  • FEA performs exchange only if items are as expected.

B A FEA b a

slide-22
SLIDE 22

7

Solutions 2 & 3: use fair exchange agent

  • Use an intermediate fair exchange agent (FEA) to

validate and swap items.

  • FEA performs exchange only if items are as expected.

B A FEA a b

slide-23
SLIDE 23

8

The check routine problem

  • Validation must be done inside FEA.
  • Agents devise specific check method.
  • Must ensure that no information leaks out of check

method = check routine problem.

  • Possible solutions:

⋆ Parametrized check routines. ⋆ Sandboxing. ⋆ . . .

slide-24
SLIDE 24

9

Solution 2

  • Let agents check the check routines and agree on a

mutually checked FEA.

  • Agents trust FEA because executed code is ensured to

be authentic.

  • Only generic TPE-policy of authentic code required (no

change of TPE necessary).

slide-25
SLIDE 25

9

Solution 2

  • Let agents check the check routines and agree on a

mutually checked FEA.

  • Agents trust FEA because executed code is ensured to

be authentic.

  • Only generic TPE-policy of authentic code required (no

change of TPE necessary).

slide-26
SLIDE 26

9

Solution 2

  • Let agents check the check routines and agree on a

mutually checked FEA.

  • Agents trust FEA because executed code is ensured to

be authentic.

  • Only generic TPE-policy of authentic code required (no

change of TPE necessary).

slide-27
SLIDE 27

10

Solution 3

  • Use a trusted “free-lance” FEA to perform swap.
  • FEA must be certified.
  • Only basic TPE functionality required.
slide-28
SLIDE 28

10

Solution 3

  • Use a trusted “free-lance” FEA to perform swap.
  • FEA must be certified.
  • Only basic TPE functionality required.
slide-29
SLIDE 29

10

Solution 3

  • Use a trusted “free-lance” FEA to perform swap.
  • FEA must be certified.
  • Only basic TPE functionality required.
slide-30
SLIDE 30

11

Solution summary and overview

Solution Fairness ensured by Requirements on TPE 1. Locked room TPE Specific fair exchange

  • perations

2. Authentic code FEA code checking generic authentic code 3. Free-lance FEA FEA provider basic protection

Complexity of TPE

slide-31
SLIDE 31

11

Solution summary and overview

Solution Fairness ensured by Requirements on TPE 1. Locked room TPE Specific fair exchange

  • perations

2. Authentic code FEA code checking generic authentic code 3. Free-lance FEA FEA provider basic protection

Complexity of TPE

slide-32
SLIDE 32

11

Solution summary and overview

Solution Fairness ensured by Requirements on TPE 1. Locked room TPE Specific fair exchange

  • perations

2. Authentic code FEA code checking generic authentic code 3. Free-lance FEA FEA provider basic protection

Complexity of TPE

slide-33
SLIDE 33

11

Solution summary and overview

Solution Fairness ensured by Requirements on TPE 1. Locked room TPE Specific fair exchange

  • perations

2. Authentic code FEA code checking generic authentic code 3. Free-lance FEA FEA provider basic protection

Complexity of TPE

slide-34
SLIDE 34

12

Advanced questions and future work

  • TPE ist still rather “fictional”: IBM 4758 PCI useable?
  • Adaption of protocols using other means to ensure

security possible, e.g. Smartcards (prior talk by G¨ unter Karjoth)?

  • In Solutions 2 & 3 the FEA plays the role of a “trusted

third party” (TTP). What constitutes a TTP and where is the TTP in solution 1?

slide-35
SLIDE 35

13

Acknowledgements

  • Slides

produced using “cutting edge” L

A

T EX slide processor PPower4 by Klaus Guntermann.