Check out the new USENIX Web site. next up previous
Next: PayTree: ``Amortized-Signature'' for Flexible Up: Session VII: Protocols Previous: Session VII: Protocols

A Protocol for Secure Transactions

Douglas H. Steves, Chris Edmondson-Yurkanan, and Mohamed Gouda, University of Texas, Austin

Douglas Steves opened the session on protocols. He and his co-authors are interested in secure transaction protocols as a means of achieving secure electronic commerce. They proposed a protocol with strong relational properties.

Doug started by contrasting secure communication protocols with secure transaction protocols. In secure communication protocols, the main concerns are privacy, authentication, integrity and non-repudiation. PGP and PEM are the best known examples of this class of protocols. SSL, SHTTP and SET, although they have the notion of sessions, do not establish relationships between the messages in a session, and are therefore considered examples of secure communication protocols.

According to Doug, message security properties are not enough for secure transactions. Relational properties that link the multiple actions in a transaction are crucial. He then identified three relational properties: atomicity, isolation, and causality. They are all present in the standard database (DB) theory and legal contracts. Atomicity and isolation have been discussed by Tygar and his colleagues, but causality is new here. Basically it says that it is not enough for two (or more) messages to be part of the same transaction; the ordering of these messages is important.

At this point, he opened a parenthesis and said that secure transaction protocols should lie underneath electronic commerce protocols. The question of role playing (who is the customer and who is the merchant), as well as forms of exchange media (credit cards or electronic cash) should all be part of this higher level. Close parenthesis.

Returning to the main focus of the talk, Doug said that the way that he looked at atomicity was different from the way that Tygar looked at it. Atomicity, for Tygar, appears in a concentrated form: both the commit and exchange of goods and money takes place in one point in time and space. Their view of atomicity is dispersed: commit and exchange are physically and logically separated, the exchange being dependent on the commit.

With respect to isolation, Doug Steves and his colleagues' definition is that all or none of the transaction messages are valid. In DB operations, isolation is guaranteed by the DB manager, which only allows the result of a transaction to be seen by the outside world when the transaction is complete. In a message exchange system, isolation is hard to guarantee, since messages sent over the network can be caught, copied and stored at will.

Causality was first discussed by Lamport, who introduced the notion of vector stamps to indicate the ordering of messages in distributed systems. Under this approach, the receiver of a message only knows the number of messages that have been sent and received previously by the sender, but does not know the contents of the messages. Authentication was added to vector stamps by Tygar and Smith. In 1993, Ken Birman proposed piggybacking messages on top of other messages, thus introducing a new form of causality where one can talk about the contents of previous messages. In 1996, Gong and Reiter combined Birman and Tygar and Smith's proposals and obtained secure causality. It is this form of causality that Doug Steves uses in his transaction protocol. Thus, when committing to a transaction, the protocol commits to the messages of the transaction and to the order of the messages in the transaction.

The protocol that Doug Steves and his colleagues have implemented proceeds in three phases (initiation, exchange and termination) and uses half-duplex communication. Atomicity and isolation are achieved via the two-phase commit mechanism, and causality is achieved via Gong and Reiter's mechanism.

During the question period, someone stated that SET also satisfies isolation, atomicity and causality. When asked how his protocol differs from Gong and Reiter's, Doug said that Gong and Reiter did not address atomicity and isolation.

next up previous
Next: PayTree: ``Amortized-Signature'' for Flexible Up: Session VII: Protocols Previous: Session VII: Protocols
Alma Whitten