Cryptology ePrint Archive: Report 2018/127

Accountability in Security Protocols

Robert Künnemann and Deepak Garg and Michael Backes

Abstract: A promising paradigm in protocol design is to hold parties accountable for misbehavior, instead of postulating that they are trustworthy. Recent approaches in defining this property, called accountability, characterized malicious behavior as a deviation from the protocol that causes a violation of the desired security property, but did so under the assumption that all deviating parties are controlled by a single, centralized adversary. In this work, we investigate the setting where multiple parties can deviate with or without coordination in a variant of the applied-pi calculus.

We first demonstrate that, under realistic assumptions, it is impossible to determine all misbehaving parties; however, we show that accountability can be relaxed to exclude causal dependencies that arise from the behavior of deviating parties, and not from the protocol as specified. We map out the design space for the relaxation, point out protocol classes separating these notions and define conditions under which we can guarantee fairness and completeness. Most importantly, we discover under which circumstances it is correct to consider accountability in the single-adversary setting, where this property can be verified with off-the-shelf protocol verification tools.

Category / Keywords: foundations / accountability protocols verification

Original Publication (with minor differences): CSF 2021

Date: received 2 Feb 2018, last revised 11 Sep 2020

Contact author: robert at kunnemann de

Available format(s): PDF | BibTeX Citation

Note: During the review process, a change of the title to something more specific was asked for.

Version: 20200911:140241 (All versions of this report)

Short URL: ia.cr/2018/127


[ Cryptology ePrint archive ]