Paper 2018/127

Accountability in Security Protocols

Robert Künnemann and Deepak Garg and Michael Backes

Abstract

A new paradigm in secure protocol design is to hold parties accountable for misbehaviour instead of postulating that they are trustworthy. Recent approaches in defining this property, called accountability, have highlighted the difficulty of characterising malicious behaviour. So far, no satisfactory solution has been found. Consequently, existing definitions are either not truly protocol agnostic or require complete monitoring of all parties. To our knowledge, this work is the first to formalize misbehavior in the following sense: a deviation from the behaviour prescribed by the protocol that caused a security violation. We propose a definition for the case where it is known which parties deviated in which respect, and extend this definition to the case where neither these deviations are known, nor the complete trace of the protocol. We point out that, under realistic assumptions, it is impossible to determine all misbehaving parties, however, we show that completeness can be relaxed to exclude spurious causal dependencies. We demonstrate the use of our definition with two case studies, a delegation protocol with a central trusted authority, and an actual accountability protocol from the literature. In both cases, we discover accountability violations and apply our definition to the fixed protocols.