The project offers irrefutable evidence for electronic communication, hence protects users from reneging parties of online transactions.
Problem addressed
Existing security services on the Internet (e.g., the Secure Socket
Layer or SSL protocol) can protect communication from eavesdropping,
tampering and forgery by external parties. However, they do not
protect clients of online transactions from reneging servers. For
example, suppose that a user purchases an item at a merchant's web
site, and the merchant claims that it will deliver the item in three
days. How can the user later prove that she saw a web page from the
merchant's site promising that delivery?
Therefore, a scheme is needed to provide irrefutable evidence of
electronic communication. Such a scheme needs to have convincing
argument that the client had not forged the evidence. It needs to be
easily deployable in the web, a very large and hard-to-change
system. Therefore, the scheme should not require any change on
existing servers, who have little incentive to provide the
evidence. The scheme should also maintain privacy in existing secure
communication.
Our Contribution
We have designed a scheme that allows a client to prove its
Communication with the server. It ensures that clients cannot fabricate false
evidence, so that the generated proofs are trustworthy. It works
generally for any communication on top of SSL. It follows our
principle of easy deployment in that no change is required in any of the
server's contents or protocols. The scheme respects privacy of the
client, in that the content of the communication is never revealed to
parties other than the client and the server.
We have implemented a prototype and tested it in a variety of
experiments.
For more information contact: Minwen Ji
|
printable version
