Fairness in electronic commerce

Abstract

Commerce over open networks like the Internet, sometimes referred to as electronic commerce, is becoming more widespread. This makes it important to study, and solve the security problems associated with electronic commerce. There are three prominent characteristics of commerce which are relevant in this respect. First, the crux of a commercial transaction is usually one or more exchanges of items of value. Second, players in a commercial transaction do not necessarily trust each other fully. Thus, protecting players from each other is as important as protecting them from outside attackers. Third, commercial transactions have legal significance. Therefore, it must be possible to gather sufficient evidence during the transaction to enable correctly behaving players to win any subsequent disputes.

This dissertation addresses the problem of fairness in electronic commerce. A system that does not discriminate against a correctly behaving player is said to be fair. Several protocols are proposed for performing exchanges fairly. The protocols are practical, and provide a high degree of fairness. The basic approach optimises for the common case that all players behave correctly. This is known as the optimistic approach. These protocols attempt to guarantee fairness during a protocol run. This is known as strong fairness. When strong fairness is not possible, one can fall back on gathering enough evidence so that fairness can be restored later by initiating a dispute. This is known as weak fairness. An analysis of the protocols leads to the conclusion that the exchange of generatable items can be guaranteed to be strongly fair. Various techniques to add generatability to items, including one technique which uses a cryptographic primitive called verifiable encryption are presented.

In the case of weak fairness, a subsequent dispute is necessary to restore fairness. In general, disputes can occur even after a correctly concluded transaction. Non-repudiation techniques are used to gather evidence that can be later used in disputes. A novel non-repudiation technique called server-supported signatures is proposed.

The issue of handling disputes in electronic commerce is complex and hitherto not well-understood. Some aspect of the problem, within the limited context of electronic payment systems, are addressed. First, a unified definition of electronic payment systems, called the generic payment service is presented. Based on the generic payment service, a uniform way to express payment dispute claims is proposed. The need for a coherent framework for handling disputes in electronic payment systems is motivated.