The Rigorous Implementation of a Fair Exchange Protocol for Non-repudiable Web Service Interactions — a case study Nick Cook 1 , Paul Robinson 2 and Santosh Shrivastava 1 1 School of Computing Science, Newcastle University, NE1 7RU, UK {nick.cook, santosh.shrivastava}@ncl.ac.uk 2 Arjuna Technologies, Newcastle upon Tyne, NE1 7RU, UK paul.robinson@arjuna.com Abstract The correct implementation of security protocols is a challenging task. To achieve a high degree of confidence in an implementation, as with any software, ideally one requires both: (i) a formal specification that has been subjected to verification, and (ii) tool support to generate an implementation from the verified specification. The formal specification and verification of security protocols has attracted considerable attention, with corresponding advances. However, the state of the art in the generation of implementations has not progressed beyond relatively simple protocols. This paper presents a case study on the implementation of a deterministically fair non-repudiation protocol. Such protocols are among the most complex of security protocols. Sub-protocols are typically required to guarantee timely termination. A trusted third party must be involved to guarantee fairness. Finally, to satisfy requirements such as non-repudiable audit, significant infrastructure support is needed. The case study demonstrates an improved approach to protocol implementation. Starting with a formal specification, a rigorous process with considerable tool support leads to the deployment of a protocol implementation in a flexible Web services-based execution framework. The paper concludes with an evaluation of the approach. Keywords: security, non-repudiation, middleware, B2B interaction, Web services, XML processing 1. Introduction There is an increasing trend for organisations to expose business processes as services for use by partner organisations. This trend provides new opportunities for organisations to collaborate to achieve common goals. An example is the formation of virtual organisations that compose new services from existing service offerings to develop new cross-organisational business processes. In this context, important requirements include the mutual authentication of business partners, that evidence is generated to hold parties to account for their actions and that there is acknowledgement of delivery on commitments to collaborative ventures. Such requirements are met through the execution of security protocols between interacting entities. Figure 1. Business message exchange Figure 1 shows a typical interaction between two parties. Party A sends a business message to party B and B provides an acknowledgement of receipt (ack) in return. Exchanges of this type are the basis for standardised business conversations such as RosettaNet PIPs [1]. Now, consider the scenario in which A and B do not unguardedly trust each other and either party may misbehave in some way. For example, B may receive the business message from A but decline to provide the ack. This is the selective receipt problem and places A at a disadvantage. Also, unless there is irrefutable evidence of the origin of A's message, A is able to subsequently deny their involvement in the exchange. Similarly, irrefutable evidence of the origin of the ack is required to subsequently demonstrate B's involvement. To address these problems and, thereby, safeguard the interests of both A and B, the simple business message exchange should be made both fair and non-repudiable. Informally, fairness is the property that well-behaved parties are not disadvantaged by the misbehaviour of other parties. Non-repudiation is the property that an action or event cannot subsequently be denied. A number of protocols have been proposed to solve the fair exchange problem (see [2] and [3] for 307 1-4244-0832-6/07/$20.00 ©2007 IEEE.