Accountability in Electronic Negotiations
Description of the Research PropositionEven the simplest forms of trading have a negotiation phase and a subsequent contract establishment and payment phase. So far, at e-commerce sites only relatively simple negotiation, contract signing and payment scenarios can be found. Most sites offer little beyond browsing catalogues by way of negotiating, while contract signing and payment tends to consist of entering a credit card number and clicking accept. The trust in these sites is largely built on the trust users have in the credit card companies, which keep records and in case of a problem organize a refund.
More complex negotiation and payment scenarios are emerging, for instance
through auction sites, but also in the quite different context of cooperating
agent platforms. For instance, in the case of e-procurement there may be
a buyer and many suppliers engaged in a multi-round negotiation where new
conditions can be discussed at each round until agreement is reached.
Complexity raises not only due to demand of more sophisticated and flexible applications and services, but also due to new and challenging network scenarios that we will consider in our research. In particular we will consider applications and services that can be used in different and scenarios as ad-hoc networks mobile and not, wireless network, sensors networks, ambient intelligence, etc.. Thus, we have to design security services and protocols that could run in a wide variety of contexts possibly with stringent requirements both in term of bandwidth and in term of user capability (i.e. processing, power, memory, etc.)
Research ProblemsAccountability as a foundation for building trust is a crucial factor for determining the success of more complex e-business services. Two important building blocks to achieve accountability are non-repudiaton and fairness. Repudiation is the denial of a previously uttered statement. Consider the case where agent A sends a message to agent B; specific protocols have been designed to guarantee that agent A cannot deny having sent the message (NRS non-repudiation of submission) and that that message was his (NRO non-repudiation of origin), and that agent B cannot deny having received it (NRR non-repudiation of receipt).
This evidence is based on digital signatures. One of the major problems in these protocols arises when we want to achieve fairness, i.e. avoid that one of the entities gets its evidence without the other one being able to also get its evidence. Different partial solutions have been proposed, which are generally divided into two classes, according to whether they use a trusted third party (TTP) or not. The approach without TTP is either based on a gradual release of knowledge or on probabilistic protocols. Protocols based on the idea of a gradual exchange require that all involved parties have equivalent computational power; this hypothesis, however, is unrealistic. Probabilistic protocols generally overcome this first problem, but are inefficient due to the large number of messages that need to be sent.
In the case of a TTP, a possible scenario is to first send each message to the TTP, who acts as an intermediary to assure delivery. The major problem of this approach is the network and communication bottleneck, created at the TTP. The first objective of the project is the design of authentication infrastructure that could provide directly or indirectly the TTP's trust services necessary to support electronic negotiations in typical ubiquitous computing scenarios.
In most non-repudiation and fair exchange protocols the TTP is not accountable for possible errors or failures. This is a crucial problem that, if left unresolved, would prevent a widespread deployment of such techniques. It is an open question whether it is at all possible to devise a negotiation protocol in which the TTP is accountable for its mistakes. A second objective is thus to devise new protocols which ensure accountability of the TTP (as much as possible). In particular, we will study distributed or hierarchical TTPs, where the problem of accountability becomes even more complex.
The project include also important aspects of formal verification
and correctness of the architecture, the services and the security protocols
proposed within the project. These formal aspects of the project will be
carried out by the Embedded
System Group at CWI and the Distributed
and Embedded System Group at the University of Twente with which we
closely collaborate for the execution of this project.
FundingThe project is funded by the Netherlands Organisation of Scientific Research (NWO) .
QualificationsCandidates for the PhD position should have an MSc (or equivalent) degree in computer science or a closely related area. A good system and network background and an open attitude to real applications are considered advantages.
You enjoy working in an internationally oriented research environment. Communicative skills and the ability to work in a team are important.
Appointment and salaryThe PhD student will be appointed for a period of four years and in accordance with salary regulations for academic personnel he will receive a gross monthly salary starting from 1.668 Euro (first year) up to 2.347 Euro (fourth year). As part of their training he will be enrolled for the courses of the Dutch graduate school ASCI (Advanced School for Computing and Imaging).
EnvironmentThe Computer Systems Section does research and teaching in the areas of distributed systems, advanced Internet applications, parallel programming, security, agents, and related areas. We have eight faculty members and numerous postdocs and Ph.D. students covering many nationalities. Our research is motivated by solving real problems that may have a wide and general impact in real life. Our group has a proven history of very successful PhDs some of which followed the academic strand while other have been appointed in well known commercial companies. We tend to demonstrate the feasibility of our research ideas by building prototypes and demonstrators some of which (i.e. MINIX, Amoeba) have fostered research also in other Universities . A part from pure research activities, the student curriculum will be enriched by the possibility to attends advanced courses in graduate schools, by following presentation and writing skills courses and by the possibility to spend visiting periods in other prestigious institutions for summer internships.
Information and applicationFor further information about these positions please contact:
You are invited to send an application by email to one of the
persons above. Your application should consist of a cover letter, a curriculum
vitae (including detailed information regarding your academic degree) and
the names and addresses of three references.
If there is anything wrong with this page, please send an e-mail to the maintainer of this page.