E-COMMERCE AND FAIR EXCHANGE

The Problem of Item Validation

Fabio Piva and Ricardo Dahab

Institute of Computing, University of Campinas (UNICAMP), Campinas, Brazil

Keywords:

e-Commerce, Fair exchange, Item validation, Indescribability, e-Goods.

Abstract:

Fair exchange protocols have been widely studied since their proposal, but are still not implemented on most e-

commerce transactions available. For several types of digital items (e-goods), the current e-commerce business

models fail to provide fairness to customers. The item validation problem is a critical step in fair exchange,

and is yet to receive the proper attention from researchers. We believe these issues should be addressed in

a comprehensive and integrated fashion before fair exchange protocols can be effectively deployed in the

marketplace. This is the aim of our research, and drawing attention to these problems and possible solutions

is the goal of this paper.

1 INTRODUCTION

Fair exchange protocols were proposed (Asokan,

1998) as a solution to the problem of two mutu-

ally distrusting parties interested in exchanging dig-

ital items atomically. Many variations of Asokan’s

original protocols have since been studied, but most

of them were too cumbersome or required too many

resources to be seriously considered for real applica-

tions. Probabilistic fair exchange (Markowitch and

Roggeman, 1999), for instance, required a great num-

ber of messages to be transmitted, in order to achieve

only a probabilistic, more relaxed form of fairness.

Arguably, the most successful instances of fair ex-

change in the real world are the optimistic fair ex-

change protocols – two-party protocols that rely on

a mutually trusted third party (TTP) to handle excep-

tions that may arise during the exchange. Those pro-

tocols quickly became the focus of fair exchange re-

search, and were used as the core of several pioneer-

ing e-commerce projects (Nenadic et al., 2004; La-

coste et al., 2000).

Much work has been dedicated to the formaliza-

tion of fair exchange protocols. Grtner et. al. (Gart-

ner et al., 1999) give the ﬁrst steps towards a formal

deﬁnition of fairness; other authors follow similar ap-

proaches to different fair exchange properties, such

as non-repudiation (Kremer et al., 2002) and time-

liness (Piva et al., 2009). As for veriﬁcation meth-

ods, very few of them seem able to handle optimistic

fair exchange protocols appropriately, mostly due to

their multi-protocol nature. Some recent works ac-

complished interesting results (Piva et al., 2006; Piva

et al., 2007; Piva, 2009) with the adaptation of the

Strand Spaces method (Thayer et al., 1999) for sup-

porting optimistic protocols.

However, most current e-commerce stores do not

implement fair exchange in their business models;

a simple web search reveals several Apple’s iTunes

Store user complaints about mistaken music ﬁles be-

ing purchased due to inaccurate description of the

products; also, the Digital Downloads section on

Amazon.com contains several customer comments on

the same subject. To worsen the problem, most com-

panies openly adopt a no-refund policy when it comes

to selling digital products – even in the case of a mis-

taken purchase.

Such problems relate to an essential, but not suf-

ﬁciently explored, aspect of fair exchange protocols:

the item validation step. The original deﬁnition of

fairness states that “an exchange is fair if at the end

of the exchange, either each player receives the item

it expects or neither player receives any additional

information about the other’s item” (Asokan, 1998).

For that end, aside from ensuring the atomicity of the

exchange, the protocol must specify when and how

a party can check whether the item she just received

(or is about to receive) is the one she desires. This

is, however, a delicate process that may be inﬂuenced

by the characteristics of the items being exchanged,

by the available resources and by the structure of the

protocol itself.

317

Piva F. and Dahab R..

E-COMMERCE AND FAIR EXCHANGE - The Problem of Item Validation.

DOI: 10.5220/0003523303170324

In Proceedings of the International Conference on Security and Cryptography (SECRYPT-2011), pages 317-324

ISBN: 978-989-8425-71-3

 2011 SCITEPRESS (Science and Technology Publications, Lda.)

As such, we consider the item validation prob-

lem of e-goods a very interesting and relevant topic of

research, and that e-commerce would greatly beneﬁt

from a better understanding of its subtleties. We also

believe that the lack of attention on this subject is the

very reason why fair exchange protocols are not yet

widely implemented in the current e-commerce busi-

ness models.

1.1 Document Organization

The remainder of this document is organized as fol-

lows: Section 2 describes our main motivation –

namely the unsuitability of the current e-commerce

model to today’s consumer’s and seller’s needs – to

consider item validation as an important topic of re-

search. Section 3 presents our concept of reversible

degradation, an elegant abstraction of how to solve

the problem of fairly exchanging, validating and sell-

ing multimedia content over the Internet. In Section 4

we show a few alternative models for selling digital

items, and discuss why they do not address the issues

raised here. We conclude in Section 5 with some ﬁ-

nal remarks on the item validation problem and what

future research on this topic should focus on.

2 MOTIVATION: E-COMMERCE

IN REAL-WORLD

In this section we present our view on the current e-

commerce model for digital items, and discuss why

selling/purchasing digital items through the internet

is a much more delicate process than it is for physi-

cal items – specially when multimedia (indescribable)

ﬁles are the focus of the transaction.

2.1 Current Model Description

During the past ten years, selling digital content has

become an attractive business, mainly due to the fast

increase of consumers of that kind of media. The

latest technological trends – such as cheaper and

faster broadband internet connections, greater storage

space, and gadgets that provided users with easier ac-

cess to their data on-the-go – contributed to the devel-

opment of a solid market for these so-called e-goods.

And although several virtual retailers have emerged in

order to supply this demand for digital content, most

of them chose to adopt a real-world based business

model that, however successful for selling physical

products, is unsuitable for trading digital products; it

is our belief that physical and digital items are intrin-

sically different to be negotiated in the same way –

mainly because it is too easy to create an identical

copy of a digital item, thus voiding any possibility of

a returning policy in the case of an unsatisfying pur-

chase.

The currently adopted model for electronic com-

merce of digital content is the following: First, the

buyer registers with the seller, thus obtaining an ac-

count through which the transaction will be carried

out. Then, while logged in the store’s system (which

might be a website or client software, for instance),

the buyer chooses the product he desires to purchase;

he must check carefully whatever descriptions – such

as feature lists, pictures, or samples – are available for

that product. Figure 1 illustrates a hypothetical digital

item for sale and its possible description.

• Item Summary: Portrait

of model Lena Sderberg

• Keywords: hat, bust,

plumes, portrait

• File Specs: PNG image

(bitmap), RGB, 256x256

resolution

(a) Item i (b) Description desc(i) of i

Figure 1: Desired item i and it’s description as a list of spec-

iﬁcations.

In this model, the item is not publicly available for

the interested customer (otherwise he would be able to

aquire it without paying for it). Instead, only the de-

scription, which in this example is the list of features

ilustrated in Figure 1b, is available before payment.

Once satisﬁed by this description, the buyer places

an order for that particular product – he now has a

mental image of what he expects to receive. He must

then pay for it; this may happen either by revealing

his credit card number to the store, or by depositing

money to an external account and then informing the

seller, for instance. Either way, upon receiving the

payment, the seller ﬁnally releases the product to the

buyer – maybe by sending him a temporary link for

downloading it or as an attachment in an email mes-

sage.

If the buyer pays but never receives the product,

dispute might be started. Most buyers would ﬁrst try

to contact the store, which will generally try to solve

the problem to avoid bad reputation. Mostly, in the

case of a digital ﬁle’s purchase, the store would sim-

ply resend the item to the buyer, without losing any

money. This is only the case because of the idem-

potency (Asokan, 1998) property of e-goods: If a bit

stream was to be received by a user, it wouldn’t make

a difference if that same bit stream was received mul-

tiple times, since this would mean that several exact

SECRYPT 2011 - International Conference on Security and Cryptography

318

copies of the same e-good was being received. For

physical goods, this would not be the case: If the store

was required to re-send a physical item, this would

represent loss of money to the seller, and a malicious

buyer would be able to retain two or more identical –

but several, neverthless – instances of a product.

However, a completely different situation occurs

if the buyer receives the product, but is not satisﬁed

with it – which might happen if the description about

a certain aspect of the product had been left vague

or ambiguous by the store. In such cases, the buyer

might ﬁnd himself in an unfair situation – having

paid for a product that does not meet his expectations.

Figures 2a and 2b show two candidates for delivery

that match the description shown in Figure 1b. One

could point that the problem could be easily solved by

adding the word “color” to the description, but then

Figure 2(c) would still be a candidate for delivery.

(a) (b) (c)

Figure 2: Three different ﬁles that show pictures of the

model Lena Sderberg. Figures (a) and (b) equally satisfy

any description that does not mention color properties, and

Figures (a) and (c) could be mistaken even if color is men-

tioned – which could lead to the wrong ﬁle being delivered.

In cases of mistaken delivery, both the store and

any external judge might refuse to intervene in favor

of the buyer, for it is his responsability to carefully

check the product description before paying for it.

The fact that the buyer is not able to return the wrong

item – without possibly keeping a copy for himself –

in exchange of the right one, makes the store unable

to distinguish a genuine mistake from a pay-for-one-

and-take-two con. We refer to this issue as the unre-

turnability property of digital items, and believe that

it is one of the reasons why e-goods must be traded

differently than physical products.

Unfortunately, if the digital product in question

is also an indescribable item (Bottoni et al., 2007),

there can be absolutely no guarantee to a buyer about

the outcome of the purchase, in this model. Even if

a sample of the ﬁle is used as description – a reduced

thumbnail of an image ﬁle, or a lower bitrate frac-

tion of a song ﬁle might be available for download

beforehand, for instance – the above mentioned prob-

lem might still occur, as we shall see in Section 2.2. In

fact, most of the times, the buyer has no guarantee that

the item corresponding to the sample is in fact the one

to be delivered; as shown in Figure 3a, he might very

well download a thumbnail sample of image ﬁle i, en-

gage in a transaction for aquiring the larger version of

it, and end up with a copy of image ﬁle i

′

illustrated in

Figure 3b – possibly due to some internal error in the

store system, or even human error when advertising

the item.

Seller Buyer

Validates

payment

Unexpected

(a) Buyer desires i (b) Item i

′

6= i which

from Figure 1a also satisﬁes desc(i)

Figure 3: The current model allows a buyer to pay for a ﬁle

and receive a different one.

Dispute process for this kind of situation would

be rather difﬁcult, since the buyer would not be able

to return ﬁle i

′

in exchange of desired ﬁle i; the store

might rightfully allege that the buyer would be able to

retain a copy of ﬁle i

′

for himself, which would leave

it in an unfair situation. One should notice that even

if the description from Figure 1b was used instead of

the thumbnail to validate the transaction, the wrong

item i

′

would still be a candidate for delivery.

Situations like this happen more often then one

might imagine. In the next section we present a

few examples of unsatisﬁed customers, gathered from

communities of users of one of the most proeminent

e-stores available – namely Amazon.com.

2.2 Real Examples of Unfairness in

e-Commerce

In this section we present a few examples of unsat-

isﬁed consumers of digital music. The fact that dig-

ital music ﬁles are examples of indescribable items

(as we shall better deﬁne in Section 2.4) makes them

very difﬁcult to exchange fairly. Without a good de-

scription, item validation becomes difﬁcult and error

prone – because the buyer is not able to accurately de-

E-COMMERCE AND FAIR EXCHANGE - The Problem of Item Validation

319

cide wether the item he is about to pay for is the one

he desires, or not.

Currently, one of the most popular services for

buying songs remains Amazon MP3 Downloads,

which follows the business model described in Sec-

tion 2.1. However, in order to strengthen item vali-

dation, the store also provides buyers with a limited

preview of thirty seconds of each song.

(a)

(b)

Figure 4: Amazon MP3 Downloads description of an item.

Figure (a) shows a list of details about the ﬁle, while Figure

(b) shows a limited preview button.

One might think that, with the addition of a pre-

view of the song to the description, the chances of

someone buying the wrong ﬁle would be negligible.

However, as Figure 5 shows, this may not always be

true.

As we previousy stated, the current business

model for multimedia, as well as several other special

items, is anything but fair. In the following sections

we intend to relate this issue to the problem of item

validation, as well as to suggest a few possible, fair

alternatives to the current e-commerce paradigm for

digital items.

2.3 The Item Validation Problem

Optimistic fair exchange protocols (Asokan, 1998)

usually follow a common sequence of events: Let us

suppose that two parties P and Q are willing to ex-

change two generic items i

and i

. A common re-

quirement is that P and Q know beforehand the de-

scriptions desc(i

) and desc(i

), respectively, of their

expected items; there must also be a publicly avail-

able function validate(i, d) which takes an item i and

a description d and returns TRUE, if d accurately de-

scribes i, or FALSE otherwise.

The parties then engage in the exchange, initially

gathering sufﬁcient information to prove the validity

of the transaction; this step is crucial to allow for in-

ternal or external dispute resolution, in case of ex-

(a)

(b)

(c)

(d)

Figure 5: Four examples of unfair situations occured due

to inaccurate validation of the purchased song (even when

limited preview is available).

ceptions. After that, they proceed to the exchange

of items. When a party receives an item, it executes

validate() using the received item and the known de-

scription as parameters, and checks the result to de-

SECRYPT 2011 - International Conference on Security and Cryptography

320

cide whether the item is the expected one. If the func-

tion returns FALSE, then the protocol must be robust

enough to either allow the cheated party to recoverthe

correct item, usually by providing information about

the unfair transaction to the TTP, or to stop her coun-

terpart from getting the other item, if it has already

been revealed.

One should notice that the availability of both the

function validate() and accurate descriptions of the

items are then essential to ensure fairness in this type

of protocol. However, for some particular items, pro-

viding an accurate description can be a hard task (Bot-

toni et al., 2007). We shall return to the issue of item

(in)describability in Section 2.4.

Even for describable items, validation may not be

trivial. The protocol designer must carefully ponder

when in the protocol run the parties will be required

to perform validation, and whether the item will be

encrypted or unencrypted. Also, should the valida-

tion be performed by parties themselves, or should a

TTP be assigned for this task? And if we transfer this

responsability to a TTP, how can we describe the val-

idate() function so that we can ensure that parties will

agree with its evaluation? All those questions must

be taken into account when designing a fair exchange

protocol, and are usually not so.

2.4 Special Properties of Items (and

How they Affect Validation)

The ﬁrst proposals for fair exchange proto-

cols (Asokan, 1998) regarded items as generic,

forwardable digital goods, but soon researchers

took interest in particular instances of the problem.

Some special types of items, such as digital cash,

multimedia ﬁles etc., may present special properties

that should be considered during protocol design. A

strongly revocable item (Vogt, 2003), for instance,

can be invalidated by its issuer, if some conditions are

met. If the items being exchanged are both strongly

revocable, fair exchange could become rather trivial,

since unreturnability would no longer be an issue.

Not all special properties, however, assist the de-

signer in the task of guaranteeing fairness. As we

discussed in Section 2.3, protocol designers usually

assume that a good description of each item will be

available to parties before the exchange is initiated.

Although little discussion can be found on what a

good description would be, the fact is that descrip-

tions may depend greatly on the nature of the item,

and some items are particularly hard to describe. In-

describable items (Bottoni et al., 2007) present a real

challenge to the fair exchange problem, simply be-

cause they are hard to validate. In fact, we believe that

no currently known optimistic fair exchange protocol

can be used to guarantee fairness to a party interested

in an indescribable item. The discussion an example

provided in Section 2.1 strengthens this claim.

3 REVERSIBLE DEGRADATION

In order to address this issue, we propose the concept

of reversible degradation – an idea that might be the

ﬁrst solution for the fair exchange and validation of

indescribable items. By transforming (degrading) the

item in such a way that it becomes clearly deterio-

rated, but can still be distinguished by the receiving

party, the owner could release it for validation without

the risk of being cheated. If this degradation process

could be made reversible, the buyer would be able to

receive the degraded copy, validate it and then negoti-

ate a key for recovering the original, full-quality item,

as illustrated in Figure 6.

One interesting advantage of reversible degra-

dation over other approachesis that it allows the buyer

S(Seller)

=⇒ , K

(a) Degradation

S B

payment

(b) Fair exchange

B(Buyer)

, K =⇒

Figure 6: Reversible degradation concept description.

E-COMMERCE AND FAIR EXCHANGE - The Problem of Item Validation

321

to obtain the item before paying for it – even if it is

somehow degraded. Validation would then be per-

formed by the user’s own senses, since human per-

ception is capable of ignoring degradation for the pur-

pose of deciding whether that is, in fact, the desired

item. Also, as we shall discuss in Section 4, re-

versible degradation does not require any signiﬁcant

additional bandwidth cost – as other methods do – or

hardware changes on both ends of the transaction.

Another important property of the reversible

degradation concept is that, after the degradation is

reversed, the item is fully restored to its original form

– no trace of the degrading information, perceivable

or not, is left behind. This differs in essence from

DRM methods and some removable watermarking

techniques (Loytynoja et al., 2007) that still leave in-

formation embedded into the item and require the key

on every subsequent access to its content. Such tech-

niques require the user to use special software or hard-

ware to consume the purchased product, which is in

general a problem if the user prefers a speciﬁc soft-

ware player or intends to use a particular audio ﬁle on

his portable digital music player.

There are several paradigms that might be good

starting points for reversible degradation, such as er-

ror correcting codes (Minder, 2007), removable wa-

termarking (Loytynoja et al., 2007; Kwong, 2006)

and perceptual cryptography (Lian, 2009). The par-

ticular characteristics of these methods, as well as

how they interact with fair exchange protocols, are

yet to be studied and remain the focus of our current

research. In this paper, we limit ourselves to present

the concept abstraction, compare it with other alter-

native models and discuss its main impacts on item

validation and e-commerce of digital items.

4 ALTERNATIVES TO

REVERSIBLE DEGRADATION

In this section we present a few alternative models for

the purchase/sale of multimedia items. We also point

the main problems with each of them, and compare

them to our reversible degradation model.

4.1 Full Preview with Embedded Player

This is similar to the the limited preview model used

by the major digital music stores available, speciﬁ-

cally iTunes Store and Amazon. The limited preview

model is presented in Section 2.2.

By allowing buyers to fully preview the song they

are about to buy, the store reduces the problems that

might arise if a bad section is chosen as a preview in

the limited preview model. By listening to the whole

song or watching the whole movie before buying, cus-

tomers can better decide if that item is really what

they are looking for. However, this would allow any

malicious user to easily capture the video or audio

stream and record it without any quality loss, thus ob-

taining the item without having paid for it. This is

unfair by deﬁnition, and would represent a great loss

for media sellers.

4.2 Random Preview with Embedded

Player

If instead of providing a limited, ﬁxed preview of the

item, sellers provided a randomly-chosen portion of

the ﬁle to be previewed, the bad portion problem of

limited preview would also be solved. But since the

full portion is not provided to the user, recording the

stream to a new ﬁle would be harder.

Harder, but not impossible. Even if only a limited,

randomly chosen portion of the item was made avail-

able each time the customer clicked on the presented

preview button, a full copy of the ﬁle would be not

that hard to obtain. By clicking the preview button

several times, and by recording each part of the song,

it wouldn’t take long to the malicious user to obtain

the whole song separated in several recordings. Re-

construction of the whole item would then be easily

accomplished with a simple software editor.

We should notice that even if this system were

smart enough to never select a particular portion of

the item to be previewed – thus avoiding full item re-

construction by this method – there could be cases in

which the hidden portion was exactly what the user

wanted to preview to decide if the item is the one he

desires. Some songs, for instance, have too many ver-

sions that can be very similar to each other, differing

only by a few seconds from one another. The same

might happen with a director’s cut release of a movie,

that may come with a few additional frames than the

theatrical version. In such cases, hidin a particular

portion of the item might present the buyer with an

undecidable situation.

4.3 Lower Bitrate Samples

Instead of providing a preview of any kind, stores

could provide the buyers with a full, downloadable,

lesser quality version of the item. This is very simi-

lar to reversible degradation, with the only difference

that the degradation is not reversible and is ﬁxed as a

deliberately low bitrate. In image ﬁles, the equivalent

would be a low resolution version of the item.

SECRYPT 2011 - International Conference on Security and Cryptography

322

There are at least two problems with this model:

First, by ﬁxing the degradation method to lowering

the bit rate/resolution of the item, the buyer would

not be capable of deciding if the quality of the ﬁnal

item would be satisfactory. This violates the fairness

property of the transaction – the customer could ﬁnd

himself unsatisﬁed with the outcome of the purchase,

ﬁnding the acquired item poorer than he initially ex-

pected.

Second, this would almost double the required

bandwidth in every successful purchase. The buyer

would have to download each item twice – ﬁrst, the

low bitrate version; and ﬁnally, the full quality one

– instead of just one item download, as it is possible

with reversible degradation. Speciﬁcally in the case

of digital movie content purchase, this is signiﬁcantly

worse, since the items can be considerably large.

If reversible degradation was used, instead, only

one large download would be required. The second

download would be replaced by a small key ﬁle, that

would allow full quality reconstruction of the item.

Also, other forms of degradation could be used in-

stead of lowering the bitrate – thus leaving this prop-

erty untouched.

4.4 DRM-based Expiration Date

Instead of degrading the ﬁle whatsoever, the store

could provide the user with a full quallity download

before the payment was made. The provided item

would be rigged with some form of expiration date

mechanism that would be triggered after some time,

unless otherwise disabled by the user (possibly with

some key provided after payment).

The problem here would be similar to the one

discussed in Section 4.1. By playing the rigged

item before the expiration date, the malicious buyer

could simply record the output to another ﬁle with-

out any perceivable quality loss. Besides that, DRM

acceptance is still debatable among digital media

consumers, mostly because of interoperability is-

sues (Valimaki and Oksanen, 2006) – so we believe

that DRM-based models are deemed to soon disap-

pear in this context.

4.5 Multimedia Encryption, Perceptual

Cryptography and Partial

Encryption

Multimedia encryption (Lian, 2009) is a special

ﬁeld of research that concerns encryption/decryption

schemes speciﬁcally designed for audio, video and

image content. These schemes usually rely on some

known cipher as the central component for a larger al-

gorithm, taking into account the perceptual funcional-

ity of multimedia. Another term commonly associ-

ated to multimedia encryption is perceptual cryptog-

raphy.

The main idea behind perceptual cryptography is

that multimedia content does not have to be fully en-

crypted to be protected. Its functionality depends ex-

clusively on human perception, which is highly sus-

ceptible to small changes on the object. Such schemes

are capable of making multimedia content completely

unrecognizable to the human observer, by only en-

crypting a small fraction of data - a procedure ref-

ered to as partial encryption (Cheng and Li, 2000;

Servetti et al., 2003); this is particularly interesting

for applications where efﬁciency is critical, such as

video-on-demand, since the burden of real-time en-

cryption/decryption can be highly reduced.

Partial encryption techniques seem to be very

promising in conjunction with fair exchange proto-

cols. We have no knowledge of any study on the ef-

fects of perceptual cryptography on fair exchange of

multimedia content, and we believe that much can be

gained in the context of item validation.

5 CONCLUSIONS

The study of the item validation problem will cer-

tainly improve the chances of deployment of fair ex-

change protocols by making it adequate to today’s e-

commerce needs. Neither currently published fair ex-

change protocols, nor the currently implemented e-

commerce business models, are able to provide fair-

ness to both customers and sellers simultaneously,

given the characteristics of current digital products

and payment schemes. Speciﬁcally in the context of

digital music and video selling, which is increasingly

becoming the mainstream form of media consump-

tion among the general public, new solutions should

be proposed to reduce customer losses and increase

reliance on e-commerce transactions.

We stress that, to the extent of our knowledge,

the problem of item validation of fair exchange pro-

tocols has not been studied at all. The available tech-

niques are barely described on protocol speciﬁcations,

if so. By treating validation techniques as nothing but

a byproduct of protocol design, researchers have ne-

glected to approach a hard problem in protocol design

– one that might lead to fruitful discussions and fur-

ther enhancements on the state of art of diplomatic

protocol design.

The fair exchange of indescribable items, for

instance, has only been approached recently (Bot-

E-COMMERCE AND FAIR EXCHANGE - The Problem of Item Validation

323

toni et al., 2007), and techniques for the optimistic

fair exchange of those items are yet to be seen.

Our reversible degradation model, presented in Sec-

tion 3, shall produce the ﬁrst solutions to address

the exchange of indescribable items optimistically.

Other alternative models for multimedia purchase,

presented in Section 4, do not seem to address our

concerns as well as our reversible degradation model

in conjunction to fair exchange protocols.

The focus of our current work remains on evaluat-

ing several promising techniques, as well as propos-

ing new ones, for reversible degradation of multime-

dia items. Concurrently, we are also giving the ﬁrst

steps towards the formalization of the item validation

problem of fair exchange protocols, which remains an

important open problem of cryptographic protocols

design. We believe that, unless some attention is ded-

icated to the item validation problem and to how to

accurately describe digital items, fairness will remain

left aside from e-commerce and, as a consequence,

reliance on e-commerce will never be as high as it

should be in today’s market needs.

REFERENCES

Asokan, N. (1998). Fairness in electronic commerce. Re-

search Report RZ3027.

Bottoni, A., Dini, G., and Stabell-Kulø, T. (2007). A

methodology for veriﬁcation of digital items in fair ex-

change protocols with active trustee. Electronic Com-

merce Research, 7(2).

Cheng, H. and Li, X. (2000). Partial encryption of com-

pressed images and videos. Signal Processing, IEEE

Transactions on, 48(8):2439–2451.

Gartner, F. C., Pagnia, H., and Vogt, H. (1999). Approach-

ing a FormalDeﬁnition of Fairness in Electronic Com-

merce. SRDS.

Kremer, S., Markowitch, O., and Zhou, J. (2002). An inten-

sive survey of fair non-repudiation protocols. Com-

puter Communications, 25(17):1606–1621.

Kwong, S. (2006). An algorithm for removable visible wa-

termarking. IEEE Transactions on Circuits and Sys-

tems for Video Technology, 16(1):129–133.

Lacoste, G., Pﬁtzmann, B., Steiner, M., and Waidner, M.

(2000). SEMPER - Secure Electronic Marketplace for

Europe. Lecture Notes in Computer Science (LNCS),

1854.

Lian, S. (2009). Multimedia Content Encryption: Tech-

niques and Applications.

Loytynoja, M., Cvejic, N., and Seppanen, T. (2007). Audio

protection with removable watermarking. In 2007 6th

International Conference on Information, Communi-

cations & Signal Processing, pages 1–4. IEEE.

Markowitch, O. and Roggeman, Y. (1999). Probabilis-

tic Non-Repudiation without Trusted Third Party. In

Second Workshop on Security in Communication Net-

work˜99.

Minder, L. (2007). Cryptography based on error correcting

codes. algo.epﬂ.ch.

Nenadic, A., Zhang, N., and Barton, S. (2004). FIDES -

a Middleware ECommerce Security Solution. In The

3rd European Conference on Information Warfare and

Security (ECIW, pages 295–304.

Piva, F. R. (2009). Veriﬁcac¸˜ao formal de protocolos de

trocas justas utilizando o m´etodo de espac¸os de ﬁtas.

Master’s thesis, UNICAMP.

Piva, F. R., Monteiro, J. R. M., and Dahab, R. (2007).

Strand spaces and fair exchange: More on how to trace

attacks and security problems. In Anais do VII SBSeg,

Simp´osio Brasileiro em Seguranc¸a da Informac¸ ˜ao e de

Sistemas Computacionais.

Piva, F. R., Monteiro, J. R. M., and Dahab, R. (2009). Re-

garding timeliness in the context of fair exchange. In

Network and Service Security, 2009. N2S ’09. Inter-

national Conference on, pages 1–6.

Piva, F. R., Monteiro, J. R. M., Devegili, A. J., and Dahab,

R. (2006). Applying Strand Spaces to Certiﬁed Deliv-

ery Proofs. In Anais do VI SBSeg, Simp´osio Brasileiro

em Seguranc¸a da Informac¸˜ao e de Sistemas Computa-

cionais.

Servetti, A., Testa, C., and Martin, J. D. (2003). Frequency-

selective partial encryption of compressed audio.

IEEE International Conference on Aucoustics.

Thayer, F. J., Herzog, J. C., and Guttman, J. D. (1999).

Strand Spaces: Proving Security Protocols Correct.

Journal of Computer Security, 7(2–3):191–230.

Valimaki, M. and Oksanen, V. (2006). DRM interoperabil-

ity and intellectual property policy in europe.

Vogt, H. (2003). Asynchronous optimistic fair exchange

based on revocable items. In Financial Cryptography,

pages 208–222.

SECRYPT 2011 - International Conference on Security and Cryptography

324