This person can no longer be contacted through the School of Engineering and Computer Science at Victoria University of Wellington
Ben is a PhD student working with the Network Engineering Research Group (NERG)
. His research is on verifying online reseller transactions for digital items. He has interests in security, verification, and zero knowledge proofs.
iTunes, Amazon, and domain name resellers, such as GoDaddy, only exist as on-line traders with no physical stores. While Amazon sells both physical and digital items others exclusively retail digital products and services such as digital media or more abstract products such as an access 'right', a license, a service, or a subscription. Buyers will normally be willing to place trust in on-line sellers because of the reputation of the company behind the seller, for example consider the trust placed in iTunes. People are willing to trust the media they purchase from iTunes is legal as they recognise Apple and it's position in the market and history of legal trading. For a relatively unknown company this may present a significant barrier of entry to a market, reducing customers choice and competition. My research focuses on protocols using cryptographic primitives to reduce this entry barrier by providing customer's with a way to verify the actions of an online reseller.
We informally group the attacks a malicious reseller could make in to the following categories:
- Spoofing: where the reseller claims to be the supplier or tries to subvert the protocol to make it appear that they are the supplier.
- Fabrication: where the reseller tries to forge a license for an item from scratch (or based on the structure of other licenses).
- Cloning: where the reseller tries to sell a license they have purchased from the supplier to multiple customers.
- Network Sniffing: where the reseller replays a legitimate license (possibly for a different reseller).