Advertisement

Verifying the Purchase Request in SET Protocol

  • Qingfeng Chen
  • Chengqi Zhang
  • Shichao Zhang
  • Chunsheng Li
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2642)

Abstract

The Secure Electronic Transaction (SET) protocol has been jointly developed by Visa and MasterCard toward achieving secure online-transactions. This paper presents formal verification of the Purchase Request phase of SET, by using ENDL (extension of non-monotonic logic). The analysis unveils some potential flaws. To overcome these vulnerabilities, some feasible countermeasures are proposed accordingly during the validation. Also, the modelling of Purchase Request is described to implement the mechanically model checking instead of manual verification.

Keywords

Security Protocol Order Information Response Message Payment Card Secure Electronic Transaction 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
  2. 2.
    Needham R. and Schroeder M., Using Excryption for Authentication in Large Networks of Computers. Comm. of the ACM, 21(12), pages 993–999, Dec 1978.zbMATHCrossRefGoogle Scholar
  3. 3.
    Gritizalis S., Security Protocols over Open networks and distributed systems: Formal methods for their Analysis, Design, and Verification, Computer Communications, 22(8), pages 695–707, May 1999.Google Scholar
  4. 4.
    Dolev D, Yao A., On the Security of Public Key Protocols. IEEE Transaction on Information Theory, 29(2), pages 198–208, 1983zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Meadows C., The NRL Protocol Analyzer: An overview, Journal of Logic Programming, 26(2), pages 113–131, 1996.zbMATHCrossRefGoogle Scholar
  6. 6.
    Burrows M., Abadi M., Needham R., A logic for Authentication. ACM Transactions on Computer Systems, 8(1):18–36, February 1990.CrossRefGoogle Scholar
  7. 7.
    Gong L, Needham R, and Yahalom R., Reasoning about belief in cryptographic protocols. Proceeding of the Symposium on Security and Privacy, pages 234–248, Oakland, CA, May 1990.Google Scholar
  8. 8.
    Meadows C., The NRL Protocol Analyzer: An overview, Journal of Logic Programming, 26(2), pages 113–131, 1996.zbMATHCrossRefGoogle Scholar
  9. 9.
    Brackin S., Automatic formal analyses of two large commercial protocols. Proceedings of the DIMACS Workshop on Design and Formal Verification of Security Protocols, September 1997.Google Scholar
  10. 10.
    Meadows C, Syverson P., A formal specification of requirements for payment transactions in the SET protocol. Proceedings of Financial Cryptography 98, volume 1465 of Lecture Notes in Comp. Sci. Springer-Verlag, pages 122–140, 1998.Google Scholar
  11. 11.
    SET Secure Electronic Transaction Specification, Book 1: Business Description, Version 1.0, May 31, 1997.Google Scholar
  12. 12.
    SET Secure Electronic Transaction Specification, Book 2: Programmer’s Guide, Version 1.0, May 31, 1997.Google Scholar
  13. 13.
    SET Secure Electronic Transaction Specification, Book 3: Formal Protocol Definition, 1.0, May 31, 1997.Google Scholar
  14. 14.
    Chen Q.F, Zhang C.Q, Zhang S.C., A Logical Framework ENDL for Verifying Secure Transaction Protocols. Journal of Knowledge and Information Systems, Springer, accepted, forthcoming.Google Scholar
  15. 15.
    Chen Q.F, Zhang C.Q, Lu J., The Verification of Merchant Registration in SET Protocol, Proceedings of The International Conference on Internet omputing, Las Vegas, pages 1098–1104, 2002.Google Scholar
  16. 16.
    Chen Q.F, Zhang C.Q., Using ENDL to Verify Cardholder Registration in SET Protocol, Proceeding of International Conference on e-Business (ICEB2002), Beijing, pages 616–623, 2002.Google Scholar
  17. 17.
    Denning D., Sacco G., Timestamp in Key Distribution Protocols, Communications of ACM, 24(8), 533–536, August 1981.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Qingfeng Chen
    • 1
  • Chengqi Zhang
    • 1
  • Shichao Zhang
    • 1
  • Chunsheng Li
    • 1
  1. 1.Faculty of Information TechnologyUniversity of Technology, SydneyBroadwayAustralia

Personalised recommendations