Verifying the Purchase Request in SET Protocol
- 458 Downloads
The Secure Electronic Transaction (SET) protocol has been jointly developed by Visa and MasterCard toward achieving secure online-transactions. This paper presents formal verification of the Purchase Request phase of SET, by using ENDL (extension of non-monotonic logic). The analysis unveils some potential flaws. To overcome these vulnerabilities, some feasible countermeasures are proposed accordingly during the validation. Also, the modelling of Purchase Request is described to implement the mechanically model checking instead of manual verification.
KeywordsSecurity Protocol Order Information Response Message Payment Card Secure Electronic Transaction
Unable to display preview. Download preview PDF.
- 3.Gritizalis S., Security Protocols over Open networks and distributed systems: Formal methods for their Analysis, Design, and Verification, Computer Communications, 22(8), pages 695–707, May 1999.Google Scholar
- 7.Gong L, Needham R, and Yahalom R., Reasoning about belief in cryptographic protocols. Proceeding of the Symposium on Security and Privacy, pages 234–248, Oakland, CA, May 1990.Google Scholar
- 9.Brackin S., Automatic formal analyses of two large commercial protocols. Proceedings of the DIMACS Workshop on Design and Formal Verification of Security Protocols, September 1997.Google Scholar
- 10.Meadows C, Syverson P., A formal specification of requirements for payment transactions in the SET protocol. Proceedings of Financial Cryptography 98, volume 1465 of Lecture Notes in Comp. Sci. Springer-Verlag, pages 122–140, 1998.Google Scholar
- 11.SET Secure Electronic Transaction Specification, Book 1: Business Description, Version 1.0, May 31, 1997.Google Scholar
- 12.SET Secure Electronic Transaction Specification, Book 2: Programmer’s Guide, Version 1.0, May 31, 1997.Google Scholar
- 13.SET Secure Electronic Transaction Specification, Book 3: Formal Protocol Definition, 1.0, May 31, 1997.Google Scholar
- 14.Chen Q.F, Zhang C.Q, Zhang S.C., A Logical Framework ENDL for Verifying Secure Transaction Protocols. Journal of Knowledge and Information Systems, Springer, accepted, forthcoming.Google Scholar
- 15.Chen Q.F, Zhang C.Q, Lu J., The Verification of Merchant Registration in SET Protocol, Proceedings of The International Conference on Internet omputing, Las Vegas, pages 1098–1104, 2002.Google Scholar
- 16.Chen Q.F, Zhang C.Q., Using ENDL to Verify Cardholder Registration in SET Protocol, Proceeding of International Conference on e-Business (ICEB2002), Beijing, pages 616–623, 2002.Google Scholar