Abstract
SET (Secure Electronic Transaction) is a suite of protocols proposed by a consortium of credit card companies and software corporations to secure e-commerce transactions. The Purchase part of the suite is intended to guarantee the integrity and authenticity of the payment transaction while keeping the Cardholder's account details secret from the Merchant and his choice of goods secret from the Bank. This paper details the first verification results for the complete Purchase protocols of SET. Using Isabelle and the inductive method, we show that their primary goal is indeed met. However, a lack of explicitness in the dual signature makes some agreement properties fail: it is impossible to prove that the Cardholder meant to send his credit card details to the very payment gateway that receives them. A major effort in the verification went into digesting the SET documentation to produce a realistic model. The protocol's complexity and size make verification difficult, compared with other protocols. However, our effort has yielded significant insights.
Similar content being viewed by others
References
Abadi, M. and Gordon, A.: A calculus for cryptographic protocols: The spi calculus, in Proc. 4th ACM Conf. on Comm. and Comp. Sec. (CCS-97), ACM and Addison Wesley, 1997.
Abadi, M. and Needham, R. M.: Prudent engineering practice for cryptographic protocols, IEEE Trans. Softw. Eng. 22(1) (January 1996), 6–15.
Basin, D., Mödersheim, S. and Viganò, L.: An on-the-fly model-checker for security protocol analysis, in E. Snekkenes and D. Gollmann (eds.), Proc. 8th Eur. Symp. on Res. in Comp. Sec., Volume 2000 of Lecture Notes in Comp. Sci., Springer, 2003, pp. 253–270.
Bella, G.: Inductive verification of smart card protocols, J. Comput. Secur. 11(1) (2003), 87–132.
Bella, G., Massacci, F. and Paulson, L. C.: The verification of an industrial payment protocol: The SET purchase phase, in V. Atluri (ed.), 9th ACM Conf. on Comp. and Comm. Sec., ACM, 2002, pp. 12–20.
Bella, G., Massacci, F. and Paulson, L. C.: Verifying the SET registration protocols, IEEE J. Sel. Areas Commun. 21(1) (2003), 77–87.
Bella, G., Massacci, F. and Paulson, L. C.: An overview of the verification of SET, Int. J. Inf. Secur. 4(1–2)(2005),17–28.
Bella, G., Massacci, F., Paulson, L. C. and Tramontano, P.: Formal verification of cardholder registration in SET, in F. Cuppens, Y. Deswarte, D. Gollman and M. Waidner (eds.), Computer Security – ESORICS 2000, volume 1895 of Lecture Notes in Comp. Sci., Springer, 2000, pp. 159–174.
Bella, G. and Paulson, L. C.: Kerberos version IV: Inductive analysis of the secrecy goals, in Quisquater et al. [32], pp. 361–375.
Bozzano M. and Delzanno G.: Automated protocol verification in linear logic, in Proc. 4th ACM Conf. on Principles and Practice of Declarative Programming (ACM PPDP'02), ACM and Addison, Wesley 2002, pp. 38–49.
Durgin, N., Mitchell, J. and Pavlovic, D.: A compositional logic for proving security properties of protocols, J. Comput. Secur. 11(4) (2004), 677–721.
Fábrega, F. J. T., Herzog, J. C. and Guttman, J. D.: Strand spaces: Proving security protocols correct, J. Comp. Secur. 7 (1999), 191–220.
Gollmann, D.: What do we mean by entity authentication? in Proc. 15th IEEE Symp. on Security and Privacy, IEEE Comp. Society Press, 1996, pp. 46–54.
Gong, L. and Syverson, P.: Fail-stop protocols: An approach to designing secure protocols, in Proc. 5th IFIP Working Conference on Dependable Computing for Critical Applications (DCCA-5), September 1995.
Guttman, J.: Security goals: Packet trajectories and strand spaces, in R. Focardi and F. Gorrieri (eds.), Foundations of Security Analysis and Design – Tutorial Lectures, volume 2171 of Lecture Notes in Comp. Sci., Springer, 2001, pp. 197–261.
Kessler, V. and Neumann, H.: A sound logic for analysing electronic commerce protocols, in Quisquater et al. [32].
Lowe, G.: A hierarchy of authentication specifications, in Proc. 10th IEEE Comp. Sec. Found. Workshop, IEEE Comp. Society Press, 1997, pp. 31–43.
Lowe, G. and Hui, M. L.: Fault-preserving simplifying transformations for security protocols, J. Comput. Secur. 9 (2001), 3–46.
Mastercard & VISA: SET Secure Electronic Transaction: External Interface Guide, May 1997. On the Internet at http://www.setco.org/set\_specifications.html.
Mastercard & VISA: SET Secure Electronic Transaction Specification: Business Description, May 1997. On the Internet at http://www.setco.org/set\_specifications.html.
Mastercard & VISA: SET Secure Electronic Transaction Specification: Formal Protocol Definition, May 1997. On the Internet at http://www.setco.org/set\_specifications.html.
Mastercard & VISA: SET Secure Electronic Transaction Specification: Programmer's Guide, May 1997. On the Internet at http://www.setco.org/set\_specifications.html.
Meadows, C.: Analysis of the Internet Key Exchange protocol using the NRL Protocol Analyzer, in SSP-99, IEEE Comp. Society Press, 1999, pp. 216–231.
Meadows, C.: Formal methods for cryptographic protocol analysis: Emerging issues and trends, IEEE J. Sel. Areas Commun. 21(1) (2003), 44–54.
Meadows, C. and Syverson, P.: A formal specification of requirements for payment transactions in the SET protocol, in R. Hirschfeld, (ed.), Proc. Financial Cryptography 98, volume 1465 of Lecture Notes in Comp. Sci. Springer, 1998.
Nipkow, T., Paulson, L. C. and Wenzel, M.: Isabelle/HOL: A Proof Assistant for Higher-Order Logic. Springer, 2002. LNCS Tutorial 2283.
Paller, A.: Alert: Large criminal hacker attack on Windows NTE-banking and E-commerce sites. On the Internet at http://www.sans.org/newlook/alerts/NTE-bank.htm, Mar. 2001. SANS Institute.
Paulson, L. C.: Generic automatic proof tools, in R. Veroff (ed.), Automated Reasoning and its Applications: Essays in Honor of Larry Wos, chapter 3. MIT Press, 1997.
Paulson, L. C.: The inductive approach to verifying cryptographic protocols, J. Comput. Secur. 6 (1998), 85–128.
Paulson, L. C.: A generic tableau prover and its integration with Isabelle, J. Univers. Comput. Sci. 5(3) (1999), 73–87.
Paulson, L. C.: Inductive analysis of the internet protocol TLS, ACM Trans. Inf. Syst. Secur. 2(3) (1999), 332–351.
Quisquater, J.-J., Deswarte, Y., Meadows, C. and Gollmann, D. (eds.), Computer Security – ESORICS 98, volume 1485 of Lecture Notes in Comp. Sci. Springer, 1998.
RSA Laboratories. PKCS-7: Cryptographic Message Syntax Standard, 1993. On the Internet at http://www.rsasecurity.com/rsalabs/pkcs.
Stoller, S. D.: A bound on attacks on payment protocols, in Proc. 16th Annual IEEE Symposium on Logic in Computer Science (LICS), June 2001.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Bella, G., Massacci, F. & Paulson, L.C. Verifying the SET Purchase Protocols. J Autom Reasoning 36, 5–37 (2006). https://doi.org/10.1007/s10817-005-9018-6
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10817-005-9018-6