Skip to main content
SpringerLink
Log in

Formal verification of the Merchant Registration phase of the SET protocol

  • Published:
International Journal of Automation and Computing Aims and scope Submit manuscript

Abstract

This paper describes the formal verification of the Merchant Registration phase of the Secure Electronic Transactions (SET) protocol, a realistic electronic transaction security protocol which is used to protect the secrecy of online purchases. A number of concepts, notations, functions, predicates, assumptions and rules are introduced. We describe the knowledge of all legal participants, and a malicious spy, to assess the security of the sub-protocol. Avoiding search in a large state space, the method converges very quickly. We implemented our method in the Isabelle/Isar automated reasoning environment, therefore the whole verification process can be executed mechanically and efficiently.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. G. Bella, F. Massacci, L. Paulson. Verifying the SET registration protocols. IEEE Journal on Selected Areas in Communications, vol.21, no.1, pp.77–87, 2003.

    Article  Google Scholar 

  2. MasterCard International Incorporated and Visa International Service Association (1997). SET Secure Electronic Transaction Specification, Book 1: Business Description, first edition, MasterCard & Visa, San Francisco, 1997.

    Google Scholar 

  3. MasterCard International Incorporated and Visa International Service Association (1997). SET Secure Electronic Transaction Specification, Book 2: Programmer’s guide, first edition, MasterCard & Visa, San Francisco, 1997.

    Google Scholar 

  4. MasterCard International Incorporated and Visa International Service Association (1997). SET Secure Electronic Transaction Specification, Book 3: Formal Protocol Definition, first edition, MasterCard & Visa, San Francisco, 1997.

    Google Scholar 

  5. C. Meadows, P. Syverson. A Formal Specification of Requirements for Payment Transactions in the SET Protocol. In proceedings of the Second International Conference on Financial Cryptography, Anguilla, British West Indies, Springer Verlag, London, pp.122–140, 1998.

    Google Scholar 

  6. V. Kessler, H. Neumann. A sound logic for analysing electronic commerce protocols. In J.-J. Quisquater, Y. Deswarte, C. Meadows, D. Gollmann. In proceedings of the 5th European Symposium on Research in Computer Security, Lecture Notes in Computer Science, SpringerVerlag, vol.1485, pp. 345–360, 1998.

  7. L. Paulson. The inductive approach to verifying cryptographic protocols. Journal of Computer Security, vol.6, no.1–2, pp. 85–128, 1998.

    Google Scholar 

  8. G. Bella, F. Massacci, L. Paulson, P. Tramontano. Formal verification of cardholder registration in SET. F. Cuppens et al., Computer Security-ESORICS2000, of Lecture Notes in Computer Science, Springer Verlag, Heidelberg, Vol. 1895, pp. 159–174, 2000.

    Google Scholar 

  9. G. Bella, F. Massacci, L. Paulson. The verification of an industrial payment protocol: the SET purchase phase. In proceedings of the 9th ACM Conference on Computer and Communications Security, Washington DC, USA, ACM Press, New York, pp.12–20, 2002.

    Google Scholar 

  10. G. Bella, F. Massacci, L. Paulson. An overview of the verification of SET. International Journal of Information Security, vol.4, no.1–2, pp.17–28, 2005.

    Article  Google Scholar 

  11. X. Cheng, X. Ma, M. Cheng, S. Huang. Proving secure properties of cryptographic protocols. In proceedings of the 24th IEEE International Performance Computing and Communications Conference (IPCCC 2005), Phoenix, Arizona, USA, pp. 3–9, 2005.

  12. X. Ma, X. Cheng, R. McCrinde. Knowledge based approach for mechnically verifying security protocols. In proceedings of the 19th International Joint Conference on Artificial Intelligence (IJCAI 2005), Edinburgh, Scotland, UK. IJCAI: California, pp. 1572–1573, 2005.

    Google Scholar 

  13. T. Nipkow, L. Paulson, M. Wenzel. Isabelle/HOL: a proof assistant for higher-order logic, Springer Verlag, Heiderberg, 2003.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, The University of Reading, Reading, RG6 6AY, UK

    Xiao-Qi Ma & Xiao-Chun Cheng

Authors
  1. Xiao-Qi Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiao-Chun Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xiao-Qi Ma.

Additional information

This work was supported by EC, EPSRC, the National Natural Science Foundation of China (No.60496320, 60496321), and Hong Kong K C Wang Education Foundation.

Xiao-Qi Ma graduated from Nanjing University of Science and Technology, China, in 1997. He received his Master’s degree from the Institute of Software, Chinese Academy of Sciences in 2003. He is currently a PhD student at the University of Reading. His research interests include computer network security, knowledge-based systems, and operating systems.

Xiao-Chun Cheng obtained his PhD in 1996. He has worked as a lecturer at the University of Reading since 2000. He is a guest professor at North East Normal University and Beijing Normal University. His research interests include theoretical and applied aspects in decision support systems, knowledge-based systems and intelligent systems.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Ma, XQ., Cheng, XC. Formal verification of the Merchant Registration phase of the SET protocol. Int J Automat Comput 2, 155–162 (2005). https://doi.org/10.1007/s11633-005-0155-5

Download citation

  • Received:

  • Revised:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11633-005-0155-5

Keywords

Search

Navigation