Abstract
This paper describes the formal verification of the Merchant Registration phase of the Secure Electronic Transactions (SET) protocol, a realistic electronic transaction security protocol which is used to protect the secrecy of online purchases. A number of concepts, notations, functions, predicates, assumptions and rules are introduced. We describe the knowledge of all legal participants, and a malicious spy, to assess the security of the sub-protocol. Avoiding search in a large state space, the method converges very quickly. We implemented our method in the Isabelle/Isar automated reasoning environment, therefore the whole verification process can be executed mechanically and efficiently.
Similar content being viewed by others
References
G. Bella, F. Massacci, L. Paulson. Verifying the SET registration protocols. IEEE Journal on Selected Areas in Communications, vol.21, no.1, pp.77–87, 2003.
MasterCard International Incorporated and Visa International Service Association (1997). SET Secure Electronic Transaction Specification, Book 1: Business Description, first edition, MasterCard & Visa, San Francisco, 1997.
MasterCard International Incorporated and Visa International Service Association (1997). SET Secure Electronic Transaction Specification, Book 2: Programmer’s guide, first edition, MasterCard & Visa, San Francisco, 1997.
MasterCard International Incorporated and Visa International Service Association (1997). SET Secure Electronic Transaction Specification, Book 3: Formal Protocol Definition, first edition, MasterCard & Visa, San Francisco, 1997.
C. Meadows, P. Syverson. A Formal Specification of Requirements for Payment Transactions in the SET Protocol. In proceedings of the Second International Conference on Financial Cryptography, Anguilla, British West Indies, Springer Verlag, London, pp.122–140, 1998.
V. Kessler, H. Neumann. A sound logic for analysing electronic commerce protocols. In J.-J. Quisquater, Y. Deswarte, C. Meadows, D. Gollmann. In proceedings of the 5th European Symposium on Research in Computer Security, Lecture Notes in Computer Science, SpringerVerlag, vol.1485, pp. 345–360, 1998.
L. Paulson. The inductive approach to verifying cryptographic protocols. Journal of Computer Security, vol.6, no.1–2, pp. 85–128, 1998.
G. Bella, F. Massacci, L. Paulson, P. Tramontano. Formal verification of cardholder registration in SET. F. Cuppens et al., Computer Security-ESORICS2000, of Lecture Notes in Computer Science, Springer Verlag, Heidelberg, Vol. 1895, pp. 159–174, 2000.
G. Bella, F. Massacci, L. Paulson. The verification of an industrial payment protocol: the SET purchase phase. In proceedings of the 9th ACM Conference on Computer and Communications Security, Washington DC, USA, ACM Press, New York, pp.12–20, 2002.
G. Bella, F. Massacci, L. Paulson. An overview of the verification of SET. International Journal of Information Security, vol.4, no.1–2, pp.17–28, 2005.
X. Cheng, X. Ma, M. Cheng, S. Huang. Proving secure properties of cryptographic protocols. In proceedings of the 24th IEEE International Performance Computing and Communications Conference (IPCCC 2005), Phoenix, Arizona, USA, pp. 3–9, 2005.
X. Ma, X. Cheng, R. McCrinde. Knowledge based approach for mechnically verifying security protocols. In proceedings of the 19th International Joint Conference on Artificial Intelligence (IJCAI 2005), Edinburgh, Scotland, UK. IJCAI: California, pp. 1572–1573, 2005.
T. Nipkow, L. Paulson, M. Wenzel. Isabelle/HOL: a proof assistant for higher-order logic, Springer Verlag, Heiderberg, 2003.
Author information
Authors and Affiliations
Corresponding author
Additional information
This work was supported by EC, EPSRC, the National Natural Science Foundation of China (No.60496320, 60496321), and Hong Kong K C Wang Education Foundation.
Xiao-Qi Ma graduated from Nanjing University of Science and Technology, China, in 1997. He received his Master’s degree from the Institute of Software, Chinese Academy of Sciences in 2003. He is currently a PhD student at the University of Reading. His research interests include computer network security, knowledge-based systems, and operating systems.
Xiao-Chun Cheng obtained his PhD in 1996. He has worked as a lecturer at the University of Reading since 2000. He is a guest professor at North East Normal University and Beijing Normal University. His research interests include theoretical and applied aspects in decision support systems, knowledge-based systems and intelligent systems.
Rights and permissions
About this article
Cite this article
Ma, XQ., Cheng, XC. Formal verification of the Merchant Registration phase of the SET protocol. Int J Automat Comput 2, 155–162 (2005). https://doi.org/10.1007/s11633-005-0155-5
Received:
Revised:
Issue Date:
DOI: https://doi.org/10.1007/s11633-005-0155-5