Verifying the SET Purchase Protocols
- 82 Downloads
SET (Secure Electronic Transaction) is a suite of protocols proposed by a consortium of credit card companies and software corporations to secure e-commerce transactions. The Purchase part of the suite is intended to guarantee the integrity and authenticity of the payment transaction while keeping the Cardholder's account details secret from the Merchant and his choice of goods secret from the Bank. This paper details the first verification results for the complete Purchase protocols of SET. Using Isabelle and the inductive method, we show that their primary goal is indeed met. However, a lack of explicitness in the dual signature makes some agreement properties fail: it is impossible to prove that the Cardholder meant to send his credit card details to the very payment gateway that receives them. A major effort in the verification went into digesting the SET documentation to produce a realistic model. The protocol's complexity and size make verification difficult, compared with other protocols. However, our effort has yielded significant insights.
Key wordselectronic commerce security protocols inductive definitions deductive verification Isabelle
Unable to display preview. Download preview PDF.
- 1.Abadi, M. and Gordon, A.: A calculus for cryptographic protocols: The spi calculus, in Proc. 4th ACM Conf. on Comm. and Comp. Sec. (CCS-97), ACM and Addison Wesley, 1997.Google Scholar
- 3.Basin, D., Mödersheim, S. and Viganò, L.: An on-the-fly model-checker for security protocol analysis, in E. Snekkenes and D. Gollmann (eds.), Proc. 8th Eur. Symp. on Res. in Comp. Sec., Volume 2000 of Lecture Notes in Comp. Sci., Springer, 2003, pp. 253–270.Google Scholar
- 4.Bella, G.: Inductive verification of smart card protocols, J. Comput. Secur. 11(1) (2003), 87–132.Google Scholar
- 5.Bella, G., Massacci, F. and Paulson, L. C.: The verification of an industrial payment protocol: The SET purchase phase, in V. Atluri (ed.), 9th ACM Conf. on Comp. and Comm. Sec., ACM, 2002, pp. 12–20.Google Scholar
- 8.Bella, G., Massacci, F., Paulson, L. C. and Tramontano, P.: Formal verification of cardholder registration in SET, in F. Cuppens, Y. Deswarte, D. Gollman and M. Waidner (eds.), Computer Security – ESORICS 2000, volume 1895 of Lecture Notes in Comp. Sci., Springer, 2000, pp. 159–174.Google Scholar
- 9.Bella, G. and Paulson, L. C.: Kerberos version IV: Inductive analysis of the secrecy goals, in Quisquater et al. , pp. 361–375.Google Scholar
- 10.Bozzano M. and Delzanno G.: Automated protocol verification in linear logic, in Proc. 4th ACM Conf. on Principles and Practice of Declarative Programming (ACM PPDP'02), ACM and Addison, Wesley 2002, pp. 38–49.Google Scholar
- 11.Durgin, N., Mitchell, J. and Pavlovic, D.: A compositional logic for proving security properties of protocols, J. Comput. Secur. 11(4) (2004), 677–721.Google Scholar
- 12.Fábrega, F. J. T., Herzog, J. C. and Guttman, J. D.: Strand spaces: Proving security protocols correct, J. Comp. Secur. 7 (1999), 191–220.Google Scholar
- 13.Gollmann, D.: What do we mean by entity authentication? in Proc. 15th IEEE Symp. on Security and Privacy, IEEE Comp. Society Press, 1996, pp. 46–54.Google Scholar
- 14.Gong, L. and Syverson, P.: Fail-stop protocols: An approach to designing secure protocols, in Proc. 5th IFIP Working Conference on Dependable Computing for Critical Applications (DCCA-5), September 1995.Google Scholar
- 15.Guttman, J.: Security goals: Packet trajectories and strand spaces, in R. Focardi and F. Gorrieri (eds.), Foundations of Security Analysis and Design – Tutorial Lectures, volume 2171 of Lecture Notes in Comp. Sci., Springer, 2001, pp. 197–261.Google Scholar
- 16.Kessler, V. and Neumann, H.: A sound logic for analysing electronic commerce protocols, in Quisquater et al. .Google Scholar
- 17.Lowe, G.: A hierarchy of authentication specifications, in Proc. 10th IEEE Comp. Sec. Found. Workshop, IEEE Comp. Society Press, 1997, pp. 31–43.Google Scholar
- 18.Lowe, G. and Hui, M. L.: Fault-preserving simplifying transformations for security protocols, J. Comput. Secur. 9 (2001), 3–46.Google Scholar
- 19.Mastercard & VISA: SET Secure Electronic Transaction: External Interface Guide, May 1997. On the Internet at http://www.setco.org/set\_specifications.html.
- 20.Mastercard & VISA: SET Secure Electronic Transaction Specification: Business Description, May 1997. On the Internet at http://www.setco.org/set\_specifications.html.
- 21.Mastercard & VISA: SET Secure Electronic Transaction Specification: Formal Protocol Definition, May 1997. On the Internet at http://www.setco.org/set\_specifications.html.
- 22.Mastercard & VISA: SET Secure Electronic Transaction Specification: Programmer's Guide, May 1997. On the Internet at http://www.setco.org/set\_specifications.html.
- 23.Meadows, C.: Analysis of the Internet Key Exchange protocol using the NRL Protocol Analyzer, in SSP-99, IEEE Comp. Society Press, 1999, pp. 216–231.Google Scholar
- 25.Meadows, C. and Syverson, P.: A formal specification of requirements for payment transactions in the SET protocol, in R. Hirschfeld, (ed.), Proc. Financial Cryptography 98, volume 1465 of Lecture Notes in Comp. Sci. Springer, 1998.Google Scholar
- 26.Nipkow, T., Paulson, L. C. and Wenzel, M.: Isabelle/HOL: A Proof Assistant for Higher-Order Logic. Springer, 2002. LNCS Tutorial 2283.Google Scholar
- 27.Paller, A.: Alert: Large criminal hacker attack on Windows NTE-banking and E-commerce sites. On the Internet at http://www.sans.org/newlook/alerts/NTE-bank.htm, Mar. 2001. SANS Institute.
- 28.Paulson, L. C.: Generic automatic proof tools, in R. Veroff (ed.), Automated Reasoning and its Applications: Essays in Honor of Larry Wos, chapter 3. MIT Press, 1997.Google Scholar
- 29.Paulson, L. C.: The inductive approach to verifying cryptographic protocols, J. Comput. Secur. 6 (1998), 85–128.Google Scholar
- 32.Quisquater, J.-J., Deswarte, Y., Meadows, C. and Gollmann, D. (eds.), Computer Security – ESORICS 98, volume 1485 of Lecture Notes in Comp. Sci. Springer, 1998.Google Scholar
- 33.RSA Laboratories. PKCS-7: Cryptographic Message Syntax Standard, 1993. On the Internet at http://www.rsasecurity.com/rsalabs/pkcs.
- 34.Stoller, S. D.: A bound on attacks on payment protocols, in Proc. 16th Annual IEEE Symposium on Logic in Computer Science (LICS), June 2001.Google Scholar