Skip to main content
SpringerLink
Log in

Verifying the SET Purchase Protocols

  • Published:
Journal of Automated Reasoning Aims and scope Submit manuscript

Abstract

SET (Secure Electronic Transaction) is a suite of protocols proposed by a consortium of credit card companies and software corporations to secure e-commerce transactions. The Purchase part of the suite is intended to guarantee the integrity and authenticity of the payment transaction while keeping the Cardholder's account details secret from the Merchant and his choice of goods secret from the Bank. This paper details the first verification results for the complete Purchase protocols of SET. Using Isabelle and the inductive method, we show that their primary goal is indeed met. However, a lack of explicitness in the dual signature makes some agreement properties fail: it is impossible to prove that the Cardholder meant to send his credit card details to the very payment gateway that receives them. A major effort in the verification went into digesting the SET documentation to produce a realistic model. The protocol's complexity and size make verification difficult, compared with other protocols. However, our effort has yielded significant insights.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abadi, M. and Gordon, A.: A calculus for cryptographic protocols: The spi calculus, in Proc. 4th ACM Conf. on Comm. and Comp. Sec. (CCS-97), ACM and Addison Wesley, 1997.

  2. Abadi, M. and Needham, R. M.: Prudent engineering practice for cryptographic protocols, IEEE Trans. Softw. Eng. 22(1) (January 1996), 6–15.

    Article  Google Scholar 

  3. Basin, D., Mödersheim, S. and Viganò, L.: An on-the-fly model-checker for security protocol analysis, in E. Snekkenes and D. Gollmann (eds.), Proc. 8th Eur. Symp. on Res. in Comp. Sec., Volume 2000 of Lecture Notes in Comp. Sci., Springer, 2003, pp. 253–270.

  4. Bella, G.: Inductive verification of smart card protocols, J. Comput. Secur. 11(1) (2003), 87–132.

    Google Scholar 

  5. Bella, G., Massacci, F. and Paulson, L. C.: The verification of an industrial payment protocol: The SET purchase phase, in V. Atluri (ed.), 9th ACM Conf. on Comp. and Comm. Sec., ACM, 2002, pp. 12–20.

  6. Bella, G., Massacci, F. and Paulson, L. C.: Verifying the SET registration protocols, IEEE J. Sel. Areas Commun. 21(1) (2003), 77–87.

    Article  Google Scholar 

  7. Bella, G., Massacci, F. and Paulson, L. C.: An overview of the verification of SET, Int. J. Inf. Secur. 4(1–2)(2005),17–28.

    Article  Google Scholar 

  8. Bella, G., Massacci, F., Paulson, L. C. and Tramontano, P.: Formal verification of cardholder registration in SET, in F. Cuppens, Y. Deswarte, D. Gollman and M. Waidner (eds.), Computer Security – ESORICS 2000, volume 1895 of Lecture Notes in Comp. Sci., Springer, 2000, pp. 159–174.

  9. Bella, G. and Paulson, L. C.: Kerberos version IV: Inductive analysis of the secrecy goals, in Quisquater et al. [32], pp. 361–375.

  10. Bozzano M. and Delzanno G.: Automated protocol verification in linear logic, in Proc. 4th ACM Conf. on Principles and Practice of Declarative Programming (ACM PPDP'02), ACM and Addison, Wesley 2002, pp. 38–49.

  11. Durgin, N., Mitchell, J. and Pavlovic, D.: A compositional logic for proving security properties of protocols, J. Comput. Secur. 11(4) (2004), 677–721.

    Google Scholar 

  12. Fábrega, F. J. T., Herzog, J. C. and Guttman, J. D.: Strand spaces: Proving security protocols correct, J. Comp. Secur. 7 (1999), 191–220.

    Google Scholar 

  13. Gollmann, D.: What do we mean by entity authentication? in Proc. 15th IEEE Symp. on Security and Privacy, IEEE Comp. Society Press, 1996, pp. 46–54.

  14. Gong, L. and Syverson, P.: Fail-stop protocols: An approach to designing secure protocols, in Proc. 5th IFIP Working Conference on Dependable Computing for Critical Applications (DCCA-5), September 1995.

  15. Guttman, J.: Security goals: Packet trajectories and strand spaces, in R. Focardi and F. Gorrieri (eds.), Foundations of Security Analysis and Design – Tutorial Lectures, volume 2171 of Lecture Notes in Comp. Sci., Springer, 2001, pp. 197–261.

  16. Kessler, V. and Neumann, H.: A sound logic for analysing electronic commerce protocols, in Quisquater et al. [32].

  17. Lowe, G.: A hierarchy of authentication specifications, in Proc. 10th IEEE Comp. Sec. Found. Workshop, IEEE Comp. Society Press, 1997, pp. 31–43.

  18. Lowe, G. and Hui, M. L.: Fault-preserving simplifying transformations for security protocols, J. Comput. Secur. 9 (2001), 3–46.

    Google Scholar 

  19. Mastercard & VISA: SET Secure Electronic Transaction: External Interface Guide, May 1997. On the Internet at http://www.setco.org/set\_specifications.html.

  20. Mastercard & VISA: SET Secure Electronic Transaction Specification: Business Description, May 1997. On the Internet at http://www.setco.org/set\_specifications.html.

  21. Mastercard & VISA: SET Secure Electronic Transaction Specification: Formal Protocol Definition, May 1997. On the Internet at http://www.setco.org/set\_specifications.html.

  22. Mastercard & VISA: SET Secure Electronic Transaction Specification: Programmer's Guide, May 1997. On the Internet at http://www.setco.org/set\_specifications.html.

  23. Meadows, C.: Analysis of the Internet Key Exchange protocol using the NRL Protocol Analyzer, in SSP-99, IEEE Comp. Society Press, 1999, pp. 216–231.

  24. Meadows, C.: Formal methods for cryptographic protocol analysis: Emerging issues and trends, IEEE J. Sel. Areas Commun. 21(1) (2003), 44–54.

    Article  Google Scholar 

  25. Meadows, C. and Syverson, P.: A formal specification of requirements for payment transactions in the SET protocol, in R. Hirschfeld, (ed.), Proc. Financial Cryptography 98, volume 1465 of Lecture Notes in Comp. Sci. Springer, 1998.

  26. Nipkow, T., Paulson, L. C. and Wenzel, M.: Isabelle/HOL: A Proof Assistant for Higher-Order Logic. Springer, 2002. LNCS Tutorial 2283.

  27. Paller, A.: Alert: Large criminal hacker attack on Windows NTE-banking and E-commerce sites. On the Internet at http://www.sans.org/newlook/alerts/NTE-bank.htm, Mar. 2001. SANS Institute.

  28. Paulson, L. C.: Generic automatic proof tools, in R. Veroff (ed.), Automated Reasoning and its Applications: Essays in Honor of Larry Wos, chapter 3. MIT Press, 1997.

  29. Paulson, L. C.: The inductive approach to verifying cryptographic protocols, J. Comput. Secur. 6 (1998), 85–128.

    Google Scholar 

  30. Paulson, L. C.: A generic tableau prover and its integration with Isabelle, J. Univers. Comput. Sci. 5(3) (1999), 73–87.

    MATH  MathSciNet  Google Scholar 

  31. Paulson, L. C.: Inductive analysis of the internet protocol TLS, ACM Trans. Inf. Syst. Secur. 2(3) (1999), 332–351.

    Article  Google Scholar 

  32. Quisquater, J.-J., Deswarte, Y., Meadows, C. and Gollmann, D. (eds.), Computer Security – ESORICS 98, volume 1485 of Lecture Notes in Comp. Sci. Springer, 1998.

  33. RSA Laboratories. PKCS-7: Cryptographic Message Syntax Standard, 1993. On the Internet at http://www.rsasecurity.com/rsalabs/pkcs.

  34. Stoller, S. D.: A bound on attacks on payment protocols, in Proc. 16th Annual IEEE Symposium on Logic in Computer Science (LICS), June 2001.

Download references

Author information

Authors and Affiliations

  1. Dipartimento di Matematica e Informatica, Università di Catania, Viale A. Doria 6, I-95125, Catania, Italy

    Giampaolo Bella

  2. Dipartimento di Informatica e Telecomunicazioni, Università di Trento, Via Sommarive 14, I-38050, Povo (Trento), Italy

    Fabio Massacci

  3. Computer Laboratory, University of Cambridge, J J Thomson Avenue, Cambridge, CB3 0FD, UK

    Lawrence C. Paulson

Authors
  1. Giampaolo Bella
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fabio Massacci
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lawrence C. Paulson
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Giampaolo Bella.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Bella, G., Massacci, F. & Paulson, L.C. Verifying the SET Purchase Protocols. J Autom Reasoning 36, 5–37 (2006). https://doi.org/10.1007/s10817-005-9018-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10817-005-9018-6

Key words

Search

Navigation