Formal verification of the Merchant Registration phase of the SET protocol

Article

Abstract

This paper describes the formal verification of the Merchant Registration phase of the Secure Electronic Transactions (SET) protocol, a realistic electronic transaction security protocol which is used to protect the secrecy of online purchases. A number of concepts, notations, functions, predicates, assumptions and rules are introduced. We describe the knowledge of all legal participants, and a malicious spy, to assess the security of the sub-protocol. Avoiding search in a large state space, the method converges very quickly. We implemented our method in the Isabelle/Isar automated reasoning environment, therefore the whole verification process can be executed mechanically and efficiently.

Keywords

Formal verification electronic transaction protocol knowledge-based system 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    G. Bella, F. Massacci, L. Paulson. Verifying the SET registration protocols. IEEE Journal on Selected Areas in Communications, vol.21, no.1, pp.77–87, 2003.CrossRefGoogle Scholar
  2. [2]
    MasterCard International Incorporated and Visa International Service Association (1997). SET Secure Electronic Transaction Specification, Book 1: Business Description, first edition, MasterCard & Visa, San Francisco, 1997.Google Scholar
  3. [3]
    MasterCard International Incorporated and Visa International Service Association (1997). SET Secure Electronic Transaction Specification, Book 2: Programmer’s guide, first edition, MasterCard & Visa, San Francisco, 1997.Google Scholar
  4. [4]
    MasterCard International Incorporated and Visa International Service Association (1997). SET Secure Electronic Transaction Specification, Book 3: Formal Protocol Definition, first edition, MasterCard & Visa, San Francisco, 1997.Google Scholar
  5. [5]
    C. Meadows, P. Syverson. A Formal Specification of Requirements for Payment Transactions in the SET Protocol. In proceedings of the Second International Conference on Financial Cryptography, Anguilla, British West Indies, Springer Verlag, London, pp.122–140, 1998.Google Scholar
  6. [6]
    V. Kessler, H. Neumann. A sound logic for analysing electronic commerce protocols. In J.-J. Quisquater, Y. Deswarte, C. Meadows, D. Gollmann. In proceedings of the 5th European Symposium on Research in Computer Security, Lecture Notes in Computer Science, SpringerVerlag, vol.1485, pp. 345–360, 1998.Google Scholar
  7. [7]
    L. Paulson. The inductive approach to verifying cryptographic protocols. Journal of Computer Security, vol.6, no.1–2, pp. 85–128, 1998.Google Scholar
  8. [8]
    G. Bella, F. Massacci, L. Paulson, P. Tramontano. Formal verification of cardholder registration in SET. F. Cuppens et al., Computer Security-ESORICS2000, of Lecture Notes in Computer Science, Springer Verlag, Heidelberg, Vol. 1895, pp. 159–174, 2000.Google Scholar
  9. [9]
    G. Bella, F. Massacci, L. Paulson. The verification of an industrial payment protocol: the SET purchase phase. In proceedings of the 9th ACM Conference on Computer and Communications Security, Washington DC, USA, ACM Press, New York, pp.12–20, 2002.Google Scholar
  10. [10]
    G. Bella, F. Massacci, L. Paulson. An overview of the verification of SET. International Journal of Information Security, vol.4, no.1–2, pp.17–28, 2005.CrossRefGoogle Scholar
  11. [11]
    X. Cheng, X. Ma, M. Cheng, S. Huang. Proving secure properties of cryptographic protocols. In proceedings of the 24th IEEE International Performance Computing and Communications Conference (IPCCC 2005), Phoenix, Arizona, USA, pp. 3–9, 2005.Google Scholar
  12. [12]
    X. Ma, X. Cheng, R. McCrinde. Knowledge based approach for mechnically verifying security protocols. In proceedings of the 19th International Joint Conference on Artificial Intelligence (IJCAI 2005), Edinburgh, Scotland, UK. IJCAI: California, pp. 1572–1573, 2005.Google Scholar
  13. [13]
    T. Nipkow, L. Paulson, M. Wenzel. Isabelle/HOL: a proof assistant for higher-order logic, Springer Verlag, Heiderberg, 2003.Google Scholar

Copyright information

© Institute of Automation, Chinese Academy of Sciences 2005

Authors and Affiliations

  1. 1.Department of Computer ScienceThe University of ReadingReadingUK

Personalised recommendations