Abstract
The project to verify SET, an e-commerce protocol, is described. The main tasks are to comprehend the written documentation, to produce an accurate formal model, to identify specific protocol goals, and finally to prove them. The main obstacles are the protocol’s complexity (due in part to its use of digital envelopes) and its unusual goals involving partial information sharing. Brief examples are taken from the registration and purchase phases. The protocol does not completely satisfy its goals, but only minor flaws have been found. The primary outcome of the project is experience with handling enormous and complicated protocols.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anderson, R.: Why cryptosystems fail. Comm. of the ACM 37(11), 32–40 (1994)
Bella, G., Massacci, F., Paulson, L.C.: The verification of an industrial payment protocol: The SET purchase phase. In: Atluri, V. (ed.) 9th ACM Conference on Computer and Communications Security, pp. 12–20. ACM Press, New York (2002)
Bella, G., Massacci, F., Paulson, L.C.: Verifying the SET registration protocols. IEEE J. of Selected Areas in Communications 21(1) (2003) (in press)
Bella, G., Massacci, F., Paulson, L.C., Tramontano, P.: Formal verification of cardholder registration in SET. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 159–174. Springer, Heidelberg (2000)
Bella, G., Paulson, L.C.: Kerberos version IV: Inductive analysis of the secrecy goals. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol. 1485, pp. 361–375. Springer, Heidelberg (1998)
Cohen, E.: TAPS: A first-order verifier for cryptographic protocols. In: Proc. of the 13th IEEE Comp. Sec. Found. Workshop, pp. 144–158. IEEE Comp. Society Press, Los Alamitos (2000)
Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using CSP and FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)
Mastercard & VISA. SET Secure Electronic Transaction Specification: Business Description (May 1997), Available electronically at http://www.setco.org/set_specifications.html
Mastercard & VISA. SET Secure Electronic Transaction Specification: Formal Protocol Definition (May 1997), Available electronically at http://www.setco.org/set_specifications.html
Mastercard & VISA. SET Secure Electronic Transaction Specification: Programmer’s Guide (May 1997), Available electronically at http://www.setco.org/set_specifications.html
Meadows, C.: Analysis of the Internet Key Exchange protocol using the NRL Protocol Analyzer. In: SSP 1999, pp. 216–231. IEEE Comp. Society Press, Los Alamitos (1999)
Nipkow, T., Paulson, L.C., Wenzel, M.T. (eds.): Isabelle/HOL: A Proof Assistant for Higher-Order Logic. LNCS, vol. 2283. Springer, Heidelberg (2002)
Paulson, L.C.: The inductive approach to verifying cryptographic protocols. J. of Comp. Sec. 6, 85–128 (1998)
Paulson, L.C.: Inductive analysis of the internet protocol TLS. ACM Trans. on Inform. and Sys. Sec. 2(3), 332–351 (1999)
Paulson, L.C.: Relations between secrets: Two formal analyses of the Yahalom protocol. J. of Comp. Sec. 9(3), 197–216 (2001)
Ryan, P., Schneider, S.: An attack on a recurive authentication protocol. a cautionary tale. Inform. Processing Lett. 65(15), 7–16 (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Paulson, L.C. (2003). Verifying the SET Protocol: Overview. In: Abdallah, A.E., Ryan, P., Schneider, S. (eds) Formal Aspects of Security. FASec 2002. Lecture Notes in Computer Science, vol 2629. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-40981-6_3
Download citation
DOI: https://doi.org/10.1007/978-3-540-40981-6_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20693-4
Online ISBN: 978-3-540-40981-6
eBook Packages: Springer Book Archive