Advertisement

Automated Verification of E-Commerce Protocols for Complex Transactions

  • Cătălin V. BîrjoveanuEmail author
  • Mirela Bîrjoveanu
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1118)

Abstract

In our previous work [8] we defined complex transactions as the combination in any form of aggregate and optional transactions. The solution from [8] proposes an e-commerce protocol for complex transactions in that the customer wants to buy several different physical products from different merchants ensuring strong fair exchange, atomicity, effectiveness, timeliness, non-repudiation, integrity and confidentiality. In this paper, we improve the protocol for complex transactions from [8] by providing a more efficient protocol for each subtransaction from complex transaction. Also, we formally verify our improved solution using AVISPA. The verification results obtained using AVISPA demonstrate that our improved solution preserves all security requirements obtained in [8].

Keywords

Electronic commerce security Complex transactions Fair exchange Formal verification 

References

  1. 1.
    Alaraj, A.: Fairness in physical products delivery protocol. Int. J. Comput. Netw. Commun. (IJCNC) 4(6), 99 (2012)Google Scholar
  2. 2.
    Armando, A., Compagna, L.: SATMC: a SAT-based model checker for security protocols. In: Alferes, J.J., Leite, J. (eds.) JELIA 2004. LNCS, vol. 3229, pp. 730–733. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-30227-8_68CrossRefGoogle Scholar
  3. 3.
    Asokan, N.: Fairness in electronic commerce. Ph.D. thesis, University of Waterloo, Canada (1998)Google Scholar
  4. 4.
    AVISPA Team: AVISPA v1.1 User Manual. Version: 1.1 (2006). http://www.avispa-project.org/
  5. 5.
    AVISPA Team: HLPSL Tutorial: A Beginner’s Guide to Modelling and Analysing Internet Security Protocols. Version: 1.1 (2006). http://www.avispa-project.org/
  6. 6.
    Basin, D., Modersheim, S., Vigano, L.: OFMC: a symbolic model-checker for security protocols. Int. J. Inf. Secur. 4, 181–208 (2005).  https://doi.org/10.1007/s10207-004-0055-7CrossRefGoogle Scholar
  7. 7.
    Bîrjoveanu, C.V.: Anonymity and fair-exchange in e-commerce protocol for physical products delivery. In: 12th International Conference on Security and Cryptography, pp. 170–177. SCITEPRESS (2015).  https://doi.org/10.5220/0005508801700177
  8. 8.
    Bîrjoveanu, C.V., Bîrjoveanu, M.: An optimistic fair exchange e-commerce protocol for complex transactions. In: 15th International Joint Conference on e-Business and Telecommunications, ICETE 2018, SECRYPT, vol. 2, pp. 277–288. SCITEPRESS (2018).  https://doi.org/10.5220/0006853502770288
  9. 9.
    Boichut, Y., H\(\acute{e}\)am, P-C., Kouchnarenko, O.: Automatic verification of security protocols using approximations. Research Report RR-5727, INRIA (2005)Google Scholar
  10. 10.
    Chevalier, Y., et al.: A high level protocol specification language for industrial security-sensitive protocols. In: Workshop on Specification and Automated Processing of Security Requirements, pp. 193–205. Austrian Computer Society (2004)Google Scholar
  11. 11.
    Djuric, Z., Gasevic, D.: FEIPS: a secure fair-exchange payment system for internet transactions. Comput. J. 58(10), 2537–2556 (2015)CrossRefGoogle Scholar
  12. 12.
    Dolev, D., Yao, A.: On the security of public-key protocols. IEEE Trans. Inf. Theory 2(29), 198–208 (1983)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Draper-Gil, G., Ferrer-Gomila, J.L., Hinarejos, M.F., Zhou, J.: An asynchronous optimistic protocol for atomic multi-two-party contract signing. Comput. J. 56(10), 1258–1267 (2013)CrossRefGoogle Scholar
  14. 14.
    Ferrer-Gomila, J.L., Onieva, J.A., Payeras, M., Lopez, J.: Certified electronic mail: properties revisited. Comput. Secur. 29(2), 167–179 (2010).  https://doi.org/10.1016/j.cose.2009.06.009CrossRefGoogle Scholar
  15. 15.
    Li, H., Kou, W., Du, X.: Fair e-commerce protocols without a third party. In: 11th IEEE Symposium on Computers and Communications. IEEE (2006).  https://doi.org/10.1109/ISCC.2006.74
  16. 16.
    Liu, Y.: An optimistic fair protocol for aggregate exchange. In: 2nd International Conference on Future Information Technology and Management Engineering. IEEE (2009).  https://doi.org/10.1109/FITME.2009.145
  17. 17.
    Liu, Z., Pang, J., Zhang, C.: Verification of a key chain based TTP transparent CEM protocol. Electron. Notes Theoret. Comput. Sci. 274, 51–65 (2011).  https://doi.org/10.1016/j.entcs.2011.07.006CrossRefGoogle Scholar
  18. 18.
    Mukhamedov, A., Ryan, M.D.: Fair multi-party contract signing using private contract signatures. Inf. Comput. 206(2–4), 272–290 (2008).  https://doi.org/10.1016/j.ic.2007.07.007MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    Onieva, J.A., Lopez, J., Zhou, J.: Secure Multi-Party Non-Repudiation Protocols and Applications. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-0-387-75630-1CrossRefGoogle Scholar
  20. 20.
    Turuani, M.: The CL-Atse protocol analyser. In: Pfenning, F. (ed.) RTA 2006. LNCS, vol. 4098, pp. 277–286. Springer, Heidelberg (2006).  https://doi.org/10.1007/11805618_21CrossRefGoogle Scholar
  21. 21.
    Vigano, L.: Automated security protocol analysis with the AVISPA tool. Electron. Notes Theoret. Comput. Sci. 155, 61–86 (2006).  https://doi.org/10.1016/j.entcs.2005.11.052CrossRefGoogle Scholar
  22. 22.
    Yanping, L., Liaojun, P.: Multi-party non-repudiation protocol with different message exchanged. In: 5th International Conference on Information Assurance and Security. IEEE (2009).  https://doi.org/10.1109/IAS.2009.329
  23. 23.
    Zhang, Q., Markantonakis, K., Mayes, K.: A practical fair exchange e-payment protocol for anonymous purchase and physical delivery. In: 4th ACS/IEEE International Conference on Computer Systems and Applications. IEEE (2006).  https://doi.org/10.1109/AICCSA.2006.205188
  24. 24.
    Zhou, J., Onieva, J.A., Lopez, J.: Optimised multi-party certified email protocols. Inf. Manag. Comput. Secur. J. 13(5), 350–366 (2005).  https://doi.org/10.1108/09685220510627250CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Department of Computer Science“Al. I. Cuza” University of IaşiIaşiRomania
  2. 2.Continental AutomotiveIaşiRomania

Personalised recommendations