A Verification Model for Electronic Transaction Protocols

  • Qingfeng Chen
  • Chengqi Zhang
  • Shichao Zhang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3007)


Electronic transaction protocols have been found with subtle flaws. Recently, model checking has been used to verify electronic transaction protocols for the limitations of low efficiency and error prone in the traditional approaches. This paper proposes an extendable verification model to especially validate electronic transaction protocols. In particular, the verification model is able to deal with the inconsistency in transmitted messages. Thus, we can measure the incoherence in secure messages coming from different sources and at different moments and ensure the validity of verification result. We analyze two instances by using this model. The analyses uncover some subtle flaws in the protocols.


Knowledge Base Model Check Inference Rule Theorem Prove Security Protocol 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Burrows, M., Abadi, M., Needham, R.: A logic for Authentication. ACM Transactions on Computer Systems 8(1), 18–36 (1990)CrossRefGoogle Scholar
  2. 2.
    Heintze, N., Tygar, J., Wing, J., Wong, H.: Model Checking Electronic Commerce Protocols. In: Proceeding of the 2nd USENIX Workshop on Electronic Commerce (November 1996)Google Scholar
  3. 3.
    Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Tools and Algorithms for the Construction and Analysis of Systems: Second International Workshop, TACAs’96, pp. 147–166 (March 1996)Google Scholar
  4. 4.
    Chen, Q., Zhang, C., Zhang, S.: ENDL: A Logical Framework for Verifying Secure Transaction Protocols. Knowledge and Information Systems, an International Journal by Springer (accepted)Google Scholar
  5. 5.
    Hunter, A.: Measuring inconsistency in knowledge via quasi-classical models. In: Proceedings of the 18th National Conference on Artificial Intelligence (AAAI 2002), pp. 68–73. MIT Press, Cambridge (2002)Google Scholar
  6. 6.
    SET Secure Electronic Transaction Specification, Book 1: Business Description, Version 1.0, May 31 (1997) Google Scholar
  7. 7.
    Needham, R., Schroeder, M.: Using Encryption for Authentication in Large Networks of Computers. Comm. of the ACM 21(12), 993–999 (1978)zbMATHCrossRefGoogle Scholar
  8. 8.
    Denning, D., Sacco, G.: Timestamp in Key Distribution Protocols. Communications of ACM 24(8), 533–536 (1981)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Qingfeng Chen
    • 1
  • Chengqi Zhang
    • 1
  • Shichao Zhang
    • 1
  1. 1.Faculty of Information TechnologyUniversity of Technology, SydneyBroadwayAustralia

Personalised recommendations