A Construction Kit for Modeling the Security of M-commerce Applications

  • Dominik Haneberg
  • Wolfgang Reif
  • Kurt Stenzel
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3236)


In this article we present a method to avoid security problems in modern m-commerce applications. The security problems that we are addressing are breaches of security due to erroneous cryptographic protocols. We describe a specification technique that gives way to a formal, and thereby rigorous, treatment of the security protocols used in such applications. Security of communication is important in modern m-commerce applications. As parts of the specification of the security protocols, we describe how to specify the behavior of the agents, how to specify the attacker and how further aspects of the application reflect in the formal specification. The problem is that such formal specifications are difficult to get right, so we propose a construction kit for their development.


Smart Card Class Diagram Security Protocol Security Property Activity Diagram 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anderson, R., Needham, R.: Programming satan’s computer. In: van Leeuwen, J. (ed.) Computer Science Today. LNCS, vol. 1000, Springer, Heidelberg (1995)CrossRefGoogle Scholar
  2. 2.
    Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Transactions on Computer Systems 8(1) (February 1990)Google Scholar
  3. 3.
    Balser, M., Reif, W., Schellhorn, G., Stenzel, K., Thums, A.: Formal system development with KIV. In: Maibaum, T. (ed.) FASE 2000. LNCS, vol. 1783, pp. 363–366. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. 4.
    Dolev, D., Yao, A.C.: On the security of public key protocols. In: Proc. 22th IEEE Symposium on Foundations of Computer Science, pp. 350–357. IEEE, Los Alamitos (1981)Google Scholar
  5. 5.
    EMVCo, L. E.: 4.0 Specifications Book 1 – Application independent ICC to Terminal Interface requirements (December 2000),
  6. 6.
    Freier, A.O., Karlton, P., Kocher, P.C.: The SSL Protocol Version 3.0. Netscape Communications (November 1996),
  7. 7.
    Loeckx, J., Ehrich, H., Wolf, M.: Specification of Abstract Data Types. Wiley-Teubner, Chichester (1996)zbMATHGoogle Scholar
  8. 8.
    Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  9. 9.
    Meadows, C.: Formal methods for cryptographic protocol analysis: Emerging issues and trends. IEEE Journal on Selected Areas in Communication 21(1), 44–54 (2003)CrossRefGoogle Scholar
  10. 10.
    The Object Management Group (OMG). OMG Unified Modeling Language Specification Version 1.5 (2003),
  11. 11.
    Paulson, L.C.: The inductive approach to verifying cryptographic protocols. Journal of Computer Security 6, 85–128 (1998)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Dominik Haneberg
    • 1
  • Wolfgang Reif
    • 1
  • Kurt Stenzel
    • 1
  1. 1.Lehrstuhl für Softwaretechnik und Programmiersprachen, Institut für InformatikUniversität AugsburgAugsburgGermany

Personalised recommendations