Verifying the SET Protocol: Overview
The project to verify SET, an e-commerce protocol, is described. The main tasks are to comprehend the written documentation, to produce an accurate formal model, to identify specific protocol goals, and finally to prove them. The main obstacles are the protocol’s complexity (due in part to its use of digital envelopes) and its unusual goals involving partial information sharing. Brief examples are taken from the registration and purchase phases. The protocol does not completely satisfy its goals, but only minor flaws have been found. The primary outcome of the project is experience with handling enormous and complicated protocols.
Unable to display preview. Download preview PDF.
- 3.Bella, G., Massacci, F., Paulson, L.C.: Verifying the SET registration protocols. IEEE J. of Selected Areas in Communications 21(1) (2003) (in press)Google Scholar
- 7.Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using CSP and FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)Google Scholar
- 8.Mastercard & VISA. SET Secure Electronic Transaction Specification: Business Description (May 1997), Available electronically at http://www.setco.org/set_specifications.html
- 9.Mastercard & VISA. SET Secure Electronic Transaction Specification: Formal Protocol Definition (May 1997), Available electronically at http://www.setco.org/set_specifications.html
- 10.Mastercard & VISA. SET Secure Electronic Transaction Specification: Programmer’s Guide (May 1997), Available electronically at http://www.setco.org/set_specifications.html
- 11.Meadows, C.: Analysis of the Internet Key Exchange protocol using the NRL Protocol Analyzer. In: SSP 1999, pp. 216–231. IEEE Comp. Society Press, Los Alamitos (1999)Google Scholar
- 13.Paulson, L.C.: The inductive approach to verifying cryptographic protocols. J. of Comp. Sec. 6, 85–128 (1998)Google Scholar