Verifying the Payment Authorization in SET Protocol

  • Qingfeng Chen
  • Chengqi Zhang
  • Shichao Zhang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2690)

Abstract

The Secure Electronic Transaction (SET) protocol is a protocol designed to conduct safe business over Internet. We present formal verification of the Payment Authorization in SET by using ENDL (extension of non-monotonic logic) [1]. The analysis uncovers some subtle defects that may incur malicious attacks. To overcome these vulnerabilities, some feasible countermeasures are proposed accordingly.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Chen, Q.F., Zhang, C.Q., Zhang, S.C.: A Logical Framework ENDL for Verifying Secure Transaction Protocols. Journal of Knowledge and Information Systems. Springer, Heidelberg. (accepted) (forthcoming)Google Scholar
  2. 2.
    Needham, R., Schroeder, M.: Using Excryption for Authentication in Large Networks of Computers. Comm. of the ACM 21(12), 993–999 (1978)MATHCrossRefGoogle Scholar
  3. 3.
    Gritizalis, S.: Security Protocols over Open networks and distributed systems: Formal methods for their Analysis, Design, and Verification. Computer Communications 22(8), 695–707 (1999)Google Scholar
  4. 4.
    Bella, G., Massacci, F., Paulson, C., Tramontano, P.: Formal Verification of Cardholder Registration in SET. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 159–174. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  5. 5.
    Denning, D., Sacco, G.: Timestamp in Key Distribution Protocols. Communications of ACM 24(8), 533–536 (1981)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Qingfeng Chen
    • 1
  • Chengqi Zhang
    • 1
  • Shichao Zhang
    • 1
  1. 1.Faculty of Information TechnologyUniversity of Technology, SydneyBroadwayAustralia

Personalised recommendations