A Role-based Specification of the SET Payment Transaction Protocol

  • Hideki Sakurada
  • Yasuyuki Tsukada
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 78)


In this paper, we define a language for specifying security protocols concisely and unambiguously. We use this language to formally specify the protocol for payment transactions in Secure Electronic Transaction (SET), which has been developed by Visa and MasterCard.

In our language, a protocol is specified as a collection of processes. Each process expresses the role of a participant. In the role-based specification, the components that a participant sees in a message can be stated explicitly. This is important in specifying protocols like that for the SET payment transactions because in such protocols some message components are encrypted and invisible to some participants.

We simplify the SET payment transaction protocol into the exchanges of six messages. Because our future goal is to formally analyze the security properties that Meadows and Syverson discussed, we make the simplified protocol contain the parameters used in their security properties. And we also refrain from excessive simplification. For example, we use dual signature in the payment request message as it is specified in the SET specification books, while most of the other works do not use it. Our specification can serve as a starting point for a formal analysis of the protocol.


Formal methods security protocols electronic commerce 


  1. Anderson, R. and Needham, R. (1995). Programming satan’s computer. In Computer Science Today: Recent Trends and Developments, volume 1000 of LNCS, pages 426–440. Springer-Verlag.MathSciNetCrossRefGoogle Scholar
  2. Bella, G., Massacci, F., Paulson, L. C., and ’Tkamontano, P. (2000). Formal verification of cardholder registration in SET. In 6th European Symposium on Research in Computer Security (ESORICS’00), volume 1895 of LNCS, pages 159–174. Springer-Verlag.Google Scholar
  3. Bolignano, D. (1997). Towards the formal verification of electronic commerce protocols. In 10th IEEE Computer Security Foundations Workshop, pages 133–146.Google Scholar
  4. Burrows, M., Abadi, M., and Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1):18–36.CrossRefMATHGoogle Scholar
  5. Cervesato, I. (2001a). Typed MSR: Syntax and examples. In Information Assurance in Computer Networks: Methods, Models, and Architectures for Network Security (MMM-ACNS’01), volume 2052 of LNCS, pages 159–177. Springer-Verlag.CrossRefMATHGoogle Scholar
  6. Cervesato, I. (2001b). Typed multiset rewriting specifications of security protocols. In 1s Irish Conference on the Mathematical Foundations of Computer Science and Information Technology (MFCSIT’00), ENTCS. Elsevier. To appear.Google Scholar
  7. Clark, J. and Jacob, J. (1997). A survey of authentication protocol literature: Version 1.0. Technical report, Department of Computer Science, University of York.Google Scholar
  8. Denker, G., Millen, J., and Rueß, H. (2000). The CAPSL integrated protocol environment. SRI Technical Report SRI-CSL-2000-02, SRI International.Google Scholar
  9. Dolev, D. and Yao, A. C. (1981). On the security of public key protocols (extended abstract). In 22nd Annual Symposium on Foundations of Computer Science, pages 350–357. IEEE.Google Scholar
  10. Formal Systems Ltd (1998). FDR2 user manual.Google Scholar
  11. Hoare, C. A. R. (1985). Communicating Sequential Processes. Prentice Hall.Google Scholar
  12. Kessler, V. and Neumann, H. (1998). A sound logic for analysing electronic commerce protocols. In 5th European Symposium on Research in Computer Security (ESORICS’98), volume 1485 of LNCS, pages 345–360. Springer-Verlag.Google Scholar
  13. Lu, S. and Smolka, S. (1999). Model checking SET Secure Electronic Transaction Protocol. In 7th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (MASCOTS’99), pages 358–365. IEEE.Google Scholar
  14. Meadows, C. (1996). The NRL protocol analyzer: an overview. Journal of Logic Programming, 26(2):113–131.CrossRefMATHGoogle Scholar
  15. Meadows, C. and Syverson, P. (1998). A formal specification of requirements for payment transactions in the SET protocol. In Financial Cryptography’ 98, volume 1465 of LNCS, pages 122–140. Springer Verlag.CrossRefGoogle Scholar
  16. Needham, R. and Schroeder, M. (1978). Using encryption for authentication in large networks of computers. Communications of the ACM, 21(12):993–999.CrossRefMATHGoogle Scholar
  17. Paulson, L. C. (1994). Isabelle: A Generic Theorem Prover, volume 828 of LNCS. Springer-Verlag.Google Scholar
  18. Paulson, L. C. (1998). The inductive approach to verifying cryptographic protocols. Journal of Computer Security, 6(1):85–128.CrossRefGoogle Scholar
  19. Roscoe, A. W. (1995). Modelling and verifying key-exchange protocols using CSP and FDR. In 8th IEEE Computer Security Foundations Workshop, pages 98–107.Google Scholar
  20. Schneider, S. (1997). Verifying authentication protocols with CSP. In 10th IEEE Computer Security Foundations Workshop, pages 3–17.Google Scholar
  21. SET Secure Electronic Transaction LLC (1997a). SET secure electronic transaction book 1: Business description.Google Scholar
  22. SET Secure Electronic Transaction LLC (1997b). SET secure electronic transaction book 2: Programmer’s guide.Google Scholar
  23. SET Secure Electronic Transaction LLC (1997c). SET secure electronic transaction book 3: Formal protocol definition.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2002

Authors and Affiliations

  • Hideki Sakurada
    • 1
  • Yasuyuki Tsukada
    • 1
  1. 1.NTT Communication Science LaboratoriesNTT CorporationKanagawaJapan

Personalised recommendations