A Role-based Specification of the SET Payment Transaction Protocol
In this paper, we define a language for specifying security protocols concisely and unambiguously. We use this language to formally specify the protocol for payment transactions in Secure Electronic Transaction (SET), which has been developed by Visa and MasterCard.
In our language, a protocol is specified as a collection of processes. Each process expresses the role of a participant. In the role-based specification, the components that a participant sees in a message can be stated explicitly. This is important in specifying protocols like that for the SET payment transactions because in such protocols some message components are encrypted and invisible to some participants.
We simplify the SET payment transaction protocol into the exchanges of six messages. Because our future goal is to formally analyze the security properties that Meadows and Syverson discussed, we make the simplified protocol contain the parameters used in their security properties. And we also refrain from excessive simplification. For example, we use dual signature in the payment request message as it is specified in the SET specification books, while most of the other works do not use it. Our specification can serve as a starting point for a formal analysis of the protocol.
KeywordsFormal methods security protocols electronic commerce
- Bella, G., Massacci, F., Paulson, L. C., and ’Tkamontano, P. (2000). Formal verification of cardholder registration in SET. In 6th European Symposium on Research in Computer Security (ESORICS’00), volume 1895 of LNCS, pages 159–174. Springer-Verlag.Google Scholar
- Bolignano, D. (1997). Towards the formal verification of electronic commerce protocols. In 10th IEEE Computer Security Foundations Workshop, pages 133–146.Google Scholar
- Cervesato, I. (2001b). Typed multiset rewriting specifications of security protocols. In 1s Irish Conference on the Mathematical Foundations of Computer Science and Information Technology (MFCSIT’00), ENTCS. Elsevier. To appear.Google Scholar
- Clark, J. and Jacob, J. (1997). A survey of authentication protocol literature: Version 1.0. Technical report, Department of Computer Science, University of York.Google Scholar
- Denker, G., Millen, J., and Rueß, H. (2000). The CAPSL integrated protocol environment. SRI Technical Report SRI-CSL-2000-02, SRI International.Google Scholar
- Dolev, D. and Yao, A. C. (1981). On the security of public key protocols (extended abstract). In 22nd Annual Symposium on Foundations of Computer Science, pages 350–357. IEEE.Google Scholar
- Formal Systems Ltd (1998). FDR2 user manual.Google Scholar
- Hoare, C. A. R. (1985). Communicating Sequential Processes. Prentice Hall.Google Scholar
- Kessler, V. and Neumann, H. (1998). A sound logic for analysing electronic commerce protocols. In 5th European Symposium on Research in Computer Security (ESORICS’98), volume 1485 of LNCS, pages 345–360. Springer-Verlag.Google Scholar
- Lu, S. and Smolka, S. (1999). Model checking SET Secure Electronic Transaction Protocol. In 7th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (MASCOTS’99), pages 358–365. IEEE.Google Scholar
- Paulson, L. C. (1994). Isabelle: A Generic Theorem Prover, volume 828 of LNCS. Springer-Verlag.Google Scholar
- Roscoe, A. W. (1995). Modelling and verifying key-exchange protocols using CSP and FDR. In 8th IEEE Computer Security Foundations Workshop, pages 98–107.Google Scholar
- Schneider, S. (1997). Verifying authentication protocols with CSP. In 10th IEEE Computer Security Foundations Workshop, pages 3–17.Google Scholar
- SET Secure Electronic Transaction LLC (1997a). SET secure electronic transaction book 1: Business description.Google Scholar
- SET Secure Electronic Transaction LLC (1997b). SET secure electronic transaction book 2: Programmer’s guide.Google Scholar
- SET Secure Electronic Transaction LLC (1997c). SET secure electronic transaction book 3: Formal protocol definition.Google Scholar