Abstract
The Secure Electronic Transaction (SET) protocol has been jointly developed by Visa and MasterCard toward achieving secure online-transactions. This paper presents formal verification of the Purchase Request phase of SET, by using ENDL (extension of non-monotonic logic). The analysis unveils some potential flaws. To overcome these vulnerabilities, some feasible countermeasures are proposed accordingly during the validation. Also, the modelling of Purchase Request is described to implement the mechanically model checking instead of manual verification.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Needham R. and Schroeder M., Using Excryption for Authentication in Large Networks of Computers. Comm. of the ACM, 21(12), pages 993–999, Dec 1978.
Gritizalis S., Security Protocols over Open networks and distributed systems: Formal methods for their Analysis, Design, and Verification, Computer Communications, 22(8), pages 695–707, May 1999.
Dolev D, Yao A., On the Security of Public Key Protocols. IEEE Transaction on Information Theory, 29(2), pages 198–208, 1983
Meadows C., The NRL Protocol Analyzer: An overview, Journal of Logic Programming, 26(2), pages 113–131, 1996.
Burrows M., Abadi M., Needham R., A logic for Authentication. ACM Transactions on Computer Systems, 8(1):18–36, February 1990.
Gong L, Needham R, and Yahalom R., Reasoning about belief in cryptographic protocols. Proceeding of the Symposium on Security and Privacy, pages 234–248, Oakland, CA, May 1990.
Meadows C., The NRL Protocol Analyzer: An overview, Journal of Logic Programming, 26(2), pages 113–131, 1996.
Brackin S., Automatic formal analyses of two large commercial protocols. Proceedings of the DIMACS Workshop on Design and Formal Verification of Security Protocols, September 1997.
Meadows C, Syverson P., A formal specification of requirements for payment transactions in the SET protocol. Proceedings of Financial Cryptography 98, volume 1465 of Lecture Notes in Comp. Sci. Springer-Verlag, pages 122–140, 1998.
SET Secure Electronic Transaction Specification, Book 1: Business Description, Version 1.0, May 31, 1997.
SET Secure Electronic Transaction Specification, Book 2: Programmer’s Guide, Version 1.0, May 31, 1997.
SET Secure Electronic Transaction Specification, Book 3: Formal Protocol Definition, 1.0, May 31, 1997.
Chen Q.F, Zhang C.Q, Zhang S.C., A Logical Framework ENDL for Verifying Secure Transaction Protocols. Journal of Knowledge and Information Systems, Springer, accepted, forthcoming.
Chen Q.F, Zhang C.Q, Lu J., The Verification of Merchant Registration in SET Protocol, Proceedings of The International Conference on Internet omputing, Las Vegas, pages 1098–1104, 2002.
Chen Q.F, Zhang C.Q., Using ENDL to Verify Cardholder Registration in SET Protocol, Proceeding of International Conference on e-Business (ICEB2002), Beijing, pages 616–623, 2002.
Denning D., Sacco G., Timestamp in Key Distribution Protocols, Communications of ACM, 24(8), 533–536, August 1981.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chen, Q., Zhang, C., Zhang, S., Li, C. (2003). Verifying the Purchase Request in SET Protocol. In: Zhou, X., Orlowska, M.E., Zhang, Y. (eds) Web Technologies and Applications. APWeb 2003. Lecture Notes in Computer Science, vol 2642. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36901-5_27
Download citation
DOI: https://doi.org/10.1007/3-540-36901-5_27
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-02354-8
Online ISBN: 978-3-540-36901-1
eBook Packages: Springer Book Archive