Non-repudiation in SET: Open Issues

Van Herreweghen, Els

doi:10.1007/3-540-45472-1_11

Non-repudiation in SET: Open Issues

Els Van Herreweghen²

Conference paper
First Online: 26 October 2001

797 Accesses
5 Citations

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1962))

Abstract

The SET payment protocol uses digital signatures to authenticate messages and authorize transactions. It is assumed that these digital signatures make authorizations non-repudiable, i.e., provable to a third-party verifier. This paper evaluates what can be proved with the digital signatures in SET. The analysis shows that even a successful and completed SET protocol run does not give the parties enough evidence to prove certain important transaction features. A comparison with the similarly-structured iKP protocol shows a number of advantages of iKP as opposed to SET with respect to the use of its signatures as evidence tokens. It is shown that non-repudiation requires more than digitally signing authorization messages. Most importantly, protocols claiming non-repudiaton should explicitly specify the rules to be used for deriving authorization statements from digitally signed messages.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

N. Asokan, Els Van Herreweghen, and Michael Steiner. Towards a framework for handling disputes in payment systems. In Third USENIX Workshop on Electronic Commerce, pages 187–202, Boston, Mass., September 1998. USENIX. Available from http://www.zurich.ibm.com/Technology/Security/publications/1998/AvHS98b'/..ps.gz.
J. L. Abad-Peiro, N. Asokan, Michael Steiner, and Michael Waidner. Designing a generic payment service. IBM Systems Journal, 37(l):72–88, January 1998.
Article Google Scholar
[BGH⁺95]_Mihir Bellare, Juan Garay, Ralf Hauser, Amir Herzberg, Hugo Krawczyk, Michael Steiner, Gene Tsudik, and Michael Waidner.iKP-A family of secure electronic payment protocols. In First USENIX Workshop on Electronic Commerce, pages 89–106, New York, July 1995. USENIX.
Google Scholar
[BGH⁺99]_Mihir Bellare, Juan Garay, Ralf Hauser, Amir Herzberg, Hugo Krawczyk, Michael Steiner, Gene Tsudik, Els Van Herreweghen, and Michael Waidner. Design, implementation and deployment of a secure account-based electronic payment system. Research Report RZ 3137, IBM Research Division, June 1999. A modified version is to appear as [BGH⁺00].
Google Scholar
[BGH⁺00]_Mihir Bellare, Juan Garay, Ralf Hauser, Amir Herzberg, Hugo Krawczyk, Michael Steiner, Gene Tsudik, Els Van Herreweghen, and Michael Waidner. Design, implementation and deployment of the _iKP secure electronic payment system. IEEE Journal on Selected Areas in Communications, 18, 2000, in press.
Google Scholar
Dominique Bolignano. Towards the formal verification of electronic commerce protocols. In 10th IEEE Computer Security Foundations Workshop, pages 133–146. IEEE Computer Press, 1997.
Google Scholar
S. Brackin. Automatic formal analyses of two large commercial protocols. In DIM ACS Workshop on Design and Formal Verification of Security Protocols, Rutgers New Jersey, September 1997.
Google Scholar
Rajashekar Kailar. Reasoning about accountability in protocols for electronic commerce. In Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, May 1995. IEEE Computer Society Press.
Google Scholar
M. Ethan Katsch. Dispute resolution in cyberspace. In Connecticut Law Review Symposium: Legal Regulation of the Internet, number 953 in 28, 1996. Available from http://www.umass.edu/legal/articles/uconn.html.
Volker Kessler and Heike Neumann. A sound logic for analysing electronic commerce protocols. In J.-J. Quisquater, Y. Deswarte, C. Meadows, and D. Gollmann, eds., Proceedings of the Fifth European Symposium on Research in Computer Security (ESORICS), number 1485 in Lecture Notes in Computer Science, Louvain-la-Neuve, Belgium, September 1998. Springer-Verlag, Berlin Germany.
Google Scholar
Catherine Meadows and Paul Syverson. A formal specification of requirements for payment transactions in the SET protocol. In Proceedings of the Financial Cryptography Conference (FC98), 1998.
Google Scholar
Els Van Herreweghen. Using digital signatures as evidence of authorizations in electronic credit-card payments. Research Report 3156, IBM Research, June 1999. available from http://www.zurich.ibm.com/Technology/Security/publications/1999/ Van Her99.ps.gz.

Download references

Author information

Authors and Affiliations

Zurich Research Laboratory, IBM Research, CH-8803, Rüschlikon, Switzerland
Els Van Herreweghen

Authors

Els Van Herreweghen
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

122 Harrison Ave, Westfield, 07090, NJ, USA
Yair Frankel

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Van Herreweghen, E. (2001). Non-repudiation in SET: Open Issues. In: Frankel, Y. (eds) Financial Cryptography. FC 2000. Lecture Notes in Computer Science, vol 1962. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45472-1_11

Download citation

DOI: https://doi.org/10.1007/3-540-45472-1_11
Published: 26 October 2001
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42700-1
Online ISBN: 978-3-540-45472-4
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics