Using ENDL to Verify Cardholder Registration in SET Protocol

Secure electronic commerce relies on the application of secure transaction protocol. However, even with the so-called secure protocol, the communication can be compromised frequently without effective approach to detect the subtle flaws before it launches into practice. We generated ENDL(2) that is used to formally verify the authentication properties of secure transaction protocols. We have showed how to employ it to depict the complicated security properties of secure protocols, especially the instances in SET (Secure Electronic Transaction) protocol, in our previous work (3). The first stage of the SET protocol, namely Cardholder Registration, has been defined in book (1) respectively. It formally describes the seven fundamental steps of the flow of transactions in outline. Based on the ENDL, we describe the whole verification of cardholder registration process in this paper. Some potentially dangerous flaws of SET protocol are noted while verifying the protocol.

[1]  Rajashekar Kailar Reasoning about accountability in protocols for electronic commerce , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[2]  Li Gong,et al.  Reasoning about belief in cryptographic protocols , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  Sujeet Shenoi,et al.  Formal verification of cryptographic protocols , 2001 .

[4]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[5]  Stephen H. Brackin,et al.  A HOL extension of GNY for automatically analyzing cryptographic protocols , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[6]  Volker Kessler,et al.  AUTLOG-an advanced logic of authentication , 1994, Proceedings The Computer Security Foundations Workshop VII.

[7]  Lawrence C. Paulson,et al.  Inductive analysis of the Internet protocol TLS , 1999, TSEC.

[8]  Dominique Bolignano An approach to the formal verification of cryptographic protocols , 1996, CCS '96.

[9]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.

[10]  Fabio Massacci,et al.  Formal Verification of Cardholder Registration in SET , 2000, ESORICS.

[11]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[12]  Bai Shuo The Verification Logic for Secure Protocols , 2000 .