论文信息 - Analysis of security protocols with certificate over open networks: electronic payment system

Analysis of security protocols with certificate over open networks: electronic payment system

Electronic commerce and Internet in wireless networks are profoundly changing the way of payment, but there is still little confidence among users concerning the security of their data. The application of formal techniques to the modelling and design of electronic commerce protocols should help to improve their reliability and so enhance the choices of these new technologies. In this paper, we show how the Casper, a special-purpose formal methods tool designed for the verification of the security protocols, was used in the analysis of the BCY (Beller, Chang, Yacobi), the Carlsen BCY and the Mu-Varadharajan BCY protocols. We describe the results of our analysis, which uncovered several vulnerabilities in the specification that would have made possible attacks such as man-in-the-middle attack and replay attack. Finally, we propose a new protocol resistant to these attacks and formally verify its correctness.

[1] Duncan S. Wong,et al. Efficient and Mutually Authenticated Key Exchange for Low Power Computing Devices , 2001, ASIACRYPT.

[2] Benjamin Cox,et al. NetBill Security and Transaction Protocol , 1995, USENIX Workshop on Electronic Commerce.

[3] Yi Mu,et al. On the design of security protocols for mobile communications , 1996, ACISP.

[4] Colin Boyd,et al. Public key protocols for wireless communications , 1998, ICISC.

[5] C. A. R. Hoare,et al. Communicating sequential processes , 1978, CACM.

[6] Günther Horn,et al. Authentication and Payment in Future Mobile Systems , 1998, J. Comput. Secur..

[7] Ulf Carlsen. Optimal privacy and authentication on a portable communications system , 1994, OPSR.

[8] Yacov Yacobi,et al. Privacy and Authentication on a Portable Communications System , 1993, IEEE J. Sel. Areas Commun..

[9] Gavin Lowe,et al. Casper: a compiler for the analysis of security protocols , 1997, Proceedings 10th Computer Security Foundations Workshop.

[10] Fabio Massacci,et al. Verifying the SET registration protocols , 2003, IEEE J. Sel. Areas Commun..

[11] Hugo Krawczyk,et al. Design, implementation, and deployment of the iKP secure electronic payment system , 2000, IEEE Journal on Selected Areas in Communications.