Colored Petri Net based model checking and failure analysis for E-commerce protocols

We present a Colored Petri Net approach to model check three atomicity properties for the NetBill electronic cash system. We verify that the protocol satisfies money atomicity, goods atomicity and certified delivery in the presence of potential site or communication failures and all possible unilateral transaction abort cases. Model checking is performed in CPN Tools, a graphical ML-based tool for editing and analyzing Colored Petri Nets (CP-nets). In case of property violation, protocol failure analysis aims in exploring all property violation scenarios, in order to correct the protocol’s design. Model checking exploits the provided state space exploration functions and the supported Computation Tree like temporal logic (CTL). On the other hand, protocol failure analysis is performed by inspection of appropriately selected markings and if necessary, by interactively simulating certain property violation scenarios. In ecommerce, Colored Petri Net model checking has been used in verifying absence of deadlocks, absence of livelocks and absence of unexpected dead transitions, as well as in verifying a protocol against its service. To the best of our knowledge, our work is the first attempt to employ CP-nets for model checking atomicity properties. We believe that the described approach can also be applied in model checking other functional properties that are not directly related to the structural properties of the generated state space graph.

[1]  Amos Fiat,et al.  Untraceable Electronic Cash , 1990, CRYPTO.

[2]  Indrajit Ray,et al.  An anonymous and failure resilient fair-exchange e-commerce protocol , 2005, Decis. Support Syst..

[3]  Jonathan Billington,et al.  A Formal and Executable Specification of the Internet Open Trading Protocol , 2002, EC-Web.

[4]  Jeannette M. Wing,et al.  Model checking electronic commerce protocols , 1996 .

[5]  Emden R. Gansner,et al.  A Technique for Drawing Directed Graphs , 1993, IEEE Trans. Software Eng..

[6]  Adi Shamir,et al.  PayWord and MicroMint: Two Simple Micropayment Schemes , 1996, Security Protocols Workshop.

[7]  Colin Stirling,et al.  Modeling and Model Checking Mobile Phone Payment Systems , 2003, FORTE.

[8]  Rajashekar Kailar,et al.  Accountability in Electronic Commerce Protocols , 1996, IEEE Trans. Software Eng..

[9]  A. Cheng,et al.  Model Checking Coloured Petri Nets - Exploiting Strongly Connected Components , 1997 .

[10]  R. K. Shyamasundar,et al.  MicroBill: An Efficient Secure System for Subscription Based Services , 2002, ASIAN.

[11]  Shiyong Lu,et al.  Model checking the secure electronic transaction (SET) protocol , 1999, MASCOTS '99. Proceedings of the Seventh International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems.

[12]  Panagiotis Katsaros On the Design of Access Control to Prevent Sensitive Information Leakage in Distributed Object Systems: A Colored Petri Net Based Model , 2005, OTM Conferences.

[13]  Athanasios Manitsaris,et al.  Personalization in Mobile Commerce Environments: Multimedia Challenges , 2005 .

[14]  A. Prasad Sistla,et al.  Automatic verification of finite state concurrent system using temporal logic specifications: a practical approach , 1983, POPL '83.

[15]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[16]  Jonathan Billington,et al.  On Verifying the Internet Open Trading Protocol , 2003, EC-Web.

[17]  Heiko Schuldt,et al.  Execution Guarantees in Electronic Commerce Payments , 1999, FMLDO.

[18]  Jonathan Billington,et al.  Formal Analysis of the Internet Open Trading Protocol , 2004, FORTE Workshops.

[19]  Indrajit Ray,et al.  Failure analysis of an e-commerce protocol using model checking , 2000, Proceedings Second International Workshop on Advanced Issues of E-Commerce and Web-Based Information Systems. WECWIS 2000.

[20]  Kurt Jensen,et al.  Coloured Petri Nets: Basic Concepts, Analysis Methods and Practical Use. Vol. 2, Analysis Methods , 1992 .

[21]  Benjamin Cox,et al.  NetBill Security and Transaction Protocol , 1995, USENIX Workshop on Electronic Commerce.

[22]  Nadarajah Asokan,et al.  Fairness in electronic commerce , 1998, Research report / RZ / IBM / IBM Research Division / Zürich Research Laboratory.

[23]  Amir Herzberg,et al.  MiniPay: Charging per Plick on the Web , 1997, Comput. Networks.

[24]  Shouhuai Xu,et al.  Money Conservation via Atomicity in Fair Off-Line E-Cash , 1999, ISW.

[25]  Jonathan Billington,et al.  A Formal Service Specification for the Internet Open Trading Protocol , 2002, ICATPN.

[26]  Steve A. Schneider Modelling security properties with CSP , 1996 .

[27]  Jonathan Billington,et al.  An improved formal specification of the Internet Open Trading Pprotocol , 2004, SAC '04.