Failure analysis of an e-commerce protocol using model checking

The rapid growth of electronic commerce (e-commerce) has necessitated the development of e-commerce protocols. These protocols ensure the confidentiality and integrity of information exchanged. In addition, researchers have identified other desirable properties, such as money atomicity, goods atomicity and validated receipt, that must be satisfied by e-commerce protocols. This paper shows how model checking can be used to obtain an assurance about the existence of these properties in an e-commerce protocol. It is essential that these desirable properties be satisfied even in the presence of site or communication failures. Using the model checker, we evaluate which failures cause the violation of one or more of the properties. The results of the analysis are then used to propose a mechanism that handles the failures to make the protocol failure-resilient.

[1]  Andrew William Roscoe,et al.  Proving security protocols with model checkers by data independence techniques , 1999 .

[2]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[3]  L. Stein,et al.  The Green Commerce Model , 1995 .

[4]  John Ulrich,et al.  Automated Analysis of Cryptographic Protocols Using Mur ' , 1997 .

[5]  Benjamin Cox,et al.  NetBill Security and Transaction Protocol , 1995, USENIX Workshop on Electronic Commerce.

[6]  Amos Fiat,et al.  Untraceable Electronic Cash , 1990, CRYPTO.

[7]  Indrajit Ray,et al.  A Fair-exchange E-commerce Protocol with Automated Dispute Resolution , 2000, DBSec.

[8]  John C. Mitchell,et al.  Automated analysis of cryptographic protocols using Mur/spl phi/ , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[9]  Dominique Bolignano An approach to the formal verification of cryptographic protocols , 1996, CCS '96.

[10]  Joanne M. Atlee,et al.  State-Based Model Checking of Event-Driven System Requirements , 1993, IEEE Trans. Software Eng..

[11]  A. W. Roscoe,et al.  Using CSP to Detect Errors in the TMN Protocol , 1997, IEEE Trans. Software Eng..

[12]  Steve A. Schneider,et al.  Using a PVS Embedding of CSP to Verify Authentication Protocols , 1997, TPHOLs.

[13]  Semyon Dukach SNPP: A simple network payment protocol , 1992, [1992] Proceedings Eighth Annual Computer Security Application Conference.

[14]  Marvin A. Sirbu,et al.  NetBill: an Internet commerce system optimized for network-delivered services , 1995, IEEE Wirel. Commun..

[15]  Jeannette M. Wing,et al.  Model checking electronic commerce protocols , 1996 .

[16]  J. D. Tygar,et al.  Atomicity in electronic commerce , 1998, PODC '96.

[17]  David Chaum,et al.  Advances in Cryptology: Proceedings Of Crypto 83 , 2012 .

[18]  Andrew William Roscoe,et al.  The Theory and Practice of Concurrency , 1997 .

[19]  Somesh Jha,et al.  A model checker for authentication protocols , 1997 .

[20]  Gavin Lowe,et al.  Some new attacks upon security protocols , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[21]  Dominique Bolignano Towards the formal verification of electronic commerce protocols , 1997, Proceedings 10th Computer Security Foundations Workshop.

[22]  Lawrence C. Paulson,et al.  Proving properties of security protocols by induction , 1997, Proceedings 10th Computer Security Foundations Workshop.