Verifying the SET registration protocols
Autor: | Fabio Massacci, Giampaolo Bella, Lawrence C. Paulson |
---|---|
Rok vydání: | 2003 |
Předmět: |
Business communication
communication system security computer network security protocols software verifica- tion and validation theorem proving Business communication Computer Networks and Communications business.industry Computer science protocols Secure Electronic Transaction Key distribution Cryptography Computer security computer.software_genre Encryption Public-key cryptography Credit card communication system security theorem proving computer network security software verifica- tion and validation Certificate authority Key (cryptography) Electrical and Electronic Engineering business computer Computer network |
Zdroj: | IEEE Journal on Selected Areas in Communications. 21:77-87 |
ISSN: | 0733-8716 |
DOI: | 10.1109/jsac.2002.806133 |
Popis: | Secure electronic transaction (SET) is an immense e-commerce protocol designed to improve the security of credit card purchases. In this paper, we focus on the initial bootstrapping phases of SET, whose objective is the registration of cardholders and merchants with a SET certificate authority. The aim of registration is twofold: getting the approval of the cardholder's or merchant's bank and replacing traditional credit card numbers with electronic credentials that cardholders can present to the merchant so that their privacy is protected. These registration subprotocols present a number of challenges to current formal verification methods. First, they do not assume that each agent knows the public keys of the other agents. Key distribution is one of the protocols' tasks. Second, SET uses complex encryption primitives (digital envelopes) which introduce dependency chains: the loss of one secret key can lead to potentially unlimited losses. Building upon our previous work, we have been able to model and formally verify SETs registration with the inductive method in Isabelle/HOL (T. Nipkow et al., 2002). We have solved its challenges with very general techniques. |
Databáze: | OpenAIRE |
Externí odkaz: |