The verification of an industrial payment protocol: the SET purchase phase
Proceedings of the 9th ACM conference on Computer and communications security
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
A Sound Logic for Analysing Electronic Commerce Protocols
ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
Formal Verification of Cardholder Registration in SET
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
A Formal Specification of Requirements for Payment Transactions in the SET Protocol
FC '98 Proceedings of the Second International Conference on Financial Cryptography
Non-repudiation in SET: Open Issues
FC '00 Proceedings of the 4th International Conference on Financial Cryptography
Towards the Formal Verification of Electronic Commerce Protocols
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Model Checking the Secure Electronic Transaction (SET) Protocol
MASCOTS '99 Proceedings of the 7th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems
Automatic verification of security in payment protocols for electronic commerce
Enterprise information systems IV
Model checking the SET purchasing process protocol with SPIN
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
Calibrating the power of schedulers for probabilistic polynomial-time calculus
Journal of Computer Security - Security Issues in Concurrency (SecCo'07)
Assessment of E-Commerce security using AHP and evidential reasoning
Expert Systems with Applications: An International Journal
Hi-index | 0.89 |
The Secure Electronic Transaction (SET) protocol has been developed by the major credit card companies in association with some of the top software corporations to secure e-commerce transactions. This paper recalls the basics of the SET protocol and presents a new flaw: a dishonest client may purchase goods from an honest merchant (with the help of another merchant) for which he does not pay. Fortunately, by checking his balance sheet, the merchant may trace with the help of his bank the client and his accomplice. We also propose a modification to fix the flaw.