A flaw in the electronic commerce protocol SET

Authors:
S. Brlek;S. Hamadou;J. Mullins
Affiliations:
Laboratoire LaCIM, Département d'Informatique, Université du Québec à Montréal, Canada;Laboratoire CRAC, Département de Génie Informatique, École Polytechnique de Montréal, Canada;Laboratoire CRAC, Département de Génie Informatique, École Polytechnique de Montréal, Canada
Venue:
Information Processing Letters
Year:
2006

Citing 9
Cited 3

The verification of an industrial payment protocol: the SET purchase phase

Proceedings of the 9th ACM conference on Computer and communications security
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR

TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
A Sound Logic for Analysing Electronic Commerce Protocols

ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
Formal Verification of Cardholder Registration in SET

ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
A Formal Specification of Requirements for Payment Transactions in the SET Protocol

FC '98 Proceedings of the Second International Conference on Financial Cryptography
Non-repudiation in SET: Open Issues

FC '00 Proceedings of the 4th International Conference on Financial Cryptography
Towards the Formal Verification of Electronic Commerce Protocols

CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Model Checking the Secure Electronic Transaction (SET) Protocol

MASCOTS '99 Proceedings of the 7th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems
Automatic verification of security in payment protocols for electronic commerce

Enterprise information systems IV

Model checking the SET purchasing process protocol with SPIN

WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
Calibrating the power of schedulers for probabilistic polynomial-time calculus

Journal of Computer Security - Security Issues in Concurrency (SecCo'07)
Assessment of E-Commerce security using AHP and evidential reasoning

Expert Systems with Applications: An International Journal

Quantified Score

Hi-index	0.89

Visualization

Abstract

The Secure Electronic Transaction (SET) protocol has been developed by the major credit card companies in association with some of the top software corporations to secure e-commerce transactions. This paper recalls the basics of the SET protocol and presents a new flaw: a dishonest client may purchase goods from an honest merchant (with the help of another merchant) for which he does not pay. Fortunately, by checking his balance sheet, the merchant may trace with the help of his bank the client and his accomplice. We also propose a modification to fix the flaw.