Prudent Engineering Practice for Cryptographic Protocols
IEEE Transactions on Software Engineering
Inductive analysis of the Internet protocol TLS
ACM Transactions on Information and System Security (TISSEC)
The inductive approach to verifying cryptographic protocols
Journal of Computer Security
Fault-perserving simplifying transformations for security protocols
Journal of Computer Security
Security Goals: Packet Trajectories and Strand Spaces
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Kerberos Version 4: Inductive Analysis of the Secrecy Goals
ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
A Sound Logic for Analysing Electronic Commerce Protocols
ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
Formal Verification of Cardholder Registration in SET
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
A Formal Specification of Requirements for Payment Transactions in the SET Protocol
FC '98 Proceedings of the Second International Conference on Financial Cryptography
A Hierarchy of Authentication Specifications
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
A Bound on Attacks on Payment Protocols
LICS '01 Proceedings of the 16th Annual IEEE Symposium on Logic in Computer Science
What do we mean by entity authentication?
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Isabelle/HOL: a proof assistant for higher-order logic
Isabelle/HOL: a proof assistant for higher-order logic
Verifying the SET registration protocols
IEEE Journal on Selected Areas in Communications
A composable cryptographic library with nested operations
Proceedings of the 10th ACM conference on Computer and communications security
We Present a Complete Study Involving in the One Hand
QSIC '04 Proceedings of the Quality Software, Fourth International Conference
Computer-assisted verification of a protocol for certified email
Science of Computer Programming - Special issue: Static analysis symposium (SAS 2003)
A flaw in the electronic commerce protocol SET
Information Processing Letters
Analysis of the SET e-commerce protocol using a true concurrency process algebra
Proceedings of the 2006 ACM symposium on Applied computing
Privacy-preserving e-payments using one-time payment details
Computer Standards & Interfaces
Remote Attestation of Attribute Updates and Information Flows in a UCON System
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
A flaw in the electronic commerce protocol SET
Information Processing Letters
Computer-assisted verification of a protocol for certified email
SAS'03 Proceedings of the 10th international conference on Static analysis
Enabling privacy-preserving e-payment processing
DASFAA'08 Proceedings of the 13th international conference on Database systems for advanced applications
Analysis of the periodical payment framework using restricted proxy certificates
ACSC '10 Proceedings of the Thirty-Third Australasian Conferenc on Computer Science - Volume 102
Is the verification problem for cryptographic protocols solved?
Proceedings of the 11th international conference on Security Protocols
Justifying a dolev-yao model under active attacks
Foundations of Security Analysis and Design III
Scalable remote attestation with privacy protection
INTRUST'09 Proceedings of the First international conference on Trusted Systems
Verifying multicast-based security protocols using the inductive method
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Hi-index | 0.00 |
The Secure Electronic Transaction (SET) protocol has been proposed by a consortium of credit card companies and software corporations to secure e-commerce transactions. When the customer makes a purchase, the SET dual signature guarantees authenticity while keeping the customer's account details secret from the merchant and his choice of goods secret from the bank.This paper reports the first verification results for the complete purchase phase of SET. Using Isabelle and the inductive method, we showed that the credit card details do remain confidential and customer, merchant and bank can confirm most details of a transaction even when some of those details are kept from them. The complex protocol construction makes proofs more difficult but still feasible.Though enough goals can be proved to give confidence in SET, a lack of explicitness in the dual signature makes some agreement properties fail: it is impossible to prove that the customer meant to sent his credit card details to the payment gateway that receives them.