A Sound Logic for Analysing Electronic Commerce Protocols
ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
Formal Verification of Cardholder Registration in SET
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Proceedings of the 17th Conference on Foundations of Software Technology and Theoretical Computer Science
A Formal Specification of Requirements for Payment Transactions in the SET Protocol
FC '98 Proceedings of the Second International Conference on Financial Cryptography
Non-repudiation in SET: Open Issues
FC '00 Proceedings of the 4th International Conference on Financial Cryptography
Towards the Formal Verification of Electronic Commerce Protocols
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Model Checking the Secure Electronic Transaction (SET) Protocol
MASCOTS '99 Proceedings of the 7th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems
A Semantic Model for Authentication Protocols
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
A flaw in the electronic commerce protocol SET
Information Processing Letters
A flaw in the electronic commerce protocol SET
Information Processing Letters
Common program analysis of two-party security protocols using SMV
APWeb'06 Proceedings of the 2006 international conference on Advanced Web and Network Technologies, and Applications
Hi-index | 0.00 |
In order to make secure transactions over computer networks, various cryptographic protocols have been proposed but, because of subtleties involved in their design, many of them have been shown to have flaws, even a long time after their publication. For this reason, several automatic verification methods for analyzing these protocols have been devised. The aim of this paper is to present a methodology for verifying security requirements of electronic payment protocols by means of NuSMV, a symbolic model checker. Our work principally focus on formal representation of security requirements. Indeed, we propose an extension of the correspondence property, so far used only for authentication, to other requirements as confidentiality and integrity. These are the basic security requirements of payment protocols for electronic commerce. We illustrate as case study a variant of the SET protocol proposed by Lu & Smolka. This variant has been formally verified by Ly & Smolka and considered secure. Conversely, we have discovered two attacks that allow a dishonest user to purchase a good debiting the amount to another user.