An overview of the verification of SET

International Journal of Information Security

Volumn 4, Issue 1-2, 2005, Pages 17-28

  Bella, Giampaolo ^a   Massacci, Fabio ^b   Paulson, Lawrence C ^c  

^a UNIVERSITY OF CATANIA   (Italy)

^b UNIVERSITY OF TRENTO   (Italy)

^c UNIVERSITY OF CAMBRIDGE   (United Kingdom)

Author keywords

Automated reasoning; Computer security; Formal verification; Network protocols; Secure Electronic Transactions (SET)

Indexed keywords

CRYPTOGRAPHY; ELECTRONIC COMMERCE; INTERNET; NETWORK PROTOCOLS;

AUTOMATED REASONING; FORMAL VERIFICATION; SECURE ELECTRONIC TRANSACTIONS (SET);

SECURITY OF DATA;

EID: 14844323149     PISSN: 16155262     EISSN: None     Source Type: Journal    
DOI: 10.1007/s10207-004-0047-7     Document Type: Article

References (44)

1. Abadi M, Blanchet B (2003) Computer-assisted verification of a protocol for certified email. In: Cousot R (ed) Proc. 10th international symposium on static analysis (SAS'03), Lecture notes in computer science, vol 2694. Springer, Berlin Heidelberg New York, pp 316-335
2. Anderson R (1994) Why cryptosystems fail. Commun ACM 37(11):32-40
3. Armando A, Basin D, Bouallagui M, Chevalier Y, Compagna L, Mödersheim S, Rusinowitch M, Turuani M, Viganò L, Vigneron L (2002) The AVISS Security Protocol Analysis Tool. In: Proc. international conference on computer-aided verification (CAV-02). Lecture notes in computer science, vol 2404. Springer, Berlin Heidelberg New York
4. Armando A, Compagna L, Ganty P (2003) SAT-based model-checking of security protocols. In: Proc. 12th international FME symposium (FME03), Pisa, Italy, 8-14 September 2003
5. Asokan N, Schunter M, Waidner M (1997) Optimistic protocols for fair exchange. In: Proc. 4th ACM conference on computer and communication security (CCS-97). ACM Press/Addison-Wesley, Reading, MA, pp 7-17
6. Ateniese G, Steiner M, Tsudik G (1998) Authenticated group key agreement and friends. In: Proc. 5th ACM conference on computer and communication security. ACM Press, New York, pp 17-26
7. Basin D (1999) Lazy infinite-state analysis of security protocols. In: Baumgart R (ed) Secure networking - CQRE (Secure)'99, Lecture notes in computer science, vol 1740. Springer, Berlin Heidelberg New York, pp 30-42
8. Basin D, Denker G (2001) Maude versus Haskell: An experimental comparison in security protocol analysis. In: Futatsugi K (ed) Electronic notes in theoretical computer science, vol 36. Elsevier (North-Holland), Amsterdam
9. Bella G (2003) Inductive verification of smart card protocols. J Comput Secur 11(1):87-132
10. Bella G, Massacci F, Paulson L, Tramontano P (2000) Making sense of specifications: The formalization of set (extended abstract). In: Christianson B, Crispo B, Malcolm JA, Roe M (eds) Proceedings of the 2000 workshop on security protocols. Lecture notes in computer science, vol 2133. Springer, Berlin Heidelberg New York, pp 74-81
11. Bella G, Massacci F, Paulson LC (2002) The verification of an industrial payment protocol: The SET purchase phase. In: Atluri V (ed) Proc. 9th ACM conference on computer and communications security. ACM Press, New York, pp 12-20
12. Bella G, Massacci F, Paulson LC (2003) Verifying the SET registration protocols. IEEE J Select Areas Commun 21(1):77-87
13. Bella G, Massacci F, Paulson LC, Tramontano P (2000) Formal verification of cardholder registration in SET. In: Cuppens F, Deswarte Y, Gollman D, Waidner M (eds) Computer Security - ESORICS 2000. Lecture notes in computer science, vol 1895. Springer, Berlin Heidelberg New York, pp 159-174
14. Bella G, Paulson LC (1998) Kerberos version IV: Inductive analysis of the secrecy goals. In: Quisquater et al. [37], pp 361-375
15. Blanchet B (1998) An efficient cryptographic protocol verifier based on prolog rules. In: Proc. 14th IEEE workshop on computer security foundations. IEEE Press, New York
16. Brackin S (1999) Automatically detecting authentication limitations in commercial security protocols. In: Proc. 22nd national conference on information systems security, October 1999.http://www.arca.com/ projp_papers/brackin/Nissc99.pdf
17. Burrows M, Abadi M, Needham RM (1989) A logic of authentication. Proc R Soc Lond 426:233-271
18. Carlucci Aiello L, Massacci F (2001) Verifying security protocols as planning in logic programming. ACM Trans Comput Logic 2(4):542-580
19. Chevalier Y, Vigneron L (2002) Automated unbounded verification of security protocols. In: Proc. international conference on computer-aided verification (CAV-02). Lecture notes in computer science, vol 2404. Springer, Berlin Heidelberg New York
20. Cohen E (2000) TAPS: A first-order verifier for cryptographic protocols. In: Proc. 13th IEEE Computer Security Foundations Workshop. IEEE Press, New York, pp 144-158
21. Jacquemard F, Rusinowitch M, Vigneron L (2000) Compiling and verifying security protocols. In: Parigot M, Voronkov A (eds) Proceedings of LPAR 2000. Lecture notes in computer science, vol 1955. Springer, Berlin Heidelberg New York, pp 131-160
22. Kessler V, Neumann H (1998) A sound logic for analysing electronic commerce protocols. In: Quisquater et al. [37]
23. Lowe G (1996) Breaking and fixing the Needham - Schroeder public-key protocol using CSP and FDR. In: Margaria T, Steffen B (eds) Proc. 2nd international workshop on tools and algorithms for the construction and analysis of systems (TACAS '96). Lecture notes in computer science, vol 1055. Springer, Berlin Heidelberg New York, pp 147-166
24. Lowe G, Hui ML (2001) Fault-preserving simplifying transformations for security protocols. J Comput Secur 9:3-46
25. Mastercard & VISA (1997) SET Secure Electronic Transaction: External Interface Guide, May 1997. http://www.setco.org/set_specifications.html
26. Mastercard & VISA (1997) SET Secure Electronic Transaction Specification: Business Description, May 1997. http://www.setco.org/ set_specifications.html
27. Mastercard & VISA (1997) SET Secure Electronic Transaction Specification: Formal Protocol Definition, May 1997. http:// www.setco.org/set_specifications.html
28. Mastercard & VISA (1997) SET Secure Electronic Transaction Specification: Programmer's Guide, May 1997. http://www.setco.org/ set_specifications.html
29. Meadows C (1999) Analysis of the Internet Key Exchange protocol using the NRL Protocol Analyzer. In: Proc. SSP-99. IEEE Press, New York, pp 216-231
30. Meadows C (2003) Formal methods for cryptographic protocol analysis: emerging issues and trends. IEEE J Select Areas Commun 21(1):44-54
31. Meadows C, Syverson P (1998) A formal specification of requirements for payment transactions in the SET protocol. In: Hirschfeld R (ed) Proc. Financial Cryptography '98, Lecture notes in computer science, vol 1465. Springer, Berlin Heidelberg New York
32. Nipkow T, Paulson LC, Wenzel M (2002) Isabelle/HOL: A proof assistant for higher-order logic. Lecture notes in computer science tutorial, vol 2283. Springer, Berlin Heidelberg New York
33. Paulson LC (1998) The inductive approach to verifying cryptographic protocols. J Comput Secur 6:85-128
34. Paulson LC (1999) Inductive analysis of the internet protocol TLS. ACM Trans Inf Syst Secur 2(3):332-351
35. Paulson LC (2001) Relations between secrets: Two formal analyses of the Yahalom protocol. J Comput Secur 9(3):197-216
36. Pereira O, Quisquater J-J (2001) Security analysis of the cliques protocols suites: First results. In: Dupuy M, Paradinas P (eds) Proc. IFIP TC11 16th annual working conference on information security (IFIP/ Sec'01), vol 193. Kluwer, Dordrecht
37. Quisquater J-J, Deswarte Y, Meadows C, Gollmann D (eds) (1998) Computer Security - ESORICS 98. Lecture notes in computer science, vol 1485. Springer, Berlin Heidelberg New York
38. Focardi R, Gorrieri R (1997) The compositional security checker: A tool for the verification of information flow security properties. IEEE Trans Softw Eng 23(9):550-571
39. Ryan P, Schneider S (1998) An attack on a recurive authentication protocol. A cautionary tale. Inf Process Lett 65(15):7-16
40. Ryan PYA, Schneider SA (2000) The modelling and analysis of security protocols: The CSP approach. Addison-Wesley, Reading, MA
41. Schneider S (1998) Verifying authentication protocols in CSP. IEEE Trans Softw Eng 24(9):741-758
42. Shmatikov V, Mitchell JC (2000) Analysis of a fair exchange protocol. In: Proc. symposium on network and distributed system security (NDSS-00)
43. Song D (1999) Athena: An automatic checker for security protocol analysis. In: Proc. 12th IEEE Computer Security Foundations Workshop. IEEE Press, New York
44. Stoller SD (2001) A bound on attacks on payment protocols. In: Proc. 16th annual IEEE symposium on logic in computer science (LICS), June 2001