Secure electronic transaction (SET) is an immense e-commerce protocol designed to improve the security of credit card purchases. In this paper, we focus on the initial bootstrapping phases of SET, whose objective is the registration of cardholders and merchants with a SET certificate authority. The aim of registration is twofold: getting the approval of the cardholder’s or merchant’s bank and replacing traditional credit card numbers with electronic creden- tials that cardholders can present to the merchant so that their pri- vacy is protected. These registration subprotocols present a number of challenges to current formal verification methods. First, they do not assume that each agent knows the public keys of the other agents. Key dis- tribution is one of the protocols’ tasks. Second, SET uses complex encryption primitives (digital envelopes) which introduce depen- dency chains: the loss of one secret key can lead to potentially un- limited losses. Building upon our previous work, we have been able to model and formally verify SETs registration with the inductive method in Isabelle/HOL (T. Nipkow et al., 2002). We have solved its challenges with very general techniques.
|Titolo:||Verifying the SET Registration Protocols|
|Autori interni:||BELLA, Giampaolo|
|Data di pubblicazione:||2003|
|Rivista:||IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS|
|Appare nelle tipologie:||1.1 Articolo in rivista|