1 / 18

Verifying the SET Purchase Protocols

Verifying the SET Purchase Protocols. Student: Cristian Gavrili ţă Professor: Ph.D. Cătălin Bîrjoveanu. SET Purchase overview. Distinctive features: Digital envelopes; Dual signature; , . SET Purchase overview. Difficulties: Multiple Nested Encryption

olesia
Télécharger la présentation

Verifying the SET Purchase Protocols

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Verifying the SET Purchase Protocols Student: CristianGavriliţă Professor: Ph.D. Cătălin Bîrjoveanu

  2. SET Purchase overview • Distinctive features: • Digital envelopes; • Dual signature; • ,

  3. SET Purchase overview • Difficulties: • Multiple Nested Encryption • Ubiquitous generation of random number and keys • Many alternative protocols paths

  4. Modeling goals • find a way to bootstrap the SET Initiation Phase by out-of-band means, • find an identifier for the transaction, • find the agent responsible for identifying the transaction.

  5. Protocol step • Purchase Initialization Request • 1. ; • Purchase Initialization Response • 2. ; • Purchase Request • 3. ;

  6. Protocol Steps (cont.) • , • , , ; • ;

  7. Protocol steps (cont.) • Authorization Request • Authorization Response • 5. • Purchase Response • 6.

  8. Verified proprieties • Possibility proprieties: • Protocol can run from start to finish; • Regularity proprieties: • Private keys cannot be compromised, certificates signed by root CA are correct, and so forth; • Secrecy proprieties: • Symmetric keys are secure.

  9. Theorem 1 • If the Spy can get the PAN of a registered Cardholder, then the Cardholder has previously issued a Purchase Request involving a compromised Payment Gateway.

  10. Theorem 2 • When the Merchant receives Authorization Response from a trusted Payment Gateway, he knows that the Payment Gateway signed it, including the transaction identifiers and the purchase amount, which the Merchant can separately confirm.

  11. Theorem 3 • When the Merchant sees a dual signature from an uncompromised Cardholder, he can check (using LID M ) that it was intended for him and was issued by the Cardholder.

  12. Theorem 4 • When a Payment Gateway sees a dual signature from uncompromised Cardholder and Merchant, he can verify that it originated with the given Cardholder for a transaction with the given Merchant. He can also verify that the Merchant intended him to handle the transaction.

  13. Theorem 5 • When the Cardholder receives Purchase Response from an uncompromised Merchant, he knows that the Merchant sent it. He also knows that the Merchant received a message signed by a Payment Gateway chosen by the Merchant to authorize the purchase.

  14. Failed proprieties • It is impossible to prove that the Cardholder and Payment Gateway agree on the latter’s identity; • It is impossible to prove that symmetric keys used in Payment Information are original.

  15. Theorem 6 • When a Payment Gateway receives an Authorization Request with a dual signature, he knows that Cardholder and Merchant packaged a Payment Instruction (not necessarily the one just received) for some Payment Gateway (not necessarily him) with some digital envelope (not necessarily the one just opened) where they agreed on certain details that he can check. Even if Purchase Amount is seen only by the Cardholder and not by the Merchant, both parties separately compute the hash of Order Description and Purchase Amount, and the Payment Gateway can compare them

  16. Related work • Stoller, 2001 • Hugely simplified description of the payment protocols of SET; • Meadows and Syverson, 1998 • Proposed a language(NPATRL) for describing SET specifications, without verification; • Kessler and Neumann • Extended an existing belief logic with predicates and rules to reason about accountability. • Basin, 2003 • Improvement on traditional model-checking.

  17. Related work • Hui and Lowe, 2001 • A general theory to transform a complex protocol into a simpler one.

  18. References • [1] G. Bella, F. Massaci, L. Paulson, Verifying the SET Purchase Protocols.J. Automated Reasoning 36 (2006), 5–37. • [2] M. Abadi and A. Gordon. A calculus for cryptographic protocols: The spi calculus. In Proc. of the 4th ACM Conf. on Comm. and Comp. Sec. (CCS-97).ACM Press and Addison Wesley, 1997. • [3] M. Abadi and R. M. Needham. Prudent engineering practice for cryptographic protocols. IEEE Trans. on Software Engineering, 22(1):6–15, January 1996. • [4] D. Basin, S. M¨odersheim, and L. Vigan`o. An On-The-Fly Model-Checker for Security Protocol Analysis. In E. Snekkenes and D. Gollmann, editors, Proc. Of the 8th Eur. Sym. on Res. in Comp. Sec., LNCS 2808, pages 253–270. SpringerVerlag, Heidelberg, 2003. • [5] G. Bella. Inductive verification of smart card protocols. J. of Comp. Sec., 11(1):87–132, 2003. • [6] G. Bella, F. Massacci, and L. C. Paulson. The verification of an industrial payment protocol: The SET purchase phase. In V. Atluri, editor, 9th ACMConferenceon Computer and Communications Security, pages 12–20. ACM Press, 2002. • [7] G. Bella, F. Massacci, and L. C. Paulson. Verifying the SET registration protocols. IEEE J. of Selected Areas in Communications, 21(1):77–87, 2003

More Related