Abstract
The last ten years, since the seminal work on the BAN logic [6], have seen the rapid development of formal methods for the analysis of security protocols. But security protocols have also developed rapidly, becoming more and more complex. Protocols for electronic commerce are the béte noir: six pages were enough to describe the Needham-Schroeder protocol in 1978 [15], six hundred pages were not enough to describe the SET protocol of VISA and Mastercard [11, 12, 13] twenty years later.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
M. Abadi and R. M. Needham. Prudent engineering practice for cryptographic protocols. IEEE Transactions on Software Engineering, 22(1):6–15, January 1996.
G. Bella and L. C. Paulson. Kerberos version IV: Inductive analysis of the secrecy goals. In Proceedings of the 5th European Symposium on Research in Computer Security, volume 1485 of Lecture Notes in Computer Science, pages 361–375. Springer-Verlag, 1998.
D. Bolignano. An approach to the formal verification of cryptographic protocols. In Proceedings of the 3th ACM Conference on Communications and Computer Security (CCS-96), pages 106–118, 1996.
S. Brackin. Automatic formal analyses of two large commercial protocols. In Proceedings of the DIMACS Workshop on Design and Formal Verification of Security Protocols, page 14pp, September 1997.
S. Brackin. Automatically detecting authentication limitations in commercial security protocols. In Proceedings of the 22nd National Conference on Information Systems Security, page 18pp, October 1999.
M. Burrows, M. Abadi, and R. Needham. A logic for authentication. ACM Transactions on Computer Systems, 8(1):18–36, 1990.
D. Gollmann. What do we mean by entity authentication? In Proceedings of the 15th IEEE Symposium on Security and Privacy, pages 46–54. IEEE Computer Society Press, 1996.
R. Kailar. Reasoning about accountability in protocols for electronic commerce. In Proceedings of the 14th IEEE Symposium on Security and Privacy, pages 236–250. IEEE Computer Society Press, 1995.
G. Lowe. A hierarchy of authentication specifications. In Proceedings of the 11th IEEE Computer Security Foundations Workshop, pages 31–43. IEEE Computer Society Press, 1997.
G. Lowe. Casper: A compiler for the analysis of security protocols. Journal of Computer Security, 6(18-30):53–84, 1998.
Mastercard & VISA. SET Secure Electronic Transaction Specification: Business Description, May 1997. Available electronically at http://www.setco.org/set_specifications.html.
Mastercard & VISA. SET Secure Electronic Transaction Specification: Programmer’s Guide, May 1997. Available electronically at http://www.setco.org/set_specifications.html.
Mastercard & VISA. SET Secure Electronic Transaction Specification: Protocol De.nition, May 1997. Available electronically at http://www.setco.org/set_specifications.html.
C. A. Meadows. Formal verification of cryptographic protocols: A survey. In Advances in Cryptology-Asiacrypt 94, volume 917 of Lecture Notes in Computer Science, pages 133–150. Springer-Verlag, 1995.
R. M. Needham and M. Schroeder. Using encryption for authentication in large networks of computers. Communications of the ACM, 21(12):993–999, 1978.
D. O’Mahony, M. Peirce, and H. Tewari. Electronic payment systems The Artech House computer science library. Artech House, 1997.
L. C. Paulson. The inductive approach to verifying cryptographic protocols. Journal of Computer Security, 6:85–128, 1998.
L. C. Paulson. Inductive analysis of the internet protocol TLS. ACM Transactions on Information and System Security, 2(3):332–351, 1999.
RSA Laboratories, RSA Security-Available electronically at http://www.rsasecurity.com/rsalabs/pkcs. 19: Extended-Certificate Syntax Standard, 1993.
RSA Laboratories, RSA Security-Available electronically at http://www.rsasecurity.com/rsalabs/pkcs. 20: Cryptographic Message Syntax Standard, 1993.
P. Syverson and C. Meadows. A formal language for cryptographic protocol requirement. Designs, Codes and Cryptography, 7(xxx):27–59, 1996.
P. F. Syverson and P. C. van Oorschot. On unifying some cryptographic protocols logics. In Proceedings of the 13th IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 1994.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bella, G., Massacci, F., Paulson, L.C., Tramontano, P. (2001). Making Sense of Specifications: The Formalization of SET. In: Christianson, B., Malcolm, J.A., Crispo, B., Roe, M. (eds) Security Protocols. Security Protocols 2000. Lecture Notes in Computer Science, vol 2133. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44810-1_11
Download citation
DOI: https://doi.org/10.1007/3-540-44810-1_11
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42566-3
Online ISBN: 978-3-540-44810-5
eBook Packages: Springer Book Archive