I’ve read an article about the Secure Sockets Layer protocol. That article gives me some ideas about how to ensure the network transaction security. It gives a brief introduction about cryptography, private and public key encryptions. Also, the SSL protocol is the mean part of the article. For example, there are 2 phases in SSL, handshake and data transfer. After reading that article, I think it is essential to find some information about Transport Layer Security(TLS) because TLS is like a new or we could say a better version of SSL. This is going to be the next thing I am going to do.

​

I read the paper Model Checking the Secure Electronic Transaction (SET) Protocol, write a reading summary, and make a video presentation. I find that SET Protocol can response five different conditions: 

        1. a dishonest merchant will be prevented from overcharging 

        2. a dishonest merchant will also be prevented from double charging the cardholder 

       3. a dishonest cardholder will be prevented from underpaying for an order that he placed 

      4. an unauthorized cardholder is prevented from using the system

     5. In a system where all the participants behave honestly, the merchant will eventually receive payment.

These five conditions can cover most transactions, but there are still some kinds of conditions are not covered. In order to test the secure performance about the SET protocol. I need to find more papers to prove that.

Mar 23, 2020 - Midterm update

According to the article: Running-mode Analysis of Symlified SET Purchase Protocol, I find that the SET protocol has been applied on the credit card widely. They also test and improve the SET protocol by testing it under six kinds of attack, which was not been done in my self recommended reading article. I will research the six conditions and analysis the advantages about their improvement of SET protocol. It make a simpler model about the SET protocol, which might be easier for me to research the SET protocol. The model they use is also a virtual model, which might be easier than the code model.

In addition, I also find that the dual signature is one of the most important parts in the SET protocol. In the process of online shopping, merchants need to send order information(OI) to the business and payment information(PI) to the bank. Customers use Hash function to get the summary of the PI and OI: PIMD and OIMD. Then make them together to get Payment order summary (POMD). Finally, use RSA’s private key to signature the POMD to get the dual signature(DS). The figure below shows the process of the dual signature.

 

​

​

​

​

​

​

​

As a result, I plan to use model checking and analysis about the dual signature to analyse the SET protocol in the final presentation and report.

​

​

Andrew: I record a video presentation about SSL, and also did some research about TLS. TLS and SSL are not interoperable, which means a TLS server must “back down” to SSL 3.0 to interoperate with SSL 3.0 client. The standard version TLS 1.0 is like SSL 3.1. However,  the newest version of the Secure Sockets Layer is SSL 3.0. I also start to prepare the PPT for our final presentation and start writing the project. 

 

Going to do next:

Record our final presentation and finish our project.

​

​

Participants in SET :
In the general scenario of online transaction, SET includes similar participants:

1. Cardholder – customer

2. Issuer – customer financial institution

3. Merchant

4. Acquirer – Merchant financial

5. Certificate authority – Authority which follows certain standards and issues certificates(like X.509V3) to all other participants.

​

Requirements in SET :
 

• It has to provide mutual authentication i.e., customer (or cardholder) authentication by confirming if the customer is intended user or not and merchant authentication.

• It has to keep the PI (Payment Information) and OI (Order Information) confidential by appropriate encryptions.

• It has to be resistive against message modifications i.e., no changes should be allowed in the content being transmitted.

• SET also needs to provide interoperability and make use of best security mechanisms.

​

​

​

​

​

​

​

​

​

​