Abstract
The SET payment protocol uses digital signatures to authenticate messages and authorize transactions. It is assumed that these digital signatures make authorizations non-repudiable, i.e., provable to a third-party verifier. This paper evaluates what can be proved with the digital signatures in SET. The analysis shows that even a successful and completed SET protocol run does not give the parties enough evidence to prove certain important transaction features. A comparison with the similarly-structured iKP protocol shows a number of advantages of iKP as opposed to SET with respect to the use of its signatures as evidence tokens. It is shown that non-repudiation requires more than digitally signing authorization messages. Most importantly, protocols claiming non-repudiaton should explicitly specify the rules to be used for deriving authorization statements from digitally signed messages.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
N. Asokan, Els Van Herreweghen, and Michael Steiner. Towards a framework for handling disputes in payment systems. In Third USENIX Workshop on Electronic Commerce, pages 187–202, Boston, Mass., September 1998. USENIX. Available from http://www.zurich.ibm.com/Technology/Security/publications/1998/AvHS98b'/..ps.gz.
J. L. Abad-Peiro, N. Asokan, Michael Steiner, and Michael Waidner. Designing a generic payment service. IBM Systems Journal, 37(l):72–88, January 1998.
[BGH+95]_Mihir Bellare, Juan Garay, Ralf Hauser, Amir Herzberg, Hugo Krawczyk, Michael Steiner, Gene Tsudik, and Michael Waidner.iKP-A family of secure electronic payment protocols. In First USENIX Workshop on Electronic Commerce, pages 89–106, New York, July 1995. USENIX.
[BGH+99]_Mihir Bellare, Juan Garay, Ralf Hauser, Amir Herzberg, Hugo Krawczyk, Michael Steiner, Gene Tsudik, Els Van Herreweghen, and Michael Waidner. Design, implementation and deployment of a secure account-based electronic payment system. Research Report RZ 3137, IBM Research Division, June 1999. A modified version is to appear as [BGH+00].
[BGH+00]_Mihir Bellare, Juan Garay, Ralf Hauser, Amir Herzberg, Hugo Krawczyk, Michael Steiner, Gene Tsudik, Els Van Herreweghen, and Michael Waidner. Design, implementation and deployment of the iKP secure electronic payment system. IEEE Journal on Selected Areas in Communications, 18, 2000, in press.
Dominique Bolignano. Towards the formal verification of electronic commerce protocols. In 10th IEEE Computer Security Foundations Workshop, pages 133–146. IEEE Computer Press, 1997.
S. Brackin. Automatic formal analyses of two large commercial protocols. In DIM ACS Workshop on Design and Formal Verification of Security Protocols, Rutgers New Jersey, September 1997.
Rajashekar Kailar. Reasoning about accountability in protocols for electronic commerce. In Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, May 1995. IEEE Computer Society Press.
M. Ethan Katsch. Dispute resolution in cyberspace. In Connecticut Law Review Symposium: Legal Regulation of the Internet, number 953 in 28, 1996. Available from http://www.umass.edu/legal/articles/uconn.html.
Volker Kessler and Heike Neumann. A sound logic for analysing electronic commerce protocols. In J.-J. Quisquater, Y. Deswarte, C. Meadows, and D. Gollmann, eds., Proceedings of the Fifth European Symposium on Research in Computer Security (ESORICS), number 1485 in Lecture Notes in Computer Science, Louvain-la-Neuve, Belgium, September 1998. Springer-Verlag, Berlin Germany.
Catherine Meadows and Paul Syverson. A formal specification of requirements for payment transactions in the SET protocol. In Proceedings of the Financial Cryptography Conference (FC98), 1998.
Els Van Herreweghen. Using digital signatures as evidence of authorizations in electronic credit-card payments. Research Report 3156, IBM Research, June 1999. available from http://www.zurich.ibm.com/Technology/Security/publications/1999/ Van Her99.ps.gz.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Van Herreweghen, E. (2001). Non-repudiation in SET: Open Issues. In: Frankel, Y. (eds) Financial Cryptography. FC 2000. Lecture Notes in Computer Science, vol 1962. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45472-1_11
Download citation
DOI: https://doi.org/10.1007/3-540-45472-1_11
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42700-1
Online ISBN: 978-3-540-45472-4
eBook Packages: Springer Book Archive