Title :
Security protocol design via authentication tests
Author :
Guttman, Joshua D.
Author_Institution :
Mitre Corp., USA
Abstract :
We describe a protocol design process, and illustrate its use by creating ATSPECT, an authentication test-based secure protocol for electronic commerce transactions. The design process is organized around the authentication tests, a method for protocol verification based on the strand space theory. The authentication tests dictate how randomly generated values such as nonces may be combined with encryption to achieve authentication and freshness. ATSPECT offers functionality and security guarantees akin to the purchase request, payment authorization, and payment capture phases of SET, the secure electronic transaction standard created by the major credit card firms.
Keywords :
electronic commerce; message authentication; protocols; public key cryptography; ATS; authentication tests; electronic commerce transactions; freshness; nonces; protocol verification; security protocol; strand space theory; Authentication; Authorization; Contracts; Credit cards; Cryptographic protocols; Cryptography; Electronic commerce; Electronic equipment testing; National security; Process design;
Conference_Titel :
Computer Security Foundations Workshop, 2002. Proceedings. 15th IEEE
Print_ISBN :
0-7695-1689-0
DOI :
10.1109/CSFW.2002.1021809
