The Security Mechanism Research And Formal Analysis Based On SET Protocol

With the explosive growth of Internet,electronic commerce has greatly developed within the range of world.But the security of electronic payment on network becomes the main obstacle of its development. The Secure Electronic Transaction (SET) was jointly formulated by Visa and MasterCard, which features a open norm to ensure the security of credit card payment when on-line transactions are made on Internet.Author aims at studying and analysing the security mechanism of SET protocol,expands Kailar logic,and carries on formal analysis of SET protocol with this logic.Firstly,the paper analyzes the basic structures of SET protocol,certificate management and transaction processes.The paper studies the whole SET protocol,including the encryption algorithms,data encapsulation methods and security used in the protocol.According to analysing the result,the encryption algorithms that SET protocol used has been already no longer safe,and has heavy influence the speed of the system and trade cost.Secondly,the paper brings forward using IDEA algorithm to replace DES algorithm,elliptic curve cryptosystem replaces RSA algorithm,and has compared the new with the old.The paper has also analysed the security foundations of IDEA algorithm and elliptic curve cryptosystem,and has studied the attack of two algorithms existing at present.This paper presents a new scheme of authentication,digital signature and digital envelop based on elliptic curve cryptosystem which replaces RSA algorithm.It is proved that the scheme greatly improves the security,performance and speed of internet transaction.At last,the author has analysed X.509 protocol with BAN logic,has found two defects existing in this protocol,and has put forward the suggestion improved.Besides,the paper has analysed the Kailar logic,and has pointed out three main defects existing in Kailar logic.Based on this knowledge,an improvement on Kailar logic is proposed for analysis of fairness in electronic commerce protocols,and can be used for analysing electronic certificate,source of ciphertext,signed ciphertext,etc..The paper has analysed SET protocol with Kailarlogic after expanding,and has verified the security of SET protocol.