电子商务协议失效模式的有效检测

Proceedings. Tenth International Workshop on Database and Expert Systems Applications. DEXA 99 Pub Date : 1999-09-01 DOI:10.1109/DEXA.1999.795293

S. Gürgens, Javier López, R. Peralta

{"title":"电子商务协议失效模式的有效检测","authors":"S. Gürgens, Javier López, R. Peralta","doi":"10.1109/DEXA.1999.795293","DOIUrl":null,"url":null,"abstract":"The design of key distribution and authentication protocols has been shown to be error-prone. These protocols constitute the part of more complex protocols used for electronic commerce transactions. Consequently, these new protocols are likely to contain flaws that are even more difficult to find. In this paper, we present a search method for detecting potential security flaws in such protocols. Our method relies on automatic theorem proving tools. Among others we present our analysis of a protocol recently standardized by the German standardization organization DIN to be used in digital signature applications for smart cards. Our analysis resulted in the standard being supplemented with comments that explain the possible use of cryptographic keys.","PeriodicalId":276867,"journal":{"name":"Proceedings. Tenth International Workshop on Database and Expert Systems Applications. DEXA 99","volume":"12 17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1999-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Efficient detection of failure modes in electronic commerce protocols\",\"authors\":\"S. Gürgens, Javier López, R. Peralta\",\"doi\":\"10.1109/DEXA.1999.795293\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The design of key distribution and authentication protocols has been shown to be error-prone. These protocols constitute the part of more complex protocols used for electronic commerce transactions. Consequently, these new protocols are likely to contain flaws that are even more difficult to find. In this paper, we present a search method for detecting potential security flaws in such protocols. Our method relies on automatic theorem proving tools. Among others we present our analysis of a protocol recently standardized by the German standardization organization DIN to be used in digital signature applications for smart cards. Our analysis resulted in the standard being supplemented with comments that explain the possible use of cryptographic keys.\",\"PeriodicalId\":276867,\"journal\":{\"name\":\"Proceedings. Tenth International Workshop on Database and Expert Systems Applications. DEXA 99\",\"volume\":\"12 17 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1999-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings. Tenth International Workshop on Database and Expert Systems Applications. DEXA 99\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/DEXA.1999.795293\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings. Tenth International Workshop on Database and Expert Systems Applications. DEXA 99","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DEXA.1999.795293","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

密钥分发和身份验证协议的设计已被证明是容易出错的。这些协议构成了用于电子商务交易的更复杂协议的一部分。因此，这些新协议很可能包含更难发现的缺陷。在本文中，我们提出了一种检测此类协议中潜在安全漏洞的搜索方法。我们的方法依赖于自动定理证明工具。在其他方面，我们介绍了我们对最近由德国标准化组织DIN标准化的协议的分析，该协议将用于智能卡的数字签名应用。我们的分析结果是，标准被补充了解释加密密钥可能使用的注释。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Efficient detection of failure modes in electronic commerce protocols

The design of key distribution and authentication protocols has been shown to be error-prone. These protocols constitute the part of more complex protocols used for electronic commerce transactions. Consequently, these new protocols are likely to contain flaws that are even more difficult to find. In this paper, we present a search method for detecting potential security flaws in such protocols. Our method relies on automatic theorem proving tools. Among others we present our analysis of a protocol recently standardized by the German standardization organization DIN to be used in digital signature applications for smart cards. Our analysis resulted in the standard being supplemented with comments that explain the possible use of cryptographic keys.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings. Tenth International Workshop on Database and Expert Systems Applications. DEXA 99

自引率

0.00%

发文量