It is the cache of ${baseHref}. It is a snapshot of the page. The current page could have changed in the meantime.
Tip: To quickly find your search term on this page, press Ctrl+F or ⌘-F (Mac) and use the find bar.

Modeling and Analysis of Electronic Commerce Protocols Using Colored Petri Nets | Xu | Journal of Software
Journal of Software, Vol 6, No 7 (2011), 1181-1187, Jul 2011
doi:10.4304/jsw.6.7.1181-1187

Modeling and Analysis of Electronic Commerce Protocols Using Colored Petri Nets

Yang Xu, Xiao yao Xie, Huan guo Zhang

Abstract


Electronic commerce protocols are the basis of security in electronic commerce. Therefore, it is essential to ensure these protocols correctly. With the ideas of ZQ logic and the security protocols analysis method using Colored Petri Nets, a new method synthesizing ZQ logic and Colored Petri Nets is presented to analyze electronic commerce protocols. The new method is suitable for analyzing both accountability and fairness. However, it needs not to establish a dispute settlement model. Moreover, the ISI protocol is chosen to illustrate how an electronic commerce protocol is analyzed using the new method. An insecure state of the ISI protocol is found. Thus, the ISI protocol does not achieve accountability and fairness. The result is the same as the one in [10] where ZQ logic is used. These are stunning confirmations of the validity of the new method for analyzing electronic commerce protocols.


Keywords


Electronic Commerce Protocols; Colored Petri Nets; ISI Protocol; Accountability; Fairness

References


[1] G. Medvinsky, and B. C. Neuman, “NetCash: a design for practical electronic currency on the Internet,” in Proc. 1st ACM Conf. Computer and Communications Security, 1993, pp. 102-106.

[2] K. R. O’Toole, “The Internet billing server transaction protocol alternatives,” Carnegie Mellon. Information Networking Institute, Technical Report, Apr. 1994.

[3] B. Cox, J. D. Tygar, and M. Sirbu, “NetBill security and transaction protocol,” in Proc. 1st USENIX Workshop in Electronic Commerce, 1995, pp. 77-88.

[4] J. Zhou, and D. Gollmann, “A fair non-repudiation protocol,” in Proc. 1996 IEEE Symposium on Security and Privacy, Oakland, CA, pp. 55-61.

[5] VISA and MasterCard Inc., Secure Electronic Transaction (SET) Specification: BOOK III: Protocol Description Version 1.0., May. 1997.

[6] X. X. Li, and J. P. Huai, “A fair non repudiation cryptographic protocol and its formal analysis and applications,” Journal of Software, vol. 11, no. 12, 2008, pp. 1628-1634.

[7] J. Liu, and M. T. Zhou, “A fair non-repudiation protocol and its formal analysis,” Acta Electronica Sinica, vol. 31, no. 9, 2003, pp. 1422-1425.

[8] R. Kailar, “Accountability in electronic commerce protocols,” IEEE Trans. Software Engineering, vol. 22, no. 5, 1996, pp. 313-328.
http://dx.doi.org/10.1109/32.502224

[9] D. C. Zhou, S. H. Qing, and Z. F. Zhou, “Limitations of Kailar Logic,” Journal of Software, vol. 10, no. 12, 1999, pp. 1238-1245.

[10] D. C. Zhou, S. H. Qing, and Z. F. Zhou, “A new approach for the analysis of electronic commerce protocols,” Journal of Software, vol. 12, no. 9, 2001, pp. 1318-1328.

[11] Yang Xu, and Xiaoyao Xie, “Security analysis of routing protocol for MANET based on extended Rubin logic,” in Proc. 2008 IEEE International Conference on Networking, Sensing and Control, pp. 1326-1331.
http://dx.doi.org/10.1109/ICNSC.2008.4525423

[12] Yang Xu, and Xiaoyao Xie, “Extending Rubin logic for electronic commerce protocols,” in Proc. 2nd International Conference on Anti-counterfeiting, Security, and Identification, 2008, pp. 448-451.

[13] Yang Xu, and Xiaoyao Xie, “Analysis of electronic commerce protocols based on extended Rubin logic,” in Proc. 9th International Conference for Young Computer Scientists, 2008, pp. 2079-2084.
http://dx.doi.org/10.1109/ICYCS.2008.468

[14] K. Jensen, Coloured Petri Nets: Basic Concepts, Analysis Methods and Practical Use, vol. 1-3, Monographs in Theoretical Computer Science, Springer-Verlag, 1997.

[15] E. Doyle, S. Tavares, and H. Meijer, “Automated security analysis of cryptographic protocols using Coloured Petri Net specifications,” Workshop on Selected Areas in Cryptography, SAC’95 Workshop Record, 1995, pp. 35-48.

[16] E. Doyle, S. Tavares, and H. Meijer, “Computer analysis of cryptographic protocols using Coloured Petri Nets,” 18th Biennial Symposium on Communication, Kingston, Ontario, 1996, pp. 194-199.

[17] A. M. Basyouni, Analysis of wireless cryptographic protocols, Master’s Thesis, Queen’s University Kingston, Ontario, Canada, 1997.

[18] HeeChul Moon, A study on formal specification and analysis of cryptographic protocols using Colored Petri Nets, Master’s Thesis, Kwangju institute of science and technology, Korea, 1998.

[19] Daobin Liu, Li Guo, and Shuo Bai, “Formal analysis of security protocol using Petri Nets,” Acta Electronica Sinica, vol. 32, no.11, 2004, pp. 1926-1929.

[20] W. Dresp, Computer-gest¨utzte Analyse von kryptographischen Protokollen mittels gef¨arbter Petrinetze, Diploma Thesis, Department of Business Information Systems, University of Regensburg, 2004.

[21] Yang Xu, and Xiaoyao Xie, “Modeling and analysis of security protocols using Colored Petri Nets,” Journal of Computers, vol. 6, no. 1, 2011, pp. 19-27.
http://dx.doi.org/10.4304/jcp.6.1.19-27

[22] Botao Li and Junzhou Luo, “Modeling and analysis of non-repudiation protocols by using Petri Nets,” Journal of Computer Research and Development, vol. 42, no. 9, 2005, 1571-1577.
http://dx.doi.org/10.1360/crad20050918

[23] Panagiotis Katsaros, Vasilis Odontidis, and Maria Gousidou-Koutita, “Colored Petri net based model checking and failure analysis for E-commerce protocols,” in Proc. 6th Workshop and Tutorial on Practical Use of Coloured Petri Nets and the CPN Tools, 2005, pp. 267-283.

[24] Wenqi Liu, and Hong Gu, “Analysis of fairness in payment protocols based on Hierarchical Timed Coloured Petri Nets,” Journal of Electronics & Information Technology, vol. 31, no. 6, 2009, 1445-1450.

[25] CPN Tools Homepage: http://wiki.daimi.au.dk/cpntools/cpntools.wiki.

[26] B. Cox, J. Tygar, and M. Sirbu, “NetBill Security and Transaction Protocol,” in Proc. 1st USENIX Workshop on Electronic Commerce, July, 1995, pp. 77-88.

[27] K. R. O’Toole, The Internet Billing Server Transaction Protocol Alternatives, Tech Rep: INITR-1, Information Network Institute, Carnegie Mellon University, 1994.

[28] Yang Xu, Xueming Wang, and Xiaoyao Xie, “A new electronic payment protocol and its formal analysis,” Computer Applications and Software, vol. 25, no. 9, 2008, pp. 93-95.


Full Text: PDF


Journal of Software (JSW, ISSN 1796-217X)

Copyright @ 2006-2014 by ACADEMY PUBLISHER – All rights reserved.