SET: A QUESTIONABLE SECURITY PROTOCOL

Charles A. Shoniregun, Songhe Zhao

Abstract

The Secure Electronic Transaction (SET) was developed by Visa and MasterCard in 1997. The SET is a protocol that is theoretically perfect with very high expectation to provide secured electronic financial transactions. It also provides a ‘dual signature’ as it hides credit card numbers from the merchants, and purchase details from the bank. This paper exploits the weaknesses that led to SET’s failure and proposed SET’s encryption process with elliptic curve cryptography (ECC).

References

  1. Abbott, S., (1999). 'The debate for secure E-commerce', UNIX Review's Performance Computing, Vol 17, Iss 2, pp. 37
  2. Bella, G., Massacci, F. and Paulson, L.C., (2005). 'An overview of the verification of SET', International Journal of Information Security, Heidelberg (1615-5270), Vol.4, Iss.1-2, pp.17
  3. Clark, R., (1996). 'The SET Approach to Net-based Payments' [online], Available from: http://www.anu.edu.au/people/Roger.Clarke/EC/SETO view.html [Accessed 16 September 2006]
  4. Kaliski. B., (2003). 'TWIRL and RSA Key Size' [online], RSA Laboratories Technical Note. Available from: http://www.rsasecurity.com/rsalabs/technotes/twirl.ht ml [Accessed 25 September 2006]
  5. Keenan, V., Disenso and Green, (1998). 'PROMISES: What ever happened to SET?78 [online], Available from: http://www.herring.com/mag/issue51/promises.html [Accessed 28 September 2006]
  6. Friedman, M., (1998). 'SET standard not exactly hitting the fast lane', Computing Canada, Vol 24, Iss 23, pp 26
  7. IBM Corporation, (1998). 'An overview of the IBM SET and the IBM CommercePoint Products' [online], Available from: http://www.software.ibm.com/commerce/set/Over--vie w.html [Accessed 11th September 2006]
  8. Lenstra, A. and Verheul, E., (2001). 'Selecting Cryptographic Key Sizes', Journal of Cryptology, Vol. 14, pp. 255-293.
  9. National Security Agency, (unknown). 'The Case for Elliptic Curve Cryptography' [online], Available from: http://www.nsa.gov/ia/industry/crypto_elliptic_curve.c fm [Accessed 03 October 2006]
  10. Shoniregun, C.A., (2005). 'Impacts and Risk Assessment of Technology for Internet Security: Enabled Information Small-Medium Enterprises (TEISMES)78, USA: Springer, pp. 14-30
  11. Weishaupl, T., Witzany, C. and Schikuta, E., (2006). 'gSET: Trust Management and Secure Accounting for Business in the Grid', Proceedings of the Sixth IEEE International Symposium on Cluster Computing and the Grid (CCGRID'06) - Volume 00, pp. 349-356
  12. Secure Electronic Transaction LLC, (1997). 'SET Secure Electronic Transaction Specification: Book 1 Business Description - Version 178, pp. 12-29
  13. Stallings, W., (2002). Introduction to Secure Electronic Transaction, USA: Prentice Hall.
  14. Wolrath., E., (1998). 'Secure Electronic Transaction: a market survey and a test implementation of SET technology', Master thesis, Uppsala University.
  15. Zhao, Q., (2005). 'Network Security and Electronic Commerce', China: Tsinghua University Publications, pp. 171-225
Download


Paper Citation


in Harvard Style

A. Shoniregun C. and Zhao S. (2007). SET: A QUESTIONABLE SECURITY PROTOCOL . In Proceedings of the Third International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 978-972-8865-77-1, pages 313-319. DOI: 10.5220/0001291903130319


in Bibtex Style

@conference{webist07,
author={Charles A. Shoniregun and Songhe Zhao},
title={SET: A QUESTIONABLE SECURITY PROTOCOL},
booktitle={Proceedings of the Third International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2007},
pages={313-319},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001291903130319},
isbn={978-972-8865-77-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Third International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - SET: A QUESTIONABLE SECURITY PROTOCOL
SN - 978-972-8865-77-1
AU - A. Shoniregun C.
AU - Zhao S.
PY - 2007
SP - 313
EP - 319
DO - 10.5220/0001291903130319