| With the development of network and communication technology, e-commerce has penetrated into people's daily lives. The security of e-commerce protocol is one of the key factors to the development of e-commerce. It's also the bottleneck of the development of e-commerce. At present, the main methods of analyzing the security of e-commerce protocols are BAN logic, model checking and inductive method, etc. Although the above methods can effectively analyze some security attributes of the protocol, they all have certain limitations. Strand space theory is a new formal analysis method of analyzing security protocols which fully absorbs the previous research results. However, the strand space model was only applied to the analysis of authentication protocols when first proposed and rarely concerning e-commerce protocols. E-commerce protocols are more complicated than authentication protocols, which need to satisfy the security attributes not only required by authentication protocols but also not involved in authentication protocols. Therefore, it is necessary find an effective and rigorous way to analyze the security of e-commerce protocols.In this paper, the security of e-commerce protocols is analyzed by strand space theory, the general method to describe and verify the security of e-commerce protocols using strand space model is proposed, a new electronic payment protocol is designed and its security attributes are verified. The main work done includes:(1) On the basis of throughly analyzing the strand space theory, the general method to verify the security of e-commerce protocols using strand space model is proposed. The strand space model of the famous e-commerce protocol-IBS protocol is established and the above method is used to analyze its security attributes. It is found that the protocol doesn't satisfy fairness in phases of providing service and transferring invoice, which comes to the same conclusion as other formal methods do. Therefore, the effectiveness and correctness of the strand space model is verified. Afterwords the IBS protocol is improved and verified to be safe by the strand space model.(2) A new electronic payment protocol based on concurrent signature is designed. It uses concurrent signature algorithm to ensure the fairness of the trade. There is no participation of the third party in the course of trade, which improves the execution efficiency of the protocol and can be applied to mobile payment. It can be veryfied by the strand space model that the protocol is safe and meets secrecy, authentication, fairness, non-repudiation and accountability. (3) Based on J2ME platform with the mobile phone simulator, a mobile client of the above payment system is developed. The lightweight encryption package BouncyCastle is introduced to guarantee the security and encrypt the trade information for the mobile handsets of the client, which ensures the end-to-end security and has a practical significance. |
PDF Full Text Request