Model Checking Electronic Commerce Protocols

The paper develops model checking techniques to ex amine NetBill and Digicash We show how model checking can verify atomicity properties by analyzing simpli ed versions of these protocols that retain cru cial security constraints For our analysis we used the FDR model checker Atomicity Properties Correctness is a prime concern for electronic com merce protocols How can we show that a given pro tocol is safe for use Here we show how to use model checking to test whether electronic commerce proto cols satisfy some given atomicity properties For verifying properties of protocols model check ing is a dramatic improvement over doing hand proofs because it is mechanizable it is a dra matic improvement over using state of the art theo rem provers because it is automatic fast and requires no human interaction Moreover we found a number of problems in proposed electronic commerce proto cols using model checking Model checking allows us to focus on just those aspects of the protocol neces sary to guarantee desired properties In doing so we can gain a better understanding of why the protocol works and often can identify places of optimizing it For this paper we have chosen to check atomicity properties argue that these properties are central to electronic commerce protocols In an atomic protocol an electronic purchase either aborts with no transfer of money and goods or This work was supported in part by Defense Advanced Re searchProject Agency ARPA contract F the National Science Foundation NSF cooperative agreement IR and by the US Postal Service This work is the opin ion of the authors and does not necessarily represent the view of their employers funding sponsors or the US Government fully completes with money and goods ex changed Moreover these atomic properties are preserved even if communications fail between some of the parties because of failure of either a communications link or a node including the parties participating in the pro tocol Tygar gave informal descriptions of three pro tocol properties that appear to be related to atomic ity money atomicity Money should neither be created nor destroyed by electronic commerce protocols For example this protocol is not money atomic Consumer sends message to consumer s bank transfer value to merchant Consumer s bank decrements consumer s balance by value Consumer s bank sends message to mer chant s bank increase merchant s bank bal