A Novel Logic for Analyzing Electronic Payment Protocols

A novel formal method which can be used to analyze security properties such as accountability, fairness and timeliness in electronic payment protocols is proposed. The novel method extends Qing-Zhou approach based on logic reasoning by adding a simple time expression and analysis method. It increases the ability to describe the event time, and extends the time characteristics of the logical inference rules. An anonymous electronic cash payment protocol is analyzed by the novel logic, and the result shows that the fairness of the protocol is not satisfied due to the timeliness problem in protocol. The novel logic method proposed in this paper has a certain theoretical and practical significance for the design and formal analysis of electronic payment protocols. At the same time, its idea has a certain guiding value for improving the security of other security protocols.


Introduction
Electronic payment has made unprecedented progress in recent years, and the security problems in electronic payment activities are increasingly being valued by everyone.Electronic payment protocol is the technical basis for the security of electronic commerce activities, and all kinds of security services are provided by electronic payment protocols for consumers.The analysis and research of electronic payment security protocol has become an important issue in the field of information security [1].However, the electronic payment protocol is the same as other cryptographic protocols.Even though electronic protocols are carefully designed, there are still security vulnerabilities.Secure and reliable electronic payment protocols are important guarantees for the security of electronic payment activities.In order to ensure the correctness and security of electronic payment protocols, it is necessary to analyze protocols accurately and find out defects and vulnerabilities in protocols through formal analysis method.The results obtained can be used to guide the design of the protocol or make up for the defects of the original protocol.Therefore, it has important theoretical significance and application value to research the formal analysis method of electronic payment protocol.
Nowadays, the main formal analysis methods of electronic payment protocol are logic reasoning, model checking, and theorem proving method.The method of model checking cannot analyze some special security properties like accountability, fairness and anonymity due to lack of the ability of logical reasoning.Approach based on logic is a kind of important formal analysis method of electronic payment protocol in recent years.Kailar logic [2] can analyze the accountability in protocol, but it can't analyze the fairness; Qing-Zhou logic [3][4] can be used for the analysis of accountability and fairness in protocol.The common properties of protocols are described by the ATL logic (alternating time temporal logic) based on game theory in paper [5].The fairness and timeliness are analyzed through the model checking tool MOCHA.However, most of the current logic methods can only be used to analyze some secure properties.Therefore, it is a hotspot and trend to improve the analysis ability of existing typical electronic payment security protocol logic methods in current formal method research.
In this paper, a novel logic is proposed for the analysis of electronic payment protocols by adding simple time expression and time analysis method.The ISI protocol is analyzed using the proposed novel logic and the analysis result shows that ISI protocol does not provide timeliness.Therefore, the novel logic has the ability to describe and analyze the timeliness of electronic payment protocols.

Concepts and Definitions
The definitions and symbols used in the novel logic are defined as follows: T: Time of occurrence; EOO (evidence-of-origin): It is non-repudiation evidence that is provided to the receiver in electronic payment protocol, which is used to prove that the sender has sent the message;

Basic Symbol
EOR (evidence-of-receipt): It is non-repudiation evidence that is provided to the sender in electronic payment protocol, which is used to prove that the receiver has received the message sent by the sender.

Time System
We describe the time when event occurs by adding a condition in the formula language of formal logic, like A m  at T. m is a message, and A one of the parties in protocol.T is a time expression.This definition increases the description of the occurrence time of sending and receiving message.
, stands for integers, then the time expression defines as follows: 1.
x is constant time element, while x I  .

2.
X is variable time element, while X is an variable element in I.
3. X|TS is time binding expression, while X is an variable time element and TS I  .

[T] is time expression, while T is a time binding expression.
The constant time element is represented by a lower case t with a subscript, and the variant time element is represented by a capital letters T with a subscript.Time binding expression is a variable time element X with a certain value of constant time element as ( ) t t TS  .Once the value of the variable time element is bound by a time binding expression, its function is the same as the time constant.It can't be bound again before the binding value is released.In logical formulas, the time expression [X|I] can be abbreviated to [X], and [X|{x}] can be abbreviated to [x], where x is a constant time element or a variable time element with bound value.The value of the variable time element is bound to the first appearance of operations in its formula.

Protocol and Environment
Protocol party set Principle={TTP,A,B,C,…,P,Q,R…}, where A,B,Q,R,…, are participants in protocol.They can either be honest or dishonest.That is, they can obey the execution of the protocol, and also can not obey the implementation of the protocol.In general, we assume that these parties are dishonest and that they may be able to interrupt the execution of the protocol at will.TTP(Third trust party) is a special party, which is regarded as a fair trusted third party by other parties participate in protocol.It can be served as the TTP role by the bank or the arbitration organization.
Another important part of the environment is the communication channel.Communication channels can be both reliable and unreliable, depending on the specific operating environment.Usually, the communication channel between general parties is unreliable, while the communication channel between the TTP and other parties is recoverable.That is the communication channel may not be always paralyzed, the message can be transmitted finally.
Protocol statement defines what messages should be sent and received by parties in the current round , which is described as follows : A B m  ： at T : represents A sent message m to B at T.

Possession Sets in Protocol
Assuming the protocol begins to run at 0 T , A is an arbitrary party participate in protocol.At the beginning of protocol, the initial possession sets of A is O T is the final possession sets of A at the end of protocol.When the protocol runs to any time, the possession sets of A contains the information that is not deleted in the possession sets before and the message which is received and sent at this time.The possession sets of A changes constantly with execution of protocol, until ( ) When the protocol runs at x T , the possession sets of A changes from ( ) (3) Otherwise, ( ) ( ) 3 Logic Analysis Methods

Logic Component
Our method consists of the following 5 logical components : (1) A x  : For any party (2) A m  at T : A sent message m at T. The following implication was established in the process of analysis : That means, if A sends messages (m, n) at T, then A sends message m at T.
(3) A m  : A possesses message m.
(4) A m  at T : A received message m at T. The following implication was established in the process of analysis : That means, if A received messages (m, n) at time T, then A received message m at T. ( : a K is the public key of A, which is used to verify the message signed by 1 a K  .

Axiom System
The axiom system consists of 1 inference rule and 6 axioms.Inference rule is as follows : The inference rule illustrates ├  can be obtained from ├  and ├ ( )  


.├ is a meta language symbol. ├  represents  can be deduced from the formula sets  .├ indicates  is a theorem, which means  can be deduced from axioms.Therefore, the inference rule above indicates that  is theorem when  is theorem and  contains  .The 6 axioms in the axiom set are as follows : When the time of events is not analyzed, all time expressions in the above axioms use [X|I], and the operation at can be omitted.The steps of using the novel logic to analyze protocols are as follows : (1) Before giving the basic assumption of the protocol, we have to give all the constant and variable time elements that are used in the process of protocol reasoning.The actual value of the constant element may not be given, but if there is a constraint relationship between the different time constant, the constraint relationship should be pointed out.It is required to describe the time dependence of the events in protocol using the formula apparently, while giving the basic assumptions and the target of the protocol.
(2) The proof procedure of protocol target is divided into two steps.The first step is called logical reasoning, which proves the first part of the protocol target.The second step is called time calculus, which proves the latter half of the protocol target.The function of this procedure is to prove that the result obtained in the logic reasoning satisfies the time constraints specified in the protocol target.The method used in this procedure is the proof approach of algebraic equation and inequality, so it is easy to grasp and use.If the formula is established at any time of the protocol, the time description at T can be omitted.

Protocol Analysis Procedure
Protocol analysis consists of the following 5 steps.
(1)List the initial possession sets of the parties in protocol. (

ISI Protocol Analyses
ISI protocol [6] is an anonymous electronic cash payment protocol proposed by Medvinsky and Neuman, including three participants : customer A, merchant B and the currency server CS trusted by both parties.The purpose is customer A pay the merchant B through the currency server CS, while B provides payment receipt to A. Throughout the payment process, the customer A remain anonymous, and CS play a role as TTP.Protocol steps are as follows : (1) All currency is issued by CS.
a SK and b SK represent the shared key of A and B. _ K ses represents the key to a service that would like to be obtained._ S id is an identifier for the service to be obtained.Transaction represents specific transaction processing.
The analysis procedure of the protocol is as follows : (1)List the initial possession sets.At the initial time of the protocol operation, the initial state of the A and B is 0 (2)List the credible assumptions of the protocol are as follows : T1: Assume that the currency server is fully in accordance with the provisions of the protocol and will not do anything that is harmful to any party in the protocol.
According to the credible assumption T1, we can obtain : Because it is a protocol for anonymous payment, B only needs to prove the payment of someone is effective, without the need to prove who the payer is.So the equation ( 5) can meet the requirement of accountability.
Assume that the equation ( ) That is two parties obtain the evidence of each other for non-repudiation at the same time.
Because CS is completely believable, so we can obtain The main reason is that the implementation of the protocol does not have specific constraints on the relevant event time in the process.After the completion of the third step of the protocol, B is required to perform the fourth step in certain time delay b t .And it's also required to perform the sixth step operation within a certain time delay c t after receipt of

Conclusions
In this paper, the analysis of ISI protocol specifically illustrates how the novel logic analyzes the temporal relations between events in the electronic payment protocol.The novel logic is not a simple logic method, but an integrated approach.The logic reasoning in the process of the objective proof of protocols is based on the proof method in Qin-Zhou logic approach, but the time calculus part uses the method of algebra and set theory.It is suitable for analyzing the timeliness of electronic payment protocols.Further more, this idea can be introduced to other formal methods to analyze the security of cryptographic protocols.
)List the initial assumptions of the protocol : (a)The basic assumptions (b)The credible assumptions (c) The protocol comprehension assumptions (3)List EOO and EOR, and analyze whether the design of EOO and EOR meets the requirements of accountabilityat the end of the protocol.(5)Analyze whether the protocol is to achieve the target of fairness, which means whether the protocol meets In the ISI protocol, ab K represents the session key between A and B. a K and b K respectively stand for the public key of customer A and merchant B, while cs K and 1 cs K  stand for the public key and private key of currency server CS. 1 { } cs K coins  represents electronic currency of A.
If A can prove that CS has sent message 1 m to him, then A can prove some other party P has sent the message 1 m  to CS which made CS send 1 m to A.(3)List the evidence of origin (EOO) and the evidence of receipt(EOR) as follows : the protocol e T .According to axiom A3 and the credible assumption T1, we will get : Therefore the evidence of receipt EOR in protocol can not achieve the target of non-repudiation.It is proved by the novel logic that ISI payment protocol does not meet the accountability.