Online services enhanced by CST (Certification of Symbolic Transactions)

Url Redirector Modified

Publication
Eric Chen, Shuo Chen, Shaz Qadeer, and Rui Wang, Securing Multiparty Online Services via Certification of Symbolic Transactions, in Proceedings of the IEEE Symposium on Security and Privacy, May 2015.

(Note: SymT-caching is an important mechanism in CST. For the demo purpose only, you can check and change the setting for caching. Disabling it forces the system to go through the entire verification procedure for every transaction.)

Source Code 
(Note: CST was named DSV previously. All the source files still refer to it as DSV.)

Online shopping -- Amazon Simple Pay and PayPal Standard
Video demo 1 (using PayPal)        Video demo 2 (using Amazon)
* Click here to try or test it. If you don't want to create your own accounts, we have existing ones.
   + username/password for the shopping site:  johndoe.test.789@gmail.com/QWer7890
   + username/password for Amazon Payments: johndoe.test.789@gmail.com/QWer7890

   + username/password for PayPal: johndoe.test.789@gmail.com/QWer7890

Third-party authentication -- OpenID 2.0
Video demo
Click here to try or test it.
   + In the OpenID box, enter our IdP's URL "http://protoagnostic.cloudapp.net:8100/"  and click Login. (After idling for hours, the IdP might need to be woken up, so this step might need to be done twice.) 
   + If you haven't logged into the OpenID Provider, you will be asked for username and password. Try username "bob" and password "test".

Live Connect SDK for authentication
   + Any Microsoft Live account works. However, for your anonymity, please sign in as  johndoe.test.789@hotmail.com with password QWer7890.

Third-party authentication -- Facebook OAuth
Video demo
Click here to try or test it.
   + Any Facebook account works. However, for your anonymity, please sign in Facebook as  
johndoe.test.789@gmail.com with password QWer7890.

A gambling system with four independent services
   + username/password for Amazon Payments: johndoe.test.789@gmail.com/QWer7890





You can inspect the web traffic to better understand CST. A nice proxy to use is Fiddler2. (Note: The SymT field was previously called "symval" and "path_digest", as a result of our terminology change over time.)