1 / 22

Pretense : A New Threat to Electronic Settlement Systems

Pretense : A New Threat to Electronic Settlement Systems. INET98 Track3: Commerce and Finance S.Miwa and Y.Shinoda School of Informational Science JAIST. Contents. Introduction Electronic Settlement Systems Overview A new threat to ESS : “Pretense”

prem
Télécharger la présentation

Pretense : A New Threat to Electronic Settlement Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Pretense:A New Threat to Electronic Settlement Systems INET98 Track3: Commerce and Finance S.Miwa and Y.Shinoda School of Informational Science JAIST

  2. Contents • Introduction • Electronic Settlement Systems Overview • A new threat to ESS : “Pretense” • Improvements to ESS to resist “Pretense” • Conclusion

  3. Introduction • Practical use in the near future • Various Electronic Settlement Systems (ESS) • ESS for Open-network systems like the Internet • But existing ESS has drawbacks

  4. Electronic Settlement Systems • To settle, an ESS must correctly communicate • information about a payment • “who”, “whom” and “how much” • among correct peers • a payer, a payee and a settlement institution • using 2-way authentication technology to specify the correct peer

  5. ESS on open network systems • Exposed to various threats • eavesdropping, interpolation and impersonation • ESS can prevent existing these threats with • 2-way authentication technology • cryptography • electronic signature technology • But, a new threat “Pretense” doesexist

  6. Designation of the payee 1) Designates the Payee • ESS on open network systems are composed of • Designation, Authentication and Communication 2) Authenticates mutually 3) Communicates payment information The Payer The Payee

  7. Can Payer designate the correct Payee? • Payer cannot always specify who is the correct Payee • If Payer already knows the correct Payee • Payer never designates the wrong Payee • If Payer doesn’t know the correct Payee • It is difficult for that Payer to designate the correct Payee

  8. Payer Cannot always designate the correct Payee • Malicious entity alters the correct ID to its ID • The correct ID • Payer designates the correct Payee • The ID is altered • Payer then designates the wrong Payee • This injustice is called “Pretense” • The entity can receive the payment as a correct Payee

  9. What is “Impersonation”? 1) Designates the correct Payee 2) Communicates payment information Impersonation The Correct Payee The Payer 2’) Communicates payment information The Impersonated Payee

  10. What is “Pretense”? 1) Designates the correct Payee Pretense 1’) Designates the pretended Payee The Correct Payee The Payer 2’) Communicates payment information The Pretended Payee

  11. Threat arising from “Pretense” • The correct Payee on existing ESS • Anyone who was designated by Payer • Pretended payee can be paid the right payment as the correct Payee • Existing ESS are not immune to “Pretense”

  12. Is demand for a refund possible? • Key factors for refund • Identifying the pretended payee • The legal basis of a refund • Is establishing the “Pretense” as an imposture possible?

  13. Identifying the pretended payee • Payer must identify “whom” Payer paid • On ESS which does not provide anonymity • Payer may be able to identify Pretended Payee • Most of ESS which provide anonymity • Payer cannot identify Pretended Payee • Newer ESS provides anonymity that is cancelable • Payer can identify Pretended Payee

  14. The legal basis of a refund • If “Pretense” was to take place, is there any breach of contract? • The legal basis of a refund is required • Generally, it is breach of contract

  15. Contract of generic mail-order 1) Presentation of the goods 2) Order 3) Receipt of the goods 4) Payment (Customer’s fulfillment) The Customer The Merchant 5) Delivery of the goods (Merchant fulfillment) Non fulfillment Breach of Contract

  16. Contract of online-shopping 1) Presentation of the goods 2) Order 3) Receipt of the goods 4) Payment with ESS Pretense The Customer The Correct Merchant 4’) Payment with ESS Even if Pretended Merchant doesn’t deliver the ordered goods The Pretended Merchant No Breach of Contract

  17. Payer cannot be refundedunder “Pretense” • Existing ESS doesn’t manage Sales Contract • Even if Payer concludes Sales Contract with Pretended Payee • Payer cannot prove Link between Payment and Sales Contract • Payer cannot prove breach of contract • Refund cannot be demanded on breach of contract

  18. “Pretense” as an imposture • Existing ESS cannot prove that “Pretense” was committed • can prove only about the payment • “who”, “whom” and “how much” • can do nothing against “Pretense” • But, ESS must resist “Pretense”

  19. ESS to resist pretense • An immediate and intuitive solution • Make the information for designating Payee public • Communicate over the secure communication route • 2 improvements for ESS to resist pretense • Traceability • Contract Function

  20. Providing Traceability • Some of ESS doesn’t provide anonymity • Electronic Check System • Secure Credit Card Payment System • They are already providing traceability • Newer ESS has function to cancel anonymity • These ESS provide traceability • With this, Pretended payee can be identified

  21. Providing Contract Function • ESS must manage the sales contract • Make the legal basis of a refund clear • Add a function that • Conclude the sales contract • Manage Link between • Sales Contract • Payment

  22. Conclusion • Existing ESS cannot resist “Pretense” • By examining both technical and legal aspect of “Pretense” • Have proposed 2 improvements • Traceability • Contract Function • ESS can be made “Pretense Resistant” • NECS extension

More Related