Upload
jocelyn-warren
View
215
Download
0
Embed Size (px)
Citation preview
Pretense: A New Threat to Electronic Settlement Systems
INET98Track3: Commerce and Finance
S.Miwa and Y.ShinodaSchool of Informational Science
JAIST
Contents
• Introduction
• Electronic Settlement Systems Overview
• A new threat to ESS : “Pretense”
• Improvements to ESS to resist “Pretense”
• Conclusion
Introduction
• Practical use in the near future– Various Electronic Settlement Systems (ESS) – ESS for Open-network systems like the Internet
• But existing ESS has drawbacks
Electronic Settlement Systems
• To settle, an ESS must correctly communicate– information about a payment
• “who”, “whom” and “how much”– among correct peers
• a payer, a payee and a settlement institution– using 2-way authentication technology to specify
the correct peer
ESS on open network systems
• Exposed to various threats– eavesdropping, interpolation and impersonation
• ESS can prevent existing these threats with– 2-way authentication technology– cryptography– electronic signature technology
• But, a new threat “Pretense” does exist
Designation of the payee
• ESS on open network systems are composed of– Designation, Authentication and Communication
The Payer The Payee
1) Designates the Payee
2) Authenticates mutually
3) Communicates payment information
Can Payer designate the correct Payee?
• Payer cannot always specify who is the correct Payee– If Payer already knows the correct Payee
• Payer never designates the wrong Payee– If Payer doesn’t know the correct Payee
• It is difficult for that Payer to designate the correct Payee
Payer Cannot always designate the correct Payee
• Malicious entity alters the correct ID to its ID– The correct ID
• Payer designates the correct Payee – The ID is altered
• Payer then designates the wrong Payee
• This injustice is called “Pretense”– The entity can receive the payment as a correct Payee
What is “Impersonation”?
The Payer
1) Designates the correct Payee
2) Communicates payment information
The CorrectPayee
The ImpersonatedPayee
2’) Communicates payment information
ImpersonationImpersonation
What is “Pretense”?
The Payer
1) Designates the correct Payee
The CorrectPayee
The PretendedPayee
2’) Communicates payment information
1’) Designates the pretended Payee
PretensePretense
Threat arising from “Pretense”
• The correct Payee on existing ESS– Anyone who was designated by Payer– Pretended payee can be paid the right payment as
the correct Payee
• Existing ESS are not immune to “Pretense”
Is demand for a refund possible?
• Key factors for refund– Identifying the pretended payee– The legal basis of a refund
• Is establishing the “Pretense” as an imposture possible?
Identifying the pretended payee
• Payer must identify “whom” Payer paid– On ESS which does not provide anonymity
• Payer may be able to identify Pretended Payee– Most of ESS which provide anonymity
• Payer cannot identify Pretended Payee– Newer ESS provides anonymity that is cancelable
• Payer can identify Pretended Payee
The legal basis of a refund
• If “Pretense” was to take place, is there any breach of contract?– The legal basis of a refund is required– Generally, it is breach of contract
Contract of generic mail-order
The Customer The Merchant
1) Presentation of the goods
2) Order
3) Receipt of the goods
4) Payment (Customer’s fulfillment)
5) Delivery of the goods (Merchant fulfillment)
Breach of Contract
Non fulfillmentNon fulfillment
Contract of online-shopping1) Presentation of the goods
2) Order
3) Receipt of the goods
4) Payment with ESSThe Customer The Correct
Merchant
The PretendedMerchant
PretensePretense4’) Payment with ESS
No Breach of Contract
Even if Pretended Merchant Even if Pretended Merchant doesn’t deliver the ordered goodsdoesn’t deliver the ordered goods
Payer cannot be refundedunder “Pretense”
• Existing ESS doesn’t manage Sales Contract– Even if Payer concludes Sales Contract with
Pretended Payee• Payer cannot prove Link between Payment and
Sales Contract• Payer cannot prove breach of contract
– Refund cannot be demanded on breach of contract
“Pretense” as an imposture
• Existing ESS cannot prove that “Pretense” was committed– can prove only about the payment
• “who”, “whom” and “how much”– can do nothing against “Pretense”
• But, ESS must resist “Pretense”
ESS to resist pretense
• An immediate and intuitive solution– Make the information for designating Payee public– Communicate over the secure communication route
• 2 improvements for ESS to resist pretense– Traceability– Contract Function
Providing Traceability
• Some of ESS doesn’t provide anonymity– Electronic Check System– Secure Credit Card Payment System– They are already providing traceability
• Newer ESS has function to cancel anonymity– These ESS provide traceability
• With this, Pretended payee can be identified
Providing Contract Function
• ESS must manage the sales contract– Make the legal basis of a refund clear
• Add a function that– Conclude the sales contract
• Manage Link between– Sales Contract– Payment
Conclusion
• Existing ESS cannot resist “Pretense”– By examining both technical and legal aspect of
“Pretense”
• Have proposed 2 improvements– Traceability– Contract Function
• ESS can be made “Pretense Resistant”– NECS extension