Date post: | 07-Nov-2014 |
Category: |
Technology |
Upload: | ian-brown |
View: | 3,110 times |
Download: | 1 times |
Electronic commerce: who carries the risk of fraud?
Ian Brown
Non-repudiation and contracts A non-repudiable contract signature
removes risk that signer will later disavow the signature
Obvious benefit in risk reduction for relying party
“Non-repudiable digital signature” makes eyes light up
Overview The trouble with non-repudiation Legal consequences Where should fraud risk belong?
Vulnerable private keys Key files not adequately protected - no
access control in consumer Windows; access by backup operators and administrators in almost all other OSes
Passwords/passphrases, even if chosen properly, vulnerable - no SAS
Most PCs defenceless against viruses - checkers reactive, user understanding low
Key viruses Signed code no panacea Peter Gutmann’s ActiveX key-stealing
virus (Where do your encryption keys want to go today?) http://www.cs.auckland.ac.nz/~pgut001/pubs/breakms.txt
Key export functions should be very restricted
What about private key tokens? If even you can’t access your private
key, you must have made that signature!
But what is your smartcard/iButton signing?
A bigger TCB You need a secure display to show
what is being signed… and secure input for access control
Is m-commerce the answer? Mobile phones certainly far more secure
at the moment… but feature creep (WAP is just the
beginning!) will inevitably reduce this security
Token attacks Anderson, Kuhn, Kocher and many
others have shown existing tokens are far from tamper-proof
Is best we can hope for tamper-evident? Severe problems with zombie
signatures
Government attacks RIP non-repudiation GTAC, forensic hacking
The obvious conclusion Non-repudiation is not a magic bullet for
e-commerce Unfortunately, few legislators or banks
have yet realised this...
Digital signature laws Governments rushing to pass laws to
make their country “the best in the world for e-commerce”
Some reverse allocation of risk for forgeries - signer is responsible
EU Signature Directive (1999/93/EC) “Advanced electronic signatures” must be
“created using means that the signatory can maintain under his sole control”
No direct consequences, but misleading that such signatures currently exist
Member states’ determination of signature security must be recognised EU-wide
Member states’ implementations UK Electronic Communications Act 2000
section 8 allows legislation to be amended to require signer to prove forgeries
Ireland’s Electronic Commerce Bill: “The contents of an electronic communication shall be presumed to be that of the person or public body by whom it purports to have been sent, unless… the contrary is proved.”
Contract law Contracts may always provide that
signatures should be relied upon Fine between businesses with
appropriate legal and technical resources
Not for general consumers
Cheques Banks bear entire risk of cheque fraud under
s.24 Bills of Exchange Act 1882: “where a signature on a bill is forged… the forged … signature is wholly inoperative”
Banks decide level of signature verification necessary
Cannot be changed by contract in Britain
Cheque guarantee cards Merchants bear some risk in accepting
cheques that may be forgeries Banks introduced cheque guarantee
cards to delegate signature verification for small amounts to merchant
Signature verification Reasonably accurate with care (93.5%
by professionals in 1997 study) But banks balance cost of fraud against
that of verification: risk management is a major part of their business
Credit/debit cards Bills of Exchange Act not applicable Customers generally responsible for
fraudulent transactions up to £50 before loss is reported: banks carry remainder
Provides customer incentive to look after cards and report loss
Card as token Possession of card is major security
check: signatures not checked in US, merchant keeps carbon copy of receipt in UK
Risk allocation very different for “cardholder not present” transactions
Remote transactions Effectively use card number, expiry date
and owner as shared secret for authentication - no signature
Address can be checked for physical goods delivery
Merchants bear entire risk without voucher or proof of delivery
On-line services Makes provision of information services
over Internet particularly risky SSL/TLS protects information in transit,
but provides no card authorisation SET is unpopular and still vulnerable to
all problems with private key management
Big problems for little firms SMEs can most benefit from Internet
sales channel, but are least able to afford high chargebacks
But some banks are trying to shift risk to consumers
Personal banking terms Some Internet banking terms and
conditions modelled on credit cards: customer liable up to £50 for fraudulent transactions (Co-op, Lloyds TSB)
But others place entire liability on consumer: Prudential Banking, Halifax, Bank of Scotland
Bad Egg? 3.2: “Until you tell us, you will be responsible for
any instruction in writing or by telephone or Internet which we receive and act on, even if it was not given by you… if we can show you… have not kept your security details and password secret you will be responsible for all payments we make and all losses on your account.”
3.8: “Our records of your Internet instructions will be conclusive unless there is a clear mistake”
Bank insecurity Ironic given Anderson’s demonstrations
of the insecurity of many bank systems Even better: almost all banks using
symmetric authentication How would terms look if “non-
repudiable” instructions were possible?!
Where should the risk fall? Until consumers have truly secure
signature devices, should they carry any risk?
Will chargebacks drive SMEs from the Internet?
IS UK Government doing anything for e-commerce?
Back to the banks Entire financial industry is based on one
function: risk management Banks have successfully managed current
account risk for more than a century They need incentives to develop security of
online banking and e-commerce Online transaction risk is perhaps the best