Security Protocols and Evidence: Where Many Payment Systems Fail


Abstract

As security protocols are used to authenticate more transactions, they end up being relied on in legal proceedings. Designers often fail to anticipate this. Here we show how the EMV protocol { the dominant card payment system worldwide { does not produce adequate evidence for resolving disputes. We propose five principles for designing systems to produce robust evidence. We apply these to other systems such as Bitcoin, electronic banking and phone payment apps. We finally propose specific modifications to EMV that could allow disputes to be resolved more efficiently and fairly.

By Steven J. Murdoch and Ross Anderson
Source and read the full paper:
http://www.cl.cam.ac.uk/~sjm217/papers/fc14evidence.pdf

0 yorum: