Abstract
(Englisch)
|
Project SEMPER aimed at developing a model, and a generic and open security architecture of an electronic marketplace. For a general overview of the aims and achievements of SEMPER we would like to refer to the IBM report.
R3 security engineering (now part of Entrust Technologies) highly contributed, among others, to the model and the architecture of SEMPER. For the access control within the local software, we elaborated concepts how to protect objects from unauthorized access (e.g., to avoid that the user-trusted banking software of bank A can damage the user-trusted banking software of bank B). We investigated and overviewed payment systems and specified a generic payment gateway. In the legal area, we elaborated SECA, the SEMPER Electronic Commerce Agreement. For this purpose, we invented the 'Commitment Service'. Both topics, SECA and the Commitment Service, will be described in more detail as follows.
Commitment Service: In spite of sufficiently secure existing signing algorithms, it cannot be guaranteed for insecure user environments that the user 'sees what s/he signs'. Technical possibilities of attackers to obtain signatures in an underhanded way exist which cannot be ignored, the more as such attacks can be contained in harmless-looking software downloaded from the Internet. Such attacks need not affect the signing algorithms. They would rather manipulate the situation, or create the situation, where a certain information is to be signed, and would manipulate or create the information which would actually be signed without being noticed by the user. Even where smartcards are used for storing keys and performing the signing algorithm, highly sophisticated attacks could pop up a window which looks exactly like the window the signer expects and contains the information the signer intends to sign, but injects - unnoticed by the user - different information which actually would be signed. We do not solve this problem, but rather provide a good protection against harm caused through these threats. For this purpose, we use a Third Party service which is trusted by the involved players.
This Third Party service used here is called Commitment Authority. It achieves the following (somewhat simplified):
· Buyers will be able to limit their liability per month. On a per transaction basis, they can request Commitment certificates covering a certain amount as a guarantee for the business partner. The Commitment Authority controls and guarantees that the total of issued certificates will never exceed the user-selected limit per month, and that no Commitment certificates are issued after the key was revoked. In the worst case, i.e., if the key has been compromized, users will be liable for damage of business partners only up to their limit per month.
· Merchants will be able to request and receive Commitment certificates which come along with the transaction message, e.g., an order, and serve as a guarantee: they ensure that the buyer has committed to take a certain liability even if his key was compromized. Thus the merchant can rely on that commitment.
SECA (SEMPER Electronic Commerce Agreement) was developed to be in line with the vision, the concepts, the envisioned scenarios and advanced attacker models of SEMPER. It will serve as a common, secure, fair legal basis for the parties who signed SECA. Its concepts are based on
· the awareness that the market demands the involvement of continuously increasing masses of private buyers as well as commercial players,
· the fact that most of those players are currently not able to protect their equipment from attacks, but nevertheless want to use the technical possibilities regarding the Internet, including downloading and installing software from any sources,
· the resulting need for having regulations on limited consequences for compromised signatures since impersonating attacks can not be excluded and even might not be able to be proven (here the Commitment Service is used),
· the conviction that electronic commerce should be legally predictable and fair for all participants, as far as possible
· the need for facilitating cross-boarder commerce by harmonized rules.
Both concepts have been discussed also outside the consortium, e.g. with officers of the European Commission, with respect to the EU directive on 'electronic signatures'.
|
