protection of pos systems and measurement systems against
play

Protection of POS systems and measurement systems against - PowerPoint PPT Presentation

Jun 16, 2023 •459 likes •983 views

Physikalisch-Technische Bundesanstalt Physikalisch-Technische Bundesanstalt Braunschweig und Berlin Braunschweig und Berlin Protection of POS systems and measurement systems against manipulations Norbert Zisky Norbert Zisky Physikalisch-

  1. Physikalisch-Technische Bundesanstalt Physikalisch-Technische Bundesanstalt Braunschweig und Berlin Braunschweig und Berlin Protection of POS systems and measurement systems against manipulations Norbert Zisky Norbert Zisky Physikalisch- -Technische Bundesanstalt Technische Bundesanstalt Physikalisch Buenos Aires, SIM- Buenos Aires, SIM -CENAM, 28.08.2008 CENAM, 28.08.2008 Norbert Zisky 1 Norbert Zisky 1

  2. Content Content History Problem Solution Presentation of the technical concept Current situation of the needed technique Expenditure of money and technique Planned tax audit procedures Dates for technical point of view Conclusion Buenos Aires, SIM- Buenos Aires, SIM -CENAM, 28.08.2008 CENAM, 28.08.2008 Norbert Zisky 2 Norbert Zisky 2

  3. History History Germans way to fiscal solutions Germans way to fiscal solutions Big problems in tax compliance were indicated in 2003 The Federal Audit Office (BHR) has complained that later models of electronic cash registers and cash management systems now fail to meet the principles of correct accounting practice when it comes to recording transactions … The risk of tax fraud running into many billions [of euro] should not be underestimated in cash transactions The German Ministry of Finance had to find a solution for this problem In 2004 cash register group started its work Buenos Aires, SIM- Buenos Aires, SIM -CENAM, 28.08.2008 CENAM, 28.08.2008 Norbert Zisky 3 Norbert Zisky 3

  4. Problem Problem Possibilities of manipulation (1) Possibilities of manipulation (1) Reports generated by ECRs can be manipulated relative easily – possibilities using standard functions: Using functions for service technicians for manipulation (e.g. setting of Z-report-counter or grand total) Misuse of training functions Using report generators (e.g. suppression of voids in printout) Direct data modification in files or data bases) on (PC-based systems Buenos Aires, SIM- Buenos Aires, SIM -CENAM, 28.08.2008 CENAM, 28.08.2008 Norbert Zisky 4 Norbert Zisky 4

  5. Problem Problem Possibilities of manipulation (2) Possibilities of manipulation (2) The manufacturer can even provide special functions for data manipulation: Deletion of complete transactions from the electronic journal and re-calculation of all reports Creation of „wish reports“ Functions to reduce all sales by a selectable amount while keeping reasonable items prices, quantities etc. Some, mostly smaller companies offer these functions and even promote them quite frankly Buenos Aires, SIM- Buenos Aires, SIM -CENAM, 28.08.2008 CENAM, 28.08.2008 Norbert Zisky 5 Norbert Zisky 5

  6. Problem Problem Communication software Communication software More and more customers use software for communication with POS systems. Problems: Modification of (unprotected) data on a PC-platform is technically impossible to detect (direct access to files or data-bases is possible) Unclear position of tax auditors concerning POS data stored on PCs Complete changeover to electronic reporting is a risk for users Buenos Aires, SIM- Buenos Aires, SIM -CENAM, 28.08.2008 CENAM, 28.08.2008 Norbert Zisky 6 Norbert Zisky 6

  7. Solution Concept idea May 2004 Solution Concept idea May 2004 Use of cryptographic mechanisms for the protection of ECRs against manipulation Finance authorities distribute signature devices and operating instructions for ECR and POS Finance authorities define sets of data to be signed and data structures Manufacturers integrate the signature devices to ECR and POS Tax audit starts with testing the integrity and plausibility of the tax data by verifying signatures Buenos Aires, SIM- Buenos Aires, SIM -CENAM, 28.08.2008 CENAM, 28.08.2008 Norbert Zisky 7 Norbert Zisky 7

  8. Solution Concept validation Solution Concept validation The „Work group cash registers“ of the German Federal Ministry of Finance validates the concept Modification of (unprotected) data on a PC-platform is technically impossible to detect (direct access to files or data-bases is possible) Approaches discussed by the work group: “Classic“ fiscal memory Recording of all transactions and data protection by digital signature “Classic“ fiscal memory was considered incomplete since only sums and not single receipts are stored This is why recording of all transactions (“electronic journal“) with digital signatures was proposed Concept of digital signatures proposed by PTB was recommended Buenos Aires, SIM- Buenos Aires, SIM -CENAM, 28.08.2008 CENAM, 28.08.2008 Norbert Zisky 8 Norbert Zisky 8

  9. Current situation in Germany Current situation in Germany � Concept was confirmed by federal authorities and German federal countries (2006) � Draft of a law was published � Lack of clarity/misgivings to technical feasibility � Lack of clarity at costs � Strong resistance came from business associations Buenos Aires, SIM Buenos Aires, SIM- -CENAM, 28.08.2008 CENAM, 28.08.2008 Norbert Zisky 9 Norbert Zisky 9

  10. But!!! But!!! � German cash register group has developed a well founded professional concept (July 2008) � Under the leadership of PTB the project group „INSIKA“ work out the technical detail specification; starts February 2008 � All technical and general specifications will be open for everyone after finishing according to detailed operating schedule Buenos Aires, SIM Buenos Aires, SIM- -CENAM, 28.08.2008 CENAM, 28.08.2008 Norbert Zisky 10 Norbert Zisky 10

  11. Used Technique Used Technique � Basis of the solution are well known, tested and standardised procedures of data protection � Mass production of main components leads to favourable prices � No new technique is necessary Buenos Aires, SIM Buenos Aires, SIM- -CENAM, 28.08.2008 CENAM, 28.08.2008 Norbert Zisky 11 Norbert Zisky 11

  12. System architecture (easy model) System architecture (easy model) Protection of ECR against manipulation Central authority Recruitment of cards card management, Store public Server smart card card delivery key read public key Sets of data tax auditor generate ECR tax audit sign Checking store cash entry set export smart card of data 12343222 Xx23434-362632| 20031016_09:05| 123.34|432.22|822.31| or 1ad3477ca123a2b3b4b77aa 12343222 Xx23434-362632| 20031016_09:05| 123.34|432.22|822.31| 22bc1ad3477ca123a2b3b4b cash entry set of data signature Buenos Aires, SIM- Buenos Aires, SIM -CENAM, 28.08.2008 CENAM, 28.08.2008 Norbert Zisky 12 Norbert Zisky 12

  13. System architecture (easy model) System architecture (easy model) Life cycle Once every 10 years Central authority Recruitment of cards card management, Store public Server smart card card delivery key 1 kbyte for 20 years read public key Sets of data tax auditor generate ECR tax audit sign Checking store cash entry set export smart card Once within 10 years of data 12343222 Xx23434-362632| 20031016_09:05| 123.34|432.22|822.31| Once for 10 years or 1ad3477ca123a2b3b4b77aa 12343222 Xx23434-362632| 20031016_09:05| 123.34|432.22|822.31| 22bc1ad3477ca123a2b3b4b cash entry set of data signature Buenos Aires, SIM- Buenos Aires, SIM -CENAM, 28.08.2008 CENAM, 28.08.2008 Norbert Zisky 13 Norbert Zisky 13

  14. Solution Buenos Aires, SIM Buenos Aires, SIM- -CENAM, 28.08.2008 CENAM, 28.08.2008 Norbert Zisky 14 Norbert Zisky 14

  15. Solution Growing awareness Solution Growing awareness Fiscal authorities have recognized the problems: Europe-wide cooperation of tax authorities Increased attention towards POS data during tax audits Better defined demands for POS systems, e.g.: Austria: New law (“Betrugsbekämpfungsgesetz”) The Netherlands: Brochure „Uw bedrijf en hetafrekensysteem“ Germany: Legislative procedure in progress Sweden: New law about cash registers Buenos Aires, SIM- Buenos Aires, SIM -CENAM, 28.08.2008 CENAM, 28.08.2008 Norbert Zisky 15 Norbert Zisky 15

  16. Estimation Netherland Estimation Netherland Ben van der Zwet, Belastingdienst.nl Feb.2008 In 2004 Dieter Paschmans introduced your work in the EU Fiscalis Cash Register Project Group. ..… Meanwhile Germany is working in the same direction and thanks to the Working Group for Cash Registers, I think Germany is way ahead of the Dutch project. In this way the outcome of your work would not only be applicable in Germany. It might set a global standard . Buenos Aires, SIM- Buenos Aires, SIM -CENAM, 28.08.2008 CENAM, 28.08.2008 Norbert Zisky 16 Norbert Zisky 16

  17. EU Fiskalis 2013– EU Fiskalis 2013– cooperation between national tax authorities cooperation between national tax authorities MEPs gave a first reading to the EU’s new programme to facilitate cooperation between national tax authorities over the next six years, Fiscalis 2013. They are proposing a number of changes aimed at enhancing transparency of the scheme, and also want to limit it to EU Member States, where the Commission was proposing to include countries participating in the EU’s Neighbourhood Policy too. The proposed budget for Fiscalis 2013 is around €157m Buenos Aires, SIM- Buenos Aires, SIM -CENAM, 28.08.2008 CENAM, 28.08.2008 Norbert Zisky 17 Norbert Zisky 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Measurement There are two main systems of measurement: - The English system

Measurement There are two main systems of measurement: - The English system

4 - 1 Introduction Measurement is finding a number that shows the size or amount of something. Measurement is done using measuring tools. Measurement There are two main systems of measurement: - The

438 views • 4 slides
Tube & Wire Inspection Systems July 2017 Tube & Wire Measurement Products Hexagon MI

Tube & Wire Inspection Systems July 2017 Tube & Wire Measurement Products Hexagon MI

Tube & Wire Inspection Systems July 2017 Tube & Wire Measurement Products Hexagon MI offers two types of high-accuracy measurement systems for tube applications. The measurement systems are operated with a dedicated software

523 views • 9 slides
Steganographic File Systems Steganographic File Systems 1 Conventional Protection Mechanisms in

Steganographic File Systems Steganographic File Systems 1 Conventional Protection Mechanisms in

Steganographic File Systems Steganographic File Systems 1 Conventional Protection Mechanisms in File S Systems t User Access Control The operating system is fully trusted to enforce the security policy. Is it good enough? Is it

888 views • 44 slides
CLIMATE PROTECTION SYSTEMS CLOTHING SYSTEMS ENGINEERED ACCORDING TO PEOPLES INNATE

CLIMATE PROTECTION SYSTEMS CLOTHING SYSTEMS ENGINEERED ACCORDING TO PEOPLES INNATE

CLIMATE PROTECTION SYSTEMS CLOTHING SYSTEMS ENGINEERED ACCORDING TO PEOPLES INNATE CHARACTERISTICS AND CLIMATIC FACTORS OUR JOB IS MAKING SURE YOU CAN DO YOURS When Taiga was founded in 1982, the companys ambition was to make the best

401 views • 7 slides
Performance Evaluation of Performance Evaluation of Phasor Measurement Systems Phasor

Performance Evaluation of Performance Evaluation of Phasor Measurement Systems Phasor

PNNL-SA-60867 Panel: International Experience in PMU Applications Performance Evaluation of Performance Evaluation of Phasor Measurement Systems Phasor Measurement Systems Henry Huang (PNNL), Bogdan Kasztenny (GE), Vahid Madani (PG&E), Ken

452 views • 29 slides
CAN/ULC S1001-11 Integrated Systems Testing of Fire Protection and Life Safety Systems and Fire

CAN/ULC S1001-11 Integrated Systems Testing of Fire Protection and Life Safety Systems and Fire

CAN/ULC S1001-11 Integrated Systems Testing of Fire Protection and Life Safety Systems and Fire Protection Commissioning Presentation To: Canadian Fire Alarm Association (CFAA) Alberta Technical Seminar Edmonton, Alberta 8 October 2014

536 views • 50 slides
Measurement 4 - 1 Introduction Measurement is finding a number

Measurement 4 - 1 Introduction Measurement is finding a number

Measurement 4 - 1 Introduction Measurement is finding a number that shows the size or amount of something. Measurement is done using measuring tools. There are two main systems of measurement: - The

308 views • 8 slides
Advocacy (P&A) Systems P&As Protection and Advocacy for Individuals with

Advocacy (P&A) Systems P&As Protection and Advocacy for Individuals with

Overview of Protection and Advocacy (P&A) Systems P&As Protection and Advocacy for Individuals with Developmental Disabilities (PADD) program Funded under Part C of the DD Act 57 P&As: In each State, Territory &

894 views • 17 slides
Operating System Principles: Performance Measurement and Analysis CS 111 Operating Systems

Operating System Principles: Performance Measurement and Analysis CS 111 Operating Systems

Operating System Principles: Performance Measurement and Analysis CS 111 Operating Systems Peter Reiher Lecture 11 CS 111 Page 1 Fall 2016 Outline Introduction to performance measurement Issues in performance measurement A

708 views • 54 slides
Potential Weaknesses in the Cyber Systems of High-Security Physical Protection Systems John F.

Potential Weaknesses in the Cyber Systems of High-Security Physical Protection Systems John F.

Photos placed in horizontal position with even amount of white space between photos and header Potential Weaknesses in the Cyber Systems of High-Security Physical Protection Systems John F. Clem IAEA-CN-254-298 Sandia National Laboratories is

503 views • 17 slides
Types of Expert Systems Interpretation Systems Prediction Systems Diagnosis Systems

Types of Expert Systems Interpretation Systems Prediction Systems Diagnosis Systems

Types of Expert Systems Interpretation Systems Prediction Systems Diagnosis Systems Design Systems Planning Systems Monitoring Systems Debugging Systems Repair Systems Instruction Systems Control

329 views • 7 slides
Systems Security: Why is Measurement Important? Patrick Traynor CSE 544 - Advanced Systems

Systems Security: Why is Measurement Important? Patrick Traynor CSE 544 - Advanced Systems

980 views • 54 slides
AmSys Leak Detection Unit (amsys.no) Main features AmSys 1 Adaptive Measurement Systems AmSys

AmSys Leak Detection Unit (amsys.no) Main features AmSys 1 Adaptive Measurement Systems AmSys

AmSys Leak Detection Unit (amsys.no) Main features AmSys 1 Adaptive Measurement Systems AmSys 2 Adaptive Measurement Systems The AmSys solution for leak detection: Can be used in all systems where heat exchanger leakage may be detected as

544 views • 23 slides
SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. P

SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. P

SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. P P HOUSTON, TEXAS S S S S Sales@safeplexsystems.com Systems, ystems, P Products, roducts, S Services, ervices, I Integrity ntegrity S I

98 views • 7 slides
SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. P

SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. P

SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. P P HOUSTON, TEXAS S S S S Sales@safeplexsystems.com Systems, ystems, P Products, roducts, S Services, ervices, I Integrity ntegrity S I

80 views • 5 slides
Field measurement of polarization fluctuation dynamic and impact for 40 Gbit/s submarine systems

Field measurement of polarization fluctuation dynamic and impact for 40 Gbit/s submarine systems

conference & convention enabling the next generation of networks & services Field measurement of polarization fluctuation dynamic and impact for 40 Gbit/s submarine systems for 40 Gbit/s submarine systems Nicolas Brochier France

530 views • 17 slides
SPECIAL CELLULAR PHONE SP7 WIRETAPPING PROTECTION www.ledbg.eu DEVICE DESCRIPTION NO MATTER

SPECIAL CELLULAR PHONE SP7 WIRETAPPING PROTECTION www.ledbg.eu DEVICE DESCRIPTION NO MATTER

SPECIAL CELLULAR PHONE SP7 WIRETAPPING PROTECTION www.ledbg.eu DEVICE DESCRIPTION NO MATTER WHERE YOU ARE, AT HOME OR ABROAD SPECIAL CELL PHONE SP7 GUARANTEES WIRETAPPING PROTECTION IN GSM MOBILE PROTECTION IN GSM MOBILE NETWORKS ANY

196 views • 18 slides
Blockchain T echnology: Applications beyond Fintech Lucas Cullen and Katrina Donaghy, Civic

Blockchain T echnology: Applications beyond Fintech Lucas Cullen and Katrina Donaghy, Civic

Blockchain T echnology: Applications beyond Fintech Lucas Cullen and Katrina Donaghy, Civic Ledger LUCAS CULLEN @civicledger Civic Ledger www.civicledger.com KATRINA DONAGHY @civicledger Civic Ledger www.civicledger.com Workshop How

568 views • 41 slides
Securing Digital Evidence Information in Bitcoin A CASE STUDY IN DIRECTORATE GENERAL OF TAXES

Securing Digital Evidence Information in Bitcoin A CASE STUDY IN DIRECTORATE GENERAL OF TAXES

Securing Digital Evidence Information in Bitcoin A CASE STUDY IN DIRECTORATE GENERAL OF TAXES DIMAZ ANKAA WIJAYA MONASH UNIVERSITY DONY ARIADI SUWARSONO DIREKTORAT JENDERAL PAJAK CV Dimaz Ankaa Wijaya Education FMIPA UGM

535 views • 19 slides
Verification of TweetNaCls Curve25519 Peter Schwabe, Beno t Viguier , Timmy Weerwag, Freek

Verification of TweetNaCls Curve25519 Peter Schwabe, Beno t Viguier , Timmy Weerwag, Freek

Verification of TweetNaCls Curve25519 Peter Schwabe, Beno t Viguier , Timmy Weerwag, Freek Wiedijk Journ ee GT M ethodes Formelles pour la S ecurit e March 18 th , 2019 Institute for Computing and Information Sciences

621 views • 47 slides
History, Heresy & The Future of Data Encryption Martin Hellman Professor Emeritus, Stanford

History, Heresy & The Future of Data Encryption Martin Hellman Professor Emeritus, Stanford

History, Heresy & The Future of Data Encryption Martin Hellman Professor Emeritus, Stanford University Co-Inventor of Public Key Cryptography Michael Callahan CMO and VP, CREDANT Gretchen Hellman VP of Marketing and Product Management,

827 views • 30 slides
SmartData para uma Internet Confivel de Coisas Ciber-Fsicas Antnio Augusto Frhlich

SmartData para uma Internet Confivel de Coisas Ciber-Fsicas Antnio Augusto Frhlich

SmartData para uma Internet Confivel de Coisas Ciber-Fsicas Antnio Augusto Frhlich Summary The IoT Smart Cities, the Smart Grid, and Smart Things CPS @ IoT (vs Smart Phones and Social Networks) Limitations of Current

507 views • 38 slides
HOW TO WRITE A PROFESSIONAL Tips and Tricks to making your EMAIL emails work appropriate!

HOW TO WRITE A PROFESSIONAL Tips and Tricks to making your EMAIL emails work appropriate!

HOW TO WRITE A PROFESSIONAL Tips and Tricks to making your EMAIL emails work appropriate! PERSONAL V. PROFESSIONAL EMAILS Personal Professional Informal Formal Between friends and family Between business professionals Peer

469 views • 11 slides
Phishing Email Detection Info courtesy of www.itgovernance.co.uk 1 Message sent from a public

Phishing Email Detection Info courtesy of www.itgovernance.co.uk 1 Message sent from a public

Phishing Email Detection Info courtesy of www.itgovernance.co.uk 1 Message sent from a public email domain No legitimate organization will contact you from an email address that ends in @ gmail.com . 2 3 Domain names are

470 views • 16 slides

More recommend