Security analysis of Croatia’s receipt registration and verification system (CROSBI ID 597883)
Prilog sa skupa u zborniku | izvorni znanstveni rad | međunarodna recenzija
Podaci o odgovornosti
Groš, Stjepan
engleski
Security analysis of Croatia’s receipt registration and verification system
Beginning with 2013. a law in Croatia come into the force that requires owners of restaurants, café bars, and similar types of businesses that work with cash to register every receipt with a Tax Administration servers before issuing it to a customer. For the purpose of implementing the law APIS-IT, a Croatian IT company, developed a protocol based on XML, SOAP, and public key cryptography. They also implemented the server side system. It is a well known fact that developing protocols in general, and security protocols in particular, is a very tricky endeavor in which even the security professionals make mistakes. In this paper a security analysis of the protocol for receipt registration, the components of the system, and implementations is presented. Note that this is only a partial analysis, based on publicly available information, which doesn’t include testings on live systems due to being illegal by the new Criminal law in Croatia. We identified two weaknesses of the current system. But the main problem of the system is the fact that many business owners are now open to different attacks and nothing has been done to remedy that situation. This is actually a broader problem since, with ever increasing number of on line services nothing is done to increase security awareness of people.
security; xml; threats; finance; analysis
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
Podaci o prilogu
1381-1385.
2013.
objavljeno
Podaci o matičnoj publikaciji
MIPRO 2013 36th International Convention May 20 - 24, 2013 Opatija, Croatia Proceedings
Biljanović, Petar
Rijeka: Hrvatska udruga za informacijsku i komunikacijsku tehnologiju, elektroniku i mikroelektroniku - MIPRO
978-953-233-074-8
Podaci o skupu
MIPRO 2013
predavanje
20.05.2013-24.05.2013
Opatija, Hrvatska