Recommendation ITU-T X.1405 (06/2021) Security threats and requirements of digital payment services based on distributed ledger technology
Summary
History
FOREWORD
Table of Contents
1 Scope
2 References
3 Definitions
     3.1 Terms defined elsewhere
     3.2 Terms defined in this Recommendation
4 Abbreviations and acronyms
5 Conventions
6 A basic model of digital payment services using DLT
     6.1 General
     6.2 Use case of digital payment service based on permissionless DLT
     6.3 Use case of digital payment service based on permissioned DLT
     6.4 A simplified model of digital payment systems based on DLT
7 Security threats and challenges
     7.1 General threats and challenges for DLT
          7.1.1 Introduction
          7.1.2 Consensus mechanism threats
          7.1.3 Smart contract threats
          7.1.4 Virtual machine threats
          7.1.5 Cryptographic hash algorithm threats
          7.1.6 Asymmetric cryptographic algorithm threats
          7.1.7 Threats from practical quantum computers
          7.1.8 Node routing table threats (NRTT)
          7.1.9 Network DDoS threats
          7.1.10 Node identity threats
          7.1.11 Network routing threats
          7.1.12 Account data and transaction data threats
          7.1.13 Private key leakage threats
          7.1.14 Private key loss threats
          7.1.15 Transaction threats
     7.2 General threats and challenges for traditional financial systems
          7.2.1 Account set-up threats
          7.2.2 Transaction threats
          7.2.3 Scheme threats (scam)
          7.2.4 Systematic threats
          7.2.5 Money laundering / terrorist financing threats
     7.3 Threats and challenges specific for DLT-based digital payment systems
          7.3.1 Insecure custodial and safekeeping services threats
          7.3.2 Interoperability challenges
     7.4 Threat analysis for digital payment services using DLT
          7.4.1 Analysis of traditional financial threats on digital payment services based on DLT
          7.4.2 Threats and challenges on permissionless DLT systems
          7.4.3 Threats and challenges on permissioned DLT systems
8 Security requirements for digital payment systems based on DLT
     8.1 Security requirements
     8.2 Security requirements on user devices
     8.3 Security requirements on nodes
     8.4 Security requirements on distributed ledger system management
     8.5 Security requirements on sensitive data
     8.6 Security requirements on smart contracts
     8.7 Security requirements on key management
     8.8 Governing rules for security
9 Mapping between security threats and requirements for digital payment services
Bibliography
<\pre>