Cryptology ePrint Archive: Report 2020/1440

SoK: Cyber-Attack Taxonomy of Distributed Ledger- and Legacy Systems-based Financial Infrastructures

Ralph Ankele and Kai Nahrgang and Branka Stojanovic and Atta Badii

Abstract: Nowadays, virtually all products and services offered by financial institutions are backed by technology. While the frontend banking services seem to be simple, the core-banking backend systems and architecture are complex and often based on legacy technologies. Customer-facing applications and services are evolving rapidly, yet they have data dependencies on core banking systems running on ancient technology standards.

While those legacy systems are preferred for their stability, reliability, availability, and security properties, in adapting the frontends and services many security and privacy issues can occur. Clearly, this issues are arising as those systems have been designed decades ago, without considering the enormous amounts of data that they are required to handle and also considering different threat scenarios. Moreover, the trend towards using new technologies such as Distributed Ledger Technologies (DLT) has also emerged in the financial sector. As the nodes in DLT systems are decentralized, additional security threats come to light.

The focus of this work is the security of financial technologies in the FinTech domain. We provide relevant categorization and taxonomies for a better understanding of the main cyber-attack types, and suitable countermeasures. Our findings are supported by using security-by-design principles for some selected critical financial use-cases, and include a detailed discussion of the resulting threats, attack vectors and security recommendations.

Category / Keywords: applications / DLT, blockchain, cyber-attack taxonomy, FinTech, threat modelling, cyber-attack countermeasure

Date: received 15 Nov 2020

Contact author: ralph ankele 2015 at live rhul ac uk, branka stojanovic@joanneum at, kai nahrgang@joanneum at

Available format(s): PDF | BibTeX Citation

Version: 20201119:093718 (All versions of this report)

Short URL: ia.cr/2020/1440


[ Cryptology ePrint archive ]