Scribd Logo
Upload

Welcome to Scribd!

  • Us 14 Anderson How Smartcard Payment Systems Fail

    Uploaded by

    th3.pil0t
    27 views35 pages
    The document summarizes research into security issues with chip-and-PIN payment systems. It describes how various attacks have been demonstrated over time, including tampering with PIN entry devices, relay attacks, and no-PIN attacks. It also discusses lessons learned regarding the governance and security of global payment systems, noting that fraud typically shifts to new channels as defenses improve in other areas.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document summarizes research into security issues with chip-and-PIN payment systems. It describes how various attacks have been demonstrated over time, including tampering with PIN entry devices, relay attacks, and no-PIN attacks. It also discusses lessons learned regarding the governance and security of global payment systems, noting that fraud typically shifts to new channels as defenses improve in other areas.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    27 views35 pages

    Us 14 Anderson How Smartcard Payment Systems Fail

    Uploaded by

    th3.pil0t
    The document summarizes research into security issues with chip-and-PIN payment systems. It describes how various attacks have been demonstrated over time, including tampering with PIN entry devices, relay attacks, and no-PIN attacks. It also discusses lessons learned regarding the governance and security of global payment systems, noting that fraud typically shifts to new channels as defenses improve in other areas.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 35

    Pow SmarLcard aymenL

    SysLems lall
    8oss Anderson
    Cambrldge
    8lack PaL 2014
    1he LMv proLocol sulLe
    named for Luropay-MasLerCard-vlsa, also
    known as 'chlp and ln'
    ueveloped laLe 1990s, deployed ln uk Len
    years ago (2003-3, mandaLory 2006)
    Lurope, Canada followed
    AbouL Lo be deployed ln Lhe uSA (by 2013)
    lasclnaung sLory of fallures and frauds
    Many lessons for securlLy englneers!
    8lack PaL 2014
    ConcepL of operauons
    Make forgery harder by replaclng Lhe mag
    sLrlp wlLh a chlp, whlch auLhenucaLes card
    Make auLhenucauon of cardholder sLronger
    by replaclng Lhe slgnaLure wlLh a ln
    keep verlfylng lns onllne aL A1Ms, buL verlfy
    on Lhe chlp aL merchanL Lermlnals
    Lncourage deploymenL by maklng Lhe
    merchanL llable lf ln noL used ('llablllLy shl')
    8lack PaL 2014
    8lack PaL 2014
    lraud hlsLory, uk
    Cardholder llable lf
    ln used
    Llse merchanL pays
    8anks hoped fraud
    would go down
    lL wenL up .
    1hen down, Lhen up
    agaln

    L
    o
    s
    s
    e
    s

    (

    m
    )
    Year
    2004 2005 2006 2007 2008 2009 2010 2011 2012
    Total, ex phone (m) 503 491.2 591.4 704.3 529.6 441 410.6 462.7
    0
    5
    0
    1
    0
    0
    1
    5
    0
    2
    0
    0
    2
    5
    0
    3
    0
    0
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    ! !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    ! !
    !
    !
    ! !
    !
    !
    !
    !
    !
    ! !
    ! !
    ! ! !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    ! !
    ! !
    ! !
    !
    !
    Card!not!present
    Counterfeit
    Lost and stolen
    ID theft
    Mail non!receipt
    Online banking
    Cheque fraud
    Chip & PIN deployment period
    Phone banking
    LMv shled Lhe landscape.
    Llke bulldozlng a oodplaln, lL caused Lhe
    fraud Lo nd new channels
    Card-noL-presenL fraud shoL up rapldly
    CounLerfelL Look a couple of years, Lhen Look
    o once Lhe crooks reallsed:
    lLs easler Lo sLeal card and pln deLalls once plns
    are used everywhere
    ?ou can sull use mag-sLrlp fallback overseas
    1amper-reslsLance doesnL work
    8lack PaL 2014
    Auack Lhe crypLo
    LMv broke all Lhe crypLographlc hardware
    securlLy modules ln Lhe world!
    A Lransacuon specled by vlSA Lo send an
    encrypLed key Lo a smarLcard leaked keys
    lnsLead
    See '8obblng Lhe bank wlLh a Lheorem
    prover', aul ?oun, 8en Adlda, Mlke 8ond,
    !olyon Clulow, !onaLhan Perzog, Amerson Lln,
    8onald L 8lvesL, 8oss Anderson, SW 2007
    8en now works for Square, !ol for ueuLsche.
    8lack PaL 2014
    Auack Lhe opumlsauons
    Cheap cards are
    SuA (no publlc key
    capablllLy, so sLauc
    cerucaLe)
    A 'yes card' can
    lmpersonaLe ln an
    oMlne Lermlnal
    lalrly easy Lo do,
    buL noL seen much
    8lack PaL 2014
    WhaL abouL a false Lermlnal?
    8eplace a Lermlnal's
    lnsldes wlLh your own
    elecLronlcs
    CapLure cards and lns
    from vlcums
    use Lhem Lo do a man-
    ln-Lhe-mlddle auack ln
    real ume on a remoLe
    Lermlnal ln a merchanL
    selllng expenslve goods
    8lack PaL 2014
    1he relay auack (2007)
    PN
    $2000 $20
    PN
    attackers can be on opposte
    sdes of the word
    Dave
    Carol
    Alice
    Bob
    $
    8lack PaL 2014
    Auacks ln Lhe real world
    1he relay auack ls almosL unsLoppable, and
    we showed lL ln 1v ln lebruary 2007
    8uL lL seems never Lo have happened!
    So far, mag-sLrlp fallback fraud has been easy
    Lus Lampered aL Shell garages by servlce
    englneers' (Lu suppller was blamed)
    1hen1amll 1lgers
    Aer fraud aL 8 ClrLon: we lnvesugaLe
    8lack PaL 2014
    1amper-proong of Lhe Lu
    ln LMv, ln senL from ln
    LnLry uevlce (Lu) Lo card
    Card daLa ow Lhe oLher way
    Lu supposed Lo be Lamper
    reslsLanL accordlng Lo vlSA,
    AACS (uk banks), Cl
    'LvaluaLed under Common
    CrlLerla'
    Should cosL $23,000 per Lu
    Lo defeaL
    8lack PaL 2014
    1amper swlLches (lngenlco l3300)

    8lack PaL 2014
    . and Lamper meshes Loo

    8lack PaL 2014
    1v demo: leb 26 2008
    Lus evaluaLed under
    Lhe Common CrlLerla
    were Lrlvlal Lo Lap
    Acqulrers, lssuers have
    dlerenL lncenuves
    CCPC wouldnL defend
    Lhe CC brand
    AACS sald (leb 08) lL
    wasnL a problem.
    khan case (!uly 2008)
    8lack PaL 2014
    1he no-ln auack
    Pow could crooks use a
    sLolen card wlLhouL
    knowlng Lhe ln?
    We found: lnserL a
    devlce beLween card &
    Lermlnal
    Card Lhlnks: slgnaLure,
    Lermlnal Lhlnks: pln
    1v: leb 11 2010
    8lack PaL 2014
    A normal LMv Lransacuon
    1. Card details; digital signature
    !!!
    "#$
    transaction;
    cryptogram
    result
    !
    5. Online transaction authorization (optional)
    card
    merchant
    2. PIN entered by customer
    3. PIN entered by customer;
    transaction description
    4. PIN OK (yes/no);
    authorization cryptogram
    customer
    issuer
    8lack PaL 2014
    A no-ln Lransacuon
    8lack PaL 2014
    8locklng Lhe no-ln auack
    ln Lheory: mlghL block aL Lermlnal, acqulrer, lssuer
    ln pracuce: may have Lo be Lhe lssuer (as wlLh
    Lermlnal Lamperlng, acqulrer lncenuves are poor)
    8arclays blocked lL !uly 2010 unul uec 2010
    8eal problem: LMv spec vasLly Loo complex
    WlLh 100+ vendors, 20,000 banks, mllllons of
    merchanLs . a Lragedy of Lhe commons!
    LaLer bank reacuon: wroLe Lo unlverslLy 8
    deparLmenL asklng for Cmar Chaudary's Lhesls Lo be
    Laken down from Lhe webslLe
    CurrenLly only PS8C seems Lo block lL ln Lhe uk!
    8lack PaL 2014
    Card AuLhenucauon roLocol
    LeLs banks use LMv ln
    onllne banklng
    users compuLe codes for
    access, auLhorlsauon
    A good deslgn would Lake
    ln and challenge / daLa,
    encrypL Lo geL response
    8uL Lhe uk one rsL Lells
    you lf Lhe ln ls correcL
    1hls puLs your personal
    safeLy aL rlsk .
    8lack PaL 2014
    Crlme vlcums LorLured for lns

    8lack PaL 2014
    hlshlng auacks?
    8lack PaL 2014
    Less susplclous Lhan Lhls .
    8lack PaL 2014
    CA auacks Lhrough wlcked shops

    code: 7365 5748


    login: Vic Tim
    SecureBank Inc.
    8lack PaL 2014
    LMv and 8andom numbers
    ln LMv, Lhe Lermlnal sends a random
    number n Lo Lhe card along wlLh Lhe daLe d
    and Lhe amounL x
    1he card compuLes an auLhenucauon
    requesL crypLogram (A8CC) on n, d, x
    WhaL happens lf l can predlcL n for d?
    Answer: lf l have access Lo your card l can
    precompuLe an A8CC for amounL x, daLe d
    8lack PaL 2014
    A1Ms and 8andom numbers (2)
    Log of dlspuLed Lransacuons aL Ma[orca:


    n ls a 17 blL consLanL followed by a 13 blL
    counLer cycllng every 3 mlnuLes
    We LesL, & nd half of A1Ms use counLers!
    8lack PaL 2014
    2011-06-28 10:37:24 l1246L04
    2011-06-28 10:37:39 l1241334
    2011-06-28 10:38:34 l1244328
    2011-06-28 10:39:08 l1247348
    A1Ms and 8andom numbers (3)

    8lack PaL 2014
    A1Ms and 8andom numbers (4)

    8lack PaL 2014
    1he preplay auack
    CollecL A8CCs from a LargeL card
    use Lhem ln a wlcked Lermlnal aL a colluslve
    merchanL, whlch xes up nonces Lo maLch
    aper accepLed aL Cakland Lhls year
    Slnce Lhen, we have a llve case.
    Sallor spenL t33 on a drlnk ln a Spanlsh bar.
    Pe goL hlL wlLh slx Lransacuons for t3300, an
    hour aparL, from one Lermlnal, Lhrough Lhree
    dlerenL acqulrers, wlLh A1C colllslons
    8lack PaL 2014
    8ack end fallures Loo .
    lnLeresung case ln 8 v arsons, ManchesLer
    crown courL, 2013
    AuLhorlsauon and seulemenL are dlerenL
    sysLems wlLh dlerenL Lransacuon ows
    AuLhorlsauon reversals noL auLhenucaLed
    Pow Lo Lake Lhe banks for maybe 7.3m (and
    Lhe banks only nouced 2.3m of lL .)
    arsons now a fugluve from [usuce
    8lack PaL 2014
    ln Lhe uk we have no 8eg L, and no
    breach reporung laws.

    8lack PaL 2014
    Auack scale
    Small: a speclallsL Leam can demonsLraLe lL Lo
    a 1v [ournallsL
    Medlum: a gang of crooks can Lake a few
    mllllon before Lhey geL caughL
    Large: scales Lo nlne / Len gures and forces
    lndusLry acuon
    MosL of Lhe dlscussed auacks are 'medlum'
    'Large' mlghL be conLalned uslng analyucs
    8lack PaL 2014
    8lack PaL 2014
    WhaL does LMv hold for Lhe uSA?
    lL looks llke Lhe eecLs of Lhe llablllLy shl
    wlll be mlugaLed by 8eg L, 8eg Z, & Lhe led
    Many banks may use chlp-and-slgnaLure, as
    ln Slngapore
    Consumer proLecuon mlghL sull be
    undermlned by paymenL lnnovauon, e.g.
    move from credlL cards Lo ln deblL, or
    phone paymenLs
    LMv wlLh less llablllLy shl wlll be an
    lnLeresung naLural experlmenL!
    8roader lessons
    Covernance aL global scale ls hard
    LMvCo largely superseded by vendor lobby .
    leaLurlus can break anyLhlng!
    lssuers, acqulrers have dlerenL lnLeresLs
    (even lf deparLmenLs of Lhe same bank)
    no-one represenLs Lhe poor consumer
    key: proper documenLauon, lncludlng breach
    noucauon and responslble vulnerablllLy
    dlsclosure (nC1 Lhe Lu nlS ulrecuve!)
    8lack PaL 2014
    8lack PaL 2014
    More .
    Cur 2014 lLLL SecurlLy & rlvacy paper on Lhe
    preplay auack
    Cur 2012 lLLL SecurlLy & rlvacy paper on Lhe no-
    ln auack
    See www.llghLblueLouchpaper.org for our blog
    And hup://www.cl.cam.ac.uk/~r[a14/banksec.hLml
    Workshop on Lconomlcs and lnformauon SecurlLy
    (WLlS): nexL edluon ln Lhe neLherlands, !une 2013
    My book 'SecurlLy Lnglneerlng - A Culde Lo 8ulldlng
    uependable ulsLrlbuLed SysLems'
    8lack PaL 2014

    You might also like