Re: HELP, Vulnerability in Debit PIN Encryption security, possibly
From: Ernst Lippe (ernstl-at-planet-dot-nl_at_ignore.this)
Date: 05/07/03
- Next message: Carlos Moreno: "Substitution-Permutation network at byte level?"
- Previous message: Ashok: "Re: Consequences of breaking RSA, AES"
- In reply to: contact: "Re: HELP, Vulnerability in Debit PIN Encryption security, possibly"
- Next in thread: contact: "Re: HELP, Vulnerability in Debit PIN Encryption security, possibly"
- Reply: contact: "Re: HELP, Vulnerability in Debit PIN Encryption security, possibly"
- Reply: Anne & Lynn Wheeler: "Re: HELP, Vulnerability in Debit PIN Encryption security, possibly"
- Reply: chaussette: "Re: HELP, Vulnerability in Debit PIN Encryption security, possibly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 07 May 2003 12:42:44 +0200
On Wed, 07 May 2003 01:20:04 +0000, contact wrote:
> It's an interesting article but as you say, it's ten years old. The writer
> seems to address this from the UK point of view. Just in general, at that
> time, the difference in systems between the US and Europe were profound.
> In the US, all the systems I have ever worked on have been real-time,
> on-line systems that checked PINs with the issuing bank. In Europe this was
> not the case (unless it has changed recently) where PIN encryption had to be
> derived from the card number because the card PIN was checked at the
> terminal.
In the Netherlands the PIN for debit cards is always checked
online, and as far as I know that has been the case since
their introduction. A few years ago there were some
European countries that did not have on-line PIN verification,
but that situation was rapidly changing at that time.
Because I was able to use my debit card in all european countries
that I visited in recent years, I would expect that off-line
verification is hardly ever used.
> Your comments and the comments in the article about implementation failures
> are well noted, but I took the original poster to be concerned about the PIN
> entry devices themselves and the encryption systems themselves.
Actually, I have never seen any believable report anywhere that
the encryption systems themselves had been cracked.
It is unlikely that the banks should have been able to hide such
cases succesfully because it would probably require visible actions
like giving customers a new PIN or reloading all existing PIN terminals.
Actually, because there are so many easier ways to attack this
system, I would not expect that the encryption system is a
target for virtually all criminals.
>
> The points in the article about the ATMs are interesting and match what I
> have observed. I have seen a ATM service man enter the entire main key by
> himself. I also have heard that many ATMs share the same key but I can't
> confirm this. The banks seem to have the idea that it's their money and
> they'll do what they want. In general, I have noticed that the restrictions
> they place on third party PIN/key/device handlers are more severe than the
> ones they subject themselves too.
>
> If someone knows and can answer the question, it was my understanding that
> some Smart Cards allowed/required the entry of an authenticating PIN into
> the card itself to be in the CLEAR. Creating an unencrypted path for easy
> exploitation.
All smartcards (e.g. the Proton cards that are widely used in Europe)
that I know allow the entry of an unencrypted PIN,
some also allow the use of encrypted PIN's.
>From a security point of view this is not as horrible as it may
seem. A PIN is a pretty weak authentication mechanism to begin
with. Smartcard terminals are used in environments over which the
banks have very little control so there are lots of ways that
an attacker could obtain the PIN, e.g. with camera's.
If the smartcard would require encrypted PIN, the smartcard
terminal needs a secure keypad that contains the encryption
key. This makes the smartcard terminal more expensive but does
not offer any real security because it is relatively easy for
an attacker to obtain such a keypad himself.
Also one of the most important reasons for using smartcards
is that they are cheaper because you don't need an on-line connection.
But if all smartcard terminals were to be protected like ATM's,
they would loose their economic advantage.
So smartcard terminals are also relatively cheap and not very well
protected
>
> Still, I think the article you cite simply enforces my belief by the
> sentence in his second paragraph:
>
> "It turns out that the threat model commonly used by cryptosystem designers
> was wrong: most frauds were not caused by cryptanalysis or other technical
> attacks, but by implementation errors and management failures."
>
> A well designed system should prevent any employee from having access to a
> customer's PIN. Unfortunately, I don't think that that is the case with
> most banks (I could be wrong, but I know bank employees can assign a PIN
> number for you, and they obviously know it when they key it into the
> system). But at least, in the USA, PINs are not dervied from the PAN.
In the Netherlands the banks will claim that they don't know the
customer's PIN. When the debit cards are produced they generate two
random numbers the PIN and the so-called PIN-offset. The PIN offset
is written on the card and the PIN is printed on a PIN mailer.
They claim to record only the sum of the PIN plus the offset.
When the debit card is used in a terminal this same computation
is performed and the banks use this value to verify the PIN.
In principle they are correct that they don't know the customer's
PIN. But when they can read the PIN offset from the debit card
it is easy for them to compute the customer's PIN of course.
> Which brings up an interesting point. I believe most of the fraud is a
> result of the US credit card system, not the debit card system (stolen
> numbers on white cards, fake VISA cards, re-encoded cards, etc.). All of
> this encryption stuff is subject to economic considerations in the real
> world. Until the banks and card issuers find it more expensive to deal with
> fraud than upgrade their systems, they will continue to absorb the fraud
> dollars as a cost of doing business. What's interesting is that nearly every
> card issuer could make it's fraud dollars go to near zero by simply
> requiring a PIN entry on every transaction, including credit card (as
> opposed to debit cards) transactions. They don't do this because they don't
> want to inconvenience their customers. But I can't think of a store that I
> have been in lately that didn't have the ability to accept a PIN entry so I
> believe the banks could change the model for credit card use to require a
> PIN almost overnight if they chose to do so. Nobody wants to go first and
> drive their customers away.
Credit card fraud has always been substantial. But because it is
very predictable it is simply incorporated as one of the business costs.
Recently the amount of fraud has increased, mainly because of the
frequent use of credit cards for internet transactions.
Using PIN's will certainly reduce the fraud somewhat, but it
will certainly not eliminate it completely. In Europe
where PIN's are almost universally used with debit cards
there is still a substantial level of fraud.
There have been several cases where criminals used their
own card readers to duplicate an existing card.
This specific risk could be almost eliminated by switching to
smartcards. In the Netherlands and neighbouring countries
their have been massive investments in smartcards but so far
they are not used very heavily.
greetings,
Ernst Lippe
- Next message: Carlos Moreno: "Substitution-Permutation network at byte level?"
- Previous message: Ashok: "Re: Consequences of breaking RSA, AES"
- In reply to: contact: "Re: HELP, Vulnerability in Debit PIN Encryption security, possibly"
- Next in thread: contact: "Re: HELP, Vulnerability in Debit PIN Encryption security, possibly"
- Reply: contact: "Re: HELP, Vulnerability in Debit PIN Encryption security, possibly"
- Reply: Anne & Lynn Wheeler: "Re: HELP, Vulnerability in Debit PIN Encryption security, possibly"
- Reply: chaussette: "Re: HELP, Vulnerability in Debit PIN Encryption security, possibly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
