The following message is a courtesy copy of an article that has been posted to bit.listserv.ibm-main as well.
[email protected] (J R) writes: > As Ted mentioned, Canadian banks use it. It is also used extensively > by European banks and those in the Antipodes. > > What do these banks have in common? They use all the traditional > EFT cryptography *plus* the additional functionality for EMV (SmartCards). > > Also, being inboard, IBM crypto is inherently more secure than attached > outboard offerings and benchmarks an order of magnitude faster. lots of fast crypto can also be leveraged to do a brute force attack ... the faster and the more secure the better. remember the "DES cracking" machine (I've a soviener chip from the machine in a box someplace) http://en.wikipedia.org/wiki/EFF_DES_cracker maybe 15-20 yrs ago ... a mainframe connected (internal financial/banking) desktop was compromised ... so that it would perform brute force attacks on PIN numbers ... effectively sending large number of "PINed" zero transactions to the mainframe ... until it found the correct values. 4 digit PINs ... 10k possible values ... on the avg, brute force finds the correct value after half the search space ... i.e. 5k attempts. High-performance mainframe becames a super PIN cracking machine. PIN'ed operations have some easier attacks: * a lot of debit cards now can be used in either PIN-debit mode or signature-debit mode ... attacker skims the magstripe information and creates counterfeit card for use in "signature-debit" mode (basically the same as credit card) * multi-factor authentication is nominal considered more secure assuming that the different factors have independent vulnerabilities ... aka PIN "something you know" authentication is considered countermeasure for lost/stolen ("something you have") card. lots of past posts mentioning 3-factor authentication paradigm http://www.garlic.com/~lynn/subintegrity.html#3factor Possibly two decades ago, slightly more sophisticated skimming technology started being used to record both the magstripe and the PIN ... at the same time; which invalidaties the assumption about independent vulnerabilities. Note that even with such vulnerabilities, signature-debit fraud numbers are 15 times higher than PIN-debit. part of this can be a lot of fraud is happening as a result of data breaches ... where only the magstripe information is readily available. some recent posts mentioning the breach hitting the news on tuesday ... and is shaping up to be the largest to-date: http://www.garlic.com/~lynn/2009b.html#6 US credit card payment house breached by sniffing malware http://www.garlic.com/~lynn/2009b.html#13 US credit card payment house breached by sniffing malware http://www.garlic.com/~lynn/2009b.html#19 US credit card payment house breached by sniffing malware * PINs are a form of "shared-secret" "something you have" authentication ... lots of past posts about shared-secret authentication http://www.garlic.com/~lynn/subintegrity.html#secret recent post comparing "shared-secret" and "public-key" http://www.garlic.com/~lynn/2009b.html#14 question about ssh-keygen with empty passphrase nominal security procedure for "shared-secrets" is to have a unique "shared-secret" for every unique security domain (in part as a countermeasure to x-domain attacks). 40yrs ago with only a couple such shared-secrets, it was relatively easy paradigm to deal with. roll forward 40 yrs ... and now it isn't unusual to have several scores of unique shared-secrets. Because of the human factors dealing with such large number of shared-secrets, some studies have found that 1/3rd of debit cards have the PIN written on them. The "shared-secret" paradigm for "something you know" authentication is not the only that is vulnerable to skimming, evesdropping, havesting, sniffing, and/or data breaches ... as already mentioned the information from "magstripes" ("something you have" authentication) is also vulnerable ... and can be used to create counterfeit cards. There is a case where a presumably well-designed chip-card was trivially vulnerable to similar (magstripe) skimming attack. The chip would present "static data" and then strong cryptography was used to verify that the information was valid. However, since the information was "static" ... it was trivial to skim the "valid data" and place it in a counterfeit chip-card. POS terminals would ask a (valid) chip-card three questions (after performing crypto validation of the static data): 1) was the correct PIN entered, 2) should the transaction be done offline, and 3) is the transaction within the account credit limit. The counterfeit chip-cards got the nickname "YES CARDS" ... since they would always answer "YES" to all three questions. reference to presentation on "yes cards" at cartes2002: http://web.archive.org/web/20030417083810/http://www.smartcard.co.uk/resources/articles/cartes2002.html and misc. past posts mentioning "yes cards": http://www.garlic.com/~lynn/subintegrity.html#yescard note that a valid chip-card required the correct PIN to be entered before performing a valid transaction. However, it wasn't necessary to even skim the PIN ... since a counterfeit "yes card", would always claim that the correct PIN was entered ... regardless of what was entered. there were sarcastic comments from some members of the industry that billions of dollars were spent to prove that chipcards are less secure than magstripe cards. there were some large scale deployments in the period ... that seem to just evaporate. -- 40+yrs virtualization experience (since Jan68), online at home since Mar70 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
