Re: Debit card fraud in Canada
At 01:28 PM 12/24/99 -0400, M Taylor wrote: >> I personally would like a clearer explanation of just what happened, and what >> the "tamper-proof" devices were. Anyone who uses 'tamper proof' is basically a novice. Or a marketing droid. Tamper resistance increases the cost of attack; tamper-evident packaging increases the probability of detection. In the rabbit-fox game, foxes never go extinct, and rabbits are never safe. >One of the largest security measures used seems to be that Interac (the >debit network company, www.interac.org) tried to control access of >Interact terminals to legimate companies. Shades of DVD, GSM, ad nauseum.
Re: Debit card fraud in Canada
On Mon, 13 Dec 1999, Steven M. Bellovin wrote: > In message <[EMAIL PROTECTED]>, Steve Reid writes: > > A real-world example of the fact that cryptography is only part of the > > equation, and "tamper-proof" devices are not necessarily so. > > > > Article: http://www.globeandmail.ca/gam/National/19991210/UDEBIN.html > > Mirror: http://www.efc.ca/pages/media/globe.10dec99.html > > I personally would like a clearer explanation of just what happened, and what > the "tamper-proof" devices were. > > As I read the article, the attack involved subversion of the swipe card > readers. The modified versions apparently recorded both the mag stripe > information and the user's PIN. Are the readers supposed to be > tamper-resistant? Is the account information on the face of the card, as is > true for credit cards? If so, a simple visual recorder -- already used by It is not know whether these tampered terminals worked, if they were ever used, or if any working terminals are in use. Based on my reading of various news reports, the "tamper-proof" part of the devices is a `EPROM' chip that is erased when exposed to light. This is not unlike the commonly available EPROMs which are erased when exposed to bright UV light. Now I'm sure criminals can work a screwdriver in the dark and apply a patch of black tape to cover the window of the EPROM which sound like a possible method to bypass such tamper-proof measures. One of the largest security measures used seems to be that Interac (the debit network company, www.interac.org) tried to control access of Interact terminals to legimate companies. Of course this is impossible since these machines are used in nearly ever retail store, including corner stores, in Canada. In 1998, $1.6 billion ($CAD) of transactions were made using debit cards. Other related news articles: Debit scams raise alarm (December 11, 1999) http://www.efc.ca/pages/media/toronto.11dec99.html Banks do little while fraud pumps thousands from accounts (October 18, 1997) (Yes, 1997) http://www.efc.ca/pages/media/convergence.18oct97.html Debit Card Danger? Card Danger? (December 11, 1999) http://www.canada.com/saskatchewan/regina/stories/19991211/991211reginatopstory.html Debit-card system secure, say police and banks (December 10, 1999) http://www.canada.com/news/cp/stories/19991210/1555038.html Interac Association and the Canadian Bankers Association Assert Confidence in the Security of the Canadian Debit Card System (December 10, 1999) http://www.interac.org/news/releases/dec10-99.html
Re: Debit card fraud in Canada
Arrianto Mukti Wibowo writes: > About Mondex, probably you are right. No information is available about the > internals of Mondex, and is kept secret, unlike CAFE which the specification The fact that Mondex keeps its VM specs secret does not forebode well for its security. Apparently, the VM designer also doesn't know squat about good VM design for C programs. Make from it whatever you will. > was made open (it was a research project anyway). We can assume that Mondex > does rely heavily on the tamper resistant device.
Re: Debit card fraud in Canada
On Tue, 14 Dec 1999 06:52:26 +1100, Greg Rose <[EMAIL PROTECTED]> wrote: :This doesn't work. The PIN is derived by adding a "PIN Offset" which is :stored on the magstripe to the "Real PIN" which is cryptographically :derived from the account information. If you can't duplicate the magstripe One bank here allows one to change the PIN at the ATM machine. Doesn't sound like it is related to the info on the magstripe. -- Cheers Pat McCotter [EMAIL PROTECTED] PGP Key - 0xD437B2D9 Fingerprint D0 E7 C6 5A 9E EF 0D CF C7 10 88 2A 73 41 11 24
Re: Debit card fraud in Canada
On Mon, 13 Dec 1999 10:49:35 -0500 "Steven M. Bellovin" <[EMAIL PROTECTED]> writes: > In message <[EMAIL PROTECTED]>, Steve Reid writes: > > A real-world example of the fact that cryptography is only part of the > > equation, and "tamper-proof" devices are not necessarily so. > > > > Article: http://www.globeandmail.ca/gam/National/19991210/UDEBIN.html > > Mirror: http://www.efc.ca/pages/media/globe.10dec99.html > > I personally would like a clearer explanation of just what happened, and what > the "tamper-proof" devices were. > These attacks on magstripe based cards have been around for ages... For even more clever attacks (without merchant cooperation) on outdoor ATMs see ftp://ftp.sri.com/risks/risks-20.31 Fake ATM front panel copies cards and PINs (Ulf Lindqvist) Jaap-Henk -- Jaap-Henk Hoepman | Come sail your ships around me Dept. of Computer Science | And burn these bridges down University of Twente | Nick Cave - "Ship Song" Email: [EMAIL PROTECTED] === WWW: www.cs.utwente.nl/~hoepman Phone: +31 53 4893795 === Secr: +31 53 4893770 === Fax: +31 53 4894590 PGP ID: 0xF52E26DD Fingerprint: 1AED DDEB C7F1 DBB3 0556 4732 4217 ABEF
Re: Debit card fraud in Canada
-Original Message- From: Steve Reid <[EMAIL PROTECTED]> Date: Tuesday, 14 December, 1999 5:34 AM Subject: Re: Debit card fraud in Canada > >I'm not sure if I'd trust a smartcard-based system that didn't require >on-line connectivity. From what little I've seen such things usually >(always?) depend on the tamper resistance of the device for their >security (eg. M*nd*x). Well, actually not just the the tamper resistant device. Smart e-cash like CAFE (1995) also relies on cryptographic protocols to ensure that even if the tamper resistant device is broken (by an attacker), then it can still detect someone who double spends (copies and spends more then once) the digital coins. About Mondex, probably you are right. No information is available about the internals of Mondex, and is kept secret, unlike CAFE which the specification was made open (it was a research project anyway). We can assume that Mondex does rely heavily on the tamper resistant device. Keep in mind that what I discuss here is not credit nor debit system, it is a cash system (ie. the money is in the card), and it is an off-line transaction. There are someways to "convert" a debit based system into an off-line but still secure payment system. We did some research ('playing') on it. Very simple but the transaction is traceable (unlike most e-cash system). -mukti
Re: Debit card fraud in Canada
At 01:25 PM 12/13/99 -0800, Steve Reid wrote: >On Mon, Dec 13, 1999 at 12:12:42PM -0800, David Honig wrote: >> Wouldn't a thumbprint reader on the card (to authenticate the meat to the >> smartcard) be a tougher thing to shoulder surf? >> Does raise the cost over a PIN. > >I'm not sure if biometrics would help with the sort of attack this >appears to be. The attack is simply sniffing the data in the supposedly trusted card reader. Biometrics don't help. But we agree that a smartcard executing a non-replayable protocol might; my only point about thumbreaders was that they are more private than pressing keys. >Any biometric information could also be recorded and replayed. I No, the biometrics stay inside the smart card, which is part of the customer's security boundary. In this model, you trust your smartcard, which can identify your thumbs and can display what it thinks is going on. And the card uses a protocol with the rest of the world which can't be replayed. For instance, if the smartcard holds value and decrements itself. You get your gasoline, and the smartcard adjusts the stored value, and you can't get screwed by anything that happened with the vendor. In fact, you could use a broadcast medium and eschew physical contact entirely. >Anything depending on a regular magnetic card and PIN would probably be >vulnerable to whatever attack we're seeing here. There is no solution for that weathered technology methinks. >> Or would these exchanges require on-line connectivity, thereby defeating >> the utility of smartcards some? > >I'm not sure if I'd trust a smartcard-based system that didn't require >on-line connectivity. Do you realize what you've just done? You've just unleased Hettinga in his full glory... From what little I've seen such things usually >(always?) depend on the tamper resistance of the device for their >security (eg. M*nd*x). I'm not exploring the problems of keeping bank secrets in Markus Kuhn's wallet. I'll assuming the smartcard is your trusted friend; you would only trust its displays, not the vendor's, you would only thumb your own card. dh
Re: Debit card fraud in Canada
At 10:30 PM 12/13/99 +, Ben Laurie wrote: >David Honig wrote: >> >Sure. But wouldn't you like to keep your thumbs? > Yes, and my eyeballs, etc. Mere discussion does not imply endorsement. A PIN doesn't help: a thug will drag you to the ATM and harm you if you give the wrong PIN. And probably some physicalhacker would figure out how to develop a mold from a print... If prints are you, and you are your prints, you would wear gloves in public, for fear of touching a sensor. Maybe Michael Jackson is a biometric authentication freak.
Re: Debit card fraud in Canada
The NACHA pilot announced about a month ago specifies an AADS based transaction. The combined press release last week at BAI (something like cebit for the world retail banking industry) ... specifies AADS/X9.59 digital signing. The AADS strawman proposes an online paramerterized risk management infrastructure that can be software, hardware, bin-activated hardware, bio-sensor activated hardware, etc (i.e. integrity level of the compartment doing the digital signing). The issue isn't that the chip enables offline ... but that a chip with various characteristics can improve the integrity of online (non-face-to-face) transactions. misc. references. http://internetcouncil.nacha.org/ http://www.garlic.com/~lynn/ and specific ... http://www.garlic.com/~lynn/99.html#224 http://www.garlic.com/~lynn/aadsmore.htm#bioinfo1 http://www.garlic.com/~lynn/aadsmore.htm#bioinfo2 http://www.garlic.com/~lynn/aadsmore.htm#bioinfo3 David Honig <[EMAIL PROTECTED]> on 12/13/99 12:12:42 PM To: "Steven M. Bellovin" <[EMAIL PROTECTED]>, Steve Reid <[EMAIL PROTECTED]> cc: [EMAIL PROTECTED] (bcc: Lynn Wheeler/CA/FDMS/FDC) Subject: Re: Debit card fraud in Canada At 10:49 AM 12/13/99 -0500, Steven M. Bellovin wrote: >true for credit cards? If so, a simple visual recorder -- already used by >other thieves -- might suffice, and all the tamper-resistance in the world >won't help. Crypto, in other words, doesn't protect you if the attack is on >the crypto endpoint or on the cleartext. Wouldn't a thumbprint reader on the card (to authenticate the meat to the smartcard) be a tougher thing to shoulder surf? Does raise the cost over a PIN. Aren't there protocols where the exchange can't be replayed, but proof-of-knowledge is demonstrated? Or would these exchanges require on-line connectivity, thereby defeating the utility of smartcards some?
Re: Debit card fraud in Canada
David Honig wrote: > > At 10:49 AM 12/13/99 -0500, Steven M. Bellovin wrote: > >true for credit cards? If so, a simple visual recorder -- already used by > >other thieves -- might suffice, and all the tamper-resistance in the world > >won't help. Crypto, in other words, doesn't protect you if the attack is on > >the crypto endpoint or on the cleartext. > > Wouldn't a thumbprint reader on the card (to authenticate the meat to the > smartcard) be a tougher thing to shoulder surf? > Does raise the cost over a PIN. Sure. But wouldn't you like to keep your thumbs? Cheers, Ben. -- SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi
Re: Debit card fraud in Canada
On Mon, Dec 13, 1999 at 12:12:42PM -0800, David Honig wrote: > Wouldn't a thumbprint reader on the card (to authenticate the meat to the > smartcard) be a tougher thing to shoulder surf? > Does raise the cost over a PIN. I'm not sure if biometrics would help with the sort of attack this appears to be. It sounds like the modified card readers/number pads record everything. The information on the magnetic strip, the PIN entered on the keypad, possibly everything going over the wire too (these devices dial the bank to authenticate). Any biometric information could also be recorded and replayed. I guess it would be more difficult because you couldn't use the information at a regular ATM the way you can with card+PIN; you'd need a compromised machine to feed the information to. > Aren't there protocols where the exchange can't be replayed, but > proof-of-knowledge is demonstrated? That would require a smart card, or a cryptographicly strong operation that the user could do in their head (which would probably get filed under "too hard to use"). Anything depending on a regular magnetic card and PIN would probably be vulnerable to whatever attack we're seeing here. > Or would these exchanges require on-line connectivity, thereby defeating > the utility of smartcards some? I'm not sure if I'd trust a smartcard-based system that didn't require on-line connectivity. From what little I've seen such things usually (always?) depend on the tamper resistance of the device for their security (eg. M*nd*x). The current debit card system requires on-line connectivity to verify the card+PIN and transfer the funds. It's basicly the same as using an ATM machine. If you have a bank account and a card to access that account from an ATM machine, you can use it all over the place instead of cash. Some places even let you withdraw cash when making a transaction. Here in Canada it's about as widely used now at point-of-sale as credit cards are, maybe even more common, but you can't order stuff over the phone the way you can with credit cards.
Re: Debit card fraud in Canada
At 10:49 AM 12/13/99 -0500, Steven M. Bellovin wrote: >true for credit cards? If so, a simple visual recorder -- already used by >other thieves -- might suffice, and all the tamper-resistance in the world >won't help. Crypto, in other words, doesn't protect you if the attack is on >the crypto endpoint or on the cleartext. Wouldn't a thumbprint reader on the card (to authenticate the meat to the smartcard) be a tougher thing to shoulder surf? Does raise the cost over a PIN. Aren't there protocols where the exchange can't be replayed, but proof-of-knowledge is demonstrated? Or would these exchanges require on-line connectivity, thereby defeating the utility of smartcards some?
Re: Debit card fraud in Canada
At 10:49 13/12/1999 -0500, Steven M. Bellovin wrote: > If so, a simple visual recorder -- already used by >other thieves -- might suffice, and all the tamper-resistance in the world >won't help. Crypto, in other words, doesn't protect you if the attack is on >the crypto endpoint or on the cleartext. This doesn't work. The PIN is derived by adding a "PIN Offset" which is stored on the magstripe to the "Real PIN" which is cryptographically derived from the account information. If you can't duplicate the magstripe the pin you have shoulder-surfed is useless. (To caveat my own words... this is one of the internationally standardised and widely deployed methods. I don't know how the other ones handle this problem.) Greg. Greg Rose INTERNET: [EMAIL PROTECTED] Qualcomm AustraliaVOICE: +61-2-9181-4851 FAX: +61-2-9181-5470 Suite 410, Birkenhead Point, http://people.qualcomm.com/ggr/ Drummoyne NSW 2047232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
Re: Debit card fraud in Canada
In message <[EMAIL PROTECTED]>, Steve Reid writes: > A real-world example of the fact that cryptography is only part of the > equation, and "tamper-proof" devices are not necessarily so. > > Article: http://www.globeandmail.ca/gam/National/19991210/UDEBIN.html > Mirror: http://www.efc.ca/pages/media/globe.10dec99.html I personally would like a clearer explanation of just what happened, and what the "tamper-proof" devices were. As I read the article, the attack involved subversion of the swipe card readers. The modified versions apparently recorded both the mag stripe information and the user's PIN. Are the readers supposed to be tamper-resistant? Is the account information on the face of the card, as is true for credit cards? If so, a simple visual recorder -- already used by other thieves -- might suffice, and all the tamper-resistance in the world won't help. Crypto, in other words, doesn't protect you if the attack is on the crypto endpoint or on the cleartext. This incident might be the trigger that will force smart card deployment. The problem has always been that the threats were not severe enough to pay for the conversion cost. Perhaps they now are. --Steve Bellovin
Debit card fraud in Canada
A real-world example of the fact that cryptography is only part of the equation, and "tamper-proof" devices are not necessarily so. Article: http://www.globeandmail.ca/gam/National/19991210/UDEBIN.html Mirror: http://www.efc.ca/pages/media/globe.10dec99.html