Hi,
I'm working on a project that requires a benchmark against which to judge
various suppliers. The closest that has similar requirements is the ATM industry. To this end I'm looking for any papers, specifications or published attacks against ATM machines and their infrastructure. I'm also looking for what
type of networks they use and the crypto they use to protect comms.
Also any standards would be good that the ATM industry has to adhere to.
messages/networks tend to be some flavor of iso8583 (used for both credit and debit). most associations have requirement for DUKPT (derived unique key per transaction) DES and transition to 3DES.
do search engine some flavor of 8583, dukpt, and/or x9 (x9 is the us/ansi financial standards organization ... they have some recognition at places like NIST where they've gotten around to saying that they no longer have to rewrite X9 crypto standards for FIPS ... but can directly reference the X9 documents).
lots of the attacks aren't directly on the ATM machines ... but on the cards used at ATM machines ... aka skimming attacks. there is the stuff about overlays on the front of ATM machines to capture information as the card passes thru for valid transations. the captured information is then used to manufactor counterfeit cards (i think there was even a scene on this on one of last seasons CSI tv shows).
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
