AW: [Clips] Banks Seek Better Online-Security Tools

2005-12-07 Thread Kuehn, Ulrich
 -Urspr√ľngliche Nachricht-
 Von: Nicholas Bohm [mailto:[EMAIL PROTECTED] 
 Gesendet: Dienstag, 6. Dezember 2005 12:03
 An: Florian Weimer
 Cc: cryptography@metzdowd.com
 Betreff: Re: [Clips] Banks Seek Better Online-Security Tools
 
 Florian Weimer wrote:
  * Nicholas Bohm:
[...]
 
 I hope, not too confidently, that before the attackers adjust 
 enough, banks will start giving their customers FINREAD type 
 secure-signature-creation devices of decent provenance whose 
 security does not rely on non-compromise of my PC or network.
 
In 2000 someone here in Germany already demonstrated how to attack smart card 
based HBCI transactions. Those transactions are authorized by an RSA signature 
done by the card. 

The attack demonstration used a trojan (I think it was something like back 
orifice) to remote control the victim's PC with the attached smart card reader, 
so that the PIN entered on the PC key board(!) could be sniffed and 
subsequently the PC including reader and smart card be used as a sort of remote 
signature generation device, authorizing any transaction of the attacker's 
choice. So under some circumstances even signature-based authorization does not 
work as advertised.

The attack relyed on the card reader not having a separate keyboard for PIN 
entry. Interestingly, I wonder what would happen if a reader with display and 
keyboard is used in an online attack, i.e. the adversary sneaks in a fraudulent 
transaction when the hash for the signature is computed. I do not know from the 
top of my head what is supposed to be displayed in the reader's display, so I 
do not know what impact such an attempt would have. 

Any suggestions?

Ulrich

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: AW: [Clips] Banks Seek Better Online-Security Tools

2005-12-07 Thread Florian Weimer
* Ulrich Kuehn:

 In 2000 someone here in Germany already demonstrated how to attack
 smart card based HBCI transactions. Those transactions are
 authorized by an RSA signature done by the card.

Here's a link: http://www.heise.de/newsticker/meldung/9349

 The attack relyed on the card reader not having a separate keyboard
 for PIN entry.

In this particular implementation, yes.

There are other attacks if you control the end user system:

You can display a dialog box requesting that the user enters the PIN
on the host, and not on the PIN pad.  Typical smartcard work in
various card readers (with and without PIN pads), so you can later use
the PIN to create additional transactions.

It turns out that you need not do this, though: once the end user has
entered the PIN, you can create as many signatures as you like.  In
this sense, the PIN/TAN approach is more secure than smartcards.

 Interestingly, I wonder what would happen if a reader with display
 and keyboard is used in an online attack, i.e. the adversary sneaks
 in a fraudulent transaction when the hash for the signature is
 computed. I do not know from the top of my head what is supposed to
 be displayed in the reader's display, so I do not know what impact
 such an attempt would have.

The display contents is supplied by the end user computer, not the
smartcard, so it's still possible to break this scheme just by
attacking the computer.

 Any suggestions?

Postbank's mTAN is promising because uses a separate channel which is
currently not very easy to attack, but the activation procedure is
fundamentally flawed.  Costs are probably too high to introduce this
as a general countermeasure, though.

In the long term, we need a standardized device which generates TANs
which depend on the transaction contents (target account and amount).
Standardization is important because you don't want to carry around
such a device for each plastic card you own.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]