Re: UK Detects Chip-And-PIN Security Flaw
Anne amp; Lynn Wheeler wrote: for even more drift ... a news item from later yesterday UK Detects Chip-And-PIN Security Flaw http://www.cardtechnology.com/article.html?id=20060606I2K75YSX APACS says the security lapse came to light in a recent study of the authentication technology used in the UK's new chip-and-PIN card system. ... snip ... and some comment http://www.garlic.com/~lynn/aadsm23.htm#55 UK Detects Chip-And-PIN Security Flaw not too long after the exploit (from earlier deployments) being documented in 2002 ... it was explained to a group from the ATM industry ... leading somebody in the audience to quip do you mean that they managed to spend a couple billion dollars to prove that chips are less secure than magstripes. the above from discussion on the subject in a different context http://www.garlic.com/~lynn/2006l.html#33 the above reference goes into a little more detail of where the label yes card came for the counterfeit cards used in the SDA exploit. as mentioned in earlier posting in this thread: http://www.garlic.com/~lynn/aadsm23.htm#56 UK Detects Chip-And-PIN Security Flaw part of the aads chip strawman http://www.garlic.com/~lynn/x959.html#aads requirements in the 90s was to be able to do dynamic data authentication with higher security than the DDA chips (using the chippin terminology) with chip that cost less than the SDA chips (and also could meet the contactless transit power and timing profile requirements). the x9a10 working group had already examined replay attack threat models (based on static data authentication) especially in light of the common skimming attacks that being used to harvest magstripes and PINs that were starting to become common at the time. for little more drift, there are assumptions about multi-factor authentication being more secure ... i.e. magstripes and PINs represent different factors. However, skimming attacks appearing by at least the mid-90s where capturing magstripes and PINs as part of the same operation (invalidating a basic multi-factor security assumption). also previously mentioned, x9a10 was specifying transaction authentication as opposed to session-like authentication ... because transaction authentication reduced several kinds of vulnerabilities that were frequently related to session operation (end-point threats, mitm threats, insider threats). there were a number of chippin SDA deployments in the 90s ... a partial reference here: http://www.garlic.com/~lynn/2006l.html#33 ... which had provided opportunities for the yes card type attacks to evolve. by the time of the 2002 article about yes cards ... the article also mentioned that information about building counterfeit yes cards was widely available on the internet. however, the information about yes card kind of attacks (skimming SDA data for replay attacks against terminals) was relatively readily available by 2000. In late fall of 2000, there was a small conference in London with principles of the lloyd's of london syndicates involved in insuring (brick mortar) point-of-sale retail payment fraud discussing numerous threat models and countermeasures. however, a lot of chippin deployments have been by people that are extremely chip centric ... interpreting everything from the context of the produced chips. there were some chippin deployments in 2001 that interpreted the yes card vulnerability from the standpoint that valid cards could do offline transactions. their yes card countermeasure was to produce valid cards that always did online transactions. Some of the chippin aficionados, when various of the yes card details were explained in more details ... tended to have trouble coming to grips with it being an attack on terminals and the rest of the infrastructure ... not attacks on valid chips ... and also thought that the crooks were not playing fair in how they programmed the counterfeit chips. one of the references in the 2002 article was to yes cards never going away. this also was somewhat behind the cited comment from ATM industry in conference not too long after the 2002 article about proving chips are less secure than magstripe. a cornerstone countermeasure to attacks on valid chips (like lost/stolen vulnerabilities) was infrastructure feature that when a card did an online transaction (as opposed to offline), the online infrastructure could instruct the card to self-destruct. the infrastructure allowed valid cards to instruct chippin terminals that they were doing offline transactions ... but valid cards were programmed to sporadically do online transactions. if a valid chip was reported as compromised, the account could be flagged (as happens with all magstripe transactions) and the chip also be scheduled for self-destruct command, the next time it went online. since a counterfeit yes card could be programmed to never go online, flagging an account (as works with magstripe
UK Detects Chip-And-PIN Security Flaw
UK Detects Chip-And-PIN SecurityFlaw http://www.cardtechnology.com/article.html?id=20060606I2K75YSX APACS says the security lapse came to light in a recent study of the authentication technology used in the UK's new chip-and-PIN card system. ... snip ... this was documented as the yes card in 2002 regarding chippin rollouts that had been done in the 99-2002 time-frame since the yes card vulnerability is an attack against the pos terminal (not the card) ... and since the vulnerability is part of the standard ... even if all new cards were rolled w/o the fix ... the infrastructure might still be vulnerable if POS terminals could be convinced to communicate using the vulnerable standard (this is somewhat analogous to attacker attacking protocols and convincing parties to downgrade to lower encryption). misc. posts discussing the yes card vulnerability as well as mentioning possible man-in-the-middle attack against the fix for yes card vulnerability. http://www.garlic.com/~lynn/aadsm15.htm#25 WYTM? http://www.garlic.com/~lynn/aadsm17.htm#13 A combined EMV and ID card http://www.garlic.com/~lynn/aadsm17.htm#25 Single Identity. Was: PKI International Consortium http://www.garlic.com/~lynn/aadsm17.htm#42 Article on passwords in Wired News http://www.garlic.com/~lynn/aadsm18.htm#20 RPOW - Reusable Proofs of Work http://www.garlic.com/~lynn/aadsm22.htm#20 FraudWatch - ChipPin, a new tenner (USD10) http://www.garlic.com/~lynn/aadsm22.htm#23 FraudWatch - ChipPin, a new tenner (USD10) http://www.garlic.com/~lynn/aadsm22.htm#29 Meccano Trojans coming to a desktop near you http://www.garlic.com/~lynn/aadsm22.htm#33 Meccano Trojans coming to a desktop near you http://www.garlic.com/~lynn/aadsm22.htm#34 FraudWatch - ChipPin, a new tenner (USD10) http://www.garlic.com/~lynn/aadsm22.htm#39 FraudWatch - ChipPin, a new tenner (USD10) http://www.garlic.com/~lynn/aadsm22.htm#40 FraudWatch - ChipPin, a new tenner (USD10) http://www.garlic.com/~lynn/aadsm22.htm#47 Court rules email addresses are not signatures, and signs death warrant for Digital Signatures http://www.garlic.com/~lynn/aadsm23.htm#2 News and Views - Mozo, Elliptics, eBay + fraud, naïve use of TLS and/or tokens http://www.garlic.com/~lynn/aadsm23.htm#15 Security Soap Opera - (Central) banks don't (want to) know, MS prefers Brand X, airlines selling your identity, first transaction trojan http://www.garlic.com/~lynn/aadsm23.htm#20 Petrol firm suspends chip-and-pin http://www.garlic.com/~lynn/aadsm23.htm#25 Petrol firm suspends chip-and-pin http://www.garlic.com/~lynn/aadsm23.htm#27 Chip-and-Pin terminals were replaced by repairworkers? http://www.garlic.com/~lynn/aadsm23.htm#30 Petrol firm suspends chip-and-pin http://www.garlic.com/~lynn/aadsm23.htm#43 Spring is here - that means Pressed Flowers http://www.garlic.com/~lynn/2003o.html#37 Security of Oyster Cards http://www.garlic.com/~lynn/2004g.html#45 command line switches [Re: [REALLY OT!] Overuse of symbolic constants] http://www.garlic.com/~lynn/2004j.html#12 US fiscal policy (Was: Bob Bemer, Computer Pioneer,Father of ASCII,Invento http://www.garlic.com/~lynn/2004j.html#13 US fiscal policy (Was: Bob Bemer, Computer Pioneer,Father of ASCII,Invento http://www.garlic.com/~lynn/2004j.html#14 US fiscal policy (Was: Bob Bemer, Computer Pioneer,Father of ASCII,Invento http://www.garlic.com/~lynn/2004j.html#35 A quote from Crypto-Gram http://www.garlic.com/~lynn/2004j.html#39 Methods of payment http://www.garlic.com/~lynn/2004j.html#44 Methods of payment http://www.garlic.com/~lynn/2005u.html#13 AMD to leave x86 behind? http://www.garlic.com/~lynn/2006d.html#31 Caller ID spoofing http://www.garlic.com/~lynn/2006e.html#3 When *not* to sign an e-mail message? http://www.garlic.com/~lynn/2006k.html#1 Passwords for bank sites - change or not? http://www.garlic.com/~lynn/2006l.html#27 Google Architecture - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]