chip and pin is broken
play

Chip and PIN is broken Steven Murdoch, Saar Drimer, Ross Anderson, - PowerPoint PPT Presentation

Jun 21, 2023 •17 likes •137 views

Faculty of Computer Science Institute for System Architecture, Operating Systems Group Chip and PIN is broken Steven Murdoch, Saar Drimer, Ross Anderson, Mike Bond Europay Mastercard Visa (EMV) 730 million cards worldwide

  1. Faculty of Computer Science Institute for System Architecture, Operating Systems Group Chip and PIN is broken Steven Murdoch, Saar Drimer, Ross Anderson, Mike Bond

  2. Europay – Mastercard – Visa (EMV) • 730 million cards worldwide • Solution to all the banks' problems: – Chip to prevent copying of a card – PIN to prevent abuse of stolen cards • PIN to prove customer's liability 2010-03-03 Chip&PIN is broken Slide 2 von MAXNR

  3. Card Fraud in the UK 2010-03-03 Chip&PIN is broken Slide 3 von MAXNR

  4. PIN and Chip protocol from 10,000 ft 1. Card authentication prove that card is correct → 2. Cardholder verification prove that customer owns the card → 3. Transaction authorization prove that transaction is valid → 2010-03-03 Chip&PIN is broken Slide 4 von MAXNR

  5. Card authentication 2010-03-03 Chip&PIN is broken Slide 5 von MAXNR

  6. Cardholder verification 2010-03-03 Chip&PIN is broken Slide 6 von MAXNR

  7. Transaction authentication 2010-03-03 Chip&PIN is broken Slide 7 von MAXNR

  8. The attack • TVR only records auth failures • IAD may contain info about PIN auth used – Issuer-specific, terminal cannot check • MITM: intercept PIN request and send 0x9000 to terminal • Result: – Terminal: PIN ok – Card: PIN never requested – Bank: no TVR failure, no PIN auth 2010-03-03 Chip&PIN is broken Slide 8 von MAXNR

  9. Hardware used 2010-03-03 Chip&PIN is broken Slide 9 von MAXNR

  10. What caused the vulnerability? • Closed protocol specification process • Huge spec – 707 pages for core EMV spec – 2,126 pages testing documentation – 810 pages VISA public extensions • No documentation of threat / security model 2010-03-03 Chip&PIN is broken Slide 10 von MAXNR

  11. Fixes? • Economic factor: – Customers can be held liable – No incentive for costly redeployment – Cooperation of banks and terminal vendors • Let terminal parse IAD – As the name says: issuer -specific data • Incorporate Cardholder Verification Method Results into ARQC – Possible with EMV, requires only cards and issuer backends to be fixed – Will stil take a long time 2010-03-03 Chip&PIN is broken Slide 11 von MAXNR

  12. Discussion • How to educate the uneducated? • Is there formal protocol validation? – Would it have helped? 2010-03-03 Chip&PIN is broken Slide 12 von MAXNR

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Memory Errors Bits in memory can be flipped Hard error The chip is broken E.g.,

Memory Errors Bits in memory can be flipped Hard error The chip is broken E.g.,

Verilog Memory Errors Bits in memory can be flipped Hard error The chip is broken E.g., manufacturing defect, wear (in Flash) Soft error Stored data corrupted, but cell still works Caused by atmospheric neutrons, alpha

291 views • 7 slides
Galatians Whos Your Mama? Broken people know theyre broken! They know they need Jesus

Galatians Whos Your Mama? Broken people know theyre broken! They know they need Jesus

Galatians Whos Your Mama? Broken people know theyre broken! They know they need Jesus & have given up on being their own savior! Abraham Sarah (wife) Isaac (son) Hagar (maidservant) Ishmael (son) Abraham, our broken spiritual

258 views • 21 slides
Who are the Chip Doctors ? Since 1991 The Chip Doctors, LLC have been providing assistance to the

Who are the Chip Doctors ? Since 1991 The Chip Doctors, LLC have been providing assistance to the

M easure, A nalyze , C orrective action, and S ustainability In Search of Chip Quality & Financial Return for Biomass Products Confidential: Proprietary information that is Patented and Trade Marked by The Chip Doctors, LLC and Fiber-M, Inc.

1.2k views • 46 slides
Broken Authentication: What it means, and what you can do hassan.abudu@owasp.org OWASP Top 10

Broken Authentication: What it means, and what you can do hassan.abudu@owasp.org OWASP Top 10

Broken Authentication: What it means, and what you can do hassan.abudu@owasp.org OWASP Top 10 Vulnerabilities - 2017 Rank Name 1 Injection 2 Broken Authentication 3 Sensitive Data Exposure 4 XML External Entities 5 Broken Access

207 views • 6 slides
GOD BLESSED THE BROKEN LINES This much I know is true. God blessed the broken lines

GOD BLESSED THE BROKEN LINES This much I know is true. God blessed the broken lines

GOD BLESSED THE BROKEN LINES This much I know is true. God blessed the broken lines that led me straight to Christ. MATTHEW 1:1-17 UNCONDITIONAL & CONDITIONAL I. UNDERLYING COVENANTS Edenic & Adamic Covenants A. 1.

364 views • 20 slides
Insecure Direct Object Reference IDOR ( Broken Access Control ) IDOR ( Broken Access Control ) ~#

Insecure Direct Object Reference IDOR ( Broken Access Control ) IDOR ( Broken Access Control ) ~#

Insecure Direct Object Reference IDOR ( Broken Access Control ) IDOR ( Broken Access Control ) ~# whoami Eric Biako Bsc. IT, CEH v9 Information security officer @ E-connecta Moderator @ https://legalhackmen.com IDOR ( Broken Access Control )

517 views • 12 slides
Review of prices for water and sewerage services in Broken Hill, and prices for the Broken Hill

Review of prices for water and sewerage services in Broken Hill, and prices for the Broken Hill

Review of prices for water and sewerage services in Broken Hill, and prices for the Broken Hill Pipeline, from 1 July 2019 Public Hearing 20 November 2018 Outline Overview of WaterNSW and Essential Water reviews Review of WaterNSWs prices

521 views • 22 slides
Exploring Chip to Chip Photonic Networks Philip Watts Computer Laboratory University of Cambridge

Exploring Chip to Chip Photonic Networks Philip Watts Computer Laboratory University of Cambridge

Exploring Chip to Chip Photonic Networks Philip Watts Computer Laboratory University of Cambridge Acknowledgement: Royal Commission for the Exhibition of 1851 Exploring Chip to Chip Photonics p g p p Bandwidth improvements in

90 views • 8 slides
AI Is Broken Sophie Searcy AI Is Broken slides at soph.info/ai-traps Sophie Searcy Caveats

AI Is Broken Sophie Searcy AI Is Broken slides at soph.info/ai-traps Sophie Searcy Caveats

AI Is Broken Sophie Searcy AI Is Broken slides at soph.info/ai-traps Sophie Searcy Caveats AI lumping together Data Science, Artificial Intelligence, Machine Learning, Data Mining, etc. Audience Conversant in AI topics. Not

759 views • 47 slides
ANNOUNCEMENT Date: 8 April 2020 Number: 668/08042020 BROKEN HILL ALLIANCE PRESENTATION Broken

ANNOUNCEMENT Date: 8 April 2020 Number: 668/08042020 BROKEN HILL ALLIANCE PRESENTATION Broken

ANNOUNCEMENT Date: 8 April 2020 Number: 668/08042020 BROKEN HILL ALLIANCE PRESENTATION Broken Hill Alliance: As part of the new 2020 focus on PGM-nickel-copper exploration, Impact Minerals Limited (ASX:IPT) announced to ASX on 24 February

346 views • 10 slides
7 On-Chip Interconnection Networks Chip Multiprocessors (ACS MPhil) Robert Mullins

7 On-Chip Interconnection Networks Chip Multiprocessors (ACS MPhil) Robert Mullins

7 On-Chip Interconnection Networks Chip Multiprocessors (ACS MPhil) Robert Mullins Introduction Vast transistor budgets, but .... Poor interconnect scaling Pressure to decentralise designs Need to manage complexity and power

960 views • 63 slides
Methods for Analyzing ChIP-Seq data Introduction to the ChIP-Seq server at SIB Lausanne Public

Methods for Analyzing ChIP-Seq data Introduction to the ChIP-Seq server at SIB Lausanne Public

Methods for Analyzing ChIP-Seq data Introduction to the ChIP-Seq server at SIB Lausanne Public ChIP-seq data: the bioinformatics event of the year 2007: Large data sets have become available: Barski et al. (2007): human CD4+ cell lines histone

396 views • 8 slides
Columbia University Chip-Scale Interconnection Networks Chip multi-processors create need

Columbia University Chip-Scale Interconnection Networks Chip multi-processors create need

Hybrid On-chip Data Networks Gilbert Hendry Keren Bergman Lightwave Research Lab Columbia University Chip-Scale Interconnection Networks Chip multi-processors create need for high performance interconnects Performance bottleneck of

742 views • 46 slides
Broken Hill North Mine Community Consultative Committee 04 October 2019 KPIs MOD 2 Broken Hill

Broken Hill North Mine Community Consultative Committee 04 October 2019 KPIs MOD 2 Broken Hill

Broken Hill North Mine Community Consultative Committee 04 October 2019 KPIs MOD 2 Broken Hill North Mine, MOD 1 CoC Schedule 2, 8 (c), specified, 16 ore laden truck movements per day when averaged over a calendar quarter. PBH found this

141 views • 13 slides
Calibration des Microroc (II) Alex, Cyril, Giom, Jean, Max 09 Mai 2011, Annecy 1 Reminder 2

Calibration des Microroc (II) Alex, Cyril, Giom, Jean, Max 09 Mai 2011, Annecy 1 Reminder 2

Reminder Comparison single chip & ASU chip Chip to chip variations Outlook Calibration des Microroc (II) Alex, Cyril, Giom, Jean, Max 09 Mai 2011, Annecy 1 Reminder 2 Comparison single chip & ASU chip 3 Chip to chip variations 4

454 views • 7 slides
SoC Design Lecture 10: On-Chip Interconnection Networks Lecture 10: On Chip Interconnection

SoC Design Lecture 10: On-Chip Interconnection Networks Lecture 10: On Chip Interconnection

SoC Design Lecture 10: On-Chip Interconnection Networks Lecture 10: On Chip Interconnection Networks Shaahin Hessabi Department of Computer Engineering g g Sharif University of Technology Signal Transmission on SoC We focus on global wires

800 views • 66 slides
Search for 3rd generation superpartners with the ATLAS experiment Keisuke Yoshihara (University

Search for 3rd generation superpartners with the ATLAS experiment Keisuke Yoshihara (University

Search for 3rd generation superpartners with the ATLAS experiment Keisuke Yoshihara (University of Pennsylvania) DPF2017 July 31 (Fermilab) Introduction The SM of particle physics is incomplete. Supersymmetry can be a new theory solving

355 views • 33 slides
New design of an acoustic array calibrator for underwater neutrino telescopes M. Saldaa, C.D.

New design of an acoustic array calibrator for underwater neutrino telescopes M. Saldaa, C.D.

2 nd International Electronic Conference on Sensors and Applications 15-30 November 2015 New design of an acoustic array calibrator for underwater neutrino telescopes M. Saldaa, C.D. Llorens, I.Felis, J. A. Martnez-Mora and M. Ardid UPV

527 views • 15 slides
Array-RQMC for Markov Chains with Random Stopping Times Pierre LEcuyer Maxime Dion Adam

Array-RQMC for Markov Chains with Random Stopping Times Pierre LEcuyer Maxime Dion Adam

1 Array-RQMC for Markov Chains with Random Stopping Times Pierre LEcuyer Maxime Dion Adam LArchev eque-Gaudet Informatique et Recherche Op erationnelle, Universit e de Montr eal 1. Markov chain setting, Monte Carlo,

790 views • 56 slides
Advanced Algorithms (XIII) Shanghai Jiao Tong University Chihao Zhang June 1, 2020 Total

Advanced Algorithms (XIII) Shanghai Jiao Tong University Chihao Zhang June 1, 2020 Total

Advanced Algorithms (XIII) Shanghai Jiao Tong University Chihao Zhang June 1, 2020 Total Variation Distance Total Variation Distance Let and be two distributions on Total Variation Distance Let and be two distributions on

1.04k views • 86 slides
Triple Therapy After PCI in AF: A Quagmire Soon to be Drained Freek W.A. Verheugt Department of

Triple Therapy After PCI in AF: A Quagmire Soon to be Drained Freek W.A. Verheugt Department of

Triple Therapy After PCI in AF: A Quagmire Soon to be Drained Freek W.A. Verheugt Department of Cardiology, Onze Lieve Vrouwe Gasthuis (OLVG) Amsterdam, Netherlands D ISCLOSURES FOR F REEK W. A. V ERHEUGT Research support/ Bayer HealthCare,

643 views • 25 slides
s rt

s rt

s rt rts t t rr rts t rr r

516 views • 28 slides
few TeV cosmic rays with the ARGO-YBJ experiment presented by R. Iuppa University of Rome Tor

few TeV cosmic rays with the ARGO-YBJ experiment presented by R. Iuppa University of Rome Tor

Detection of anisotropies in the arrival directions of few TeV cosmic rays with the ARGO-YBJ experiment presented by R. Iuppa University of Rome Tor Vergata INFN, sez.ne Tor Vergata on behalf of the ARGO-YBJ collaboration CRISM2011

247 views • 24 slides
DATA IS SEXY World Internet Data iTU Facebook 54 M

DATA IS SEXY World Internet Data iTU Facebook 54 M

DATA IS SEXY World Internet Data iTU Facebook 54 M 30 M 30M 13-40 = 37%

798 views • 21 slides

More recommend