security of bank cards

Bank Cards

Nicolas T. Courtois 1,ex. 2

1 - University College London, UK2 = [Axalto+Gemplus]

Security of Bank Cards

Payment Technology:

Evolution

2 Nicolas T. Courtois 2006-2011

Evolution


Money

Key invention in human history:


money

- here is some money for your research


Two Main Functions of Money

1. Store Value2. Allow Payment

⇒progressive separation


⇒progressive separation of these two functions

⇒cash vs. non-cash technologies…⇒virtual money…


Evolution of Money – Store Value

• Precious natural resources: salt etc• Gold, Silver, Other Metals => Coins• Paper Money

• Money as Electronic Record


• Money as Electronic Record + Legal Protection + Government Guarantee

• Future: Cryptographic E-Cash?


Modern Money = Debt



Evolution of Payments

• Physical Cash (Bank Notes, Coins) = M0

• Cheque = Check Books• Electronic Bank Transfer 20 days => 15 min…


• E-Purse Systems: geldkarte, London Oyster• Bank Cards• Contact-less Bank Cards, e.g. MasterCard PayPass:

• Future: Cryptographic E-Cash…

difference?


Payment Technology:

Legal Protection


Legal Protection


Legal Protection

• Legally OVER-PROTECTED in most countries. For centuries. Very heavy criminal penalties.

• Bank Cards: also over-protected.since very recently (2001+ in France, 2005+ in the UK). Credit card fraud = 0.15 % typically.


• Paypal fraud: 0.20 %.

• Money on your Oyster card – not money, – not a proof of deposit not even a proof of pre-payment

• TfL will be the only judge if credit is valid or not.

– does NOT enjoy any similar level of legal protection, • business between me and TfL.


Bank Cards



Cards Replace Cheques - UK


will cease to exist in 2018


Warning:

• Not all details and not all attacks are public… – Not everything said about this topic is true. – Not all security described is actually used. – I don’t exactly know everything …

• and I will not say everything that I know.

• Many attacks are outdated quickly, protections evolve.


• Many attacks are outdated quickly, protections evolve. – Some loopholes remain. This presentation does contain information

about how to commit crime. However– in fact some common types of fraud are being tolerated and watched

[honeypots for criminals]…

• New attacks are invented each year…

can be DANGEROUS for the inventor:


Legal Framework (very important)



UK Law – RecentThe Fraud Act 2006 came into force in early 2007.

(Before many loopholes allowed criminals to avoid prison. )

The Fraud Act introduces a general offence of fraudwhich can be committed by

1. false representation (e.g. use someone’s card, phishing)2. failing to disclose information [e.g. on an ad/prospectus]3. abuse of position [employee access, carer 4 elderly..]

Maximum sentence: 10 years.


3. abuse of position [employee access, carer 4 elderly..]

One previous loophole: possession of software or data designed or adapted for use in [connection with] fraud.

Possession: up to 5 years. [possession + intention to be somewhat used to fraud/cheat, even if used by sb. else]

Writing software: up to 10 years.


Who Is In Charge?


Technical Regulation and Supervision Bodies


Who is in Charge? Global

• Card Schemes such as VISA / MasterCard / etc…

• The PCI Security Standards Council


– an open global forum for the development, enhancement, and implementation of security standards for account data protection.


Who is in Charge? [EU and UK]• The European Payment Council (EPC)

– the decision-making and coordination body of the European banking industry in relation to payments.


• APACS - the UK Payments Association – UK Payments Administration

= sort of cartel of banks, self-regulation, no penalties,

– [similar to “GIE Carte Bancaire” in France](BTW. the French Parliament have their Observatory of the Security of Bank Cards, not in the UK)(BTW. the French Parliament have their Observatory of the Security of Bank Cards, not in the UK)(BTW. the French Parliament have their Observatory of the Security of Bank Cards, not in the UK)


Common Criteria Certificates

• CESG at GCHQ – Communications-Electronics Security Group at

Government Communications Headquarters

=> Common Criteria Scheme



EAL = Evaluation Assurance Level• EAL1: Functionally Tested

• no need disclose the design/sources to government agencies…

• EAL2: Structurally Tested• 6 months, 150 K$

• EAL3: Methodically Tested and Checked• EAL4: Methodically Designed, Tested, and Reviewed

commercia


• EAL4: Methodically Designed, Tested, and Reviewed– EAL4+: flaw remediation, better crypto, etc…– 24 months, 150 K$ - 2.5 M$ per product

– Ms. Windows 2000 source certified EAL4+ for an undisclosed amount

• EAL5: Semi-formally Designed and Tested• EAL6: Semi-formally Verified Design and Tested• EAL7: Formally Verified Design and Tested

al

military


Microsoft and EAL4+Schneier on SecurityMicrosoft Windows Receives EAL 4+ Certification

Microsoft announced that all the products earned the EAL 4+ (Evaluation Assurance Level), which is the highest level granted to a commercial product.

The products receiving CC certification include Windows XP Professional with


The products receiving CC certification include Windows XP Professional with Service Pack 2 and Windows XP Embedded with Service Pack 2. Four different versions of Windows Server 2003 also received certification.

Is this true?...director of security engineering strategy at Microsoft Steve Lipner said the

certifications are a significant proof point of Redmond's commitment to creating secure software.

Bad publicity for EAL 4+…Target of evaluation: switch the network off.Target of evaluation: switch the network off.Target of evaluation: switch the network off.


Consumer Protection


Consumer Protection


Fraud is Hidden?Since April 2007: • The bank reports the fraud to the police.

– Police stations, instructed to do so by the Home Office, are now turning away the victims of bank card fraud and other financial crimes. These are no longer recorded.

– Except by the financial industry itself that is interested in:


– Except by the financial industry itself that is interested in:• Hiding some fraud…• Passing other fraud on the customer…• Petition to PM: http://petitions.pm.gov.uk/online-fraud/

• One exception: If card is stolen: – cancel the card first– report to the police


*Breach DisclosureObligation to disclose breach to customers. • California SB1386 bill: obligation to disclose to

EACH AFFECTED CUSTOMER

• UK: not everything is lost: In 2007 the House of


• UK: not everything is lost: In 2007 the House of Lords issued a report on “Personal Internet Security” which also recommends that…


Consumer ProtectionGeneral model – in many countries.[Federal Consumer Protection Act FCPA, 1970

Electronic Funds Transfer Act EFTA, 1978]:

User is liable for the first 50 USD, remaining loss is covered by the bank.


remaining loss is covered by the bank.

• US: 50 USD• UK: excess £50• France: 150 €

* there are important exceptions:

UK: Credit Act, +voluntary/APACS: ATM class action with 2000 cases!(excess 0 £ with my BT card)


Positive / Negative ExceptionsThere are several exceptions. Similar in many countries,

generally:• The bank pays everything if…

– Counterfeit card and other types of [technical] fraud on card[but my credit card contract says “not liable if problem with ATM failing to issue cash…”]

– No PIN/sign. e.g. telephone sale…


– No PIN/sign. e.g. telephone sale…– Lost/stolen after notification (if done in 2 business days)

• The bank will refuse to pay if: "Important Negligence"– Didn’t report lost card in 2 days

• [up to 500 USD, no limit after 60 days]

– Acting recklessly: didn’t keep the card and PIN secure.


Consumer Protection - UK

Weak. Check your credit card contract + insurance– Not all banks subscribe to UK “Banking Code” (implies

clear information, being fair to the customer etc…). – There is no penalty at all if one bank violates UK

Payments voluntary rules…


– Check your credit card contract – You want to purchase additional insurance(!)…

UK Credit Act [1974] => Much better protection with a credit card than with a debit card.


UK Credit Act [1974, in force since July 1977]

• Section 84 limits customer liability to no more than £50 if cards are stolen, and used by someone else.– But if you still have your card [card data copied, clone]

the customers pay nothing at all.

• For all transactions between £100 and £30 K, the credit card company is liable to the same extent as


credit card company is liable to the same extent as the supplier if breach of contract, or the product turns out to be sub-standard, or fails to be delivered, fraud, misrepresentation etc. Also if the supplier is insolvent, out of business etc...

• in 2006 High Court decided that this also applies to overseas card purchases for up to £30 K.


Security Economics - UKExtracted from paper “Information security Economics and

Beyond” by Ross Anderson and Tyler Moore[Cambridge].“In the USA, banks are generally liable for the costs of card

fraud; when a customer disputes a transaction, the bank must either show she is trying to cheat it, or refund her money. In the UK, the banks had a much easier ride: they generally got away with claiming that their systems were


generally got away with claiming that their systems were ‘secure’, and telling customers who complained that they must be mistaken or lying. “Lucky bankers,” one might think; yet UK banks spent more on security and suffered more fraud. This may have been what economists call a moral-hazard effect: UK bank staff knew that customer complaints would not be taken seriously, so they became lazy and careless, leading to an epidemic of fraud.” [like +50 %][like +50 %][like +50 %]


How to Implement Secure Payments?


How to Implement Secure Payments?


“The Bottom Line”

Applies to many different topics in the last 20 years and for many many years to come. Applies equally well to

• Bank cards and many other payment systems.• Copyright protection including Windows, DVDs Blue-Ray,

software and computer/console games, iPad apps, etc..


There are two main methods to secure things:1. Online connection/activation etc… Stateful.2. Tamper-resistant hardware such as smart cards.The 2. Historically developed because of lack/weakness of 1. Best security: Combination of 1+2.

Conclusion: Both will continue developing…


Goals:• Commercial system acceptable for the banks. • Portable object fits into your wallet – user

acceptability, alignment security/perception.• Practical terminals at merchant side. • Inexpensive and Secure

Q: for whom ?


• Inexpensive and Secure

Means:

• Magnetic stripe [>30 years old]• Smart card = tamper-resistant hardware device. [All

French cards from 1992], maturity, 20 years old, powerful enough

• Crypto inside [3DES, SHA-1, RSA, etc.].

Q: for whom ?


0. Credit Cards


0. Credit Cards


Pre-History1878 A US fiction writer Bellamy, predicted that in 2000 everybody will be

paying by a credit card (!),

Metal credit cards – 1914-1940 , US only



History – Plastic Money1950 Invention of plastic money@Diners Club = plastic charge

credit cards for businessmen and VIP1951 Franklin Nat. Bank [NY] introduced “ChargeIt” credit

cards. Shops called the bank for approval if larger amount (first authorisations!).


1960s:Three companies have emerged at US national level…


History – ATMs1967 First cash machines, punched cards1967 Invention of PIN1967 magnetic stripe cards, France, access control1969 First online ATM in the US [Chemical Bank NY] John Shepherd-Barron OBE


1972 Lloyds Bank ‘Cashpoint’ [UK], is the first on-line ATM using plastic cards with a magnetic stripe.

1980s ATMs become widespread in the US1980s Debit Cards introduced by banks.


Credit Card Numbers


Credit Card Numbers


Credit Card NumbersCan be bought and sold on the black market. Prices: between 0.06 $ and 30 $. Market for

lemons… [cf. also EcoInfoSec 2009 paper]


Variable size. Commonly 16 digits. Up to 19.

Can be guessed: interpolation+Luhn’s algo.

Many expiration dates are not effective. After receiving our new card the number is frequently the same…


Credit Card Numbers

Digit 1: the Industry: • 1,2: Airlines• 3: Travel/Entertainment


• 3: Travel/Entertainment• 4/5: Banking/Financial• 6: Merchandizing/Financial• 7: Petroleum• 8: Telecom• 0,9: Other


Digits 1-6: Issuer Identifier

MasterCardAmerican ExpressVISADiscover

51xxxx-55xxxx34xxxx,37xxxx

4xxxxx6011xx


DiscoverMaestroBank of China

6011xx67xxxx45xxxx


Credit Card Numbers

Last Digit: checksum: • Luhn’s algo,

– start from the right and double each second


– start from the right and double each second digit, sum should be a multiple of 10.• Hard to believe but banks did not publish even this…

algo treated as considered as confidential for decades.


0.1. Pre - MagStripe


0.1. Pre - MagStripe


“Fer à Repasser”

Based on EmbossingAn antiquity, I was able to find one still operational and used in France in 2009…



1. Magnetic Stripe Cards


1. Magnetic Stripe Cards (and resulting attacks and scams…)


Magnetic Stripe Cards


Which one is counterfeit ?


Skimming Bank Cards



Old Models (2000)



Smaller and Better Models (2009)



Magnetic Stripe Cards

Still accepted in most countries.• From January 2005, UK uses only smart

cards. All ATMs would use chip [Apacs].• Most countries should switch to 100 % smart


• Most countries should switch to 100 % smart cards around 2015?

• Except for US – not sure they will? 5% of chip cards in the US [as of 2005]

• Visa and MasterCard do ‘force’ this: incentive programs.


Magnetic Stripe (Magstripe)

ISO 7811/1-5 + proprietary data formats by MasterCard, VISA, Amex, and individual banks.

• 0.223 inches (5.66 mm) from the edge


• 0.223 inches (5.66 mm) from the edge • 0.375 inches (9.52 mm) wide • similar to c.cassette tape.

– Darker color: higher coercivity, more expensive, much more reliable (>2 years, magnet in your pocket)––– cassette recorder and an iron?cassette recorder and an iron?cassette recorder and an iron?


Magnetic Stripe(Magstripe)

Contains 3 tracks, each 0.110 inches (2.79 mm) wide. 1. Read-only ISO, 79*6 bits. 210 bits/inch.


2. 40*4+1 bits, ABA, (backup low res. all the data except the name, 75 bits/inch.).

3. [virtually never used in bank cards, loyalty etc?]: Read/write 107*4 bits


*Amateur Decoding of the Magstripemreader.free.fr, from .wav audio files, used by criminals…



Typical MagStripe Track 1:Format B [many other proprietary formats exists A-Z]:


XOR


Track 1, Format B

• Start sentinel — 1 character (generally '%') • Format code="B" — 1 character (alpha only)• Primary account number (PAN) — up to 19 characters.

Usually, but not always = the card number printed/embossed on the card. • Field Separator — 1 character (generally '^')• Name — 1 to 26 characters


• Field Separator — 1 character (generally '^') • Expiration date — 4 digits in the form YYMM. • Service code — 3 digits (explained later)• Discretionary data — may include

– Pin Verification Key Indicator (PVKI, 1 digit = 0..9), – PIN Verification Value (PVV) or Offset (4 digits), – Card Verification Value or Card Verification Code (CVV or CVC, 3 digits)

• End sentinel — 1 character (generally '?')• Longitudinal redundancy check (LRC) — XOR of all characters.

Reader checks it and discards it.


Track 2 (ABA)

The numbers 0-9, plus the six characters : ; < = > ? .

ASCII range 0x30 through 0x3f, all date but not the name• Start sentinel — here it is ';‘, can also be ‘~’? • PAN • Separator — here it is ‘=‘


• Separator — here it is ‘=‘• Expiration date — 4• Service code — 3 • Discretionary data — as in track 1• End sentinel — ‘?’• LRC


Motivation in a Nutshell:“the Loophole”


“the Loophole”


Motivation

Chip cards:


• much harder to read, • much harder to counterfeit.


Magnetic Stripe Bank Cards - Loophole:

As long as some merchants accept them, they will be fraud…


In France:Since the introduction of smart cards: Fraud decreased 10 times

in 10 years.


Security and Attacks on MagStripe+PIN


on MagStripe+PIN


Security - Magnetic StripesNumber: can be guessed, interpolation+Luhn’s algo.Date: May be guessed.CVV/CVC… – only 3 digits,

– 3-DES [or proprietary] MAC, Note: “Visual Cryptogramme” printed at the back (front Amex) and now widely used on the web is CVV2/CVC2. Not the same, similar.


widely used on the web is CVV2/CVC2. Not the same, similar.

• No protection against copying• Relative protection against falsification [CVV].• Short signatures needed (100 bits) !

Cf. Quartz [Courtois, Patarin, Goubin]Axalto patent. Offline verification !


Security – AVS [Internet purchases]

AVS: Address Verification Service [UK]- Automated check of address during authorization.

In UK: according to VISA in 2003:• 10 % of transactions were fraudulent


• 10 % of transactions were fraudulent• 75 % were genuine and accepted• 22.5 % were genuine and REJECTED!=> millions of legitimate customers are

annoyed daily!


SMS alerts and phone call-back systems

Very good and secure.

SMS: Used since 1990s, first seen in Eastern Europe!MasterCard launched it in 2005.


Recently got better: people can change thresholds and settings and adapt to their usage.


Security – MasterCard SecureCode(TM)

Also used by HSBC and many other banks.

An extra password (longer than the PIN) that is used for all Internet purchases with redirection to a special web page and back.


special web page and back.

Become mandatory in the recent years.


Frauds on ATMs



Beware:Cards alone cannot solve all security problems: • Must be secure (see later)• In addition we need to secure the whole

payment system.


• Example: Terminals.– Users have to be trained: understand security

and know how fraudsters proceed.– Examples of attacks on terminals:

(>80 different attacks are known to me…)


How Secure Is It? - Hardware



Robbing ATMs

1) Ram-raiding: • use a large truck / SUV to

steal the whole ATM.


2) plofkraak, • seal openings with silicone • use an explosive (solid or

gaz) to open the vault


ATM Countermeasures

1. money in cassettes, security mechanism: will dye the money with special ink if incorrectly opened


2. add smoke generating devices

3. refill at random moments.


Software Inside? Win2K and OS/2



Funny Examples:

Some ATMs had a test sequence: when you type it on the keyboard, it outputs banknotes.

Some ATMs confused 20 and 50 bills.


Good money rich Good money rich Good money rich ---> poor!! > poor!! > poor!! surprisingly, or not, only rich people complained…surprisingly, or not, only rich people complained…surprisingly, or not, only rich people complained…


**Session Hijacking

Very early Wells Fargo ATMs:

1) would not give the card back until the customer answered “no” to the question “Do you want to do another transaction?”.

2) many customers walked away with the money and the receipt(s) but left their card in the ATM…

3) the next person press the button “Yes” and the ATM did not even ask for PIN


3) the next person press the button “Yes” and the ATM did not even ask for PIN again…


1. In Some Countries…

Just False Terminals.• Gives your card back after you give the PIN…

– Says “Transaction was cancelled due to sth…”

• There were many false ATMs in South Africa…• Has been done many times on France too (careful


• Has been done many times on France too (careful with mobile ATMs in an airport, mall or train station…)

• This attack does not work for Chip (Smart) Cards. Cannot be copied !


1. In France and in Any Country…

False ATM front. Looks good !



False ATM front…

• Let’s push !


Skimmer


Another Skimmer [2009]



Inside View [2009]



Door Skimmers

At the bank door…


Simple Defense: use another card to get in!!


Green Skimmers

Imitate anti-skimming devices!



More Skimmers

looks really good



How to Get The PIN?

• Look to the left:Looks OK !



Get The PIN?

• What’s this ?



A Camera!

•



Large Camera..

•

Right angle…

RF Transmitter


Antenna

Battery


Another way of hiding a camera…

inside trunking being fitted to a cash machine..



PIN Pad Overlays



Other ways…

Camera in a mirror, in another building, car, van, etc..


Shoulder-surfing with a mobile phone video-camera etc…


Skimmers == False ATM front:

• Record and copy PIN + Magstripe. – Transmit data wirelessly,

• virtually no risk after installation…

– Produce 100 cloned cards a day !


– Use few months later… Nobody will find out at what occasion they were copied…

• Again, all this does not work for Chip (Smart) Cards.


Attack 2: (France and Any Country…)

• Bank ATM: “attended” ? kind of, security cameras compulsory in France since 2004…

• But… :– Fraud on POS (Point Of Sale == like a handhled


– Fraud on POS (Point Of Sale == like a handhled terminal used in restaurants): An employee in a coffee shop CANNOT be trusted.

– Install similar devices: record and copy PIN + Magstripe.

– Again will not work for Smart Cards…


US Banking

• Easy to copy.• Somewhat possible to counterfeit…

• Was easy in the past, also in the UK.

• BUT: systematic online verification in US:


• BUT: systematic online verification in US: stolen card, limits, PIN (+behavioral and risk mgm. systems)

• Difference FR-US: telecommunications underdevelopment in France in 80s and 90s (both

technical and commercial).


US Banking

• Easy to obtain credit cards.– Identity theft, 215 000 complaints in 2003.

• Fraud with ATMs:––– France: false ATM front. POS fraud…France: false ATM front. POS fraud…France: false ATM front. POS fraud…


––– France: false ATM front. POS fraud…France: false ATM front. POS fraud…France: false ATM front. POS fraud…– US only: Any (non-bank) company can

own/control/hire ATMs. In 2001 Albanian-Yugoslavian gang copied 21000 cards and withdrawn 3.5 M$.


Back-Office Countermeasures



Schneier about 2005 “Data” Pearl HarbourBruce Schneier, New York Daily News, June 23, 2005

“The epidemic of personal data thefts and losses…”

“…Real reform is required to solve these


“…Real reform is required to solve these problems… “:

• “reduce the amount of personal information collected, limit how it can be used and resold,

• require companies that mishandle our data to be liable for that mishandling…”


In this Schneier Quote we See:

Two main ideas to improve security:

LIMITATIONS


• “reduce the amount of personal information collected, limit how it can be used and resold,

LIABILITY• require companies that mishandle our data to be liable for

that mishandling…”


PCI - DSS

PCI Data Security Standard – Goals:• Promote consistent security requirements• Enhance security integrity and trust throughout payment system• Minimize losses related to incidents• Protect brand/reputation of members organizations


• Protect brand/reputation of members organizations


PCI Risk Exposure Stats• …

• Protect brand/reputation of members organizations • Remark: this may mean keep quiet about incidents??



PCI – DSS Requirements [contd]

They define 12 main requirements. Build and Maintain a Secure Network• firewall configuration to protect cardholder data• do NOT use vendor-supplied defaults for system passwords

and other security parameters


and other security parametersProtect Cardholder Data• protect stored cardholder data• encrypt transmission across open networksMaintain a Vulnerability Management Program• use and regularly update anti-virus software• develop and maintain secure systems and applications


PCI – DSS Requirements

Implement Strong Access Control Measures• restrict access to cardholder data to need-to-know• assign a unique ID to each person with computer accessRestrict physical access to cardholder data


• regularly Monitor and Test Networks• track and monitor all accesses to network resources and

cardholder data• regularly test security systems and processesMaintain a written Information Security Policy


Restrictions in PCI-DSSforbidden to store after authorization



Who Has to Comply?

Q: Can a coffee shop with random employees be trusted???Notion of “Merchant Level”• based on transaction volume and acceptance method. • less compliance requirements at lower Merchant Level.


Fact: All merchants and all service providers that store, process, or transmit cardholder information are required to comply with the PCI DSS requirements.


Penalties? Regulation needs “teeth”. Merchant’s compliance is enforced

by payment card associations = Visa/MasterCard etc. • A written contract/agreement, enforced by national law. • Fines: card companies can and have fined members tens of

thousands of dollars per month if they fail to implement.• Threat of termination of card processing services.• New laws:


• New laws:• Minnesota MS 356E.64, effective August 1, 2008,

• prohibits persons and entities conducting business in Minnesota from retaining data from the magnetic strips on payment cards, as well as security codes and PINs from such cards, for more than 48 hours after a card transaction is approved.

• Three other US states have similar state bills pending.• Texas law HB 3222, effective January 1, 2009:

• accept payment cards => must comply with ALL PCI DSS requirements.

• short lived victory: it is expected that data security bills pending in the federal Congress will preempt these laws.


MerchantLevels



Merchant Levels [MasterCard version]

1. any merchant regardless of acceptance channel (this includes e-commerce), processing over 6,000,000 transactions / year.+any merchant that has suffered a hack or an attack that resulted in an account data compromise. +any merchant that the card associations at its sole discretion, determines should meet the Level 1 merchant requirements.


determines should meet the Level 1 merchant requirements.2. any merchant processing between 1,000,000 and 6,000,000

transactions / year.3. any merchant processing between 20,000 and 1,000,000 e-commerce

transactions / year.4. any e-commerce merchant processing fewer than 20,000 e-commerce

transactions / year and all other merchants (regardless of acceptance channel) processing < 1,000,000 transactions / year.


Compliance Cost [source of jobs!]Level 1: Probably very expensive. ⇒ A. Annual On-site Security Assessment

== 2-3 days on-site audit by a Qualified Security Assessor (QSA) recognized for a given country. [e.g. Verisign, BT, etc]. To become one [5000 USD, strict selection]:

https://www.pcisecuritystandards.org/qsa_asv/become_pa-qsa.shtmlLost of requirements, background checks, insurance, stable business, …


Lost of requirements, background checks, insurance, stable business, …[…]must have demonstrated competence in cryptographic techniques, to include cryptographic algorithms, key management and rotation processes, and secure key storage[…]

Levels 23:• B. Annual Self Assessment Questionnaire (like an exam: MCQ)General obligation - all levels 123: • C. must allow an external company to scan their network (!!!) 4 times

per year. ASV = Approved Scanning Vendor, e.g. BT Counterpane, Qinetiq, Symantec, McAffee, Whitehat security)

Level 4: Your bank MAY ask you to do B and C [their decision].


Known Incident [US, c. 2004]

CardSystems [processing company for VISA and AmEx]:

Network intrusion => up to 40 million (at least 239 000) credit card accounts compromised: all magnetic stripe data [PAN, name, Exp.+ CVV codes] =>

Can I buy anything everywhere on the internet ? 3-digit CVV2 and billing address needed…


Later a sophisticated phishing scam were organized to get missing pieces of data (!) – the phishing email contained people’s credit card number (!).

� Did not encrypt anything… � Did hold all their old data since 1998…� Both VISA and Amex announced they were

terminating their contracts…


And with Chip Cards ?

No Fraud ?


Not Sure !


Well…

• False ATM front: – In theory does not work for Smart Cards…

– In practice: still works in 2007. The magstripe + PIN can still be used in many places including France


can still be used in many places including France itself.

• Let’s assume that this is stopped.This attack still works [next page]:


Low-tech Attack that Always Works

• Thin add-on made out of plastic and VHS tape [Lebanese loop]:



Works also with Smart Cards

• The card is stuck (due to some double-sided Scotch tape)

• Cannot be captured by the ATM. • Cannot get out…• You go inside the bank agency

to complain… while the thief pulls


to complain… while the thief pulls out the device with your card and goes away…

• The PIN captured with a camera or shoulder surfing !


Glue Gun Attack

• New attack, California 2011• Gluing down the “enter,” “cancel” and “clear” buttons on

the keypad• After entering the PIN… the customer does know what to

do…• Wait until the customer goes into the bank for help…


• Wait until the customer goes into the bank for help… before withdrawing money from their account.

• Customers either do not realize that they can use the ATM touchscreen to finish their transaction, or become nervous… and react by leaving the ATM unattended

• BTW. A thief caught applying glue to an ATM will be charged with minor vandalism… • it isn’t easy to prove that the crook intended to steal… new laws are required again...


Conclusion

Low-tech attacks: • technology doesn’t help…• Educating the customer helps



Relay AttackLow-tech, always works!

No Need to Break Anything !!!



Has Been Done…



Ross Anderson’s MITM Complete Setup



Fact:

Going from plastic to Chip increases security (provided the chip is used, not so obvious).


Going from signature to PIN? Not sure… But easier to verify automatically…

A.Sasse: people CAN now break the rules, can give the PIN to another personA.Sasse: people CAN now break the rules, can give the PIN to another personA.Sasse: people CAN now break the rules, can give the PIN to another person


Service Codee.g. 201



SC: Service Code

Present both on magstripe (Tracks 1 and 2) and in electronic chips (publicly accessible).

Represents different requirements on the transaction.


Example: UK credit cards:• Most banks use 201: Barclays, Lloyds TSB…• HSBC card service code is 221: the transaction

must be online.


SC: Service Code

3 digits. D1 D2 D3 D1 == most significant

D1 - Interchange and technology


D1 - Interchange and technologyD2 - Authorization processingD3 - Range of services and PIN requirements


SC: 3 digits. D1 D2 D3

D1: Interchange and technology:

0,3,4,8: Reserved for future use by ISO.1: Available for international interchange.2: Available for international interchange and with integrated circuit, which


2: Available for international interchange and with integrated circuit, which should be used for the financial transaction when feasible.

5: Available for national interchange only, except under bilateral agreement.6: Available for national interchange only, except under bilateral agreement,

and with integrated circuit, which should be used for the financial transaction when feasible.

7: Not available for general interchange, except under bilateral agreement.9: Test.



D2: Authorization processing:

0: Transactions are authorized following the normal rules.1,5-9: Reserved for future use by ISO.


2: Transactions are authorized by issuer and should be online.3: Reserved for future use by ISO.4: Transactions are authorized by issuer and should be online,

except under bilateral agreement.



D3: Range of services and PIN requirements:

0: No restrictions and PIN required.1: No restrictions.2: Goods and services only (no cash).


2: Goods and services only (no cash).3: ATM only and PIN required.4: Cash only.5: Goods and services only (no cash) and PIN required.6: No restrictions and require PIN when feasible.7: Goods and services only (no cash) and require PIN when

feasible.8,9: Reserved for future use by ISO.


PIN Code Security



PIN code verification and Magstripe

Old cards: • an encrypted version of PIN was written on

the Magnetic stripe. • not used anymore as it seems…


• not used anymore as it seems…


PIN code verification – Magstripe(used now and always used in the magstripe-only case)

ONLINE VERIFICATION ONLY:

PIN

encrypted


Y/Nauthenticated or not…it depends


PIN Encryption

deterministic? attacks: • finding out when two cards have the same PINs

– a bank employee could see his own encrypted PIN repeated for other customers

• One large UK bank stored this on the magstripe, – one could copy this field from one card to another…


=> MUST be probabilistic: • to prevent detecting when two cards have the same PINs:

– PIN + padding XORed with PAN

Other attacks: PINs are frequently encrypted and decrypted several times on the way to acquirer bank…

– Not a good method, encryptions should be encapsulated… • key management/trust problems…


PIN code verification – chip cards

Two possibilities exist with cards: • Online VERIFICATION (terminal does not have the key).

• Near 100% for ATM withdrawals.

• Offline verification by the chip. • Typically when you buy sth. in a shop.


In theory in EMV cards there are many powerful PIN verification methods [studied later].


PIN versus signature – UK/US perspective

PIN is easier to use but less secure than signature !• false signature can be repudiated later [serious

legal expertise] the PIN cannot be repudiated.• Easy to remember and copy the PIN.


Thus switching from Magstripe to Chip may be less secure for some people.

=> In EMV specs it is possible to use both PIN and signature for larger amounts…


PIN code – Remark 1

Overheard: 5 % of people in the UK write the PIN on their card.

Then the bank actually have a proof of negligence?


Then the bank actually have a proof of negligence? You have to pay for all the losses?

We can argue the opposite:• The criminal could have recorded / extracted the PIN and written it on

the card – not out of bad intention, revenge or sth like this, – in fact it makes a lot of sense: he would pass the card + PIN to another

lower-ranking criminal to withdraw actual cash!


PIN code – Remark 2

From my credit card company: “We recommend that you change your PIN to

one you’ll find easier to remember”.


Asking people to degrade their security!


Thermal Camera Attacks [2011]

After 10-45 seconds the accuracy to get

ALL the digits is 80%-60%


80%-60% [UCSD study]

Works well with plastic PIN pads. Does not work well with metallic keyboards…


Chemical Attacks

due to David Naccache…Deposit different chemicals on each keyUse a tissue to collect the displaced chemicals



PIN Protection Inside Chip Cards


PIN Protection Inside Chip Cards


Motivation:

Most Bank Cards have a PIN verification function.

PIN

not encrypted except in some EMV DDA cards


Y/Nnot authenticated except in EMV DDA cards


Remark:

There is no defense against an adversary that has several millions of €…



Hardware Countermeasures:

Make the life of the hacker much harder.


Make the life of the hacker much harder.

Financial sector requirements:• attacks should cost more than

say 25 K$ per card…


Functionality + Security



Hardware Countermeasures

Detection:• Detect under/over-clocking (stop the clock, read the (stop the clock, read the (stop the clock, read the

RAM)RAM)RAM)

• Random instructions, and Random Wait States [e.g. Infineon SLE66].


States [e.g. Infineon SLE66].• Detect low/high voltage [<2.3 V or >6.3 V].• Glitch/spike detect• Detect UVs, light, alpha particles, high/low

temp etc.


Intrusion Detection



*More Hardware Countermeasures

• Shield/coating. – Detect if “passivation layer” was removed.

• R/C measurements.

• Metallic layer: screens for charges/radiation.– Needed and monitored:


– Needed and monitored:• R/C measurements.

• Active shields=detect tampering with.– Mesh of wires: prevents probing, attacks with a

laser cutter, etc.– Chemical traps: SiShell [Axalto patent].


***Active Shield

Source:Infineon. Problem: back side attacks.Problem: back side attacks.Problem: back side attacks.



Intrusion Detection on PEDs (Pin Entry Device)

Anderson, Drimer, Murdoch,UCAM-CL-TR-711

2/2008


Potting:can be removed.


Intrusion Detectors

Basic principle: mesh of wires• Break the connection• Short certain wires

=> clear the memory, stop working“supervisory circuit”:


Attack: inject silver ink

gift-wrapped CPU with soft mesh

detection mesh board


Lid Removal Switch

• Switch disconnects when one opens the cover…

• Mesh prevents drilling to connect it permanently



The Security Was Not That Good …

Anderson et al. UCAM-CL-TR-711

paper clip



And…[…] in fact the devices have curiously placed holes and

contacts that make these attacks even easier […]



Certification

1. This terminal was approved tested and certified by:

– Ingenico– VISA– APACS [UK] – refused to revoke

works!


2. It was NEVER certified by a government agency [NSA, GCHQ etc] under the “Common Criteria” scheme.– evaluated, not certified, report not public

– CESG claims CC reports MUST be published, APACS refuses to publish it

– not that this would guarantee security…


Worse Than That:

Due to “fallback”[UK], full magstripe + PIN

are intercepted!!this way

not this way…


not this way…

works!


***Design Obfuscation• Restricted circulation of specs.• Non-standard instruction set. • Custom crypto algorithms.• ROM and busses in lower layers of silicon.

– Only “ion-implanted ROM” is used, not visible with UV light.

• Scrambling the data busses.


• Scrambling the data busses.– in each chip different lines, on certain chips the busses location changes during the execution of the code.

• Dummy structures in silicon.• Duplication• Symmetry -> same power consumption.• Memory Obfuscation:

– Encrypt the memory addresses.– Encrypt the memory data.


***Robustness and RedundancyGoals:• Avoid perturbation at logical level:

– Control bits, error correcting– Dual logic, also protects against power attacks.

• Detect perturbation at the OS and software level


• Detect perturbation at the OS and software level and block the card…– Data checksums, – Redo DES twice, – Etc..


Higher-Level Countermeasuresfor PIN Storage and Verification


for PIN Storage and Verification


Critical Bits and Pieces

• Example: PIN verification.• Can be implemented in asynchronous logic

[dedicated transistors/gates]– much lower power consumption,


– in a lower layer and much harder to localize• dummy versions can also be added

– require a dedicated hardware attack as apposed to a generic attack on CPU registers, busses, loading to memory, etc..


French B0 Card

In the early 1990s there were several people who were able to recover the PIN from the chip card alone… – (cf. Roland Moreno “Carte à Puce” book)


=>The card was later discontinued, gave birth to B0’ card that existed until 2006…


PIN code – Simple Hacker Attack [1992]

• Enter the PIN with a home terminal.• “Listen to” card radiation/power consumption to

detect early in time that it was wrong.• Switch the voltage off very quickly.


• Switch the voltage off very quickly.

Solution?


PIN code – Simple Hacker Attack [1992]

••• Enter the PIN with a home terminal.Enter the PIN with a home terminal.Enter the PIN with a home terminal.••• “Listen to” card radiation/power consumption to “Listen to” card radiation/power consumption to “Listen to” card radiation/power consumption to

detect early in time that it was wrong.detect early in time that it was wrong.detect early in time that it was wrong.••• Switch the voltage off very quickly.Switch the voltage off very quickly.Switch the voltage off very quickly.


••• Switch the voltage off very quickly.Switch the voltage off very quickly.Switch the voltage off very quickly.

Countermeasure [used in all bank cards]:• Increment the ratification counter first• Check the PIN• The decrement it(!).


Increment First? Slight Problem

• this could not be done, the first French bank card B0 had no NVM!

• They used an array of 480 bits, – where at each PIN verification attempt, a bit


– where at each PIN verification attempt, a bit would be irreversibly changed (EEEPROM).

– after 480 (right or wrong) attempts, the card would stop working

––– also they had a limited history 768 bytes, 4 bytes also they had a limited history 768 bytes, 4 bytes also they had a limited history 768 bytes, 4 bytes per transaction, 2 transactions/week.per transaction, 2 transactions/week.per transaction, 2 transactions/week.


Timing Attack on PINs

[old, worked before c. 1990]• Bad programming: compare PIN digits one

after one, if first is incorrect, abort! • Good programming: write a program such


• Good programming: write a program such that the execution time is constant.


PINs and Keys – Storage in the card• E2PROM=NVM of the smart card: assume

addresses and data are encrypted.Attack 1: read it (assume it’s possible)• Solution 1: store h(PIN)?


– Attack 2: dictionary attack.

• Solution 2A(recommended): store R, h(PIN,UID,R) = machine-dependent salted hashing

• Solution 2B: store R, E_K(PIN,R) where K is a key specific to this card only


More PIN Security


More PIN Security


Interleaving Attack on PINsA method to recover the PIN of a person with whom

they live: spouse, roommate, etc.• Assume that with shoulder surfing, we get 2 digits.

– There are 100 possibilities now, 50 on average to be checked.


checked.

• Try twice a day with an ATM next to your house, and put the card back in her/his wallet.– During the day they will do a legitimate transaction with

their PIN, the counter of wrong trials will be reset to 0.

• After about 25 days, you are ready for a big shopping spree…


Some Banks…In the UK, Halifax/Barclays allows people to unlock

their locked PIN in any ATM with Link logo.• possible if you still do know your PIN


• Remains a secret command as of today…


Serious BlunderSome banks send you a PIN

that is = your date of birth.• they encourage people to change it…

– wrong: 50 % of people will not change it.



Silent Alarm PIN – not widely usedDefense against an attacker

that forces us to reveal the password / PIN.


A secondary PIN which is accepted but raises an alarm. A.k.a. “duress PIN”. Exists in RSA SecureId system.Exists in RSA SecureId system.Exists in RSA SecureId system.


Card Software Security


Card Software Security


Protocol/Software Countermeasures

• Typically, the chaining of commands is strictly controlled. Each command can be issued only once, and in a certain order. – Assured by a finite state machine.– Example: don’t accept commands in clear-text


– Example: don’t accept commands in clear-text once secure messaging is established.

• The spec should not allow buffer overflows.


***Example: Conformity Test

The test verifies the enforcement of Secure Messaging:

Afterwards the chip denies to send data in an unencrypted way and answers with 6X XX (error).


(error).

Not enough: make sure that the same error code is sent in the same situation!


Example:

Eric Poll [Nijmegen] Attacks on e-passports.Send various ISO commands, observe the error messages:



2. Smarter1… Cards


2. Smarter1… Cards

1. Smarter: less dumb.


French Chip Card – B0’



Vocabulary

magnetic stripe card

ICC, chip card :• memory card

• wired logic card

carte à piste magnétique

carte à puce :• carte à mémoire• c. à logique câblée


• wired logic card• smart card

BO’ card [1985-2004]EMV card [1996-2020?]

• c. à logique câblée• carte à microprocesseur

[+crypto co-processeur]

carte bancaire françaisenouveau standard intenational


History of Chip Cards [1970-]


[1970-]


Historical Patents



Smart Card Odyssey

Two Key Patents:• Roland Moreno [France]

– chip card [1974]– security limitations [1975]


• Michel Ugon, Bull CP8: – microprocessor card [1977]

10 years ago, half of chip cards in the world were French. Wider adoption around 2000.


SPOM, October 1981 - Bull CP8

Patented• NMOS 3,5 µ, • 42 K Transistors,• RAM: 36 bytes (!),


• RAM: 36 bytes (!), • ROM: 1,6 Kbytes, • EPROM: 1 Kbyte


2.1. Towards Chip (and PIN!)


2.1. Towards Chip (and PIN!)


In 1984Schlumberger pilot in Lyon, France: • a wired logic card

Bull CP8 pilot in Blois, France: • a microprocessor card


• a microprocessor card

The banks adopted the Bull CP8 solution, the fore-father of all bank cards with chips.

100% in France in 1992. 100% in UK in 2005.


Cards Replace Cheques - France



Cards Replace Cheques - UK


will cease to exist in 2018


Cheque Guarantee?

In the UK, debit cards guarantee cheques for £50, £100 or so. See the hologram.

In the US it is against the rules but also In the US it is against the rules but also In the US it is against the rules but also


practiced by some merchants that charge practiced by some merchants that charge practiced by some merchants that charge your card if the check is bounced.your card if the check is bounced.your card if the check is bounced.


In 1996-2001

Europay, MasterCard, VISA specified a new standard for bank cards - EMV.

French B0’ cards were abandoned.


Did not evolve, less secure than EMV – deep reasons explained later…

=> French terminals stopped using them on 01 Jan 2007


***Axalto in 2005:

• Mixed EMV+B0’ cards.• N°1 in microprocessor cards.• N°1 provider of bank cards. 70 Mu/y• [[GSM cards: Gemplus or Axalto.]]


• [main competitors: Gemplus, Oberthur]


France -> Worldwide



2.1.1. Adoption – Fraud Landscape


– Fraud Landscape


Magnetic Stripe in the UKFact: many serious loopholes existed in the past. In

the 80s, 90s, even in 2008…

E.g. “Phantom withdrawals”: Old examples: • Andrew Stone, an ex-con and bank security

consultant, has been sent to prison for taking £1M


• Andrew Stone, an ex-con and bank security consultant, has been sent to prison for taking £1M from ATMs. £10 K / hour. 1996.– Quality cameras + in the past receipts from ATMs often

had the full account number on them. Clone cards.

• The magstripe: reportedly stored an encrypted PIN. Not used anymore. – One could keep the PIN and encrypted PIN, change the

card number and withdraw from another account!


Global Bank Card FraudRatio fraud/turnover.

US, Canada, Japan, Germany, Italy: 0.08 %, UK 0.11 % (was 0.33% in 1991!)France 0.082 %


France 0.082 %• 0.033 % French-French transactions !!!!• 0.5 % for trans-national transactions


France: First AdopterSource: Cartes Bancaires, only Fr-Fr fraud rate reported



Excessively High Fraud → Near 0 in 5 Months

US, Germany etc: 0.08 %, Malaysia in 2001: 0.74 %,

=> chip card introduced quite LATELY in 2005



UK Card Fraud

In 2000: one of the fastest growing crimes in the UK

Chip and PIN was introduced because it was projected 1 B£ in 2010?



UK Card Fraud Geography


Geography


UK and Card Fraud

CHIP and PIN: goal: 80 % reduction in fraud?

Not so easy... Introduced late,


Not so easy... Introduced late, UK credit card fraud: • skimming fraud: only £100 M / £440 M• 30 % is postal interception• Internet fraud is on the raise…


ProblemNew technology usually decreases fraud on average.

However. Liability is shifted on the customer.

In the UK the banks are entirely liable for fraud due to forged handwritten signatures, BUT there is no


forged handwritten signatures, BUT there is no legal protection for victims of electronic fraud.

Example: UK banks have also recently changed the voluntary code of practice “the Banking Code” to make customers liable for fraud if they do not have up-to-date anti-virus and firewall software.


Liability Shift

With MagStripe: bad technology⇒ banks must take responsibility for fraud


CHIP and PIN: ⇒ less fraud, but when it occurs the customer

will be held responsible!


Fraud is HiddenRoss Anderson et al.: [www.cl.cam.ac.uk/research/security/banking/ped/]

Criminals are already using tampered terminals to forge bank cards. […] Detailed information on criminal activity has been kept out the public domain by the “sub judice” rules.

=> obligation of secrecy in matters under trial


=> obligation of secrecy in matters under trial

Also the UK Parliament has a “sub judice” rule: • MPs and Lords can be prevented from bringing up matters awaiting adjudication

in a court of law…


*Fraud is Hidden

[…] what happens to the whole credit card merchant system, when no one cares to prosecute the thieves anymore? Well….that day is already here[…]


[…] police stations, instructed to do so by the Home Office, have been turning away the victims of bank card fraud and other financial crimes[…]


Yes!From April 2007 (related to new Fraud Act) on-line

financial fraud can no longer be reported to the police directly. It first has to be reported to the financial institution concerned.

It is now the responsibility of banks to decide which offences to pass on for


It is now the responsibility of banks to decide which offences to pass on for investigation.

These are no longer recorded except by the financial industry itself that is interested in:

• Hiding some fraud…• Passing other fraud on the customer…• Covering up for internal problems• They can profit from fraud: at the end of the day it is included in the price

of the card + profit margin.


From DCPCU Web Page [2010]

“a special police unit fully sponsored by the banking industry”


“The DCPCU is unable to take reports of crime from members of the public. If you are a victim of card fraud you should report it to your card company as soon as possible.”


Who is in Charge?

UK: who is responsible for the security of bank card transactions:

• VISA/Mastercard.• PCI Standards Council


• PCI Standards Council• UK Payments ex. APACSex. APACSex. APACS• GCHQ(BTW. the French Parliament have their Observatory of the Security of (BTW. the French Parliament have their Observatory of the Security of (BTW. the French Parliament have their Observatory of the Security of

Bank Cards, not in the UK, no democratic supervision)Bank Cards, not in the UK, no democratic supervision)Bank Cards, not in the UK, no democratic supervision)


So Maybe We Should Sue the Bank?

Why do we have a financial crisis?Why do we have a financial crisis?Why do we have a financial crisis?

In the UK if you sue the bank and lose, you have to pay bank’s legal fees.


you have to pay bank’s legal fees.(this will be typically about £100 K)

Germany: cap on the fees.


Sue the Bank? [contd.]

In the UK the banks just have to convince themselves that they are right.

• They DON’T believe university experts(!).

The Financial Ombudsman [UK]:


The Financial Ombudsman [UK]: also assumes that the log files transmitted them to the bank must be authentic [of course], refused to transmit them to 3rd

party experts. They say “PIN was used”,

but there is no evidence it was.

Banks destroy the evidence (the chip).


**Black-List Yourself

(advocated by Bruce Schneier in the US, though circumstances that are different).

Equifax operates the Protective Registration Service on behalf of CIFAS, the UK’s Fraud Prevention Service.


Anyone affected by this incident can contact Equifax on 0870 010 2091 and a notice will be placed on their credit file indicating that data has been stolen and that they may therefore be at risk of identity fraud.

There is a one-off cost for this service of £11.75.

Most people don’t want to do that, because they want to be able to use their credit card…


*Fraud for Different Types of Cards

* 0.01 %



*Chip and PIN vs. Magstripe



Popular Fraud Classification

• L/S = Lost / Stolen• NRI = Non-Receipt of Issue = Mail Theft• Counterfeit = copy of magnetic stripe or

cloned chip etc…(details not disclosed!)(details not disclosed!)(details not disclosed!)


• ATO/FA = Account Take-Over, Fraudulent Application == Identity Theft

• CNP: Card Not Present = Unauthorized use of the card number on the Internet


**French Translations

• L/S = Perdue• NRI = Non Reçue• Counterfeit = Contrefaçon. • ATO/FA = Usage Abusif?


• ATO/FA = Usage Abusif?• CNP: Carte Non Présente


MasterCard Fraud Forecast


“the loophole”: update terminals


Official UK Fraud Figures [2010]



Malaysia Fraud: Fall Yes, But Also Shift“Counterfeit” segment only: fell from 0.16 % in 2000-2004 to 0.03 % in

2006. BUT other segments increased.



Is Fraud Large In General?


Is Fraud Large In General?


Fraud vs. Fraud

• “predicted market share” of counterfeit games, computer programs illegally acquired music etc.. = between 1-70% typically…

• Credit card fraud = 0.15 % typically.• Paypal fraud: 0.20 %.


• Counterfeit cash: less than 0.0001 %. Surprisingly small!


2.1.2. UK Adoption


2.1.2. UK Adoption


UK: How Did It Happen?Many people in the UK are against Chip and PIN even today,

e.g. Ross Anderson.

VISA, MasterCard and credit companies decided that. • Worldwide program to tackle fraud.• More secure???

Eliminates only skimming+cloning


Eliminates only skimming+cloning[only about “counterfeit” segment 100M£/y]:

• Easier automated verification, faster transactions for sure, offline or/and unattended transactions.

• Visa 2005 - liability shift: non-chip party is liable for any fraudulent transactions that might have been prevented if that party had been chip-capable…


Chip and PIN in the UK

• Summer 2003 - Northampton pilot: 200K Chip&PIN cards, 170 ATMs, 900 POS and 400 EPOS (large retailers).

• Test customer& merchant reactions rather than technology.


rather than technology. – 80 % were happy.

• National roll-out in 2004-2005.


2.1.3. Economics [of Transition to Chip and PIN]


[of Transition to Chip and PIN]


BTW. How Much Does It Cost?

• Cost of a smart card: $ 2-3• Cost of a magnetic stripe card $ 0.5

Cost of the smart card roll-out in the US [2003]:


Cost of the smart card roll-out in the US [2003]:- Issuing banks $3.1 G- Merchants $7.8 G- Visa / MC / Amex $2.6 G[Source: Smart Card Alliance US and Tower group, 2003]


2.2. Early French Chip+PIN Systems


2.2. Early French Chip+PIN Systems


French Magazine:

Pour La Science [2002]

page 66:

Jacques Patarin:La Sécurité des


La Sécurité des Cartes Bancaires

••• [Nicolas Courtois, Authentification, Page 54][Nicolas Courtois, Authentification, Page 54][Nicolas Courtois, Authentification, Page 54]


Security of French Chip Cards + Evolutions!Security varies depending on offline/online case. 5 Protections:1. Visual: hologram[VISA’84], special font, UV,

+ handwritten signature…+ recent: CVV2 code also at the back (3-4 digits), not elsewhere

2. Static RSA signature, inside the chip (B0’:VS,VA, EMV:SDA functionality).

3. Cardholder verification with a PIN code,


3. Cardholder verification with a PIN code, – Online verification – ATM withdrawals, magstripe only.– Offline POS (e.g. at restaurant) - PIN verified by the card and only by the card.

4. 3DES cryptogram generation by the chip. Authenticates individual transaction by a MAC (symmetric signature).

(CAI with B0’, ARQC with EMV)

5. NVM stores 140 transactions, like last 3 months…+ EMV: cards are updated online, so that clones can be detected also in this way…


Transaction Flow – Main Stages

1. Read public card data, check static signatures.2. Check the PIN.

“Unlocks” all “active” functionalities of the card.

3. Transaction processing: – the terminal will authorize the transaction


– the terminal will authorize the transaction • optional: online authorization by the Issuer bank or

representative

– it will store it in NVM– it will sign it by 3DES cryptogram [+optional: RSA]


3. Static Signature – VA, VS“Valeur de Signature” VS, VA (=SDA in EMV):• Static RSA signature + good padding (?).• Static data are signed:

– PAN, Exp. Date, [Name, Bank data, CVV,…]

• Public access file on the chip.


• Public access file on the chip.• Signed once at issuance.• Cannot falsify, easy to copy,

with a chip reader (but not from Magstripe).• A memory card is sufficient

to implement VS… – Magnetic stripe ? Not enough space left.


VS – Serge Humpich [1998]At the time the RSA key size

was 321 bits.

The public key was obtained by reverse-engineering


by reverse-engineering of a terminal.

Not very smart.[terminal not necessary as shown by J.J. Quisquater].Banks sued him for that.Banks sued him for that.Banks sued him for that.


Humpich Attack 1A (harder)

YES CARD: needed: all data of a stolen card• copy to a programmable card• NO NEED TO KNOW THE PIN• Works in offline terminals


• Works in offline terminals

PIN

Random PIN

YESnot authenticated


Humpich Attack 1B (easier)

Connect between the card and the reader, change NO -> YES

PIN

Random PIN


Random PIN

YESnot authenticated

NOnot authenticated


Humpich Attack 2

• At the time the RSA key size was 321 bits.• all cards emitted after November 1999 have 768 bits

(and more now).– only in 2004: last terminals that accepted 320-bit keys

• Attack 2:


• Attack 2: – false PAN, – right VS, – yes-card: every PIN is accepted

• worked only offline, e.g. Paris undergorund


2.2. / 4. Cryptograms [MACs] in Bank Cards


2.2. / 4. Cryptograms [MACs] in Bank Cards


4. Cryptograms

Each card has unique K known to the bank.• Triple DES MAC is used for this.• Not stored in terminals, online verification.• What is signed ? Dynamic Transaction Data:


• What is signed ? Dynamic Transaction Data:– A random number generated by the terminal. – The transaction details (amount, date,currency,

etc..). And more…

• The certificate is printed on the merchant receipt. (FR: facturette commerçant).


Example of a Cryptogram

GENERATE AC command, older bank card


EMV cards:

64 bits cryptogram


Cryptograms (AC)

Sign typically:• 4 byte random number from the terminal.• The amount of the transaction • Date and Time


• Date and Time• Terminal Country• Currency code• ATC (transaction number)• TVR (terminal verif. bits)


Crypto[gram]Crypto[gram]Crypto[gram]Crypto[gram]PrimerPrimerPrimerPrimer


PrimerPrimerPrimerPrimer


Secret-Key Encryption


Alice

Bob


Public Key Schemes (Encryption)

encryption algorithm

m

decryption algorithmc

m or invalid

Eve

c

r


pk(public key)

sk(private key)

key generation algorithm

past: setup phase


Signatures

Can be:


Public key:

•Real full-fledgedDigital Signatures.

Secret key:

•Not « real signatures » but MACs = Message Authentication Codes.

•Widely used in practice.


MACs = Message Authentication Codes= “Secret-Key Signatures”

MAC

m

MAC σ

(m,σ)

yes/no


algorithm

sk(secret key)

algorithm

sk(secret key)

σ

forgery


*Digital Signatures

signing

m

verification σ

(m,σ)

yes/no


algorithm

sk(private key)

algorithm

pk(public key)

σ

forgery


MAC = secret key “signature”



2.3. Key Management and Cryptograms in EMV


and Cryptograms in EMV


Secure Messaging

3DESK

encrypted still


Secure Messaging

encrypted 3DESK

encrypted still


Secure + AuthenticatedMessaging

3DESK

private+authentic


encrypt + MAC 3DESK

private+authentic

cannot decrypt: goodcannot check the MAC: bad!


Issuer Master Keys

Stored in a Hardware Security Module (HSM), exists at one single location.

HSM: Tamper resistant encryption system • (also secure against dishonest employees).

235 Nicolas T. Courtois 2006-2011IBM 4758

API Attacks: see Eric Poll slides…


ICC Master Key DerivationAll Master Keys [IMK = ICC Master Key] of each card

are derived from a single Master Key (MK). Cf EMV Book 2 Annex 1.3. Example, not obligatory.Cf EMV Book 2 Annex 1.3. Example, not obligatory.Cf EMV Book 2 Annex 1.3. Example, not obligatory.


56/64, fix lsb 56/64, fix lsb

112MK

IMK


ICC Master Keys

IF the PAN is a palindrome. The the keys are ONLY 56 bits.Major weakness not yet known/exploited.



ICC Master Keys

Up to 4 ICC Master Keys (IMK) / card. 3DES 112 bits.

Same method, different Issuer Master.Same method, different Issuer Master.Same method, different Issuer Master.Each used for a different purpose:

IMKIMKIMKIMK Cryptograms for Cryptograms for Cryptograms for Cryptograms for transactiontransactiontransactiontransaction/Issuer authenticity/Issuer authenticity/Issuer authenticity/Issuer authenticity


IMKIMKIMKIMKACACACAC

IMKIMKIMKIMKSMISMISMISMI

IMKIMKIMKIMKSMSMSMSM

IMKIMKIMKIMKIDIDIDID

Cryptograms for Cryptograms for Cryptograms for Cryptograms for transactiontransactiontransactiontransaction/Issuer authenticity/Issuer authenticity/Issuer authenticity/Issuer authenticity

MAC for secure messaging integrity (+authenticity)MAC for secure messaging integrity (+authenticity)MAC for secure messaging integrity (+authenticity)MAC for secure messaging integrity (+authenticity)

secure messaging encryptionsecure messaging encryptionsecure messaging encryptionsecure messaging encryption

to derive IDN (ICC Dynamic Number) to derive IDN (ICC Dynamic Number) to derive IDN (ICC Dynamic Number) to derive IDN (ICC Dynamic Number) used in DDAused in DDAused in DDAused in DDA

not used directly, session key

derived in each case


Session Key Derivation

Rationale: prevents DPA/DFA attacks on later stages…

ATC ATC16 16


64 64

112IMK

Session Key

? ?


One Alleged Session Key Derivation (1)

The 3DES key is different in each transaction, prevents DPA attacks on later stages…


56/64, fix lsb 56/64, fix lsb

112IMK

Session Key


Tree-Like Session Key Derivation (2)

Prevents DPA MUCH MORE… Specified EMV Book 2 Annex 1.3. Pb: patented?Pb: patented?Pb: patented?

inject ATC bit by bit


112IMK


Secure Messaging

Two session keys [112 bits each] are used for encryption and simultaneous authentication.

The two keys are different(derived from 2 master keys).

• 3DES in CBC mode for encryption


• 3DES in CBC mode for encryption [ECB also used?][ECB also used?][ECB also used?]

– session key derived from IMKIMKIMKIMKSMSMSMSM

• C-MAC for authentication – session key derived from IMKIMKIMKIMKSMISMISMISMI


Financial Institution Retail MAC [EMV]

DES MAC in CBC mode, 3DES at the end, IV=0. [ANSI X9.19 and ISO 9797-1].


Retail MAC


Would Be Better, C-MAC

C-MAC based on triple DES in CBC mode with chaining of IVs.

ICV


Remark:It guarantees the order

of commands too!C-MAC

with chaining ICV=last MAC


Proprietary MACs

Remark: the MAC is not specified by the EMV, the choice is done by the card issuer, so potentially the bank could use a proprietary cipher…


no evidence of this, everybody seems to use MACs based on DES and 3DES which together with side channel

protections are offered on bank card chips,


Cryptograms Static vs. Dynamic


Static vs. Dynamicand Security of Individual Bank Transactions


Applications of Cryptograms in Bank Cards1. cryptogram generation for each transaction

• dynamic••• CAI with B0’, ARQC and other with EMVCAI with B0’, ARQC and other with EMVCAI with B0’, ARQC and other with EMV

••• are they verified online?are they verified online?are they verified online?

2. various CVVs…


• static, but remain quite important nowadays


CVVsCard Verification Value or Card Verification

Code (CVV or CVC, 3 digits)• CVV1/CVC1 on the magnetic stripe [3

digits]• CVV2/CVC2/CIV at the back of the card [3


• CVV2/CVC2/CIV at the back of the card [3 digits]

• CVV3 = iCVV = Integrated circuit/chip card Card Verification Value [3 digits]

– NEW!, all UK and some VISA Asia-Pacific region cards since 01/2008


Computing CVV, CVV2, iCVVRumors: all computed by the same algorithm [VISA PVV algorithm?]?Rumors: all computed by the same algorithm [VISA PVV algorithm?]?Rumors: all computed by the same algorithm [VISA PVV algorithm?]?

PAN, exp date,etc service code [3 digits]


(for CVV2 replace service code by 000)

Proprietary 3DES MACkey known only to Issuer

(for all 3)

[truncated]


Nice Scam


Nice Scam


Free CVV “Service”One cannot compute CVV without

the Issuer’s secret key.• This key is not stored in any of the terminals.

But people don’t know it.


But people don’t know it.• Scam: web site: Java script or cgi:

– Enter your PAN and expiry date– It will generate your CVV– And they ask for extra data (they claim it is needed to

compute CVV!)It will not, it will just give your data to criminals…


Another Working Scam


Another Working Scam


Example: Visa & MasterCard Fraud HoaxAs called in Thursday from "MasterCard". It worked like this: Person calling says, "This is Carl Patterson and I'm calling from

the Security and Fraud department at VISA. My Badge number is 12460. Your card has been flagged for an unusual purchase pattern, and I'm calling to verify. This would be on your VISA card issued by 5/3 bank. Did you purchase an Anti-Telemarketing Device for $497.99 from a marketing company based in Arizona?"

When you say "No". The caller continues with, "Then we will be issuing a credit to your account. This is a company we have been watching and the charges range from $297 to $497, just under the $500 purchase pattern that flags most cards. Before your next statement, the credit will be sent to (gives you your address), is that correct?"

You say, "Yes". The caller continues..."I will be starting a fraud investigation. If you have any questions, you should call the800 number listed on your card 1-800-VISA and ask for Security. you will need to refer to this Control #". Then gives


you a 6 digit number. "Do you need me to read it again?"

Caller then says he "needs to verify you are in possession of your card. Turn the card over. There are 7 numbers; first 4 are1234(whatever) the next 3 are the security numbers that verify you are in possession of the card. These are the numbers you use to make internet purchases to prove you have the card. Read me the 3 numbers." Then he says "That is correct. I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions? Don't hesitate to call back if you do."

You actually say very little, and they never ask for or tell you the card number. But after we were called on Wednesday, we called back within 20 minutes to ask a question. Are we glad we did! The REAL VISA security dept. told us it was a scam and in the last 15 minutes a new purchase of $497.99 WAS put on our card.

. By the time you get your statement, you think the credit is coming, and then its harder to actually file a fraud report


Major UK-Specific Alert [2007]


Major UK-Specific Alert [2007]


Fallback IssueIn the UK, and only in the UK (?!) the security of chip

and PIN have been seriously degraded.[apparently fallback is forbidden by VISA in most [apparently fallback is forbidden by VISA in most [apparently fallback is forbidden by VISA in most

parts of Europe]parts of Europe]parts of Europe]Seems also an issue and AsiaSeems also an issue and AsiaSeems also an issue and Asia---Pacific region, e.g. Pacific region, e.g. Pacific region, e.g.


Seems also an issue and AsiaSeems also an issue and AsiaSeems also an issue and Asia---Pacific region, e.g. Pacific region, e.g. Pacific region, e.g. MalaysiaMalaysiaMalaysia

The full copy of the Track 2 of the magnetic stripe was found in the chip.

=> apparent reason: very old infrastructure…


Fallback IssueIn the UK, and In the UK, and In the UK, and only in the UK (?!) the security of chip (?!) the security of chip (?!) the security of chip

and PIN have been seriously degraded.and PIN have been seriously degraded.and PIN have been seriously degraded.

The full copy of the The full copy of the The full copy of the Track 2 of the magnetic stripewas found in the chip.was found in the chip.was found in the chip.


was found in the chip.was found in the chip.was found in the chip.The whole was transmitted in clear-text between the

chip and the terminal.

=> Increases the power of Anderson, Drimer, Murdoch Attack [2008]


Fallback Issue – Resolved?APACS claims: in all UK cards emitted after 2008 the

data was changed.• CVV was replaced by another

CVV3 == iCVV [3 digits]••• Derived in the same way but PAN sequence number Derived in the same way but PAN sequence number Derived in the same way but PAN sequence number

is replaced by 99 in the derivation.is replaced by 99 in the derivation.is replaced by 99 in the derivation.

– If copied to a magstripe,


– If copied to a magstripe, it is recognized as a false card.

• Different people reported that several LARGE UK banks still didn’t implement iCVV after 01/2008 for up to 20 % of cards?

• the attack might still work…


Beyond Cryptograms

The cryptogram is a MAC (Message Authentication Code), a “secret key signature” of the transaction.


Needed: public key signature:• Everyone can verify• Non-repudiation: even the bank cannot forge

this certificate.• Now exists: in the EMV specifications.


3. EMV: Really “Smart” Bank CardsReason 1: Autonomy


Reason 1: Autonomy


EMV: much smarter than B0’

B0’: the terminal controls all. The card is here mainly to answer to commands.

EMV: cards are intelligent and autonomous,


EMV: cards are intelligent and autonomous, knows what it does , takes informed security decisions: ⇒The card can accept or reject a transaction based on a complex set of rules and controls !


3. EMV: Really “Smart” Bank CardsReason 2: PK crypto !


Reason 2: PK crypto !


What France could not do…In the 80s and the 90s it was impossible to implement

a public-key signature algorithm an a smart card. RSA: 2 minutes….. Even recently 0.5 sec.

At Bull CP8, Jacques Patarin, Louis Goubin and


At Bull CP8, Jacques Patarin, Louis Goubin and Nicolas Courtois spent 10 years trying to find a much “cheaper” PK scheme.

Output: Sflash [broken in 2006 by Shamir et al].


What France … the time did.

Beginning of 90s: RSA - 2 minutes.

In 2009 it is possible to compute an RSA signature in 10 ms on a middle range smart


card.

Maturity.


EMV specificationsEMVCo = Europay, MasterCard, VISA.

Specs developed in 1996-2001.


Specs developed in 1996-2001. • Very flexible and very complex, 1M options…• All this complexity is useful.• Cryptographic point of view:

Incorrect until December 2001.


Specifications + Options>10000 pages total



Multi-Application

One Axalto card contains:• B0’ application [French system] (now stopped)• EMV applications [global]• Moneo [Electronic Purse]


• Moneo [Electronic Purse]• Fidelity applications• Possible: PKI, ID, badge, restaurant, parking, health, mobile-com,

transportation…

France:• Since end 2003: EMV+B0’ cards. All in 2005.• Terminals: progressive upgrade/replacement.

60 % EMV in 2005, 100 % in 2009?, not 2007, Boulogne h.not 2007, Boulogne h.not 2007, Boulogne h.***


scope



English <=> French

Card SchemeIssuer Bank

Merchant Terminal, POSATM

VISA, MasterCard, [EMVCo][banque] émetteur de carteterminal du commerçantDAB, distributeur


ATMAcquirer Bank

Clearing

DAB, distributeurbanque du commerçant

Règlement final des sommes dues


EMV PKI Overviewoptimistic version with DDA used

more


2 private keys, Pin Encryption key can be different4x 3DES ICC Master Key

Ic

ATC = Application Transaction CounterSAD = Static Authentication Data = PAN +Exp + …

more details later


EMV Ecosystem Overview


EMV Ecosystem Overview


Actors in the Payment System (1)

The EMV technology is designed and intended to be usedmainly in the (already existing) context of card payments:• Cardholder:

– Receives the card and signs a contract with the issuer


– Memorizes the PIN

• Merchant:– Controls the terminal and accepts cards– Then claim payments from the Acquirer

• Issuer– Works with / is the bank of the cardholder and debits his account– Personalizes the cards and issues them to the users


*Summary



Actors in the Payment System (2)

• Acquirer (= Merchant in the ATM case)– Works with / is the bank of the Merchants and credits his account– Is responsible for transaction handling: conformity, security, risk

management, protecting keys…

• Scheme / Payment System (e.g. Mastercard, Visa)


• Scheme / Payment System (e.g. Mastercard, Visa)– Manages the whole system global architecture, master keys– Manages on-line communications between other participants– Does the clearing and transfer funds between Issuers and Acquirers


Four Main Types of Transactions

• ATM terminal: unattended, online (with offline capability), controlled by the financial institution. Uses PIN and the smart card

• POS Terminal: attended, controlled by various companies and random employees. Usually online


companies and random employees. Usually online• Vending machines: very similar but unattended,

offline• Electronic commerce case: unattended terminal

owned/controlled by a user (cellular phone, laptop PC, …), but is online. The terminal is not trusted => the hardest case (outside the scope of this presentation).


Terminals



Unattended vs. Attended POS



ATM



EMV Specs


EMV Specs


Public Spec? => Secure?How to kill an open spec:

add many many options specified in excruciating details, but optional. Few details are missing too such as encoding of certain fields.

The specs kind of allows to get it wrong each (or to get it right, much less likely due to fragmentation).

– Ross Anderson et al. write


– Ross Anderson et al. write• “Each spec defines security criteria, tweaks options and sets rules --

but none take responsibility for listing what back-end checks are needed. As a result, hundreds of issuers independently get it wrong, and gain false assurance that all bases are covered from the common specifications. “


EMV Transactions



Same Main Stages!

1. Read public card data, – check static signatures.

2. Check the PIN. 3. Transaction processing:

– card + terminal + [optional online connection]


– card + terminal + [optional online connection] will jointly decide if the transaction is accepted

– it will store it in NVM– it will sign it by 3DES cryptogram– DDA cards: dynamic RSA signature

••• in the UK banks switched to 100% DDA for new cards since in the UK banks switched to 100% DDA for new cards since in the UK banks switched to 100% DDA for new cards since 200920092009


EMVTransaction



Examples of a Complete AID

• A0 00 00 00 42 10 10– Visa Credit EMV application, France

• A0 00 00 00 03 10 10– Visa Credit EMV application, international

• A0 00 00 00 04 10 10

printed on the ticket


• A0 00 00 00 04 10 10– MasterCard EMV application, international

• A0 00 00 00 69 00 – is the Monéo e-purse application.


Longer (Reference) List of AIDs• VISA: A0 00 00 00 03• VISA Credit in France: A0 00 00 00 42 10 10• VISA Debit/Credit: A0 00 00 00 03 10 10• VISA Credit: A0 00 00 00 03 10 10 01• VISA Debit: A0 00 00 00 03 10 10 02• VISA Electron: A0 00 00 00 03 20 10• VISA Interlink: A0 00 00 00 03 30 10• VISA Plus: A0 00 00 00 03 80 10• VISA ATM: A0 00 00 00 03 99 99 10• MASTERCARD: A0 00 00 00 04 10 10


• MASTERCARD: A0 00 00 00 04 10 10• Maestro: A0 00 00 00 04 30 60• Maestro UK: A0 00 00 00 05 00 01• Maestro TEST: b0 12 34 56 78• Self Service: A0 00 00 00 24 01• American Express: A0 00 00 00 25• ExpressPay: A0 00 00 00 25 01 07 01• Link: A0 00 00 00 29 10 10• Alias AID: A0 00 00 00 29 10 10• Monéo French e-purse: A0 00 00 00 69 00 • NatWest CAP application: A0 00 00 00 04 80 02• Barclays CAP application A0 00 00 00 03 80 02• another CAP application A0 00 00 02 04 00 00


1. Initiate Application Processing• Informs the card that a new transaction will begin• The terminal executes GET PROCESSING OPTIONS

• Parameter = optional terminal-resident data objects

• The card returns both:


• The card returns both:– Application Interchange Profile (AIP): supported functions– Application File Locator (AFL): pointers to application data

available

• Two terminal variables are set to 0:– TSI: indicates performed stages– TVR: indicates verification failures, security risks, missing

data …


2. Read Application Data

• The terminal reads, from the card, all the records specified in the AFL



3. Offline Data Authentication!• Four types of offline authentication:

– Nothing (!). Online always ATM only.– SDA (Static Data Authentication) authenticates the unchanging

card data– DDA (Dynamic Data Authentication) authenticates these data and

a challenge sent by the terminal. These data are digitally signed. Also proves the authenticity of the card itself


Also proves the authenticity of the card itself– CDA = ‘Combined DDA/AC Generation’ authenticates in addition

the Application Cryptogram (AC). Added in EMV’2000, authenticates the whole transaction:

• Now the AC on 64 bits CAN be checked in real time!!!!!!!!!!!!!!!!!!!!!!!!!!!• data + card + card’s decision are all guaranteed to be authentic• and with public key techniques (� non-repudiation and third-party verifiability)


4. Processing Restrictions

• The terminal verifies if the transaction is acceptable

• Three points are checked:– Application Version: a bit in TVR compares if


– Application Version: a bit in TVR compares if card and terminal have same application version

– Application Usage Control: verifies various conditions on geographical zone (e.g. domestic transactions only), types of transaction (goods, services, cash, cashback, …)

– Application Expiration Date


5. Cardholder Verification

• Method of cardholder authentication is determined according to the CVM list from the card

• Goal: find a method such that– Terminal understands and can perform the verification– It can obtain all the necessary data


– It can obtain all the necessary data– The attached conditions are satisfied


5. Cardholder Verification• Methods that are currently possible (specified by CVM)

– Always fail CVM processing– Plaintext PIN is sent and verified by the card– Encrypted PIN is verified online with the card issuer or his

representative– Plaintext PIN verified by the card AND the PAPER signature are


– Plaintext PIN verified by the card AND the PAPER signature are BOTH verified

– Encrypted PIN (with the card public key) will be verified by the card– Encrypted PIN AND the PAPER signature are BOTH required– PAPER signature is required– NO CVM is required by the terminal


Encrypted PIN in EMV• Encrypted by the terminal with card’s public key.• Choice: one of the two keys can be used:

– PK_ICC, the same as used in DD/CDA– PK_PE, dedicated to Pin Encryption


PIN

encrypted with the ICC’s public key

Y/Nauthenticated in EMV DDA cards


6. Terminal Risk Management - Go Online ?



6. Terminal Risk Management• Goal: prevent fraud and minimize risks on

the terminal side• The terminal examines:

– ‘velocity checking’: � compares the ATC counter of transactions of the card

with the ‘Last Online ATC Register’.


with the ‘Last Online ATC Register’.

– > floor limit � for larger transaction must go online

– > ‘Biased Selection Threshold’ � with some probability, randomly,

MUST go for online processing


7. Terminal Action Analysis!

• The terminal determines one of the three possible answers (GENERATE AC command with a demand for a different cryptogram):– ‘Approved offline’: asks the card for a


– ‘Approved offline’: asks the card for a Transaction Certificate’ (TC) cryptogram

– ‘Transmitted online’: asks the card for Authorization Request Cryptogram (ARQC)

– ‘Declined offline’: the transaction is rejected, but terminal asks for Application Authentication Cryptogram (AAC).


Latest “Chip and PIN is Broken” paper

A very technical attack By Ross Anderson et al.

Convinces SEPARATELY the card and the terminal that everything is OK.



**Cryptograms (AC)

Sign typically:• The amount of the transaction • Date and Time• Terminal Country


• Terminal Country• Currency code• ATC (transaction number)• TVR (terminal verif. bits)• 4 byte random number from the terminal.


MACs = “Secret-Key Signatures”

MAC

m

MAC σ

(m,σ)

yes/no


algorithm

sk(secret key)

algorithm

sk(secret key)

σ

forgery


Financial Institution Retail MAC [EMV]

DES MAC in CBC mode, 3DES at the end, IV=0. [ANSI X9.19 and ISO 9797-1].


Retail MAC


Online Transaction



7. Terminal Action Analysis

• Decision depends on– TVR bits (in particular determined during

Terminal Risk Management)– Issuer preferences read from the card– Acquirer preferences stored in terminal

• Decision is determined based on


• Decision is determined based on– Issuer Action Codes– Terminal Action Codes

• EMV strongly recommends some minimal set of Terminal Action Codes that will prevent from creating cards that will never allow online transactions etc.


8. Card Action Analysis

• Card knows the decision of the terminal, but its decision is independent. The result of Card risk analysis is the answer to GENERATE AC:– ‘Transaction Certificate’ (TC): card accepts the offline

transaction


transaction– ‘Authorization Request Cryptogram’ (ARQC): card (and/or

terminal) requires an online authorization– ‘Application Authentication Cryptogram’ (AAC): card

(and/or terminal) rejects the transaction. – ‘Application Authorization Referral’ (AAR): additional

online-capable procedure to connect to the Issuer/authorization center and co-decide by the card, terminal and center if transaction is approved.



• Rejection of transaction can be due to:– Rejection by the terminal (terminal asked for AAC)– Rejection by the card

• Specific reasons:– One specific transaction is rejected


– One specific transaction is rejected– The environment of transaction/type of merchant/goods is

not allowed

• In the ‘Request a referral’ case, the terminal will ultimately issue (later) another GENERATE AC command, and the card will accept online or reject

• At this stage the card has the possibility to send an ‘Advice message’ to the Issuer, and inform it about some exceptional condition (e.g. PIN Try Limit Exceeded).



• Case of CDA = Combined DDA / AC– If both card and terminal are capable of handling CDA, or

CDA was requested in GENERATE AC, then TC or ARQC will be sent to the terminal in a public key envelope


envelope– It is a RSA digital signature with message recovery.– This signature is the only place in EMV technology that

can guarantee non-repudiation of transactions and third party verifiability of their authenticity.


9. Online Processing• Is performed if and only if the terminal receives an ARQC as a response

for the first GENERATE AC• Goals:

– Connect the authorization center of the Issuer of the card and ask for permission to carry the transaction of a certain amount

– Prevent and manage risks


– Better enforce statutory limits of usage of the given card (cf. cost of insurance and cost of credit)

• The authorization response can contain the Issuer Authentication Data (ARPC Cryptogram = Authorization ResPonse Code)


ARPC Cryptogram

• The Cryptogram (ARPC Cryptogram)

Issuer => Smart Card

ARPC = 3-DESIMK_AC[ARQC ⊕⊕⊕⊕ ARC]


IMK_AC

• ARC = ARPC Response Code• Then, if card supports Issuer Authentication, the

terminal issue EXTERNAL AUTHENTICATE command and card will answer Y/N (this answer should be authenticated later).


10. Issuer-to-Card Script Processing

• The Issuer may send some scripts via the terminal to the card

• The role of these scripts is not specified:– meant not to influence the current transaction


– meant not to influence the current transaction– they update the card…


11. Completion• Completes and validates the transaction

• BTW: with online transactions there are two cryptograms generated by the card: – one before online connection and one after.

• In general, the last GENERATE AC command really does insure that the card agreed to


• In general, the last GENERATE AC command really does insure that the card agreed to carry the transaction.

• To achieve non-repudiation and third-party verifiability, the last GENERATE AC must return TC with a public key envelope (CDA).


EMV PKISDA DDA …


SDA DDA …


EMV Public Key Architecture3 levels of PKI: • Scheme/Payment System Level: Visa, MasterCard

and other have several public keys. Their expiration dates: Pb, later.

• Issuer Level:


• Issuer Level: Issuer signs card data during pre-personalization. The issuer PK is signed by the Scheme.

• Card Level: If card able to handle DDA (CDA is also DDA), it signs with its own private key.Card public key is certified by the Issuer.


History and Motivations Behind The 3 Methods

In EMV'96 there are two types of authentication: SDA and DDA.• SDA is roughly the electronic equivalent of the magnetic stripe and

contains a RSA signature of the basic data (card number, expiration, etc.).

• DDA goes one step further and allows dynamic authentication


• DDA goes one step further and allows dynamic authentication challenge/response to prevent cloning of the card. Only DDA takes really advantage of the chip card, but not completely.

All this does not address any of the security problems that arise for individual transactions. In EMV'96 the security of individual transactions is handled with symmetric key 64-bit cryptograms (Transaction Certificates).


SDA Overview


Ic 3DES cryptogram


DDA Overview


Ic3DES+ RSA

C/R


1024-bit RSA Keys • From Notices - Bulletin no. 04, 11 September 2003,

"EMVCo Extension to 1024-bit Key Expiry Dates": – the 1024-bit Certification Authority (or Payment System) Public Keys ….

must be withdrawn from terminals beginning … no later than 30 June 2010.

• Banks have beenextremely carelless; following Table 1 in Lenstra-Verheul paper 1024-bit keys are recommended for 2002.


recommended for 2002. – For 2010 1369 bits are recommended.

• In France the government security service have mandated 1536 bits already in May 2003. German security services go even further in mandating long RSA keys…

• Equivalent “issuer keys” used in electronic passports: 3072 bits typically.


Other Issues…*Padding problems. There are potential serious problems that

remain to be studied. Or find a security proof for it.

Hashing problems. All the hashes are on 20 bytes (SHA-1 only is specified and no room for using longer hashes is left). There are two problems:


There are two problems: • There is no backup function if SHA-1 is broken. New cards

will not work in old terminals. BROKEN in FEB 2005 !• 20 bytes, even with a different hashing algorithm, may not

be sufficient and allow signature forgeries soon (for example 2^80 hashing operations required to produce two messages one with 1$, the other with 1M$).


Revision:Revision:Revision:Revision:We can enumerate >40 different


We can enumerate >40 different securities/protections/things that help to improve the security of payments [and manage risks and fraud] with chip and PIN bank cards


Protections!!1. Physical aspect and hologram, against forgery2. It is [not that much] but hard to guess a valid credit card number and expiry date, makes it harder to creating a new card, rather copy an existing one3. CVV/CVC (3 digits) on the magnetic stripe, prevents creating a new card, must copy an existing one4. static RSA signature in the chip, SDA, prevents creating a new card, must copy an existing one, but better and stronger, and more people can check the validity (with the public key)5. CVV2 (3 digits, 4 digits in AmEx) on the back of the card6. iCVV since 2008 in the chip cards prevents “fallback” attacks7. triple DES in the chip, authenticates each individual transaction with a MAC, prevents card cloning8. tamper-resistance of the chip, prevents as above9. protection of the triple DES against side-channel attacks, prevents as above10. the sufficient strength of the triple DES MAC used, prevents as above11. in DDA/CDA functionality, each card signs with RSA each individual transaction, prevents as above12. the sufficient strength of SHA-1 against second pre-images prevents modifying the amount of the transaction,13. the sufficient strength and sufficient key size in the above crypto algorithms14. the EMV protocol commands must be executed in certain order, a command cannot be repeated,15. slows down the attackers that want to extract data useful for an attack,16. online authorization with an authorization center, prevents against card theft and more17. online check of the credit on your bank account, against card theft,18. the UK address verification service, against fraudsters that do not know your address, or Internet shoppers that deliver to their address,19. online verification if the card is not stolen, against card theft,20. non-volatile memory inside the chip, if one has the card one can prove that he didn't do the transaction,21. the necessity to know the PIN, against being used by another person,22. the manual signature, again prevents [to an extent] usage by another person,23. limits: a limit of 300 GBP per week in withdrawal prevents the thief from stealing too much,24. the fact that the CHIP will stop working when the wrong PIN code was entered 3 times, prevents a dictionary attack on the PIN,25. limitations: firms that process credit card data are forbidden from storing all the data of the magnetic stripe, prevent their employees from engaging in fraud,


25. limitations: firms that process credit card data are forbidden from storing all the data of the magnetic stripe, prevent their employees from engaging in fraud,26. limitations: it is forbidden to print the full card number on the receipt from the shop, prevents the usage of this number on the internet,27. tamper-resistance of terminals, more difficult to put a skimmer,28. the key that allows to verify the PIN is not stored inside the ATM, it is not useful for criminals to steal an ATM, except for ready cash it contains, but one cannot do a dictionary attack on a PIN29. in many countries, every ATM MUST be monitored by CCTV and everything that happened is recorded30. explaining shoulder surfing and other low-tech attacks on TV makes that less people will fall for them30. for releasing certain software one goes to prison, this make the hackers do other attacks that can be traced etc.31. the EMV standard allows to check both the PIN and the handwritten signature for larger transactions32. in EMV, the PIN sent from the terminal to the card can be encrypted, prevents interception of PIN between the card and the terminal33. in one prototype of a future bank cards there will be a PIN pad on the card, prevents many attacks, including shoulder surfing34. another feature of a prototype of a future bank card is a generator of one-time passwords on the card, prevents many attacks, including shoulder surfing35. data links between banks are proprietary, encrypted and authenticated36. the PIN that is send encrypted to your bank from an ATM, is encrypted in a probabilistic way, which prevents a network sniffer from seeing that the PIN is identical for two different bank cards.37. an EMV card takes informed security decisions, can stop a transaction or require an online authorization with the bank, because it is in a strange country or the amount is high38. an EMV card can process scripts from the Issuer to update itself and the bank can kill it at a distance, [or at least decrease its limits].39. In several countries one can black-list one self, so that it will be impossible to obtain a credit card. This is a similar type of security like switching your PC off, forever, but for some people it will be a convenient way to prevent identity

fraud.40. Master Card secure code (also used by HSBC and many other banks). An extra password that is used for all Internet purchases with redirection to a special web page and back.41. MasterCard Site Data Protection Service (SDP), a software/online system/service to scan acquirer's or merchant's online systems for vulnerabilities. 42. MasterCard proprietary systems: RiskFinder(proprietary neural network) and SAFE (System to Avoid Fraud Effectively) - keeping track of fraudulent merchants, transactions and other patterns of activity to make predictions.43. SMS alerts and phone call-back systems


Next Steps and Next Steps and Next Steps and Next Steps and the Future the Future the Future the Future

of Bank Cardsof Bank Cardsof Bank Cardsof Bank Cards


of Bank Cardsof Bank Cardsof Bank Cardsof Bank Cards

””””Predictions are hard to make, Predictions are hard to make, Predictions are hard to make, Predictions are hard to make, especially about the futureespecially about the futureespecially about the futureespecially about the future””””


Business Threats to EMV:Competing Payment

Technologies


Technologies


2008:Payment with Mobile Phones


Payment with Mobile Phones


NFC-enabled Mobile Phones



Contact-less Bank Cards


Bank Cards[2005-]


Contact-less Bank Cardsbased

on EMV…



Further Technical Evolution


Technical Evolution of EMV


Contactless SkimmingMarch 2012: ViaForensics showed for Channel 4 News that it was possible to wirelessly

extract the customer's name + card number + exp date from ANY Visa-branded card within a few centimetres with a mobile phone + software.

Apparently this CAN be used to order goods from Amazon, without a CVV and without a valid shipping address and without a secondary password


and without a valid shipping address and without a secondary password (extremely few web sites accept this, Amazon mostly).

Barclays told the programme that sharing the name was in an early, but still valid, version of the proximity-payment standard.

(they are simply available in the cleartext if you follow the right sequence o commands).


Contactless Relay Attacks [c. 2013]


Cf. Chris Paget, RenaudLifchitz, Petridis UCL thesis, etc…


CommentBefore 2010 bank cards were a mature technology.

Then with contact-less bank cards its security was seriously degraded…without any care about its reputation. Progressive decline of this technology is therefore predicted.


security of bank cards

Economy & Finance