The benefits and drawbacks of using electronic identities
Information Security Tech. Report
Attacking of smartcard-based banking applications with javascript-based rootkits
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Errors matter: breaking RSA-Based PIN encryption with thirty ciphertext validity queries
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Two-Head dragon protocol: preventing cloning of signature keys
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
Expert Systems with Applications: An International Journal
Might financial cryptography kill financial innovation? --- the curious case of EMV
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Hi-index | 0.00 |
PIN entry devices (PEDs) are critical security components in EMV smartcard payment systems as they receive a customer's card and PIN. Their approval is subject to an extensive suite of evaluation and certification procedures. In this paper, we demonstrate that the tamper proofing of PEDs is unsatisfactory, as is the certification process. We have implemented practical low-cost attackson two certified, widely-deployed PEDs -- the Ingenico i3300 and the DioneXtreme. By tapping inadequately protected smartcard communications, an attacker with basic technical skills can expose card details and PINs, leaving cardholders open to fraud. We analyze the anti-tampering mechanisms of the two PEDs and show that, while the specific protection measures mostly work as intended, critical vulnerabilities arise because of the poor integration of cryptographic, physical and procedural protection. As these vulnerabilities illustrate a systematic failure in the design process, we propose a methodology for doing it better in the future. These failures also demonstrate a serious problem with the Common Criteria. So we discuss the incentive structures of the certification process, and show how they can lead to problems of the kind we identified. Finally, we recommend changes to the Common Criteria framework in light of the lessons learned.