Weighing Down "The Unbearable Lightness of PIN Cracking"

Authors:
Mohammad Mannan;P. C. Oorschot
Affiliations:
School of Computer Science, Carleton University,;School of Computer Science, Carleton University,
Venue:
Financial Cryptography and Data Security
Year:
2008

Citing 2
Cited 0

Attacks on Cryptoprocessor Transaction Sets

CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
The unbearable lightness of PIN cracking

FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security

Quantified Score

Hi-index	0.02

Visualization

Abstract

Responding to the PIN cracking attacks from Berkman and Ostrovsky (FC 2007), we outline a simple solution called salted-PIN. Instead of sending the regular user PIN, salted-PIN requires an ATM to generate a Transport Final PINfrom a user PIN, account number, and a salt value (stored on the bank card) through, e.g., a pseudo-random function. We explore different attacks on this solution, and propose a variant of salted-PIN that can significantly restrict known attacks. Salted-PIN requires modifications to service points (e.g. ATMs), issuer/verification facilities, and bank cards; however, changes to intermediate switches are not required.