Theoretical Computer Science
The complexity of searching a graph
Journal of the ACM (JACM)
Recontamination does not help to search a graph
Journal of the ACM (JACM)
The vertex separation and search number of a graph
Information and Computation
Capture of an intruder by mobile agents
Proceedings of the fourteenth annual ACM symposium on Parallel algorithms and architectures
Design and Analysis of Distributed Algorithms (Wiley Series on Parallel and Distributed Computing)
Design and Analysis of Distributed Algorithms (Wiley Series on Parallel and Distributed Computing)
Formal analysis of PIN block attacks
Theoretical Computer Science - Automated reasoning for security protocol analysis
Blunting Differential Attacks on PIN Processing APIs
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
The unbearable lightness of PIN cracking
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Type-based analysis of PIN processing APIs
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Cracking bank PINs by playing mastermind
FUN'10 Proceedings of the 5th international conference on Fun with algorithms
An introduction to security API analysis
Foundations of security analysis and design VI
Hi-index | 0.00 |
We study the secure upgrade of critical components in wide networked systems, focussing on the case study of PIN processing Hardware Security Modules (HSMs). These tamper-resistant devices, used by banks to securely transmit and verify the PIN typed at the ATMs, have been shown to suffer from API level attacks that allow an insider to recover user PINs and, consequently, clone cards. Proposed fixes require to reduce and modify the HSM functionality by, e.g., sticking on a single format of the transmitted PIN or adding MACs for the integrity of user data. Upgrading HSMs worldwide is, of course, unaffordable. We thus propose strategies to incrementally upgrade the network so to obtain upgraded, secure subnets, while preserving the compatibility towards the legacy system. Our strategies aim at finding tradeoffs between the cost for special "guardian" HSMs used on the borderline between secure and insecure nodes, and the size of the team working in the upgrade process, representing the maximum number of nodes that can be simultaneously upgraded.