# HG changeset patch # User Christian Urban # Date 1411620488 -3600 # Node ID 46e581d66f3a9df5c16968bd26ff5e2a74a26ef4 # Parent 5336ad2fd3faba0476150eee9228b00dfe4f0d91 updated diff -r 5336ad2fd3fa -r 46e581d66f3a handouts/ho01.pdf Binary file handouts/ho01.pdf has changed diff -r 5336ad2fd3fa -r 46e581d66f3a handouts/ho01.tex --- a/handouts/ho01.tex Thu Sep 25 00:28:53 2014 +0100 +++ b/handouts/ho01.tex Thu Sep 25 05:48:08 2014 +0100 @@ -89,81 +89,86 @@ The questions is whether the Chip-and-PIN system with credit cards is more secure than the older method of signing receipts -at the till. On first glance, Chip-and PIN seems obviously -more secure and this was also the central plank in the +at the till. On first glance Chip-and-PIN seems obviously more +secure and improved security was also the central plank in the ``marketing speak'' of the banks behind Chip-and-PIN. The earlier system was based on a magnetic stripe or a mechanical imprint on the card and required customers to sign receipts at the till whenever they bought something. This signature -authorises the transactions. Although in use for a long time, +authorised the transactions. Although in use for a long time, this system had some crucial security flaws, including making -clones of credit cards and forging signatures. Chip-and-PIN, -as the name suggests, relies on data being stored on -a chip on the card and a PIN number for authorisation. - +clones of credit cards and forging signatures. -Although the banks involved trumpeted their system as being -secure and indeed fraud rates initially went down, security -researchers were not convinced (especially the group around -Ross Anderson). To begin with, the Chip-and-PIN system -introduced a ``new player'' that needed to be trusted: the PIN -terminals and their manufacturers. Of course it was claimed -that these terminals are tamper-resistant, but needless to say -this was a weak link in the system, which criminals -successfully attacked. Some terminals were even so skilfully -manipulated that they transmitted PIN numbers via a built-in -mobile phone connection. To mitigate this security flaw, you -need to vet quite closely the supply chain of such -terminals---something that also needs to be done in other -industries. +Chip-and-PIN, as the name suggests, relies on data being +stored on a chip on the card and a PIN number for +authorisation. Even though the banks involved trumpeted their +system as being absolutely secure and indeed fraud rates +initially went down, security researchers were not convinced +(especially the group around Ross Anderson). To begin with, +the Chip-and-PIN system introduced a ``new player'' that +needed to be trusted: the PIN terminals and their +manufacturers. It was claimed that these terminals are +tamper-resistant, but needless to say this was a weak link in +the system, which criminals successfully attacked. Some +terminals were even so skilfully manipulated that they +transmitted skimmed PIN numbers via built-in mobile phone +connections. To mitigate this flaw in the security of +Chip-and-PIN, you need to vet quite closely the supply chain +of such terminals. -Later on, Ross Anderson and his group managed to launch +Later on Ross Anderson and his group managed to launch a man-in-the-middle attacks against Chip-and-PIN. Essentially they made the terminal think the correct PIN was entered and -the card think that a signature was used. This flaw was -mitigated by requiring that a link between the card and the -bank is established at every time the card is used. Even -later this group found another problem with Chip-and-PIN and -ATMs which do not generate random enough numbers (nonces) -on which the security of the underlying protocols relies. +the card think that a signature was used. This was a more +serious security problem. The flaw was mitigated by requiring +that a link between the card and the bank is established at +every time the card is used. Even later this group found +another problem with Chip-and-PIN and ATMs which do not +generate random enough numbers (nonces) on which the security +of the underlying protocols relies. The problem with all this is that the banks who introduced -Chip-and-PIN managed to shift the liability for any fraud and -the burden of proof onto the customer with the new system. In -the old system, the banks had to prove that the customer used -the card, which they often did not bother about. In effect if -fraud occurred the customers were either refunded fully or -lost only a small amount of money. This +Chip-and-PIN managed with the new system to shift the +liability for any fraud and the burden of proof onto the +customer. In the old system, the banks had to prove that the +customer used the card, which they often did not bother with. +In effect, if fraud occurred the customers were either refunded +fully or lost only a small amount of money. This taking-responsibility-of-potential-fraud was part of the ``business plan'' of the banks and did not reduce their -profits too much. Since they successfully claimed that their -Chip-and-PIN system is secure, banks were able to point the -finger at the customer when fraud occurred: it must have been -the fault of the customer, who must have been negligent -loosing the PIN. The customer had almost no means to defend -themselves in such situations. That is why the work of -\emph{ethical} hackers like Ross Anderson's group was so -important, because they and others established that the bank's -claim, their system is secure and it must have been the -customer's fault, was bogus. In 2009 for example the law -changed the burden of proof back to the banks whether -it was really the customer who used a card or not. +profits too much. + +Since banks managed to successfully claim that their +Chip-and-PIN system is secure, they were under the new system +able to point the finger at the customer when fraud occurred: +they must have been negligent loosing their PIN. The customer +had almost no means to defend themselves in such situations. +That is why the work of \emph{ethical} hackers like Ross +Anderson's group was so important, because they and others +established that the bank's claim that their system is secure +and it must have been the customer's fault, was bogus. In 2009 +for example the law changed and the burden of proof went back +to the banks. They need to prove whether it was really the +customer who used a card or not. -It is a classic example where a security design principle was -violated: The one who is in the position to improve security, -also needs to bear the financial losses if things go wrong. -Otherwise, you end up with an insecure system. In case of the -Chip-and-PIN system, no good security engineer would actually -think that it is secure: the specification of the EMV protocol -(underlying Chip-and-PIN) is some 700 pages long, but still -leaves out many things (like how to implement a good random -number generator). Moreover, banks can add their own -sub-protocols to it. With all the experience we already have, -it is as clear as day that criminals were able to poke holes -into it. With how the system was set up, the banks had no -incentive to come up with a system that is really secure. -Getting the incentives right in favour of security is often a -tricky business. +This is a classic example where a security design principle +was violated: Namely, the one who is in the position to +improve security, also needs to bear the financial losses if +things go wrong. Otherwise, you end up with an insecure +system. In case of the Chip-and-PIN system, no good security +engineer would claim that it is secure beyond reproach: the +specification of the EMV protocol (underlying Chip-and-PIN) is +some 700 pages long, but still leaves out many things (like +how to implement a good random number generator). No human +being is able to scrutinise such a specification and ensure it +contains no flaws. Moreover, banks can add their own +sub-protocols to EMV. With all the experience we already have, +it is as clear as day that criminals were eventually able to +poke holes into it and measures need to be taken to address +them. However, with how the system was set up, the banks had +no real incentive to come up with a system that is really +secure. Getting the incentives right in favour of security is +often a tricky business. \subsection*{Of Cookies and Salts}