chip and pin is broken
play

Chip and PIN is broken Steven Murdoch, Saar Drimer, Ross Anderson, - PowerPoint PPT Presentation

Jun 21, 2023 •17 likes •137 views

Faculty of Computer Science Institute for System Architecture, Operating Systems Group Chip and PIN is broken Steven Murdoch, Saar Drimer, Ross Anderson, Mike Bond Europay Mastercard Visa (EMV) 730 million cards worldwide

  1. Faculty of Computer Science Institute for System Architecture, Operating Systems Group Chip and PIN is broken Steven Murdoch, Saar Drimer, Ross Anderson, Mike Bond

  2. Europay – Mastercard – Visa (EMV) • 730 million cards worldwide • Solution to all the banks' problems: – Chip to prevent copying of a card – PIN to prevent abuse of stolen cards • PIN to prove customer's liability 2010-03-03 Chip&PIN is broken Slide 2 von MAXNR

  3. Card Fraud in the UK 2010-03-03 Chip&PIN is broken Slide 3 von MAXNR

  4. PIN and Chip protocol from 10,000 ft 1. Card authentication prove that card is correct → 2. Cardholder verification prove that customer owns the card → 3. Transaction authorization prove that transaction is valid → 2010-03-03 Chip&PIN is broken Slide 4 von MAXNR

  5. Card authentication 2010-03-03 Chip&PIN is broken Slide 5 von MAXNR

  6. Cardholder verification 2010-03-03 Chip&PIN is broken Slide 6 von MAXNR

  7. Transaction authentication 2010-03-03 Chip&PIN is broken Slide 7 von MAXNR

  8. The attack • TVR only records auth failures • IAD may contain info about PIN auth used – Issuer-specific, terminal cannot check • MITM: intercept PIN request and send 0x9000 to terminal • Result: – Terminal: PIN ok – Card: PIN never requested – Bank: no TVR failure, no PIN auth 2010-03-03 Chip&PIN is broken Slide 8 von MAXNR

  9. Hardware used 2010-03-03 Chip&PIN is broken Slide 9 von MAXNR

  10. What caused the vulnerability? • Closed protocol specification process • Huge spec – 707 pages for core EMV spec – 2,126 pages testing documentation – 810 pages VISA public extensions • No documentation of threat / security model 2010-03-03 Chip&PIN is broken Slide 10 von MAXNR

  11. Fixes? • Economic factor: – Customers can be held liable – No incentive for costly redeployment – Cooperation of banks and terminal vendors • Let terminal parse IAD – As the name says: issuer -specific data • Incorporate Cardholder Verification Method Results into ARQC – Possible with EMV, requires only cards and issuer backends to be fixed – Will stil take a long time 2010-03-03 Chip&PIN is broken Slide 11 von MAXNR

  12. Discussion • How to educate the uneducated? • Is there formal protocol validation? – Would it have helped? 2010-03-03 Chip&PIN is broken Slide 12 von MAXNR

Recommend

Memory Errors Bits in memory can be flipped Hard error The chip is broken E.g.,

Memory Errors Bits in memory can be flipped Hard error The chip is broken E.g.,

Verilog Memory Errors Bits in memory can be flipped Hard error The chip is broken E.g., manufacturing defect, wear (in Flash) Soft error Stored data corrupted, but cell still works Caused by atmospheric neutrons, alpha

291 views • 7 slides
Galatians Whos Your Mama? Broken people know theyre broken! They know they need Jesus

Galatians Whos Your Mama? Broken people know theyre broken! They know they need Jesus

Galatians Whos Your Mama? Broken people know theyre broken! They know they need Jesus & have given up on being their own savior! Abraham Sarah (wife) Isaac (son) Hagar (maidservant) Ishmael (son) Abraham, our broken spiritual

258 views • 21 slides
Who are the Chip Doctors ? Since 1991 The Chip Doctors, LLC have been providing assistance to the

Who are the Chip Doctors ? Since 1991 The Chip Doctors, LLC have been providing assistance to the

M easure, A nalyze , C orrective action, and S ustainability In Search of Chip Quality & Financial Return for Biomass Products Confidential: Proprietary information that is Patented and Trade Marked by The Chip Doctors, LLC and Fiber-M, Inc.

1.2k views • 46 slides
Broken Authentication: What it means, and what you can do hassan.abudu@owasp.org OWASP Top 10

Broken Authentication: What it means, and what you can do hassan.abudu@owasp.org OWASP Top 10

Broken Authentication: What it means, and what you can do hassan.abudu@owasp.org OWASP Top 10 Vulnerabilities - 2017 Rank Name 1 Injection 2 Broken Authentication 3 Sensitive Data Exposure 4 XML External Entities 5 Broken Access

209 views • 6 slides
GOD BLESSED THE BROKEN LINES This much I know is true. God blessed the broken lines

GOD BLESSED THE BROKEN LINES This much I know is true. God blessed the broken lines

GOD BLESSED THE BROKEN LINES This much I know is true. God blessed the broken lines that led me straight to Christ. MATTHEW 1:1-17 UNCONDITIONAL & CONDITIONAL I. UNDERLYING COVENANTS Edenic & Adamic Covenants A. 1.

364 views • 20 slides
Insecure Direct Object Reference IDOR ( Broken Access Control ) IDOR ( Broken Access Control ) ~#

Insecure Direct Object Reference IDOR ( Broken Access Control ) IDOR ( Broken Access Control ) ~#

Insecure Direct Object Reference IDOR ( Broken Access Control ) IDOR ( Broken Access Control ) ~# whoami Eric Biako Bsc. IT, CEH v9 Information security officer @ E-connecta Moderator @ https://legalhackmen.com IDOR ( Broken Access Control )

517 views • 12 slides
Review of prices for water and sewerage services in Broken Hill, and prices for the Broken Hill

Review of prices for water and sewerage services in Broken Hill, and prices for the Broken Hill

Review of prices for water and sewerage services in Broken Hill, and prices for the Broken Hill Pipeline, from 1 July 2019 Public Hearing 20 November 2018 Outline Overview of WaterNSW and Essential Water reviews Review of WaterNSWs prices

521 views • 22 slides
Exploring Chip to Chip Photonic Networks Philip Watts Computer Laboratory University of Cambridge

Exploring Chip to Chip Photonic Networks Philip Watts Computer Laboratory University of Cambridge

Exploring Chip to Chip Photonic Networks Philip Watts Computer Laboratory University of Cambridge Acknowledgement: Royal Commission for the Exhibition of 1851 Exploring Chip to Chip Photonics p g p p Bandwidth improvements in

90 views • 8 slides
AI Is Broken Sophie Searcy AI Is Broken slides at soph.info/ai-traps Sophie Searcy Caveats

AI Is Broken Sophie Searcy AI Is Broken slides at soph.info/ai-traps Sophie Searcy Caveats

AI Is Broken Sophie Searcy AI Is Broken slides at soph.info/ai-traps Sophie Searcy Caveats AI lumping together Data Science, Artificial Intelligence, Machine Learning, Data Mining, etc. Audience Conversant in AI topics. Not

759 views • 47 slides
ANNOUNCEMENT Date: 8 April 2020 Number: 668/08042020 BROKEN HILL ALLIANCE PRESENTATION Broken

ANNOUNCEMENT Date: 8 April 2020 Number: 668/08042020 BROKEN HILL ALLIANCE PRESENTATION Broken

ANNOUNCEMENT Date: 8 April 2020 Number: 668/08042020 BROKEN HILL ALLIANCE PRESENTATION Broken Hill Alliance: As part of the new 2020 focus on PGM-nickel-copper exploration, Impact Minerals Limited (ASX:IPT) announced to ASX on 24 February

346 views • 10 slides
7 On-Chip Interconnection Networks Chip Multiprocessors (ACS MPhil) Robert Mullins

7 On-Chip Interconnection Networks Chip Multiprocessors (ACS MPhil) Robert Mullins

7 On-Chip Interconnection Networks Chip Multiprocessors (ACS MPhil) Robert Mullins Introduction Vast transistor budgets, but .... Poor interconnect scaling Pressure to decentralise designs Need to manage complexity and power

960 views • 63 slides
Methods for Analyzing ChIP-Seq data Introduction to the ChIP-Seq server at SIB Lausanne Public

Methods for Analyzing ChIP-Seq data Introduction to the ChIP-Seq server at SIB Lausanne Public

Methods for Analyzing ChIP-Seq data Introduction to the ChIP-Seq server at SIB Lausanne Public ChIP-seq data: the bioinformatics event of the year 2007: Large data sets have become available: Barski et al. (2007): human CD4+ cell lines histone

396 views • 8 slides
Columbia University Chip-Scale Interconnection Networks Chip multi-processors create need

Columbia University Chip-Scale Interconnection Networks Chip multi-processors create need

Hybrid On-chip Data Networks Gilbert Hendry Keren Bergman Lightwave Research Lab Columbia University Chip-Scale Interconnection Networks Chip multi-processors create need for high performance interconnects Performance bottleneck of

742 views • 46 slides
Broken Hill North Mine Community Consultative Committee 04 October 2019 KPIs MOD 2 Broken Hill

Broken Hill North Mine Community Consultative Committee 04 October 2019 KPIs MOD 2 Broken Hill

Broken Hill North Mine Community Consultative Committee 04 October 2019 KPIs MOD 2 Broken Hill North Mine, MOD 1 CoC Schedule 2, 8 (c), specified, 16 ore laden truck movements per day when averaged over a calendar quarter. PBH found this

141 views • 13 slides
Calibration des Microroc (II) Alex, Cyril, Giom, Jean, Max 09 Mai 2011, Annecy 1 Reminder 2

Calibration des Microroc (II) Alex, Cyril, Giom, Jean, Max 09 Mai 2011, Annecy 1 Reminder 2

Reminder Comparison single chip & ASU chip Chip to chip variations Outlook Calibration des Microroc (II) Alex, Cyril, Giom, Jean, Max 09 Mai 2011, Annecy 1 Reminder 2 Comparison single chip & ASU chip 3 Chip to chip variations 4

454 views • 7 slides
SoC Design Lecture 10: On-Chip Interconnection Networks Lecture 10: On Chip Interconnection

SoC Design Lecture 10: On-Chip Interconnection Networks Lecture 10: On Chip Interconnection

SoC Design Lecture 10: On-Chip Interconnection Networks Lecture 10: On Chip Interconnection Networks Shaahin Hessabi Department of Computer Engineering g g Sharif University of Technology Signal Transmission on SoC We focus on global wires

800 views • 66 slides
Assisted Discovery of On-Chip Debug Interfaces Joe Grand (@joegrand) Introduction On-chip

Assisted Discovery of On-Chip Debug Interfaces Joe Grand (@joegrand) Introduction On-chip

Assisted Discovery of On-Chip Debug Interfaces Joe Grand (@joegrand) Introduction On-chip debug interfaces are a well-known attack vector - Used as a stepping stone to further an attack - Can provide chip-level control of a target

766 views • 35 slides
2015 CHIP Progress 2015 CHIP Overview In May-August 2015, Ottawa County developed its first

2015 CHIP Progress 2015 CHIP Overview In May-August 2015, Ottawa County developed its first

2015 CHIP Progress 2015 CHIP Overview In May-August 2015, Ottawa County developed its first Community Health Improvement Plan (CHIP) The most prevalent health issues according to the 2014 CHNA included: Access to Health Care

628 views • 40 slides
Final Assembly Chip Core Your final project chip consists of a core The Chip Core is

Final Assembly Chip Core Your final project chip consists of a core The Chip Core is

Final Assembly Chip Core Your final project chip consists of a core The Chip Core is everything that is inside and a pad ring the Pad Ring Core is the guts Try to floorplan your core so that its as small a rectangle as

230 views • 11 slides
Study Of Chip Breaker El-Sherbeeny, PhD 2014 Project-Group 6 TYPES ES OF F CHI HIP a)

Study Of Chip Breaker El-Sherbeeny, PhD 2014 Project-Group 6 TYPES ES OF F CHI HIP a)

Study Of Chip Breaker El-Sherbeeny, PhD 2014 Project-Group 6 TYPES ES OF F CHI HIP a) Continuous Chip b) Built-Up Edge Chip c) Serrated Chip d) Discontinuous Chip El-Sherbeeny, PhD 2014 Project-Group 6 I this project will

393 views • 11 slides
On h -vectors of broken circuit complexes Dinh Van Le (Univesit at Osnabr uck) Osnabr

On h -vectors of broken circuit complexes Dinh Van Le (Univesit at Osnabr uck) Osnabr

On h -vectors of broken circuit complexes Dinh Van Le (Univesit at Osnabr uck) Osnabr uck, October 10th, 2015 Outline 1 Broken circuit complexes 2 The Orlik-Terao algebra 3 Series-parallel networks 4 An open problem Chromatic

656 views • 41 slides
Come, Come Whoever You Are Come, Come, Whoever You Are Though youve broken your vows a

Come, Come Whoever You Are Come, Come, Whoever You Are Though youve broken your vows a

Come, Come Whoever You Are Come, Come, Whoever You Are Though youve broken your vows a thousand times Wanderer, worshipper, lover of leaving Ours is no caravan of despair Come, yet again, come Come, Come ~ adapted from Rumi by Leslie

586 views • 48 slides
Chip and Chip and PIN PIN is B is Brok oken en Steven J. Murdoch, Saar Drimer, Ross Anderson,

Chip and Chip and PIN PIN is B is Brok oken en Steven J. Murdoch, Saar Drimer, Ross Anderson,

Chip and Chip and PIN PIN is B is Brok oken en Steven J. Murdoch, Saar Drimer, Ross Anderson, Mike Bond University of Cambridge S&P 2010 Presented by: Yi Zhang September 1 2016 EMV Card As of early 2008, there were 730 million

142 views • 12 slides
ChIP-seq data analysis 04-05-12 Outlook Friday 04-05-12: Next-generation sequencing

ChIP-seq data analysis 04-05-12 Outlook Friday 04-05-12: Next-generation sequencing

ChIP-seq data analysis 04-05-12 Outlook Friday 04-05-12: Next-generation sequencing ChIP-seq experimental design ChIP-seq data analysis: Mapping of sequenced reads to a reference geneome Peak calling

692 views • 43 slides

More recommend