White Hat Hacker

"There is no security in this life, only opportunity" -- Gen Douglas MacArthur 
« Back to blog
Viewed 297 times
Favorited 0 times
March 2, 2009

Saar Drimer, Steven Murdoch & Ross Anderson - Optimised to Fail: Card Readers for Online Banking

From the 13th International Conference on Financial Cyptography and Data Security, Barbados, 2009
 
Conference website is http://fc09.ifca.ai
 
Copy of Paper:
http://www.cl.cam.ac.uk/~sjm217/papers/fc09optimised.pdf
 
Copy of Slides:
http://www.cl.cam.ac.uk/~sjm217/talks/fc09optimised.pdf
 
Abstract. The Chip Authentication Programme (CAP) has been introduced by banks in Europe to deal with the soaring losses due to online banking fraud. A handheld reader is used together with the customer’s debit card to generate one-time codes for both login and transaction authentication. The CAP protocol is not public, and was rolled out without any public scrutiny. We reverse engineered the UK variant of card readers and smart cards and here provide the first public description of the protocol. We found numerous weaknesses that are due to design errors such as reusing authentication tokens, overloading data semantics, and failing to ensure freshness of responses. The overall strategic error was excessive optimisation. There are also policy implications. The move from signature to PIN for authorising point-of-sale transactions shifted liability from banks to customers; CAP introduces the same problem for online banking. It may also expose customers to physical harm.
 
Author's blog at http://www.lightbluetouchpaper.org/2009/02/26/optimised-to-fail-card-readers-for-online-banking/
 
Comments from the paper on their approach:
 
We used three different techniques to reverse engineer the protocol. First, we monitored communications between legitimate cards and readers (Figure 2 left), using an FPGA based protocol analyser we designed. Second, we emulated a reader and challenged the card (Figure 2 centre). Finally, we constructed an FPGA based card emulator in order to interrogate the reader (Figure 2 right). In all three cases we fully controlled the input, at either the electrical interface or keypad, so our approach was in effect an adaptive chosen text attack. We did not attempt to extract or study the code running on either the smart card or CAP reader.
 
Regrettably these are the only comments. There is no diagram of their FPGA circuits, only two small pictures. One shows a possible custom board, the other what could be an eval or prototype board.

Comments (0)

Leave a comment...

 
Got an account with one of these? Login here, or just enter your comment below.
Posterous-login    Connect    twitter