Emerging Threats Alan Mushing Prague For Release

September 26, 2011
Alan Mushing
Senior Business Leader
MasterCard Worldwide
Emerging Threats
From the News and Recent Technical Security Conferences
Academy of Risk Management | Innovate. Collaborate. Educate.
In the News….
Emerging Threats
• POS Compromise
• Chip and PIN Broken
• Chip and PIN Definitely Broken
• Reverse Engineering Smart Card Chips
• Electronic Pickpocketing
Academy of Risk Management | Innovate. Collaborate. Educate. ©2011 MasterCard. August 24, 2011
Proprietary Page 2
1
September 26, 2011
“Arts and crafts retail chain Michaels is

dealing with a compromise of Point-of-Sale
(PoS) systems its stores that resulted in credit
card fraud across the country…”
Aldi “was
was recently notified that the security of a limited
number of debit card terminals at some stores may
have been compromised through tampering designed
to steal customers’ payment card information.”
Proprietary Page 3
“Experts warned last year that

chip and PIN
PIN, which was
launched to cut card fraud, is
not as secure as banks claim.
A Cambridge University team

said it is simple to swap a
doctored machine for one in a
store.”
Read more: http://www.dailymail.co.uk/sciencetech/article-

1044293/Now-gangs-using-chip-PIN-technology-steal-
customers-bank-details.html
Proprietary Page 4
2
September 26, 2011
Magstripe Data
• Attacker gets a set of Magstripe Track 2 Data and PIN

• Uses traditional methods of Magstripe Cloning
• CVC2 not captured using this method
• Does Not clone the Chip

• If Magstripe
agst pe cclone
o e used, ttraditional
ad t o a pay
payment
e t syste
system
defenses will apply – unusual transaction pattern
detection and lost and stolen fraud
• Protect PED’s with good terminal management system
• Use latest approved versions of PED’s
©2011 MasterCard. August 24, 2011

Academy of Risk Management | Innovate. Collaborate. Educate.
Proprietary Page 5
The affectionate introduction of

PIN in the UK EMV launch
Proprietary Page 6
3
September 26, 2011
Chip and PIN is Broken equipment
February 11th, 2010
Proprietary Page 7
Chip and PIN is Broken?
Issuer Terminal Wedge Card
PIN entry
Wedge says
seems OK I didn’t
“PIN OK”
see a PIN
If the transaction is
online and the network
carries CVM Results,
then the host could
check them against
CVR
Proprietary Page 8
4
September 26, 2011
“During my MPhil within the Computer

Lab I developed a card-sized device
(named Smart Card Detective – in
short SCD) that can monitor Chip and
PIN transactions.
transactions
The main goal of the SCD was to offer

a trusted display for anyone using
credit cards.….
Even more, we have tested the No PIN

vulnerability (see the paper by
Murdoch et al.) with the SCD. A
reportage on this has been shown on
Canal+
After the “Chip and PIN is broken”

paper was published some contra
arguments referred to the difficulty of
setting up the attack. The SCD can
also show that such assumptions are
many times incorrect.
More details on the SCD are on my MPhil thesis. Also important, the software is open source and along with the hardware
schematics can be found in the project’s page. The aim of this is to make the SCD a useful tool for EMV research, so that
other problems can be found and fixed. October 19th, 2010 by Omar Choudary
Proprietary Page 9
MCAL
• MasterCard has an analysis facility in Europe

responsible for monitoring and assessing payment
security threats and attacks
Proprietary Page 10
5
September 26, 2011
MasterCard Analysis Lab
Proprietary Page 11
Chip and PIN Broken?
Issuer Terminal Wedge Card
MC Spec
Wedge says recommends CVM
“PIN OK” Results are sent to
If the transaction is
online and the network card
carries CVM Results,
then the host could MC Card checks the
check them against CVM Results and
CVR sets a CVR bit if:-
‘terminal
CDA signs the ARQC such erroneously thinks
that any tampering with CVM PIN OK’
Results can be detected by
terminal, preventing the
attack even in offline capable
environments
Proprietary Page 12
6
September 26, 2011
Chip and PIN Broken?
• Attacker still needs to steal card

– Lost and stolen fraud countermeasures apply
• Issuer can check data (CVM results/CVR)
– The ARQC (if online) can be used for detection
– Transaction Cryptogram can also be used for forensic
detection
• CDA p
provides the complete
p solution for detection
• Chip and PIN not broken…but time to think about

implementing next level of defences
Proprietary Page 13
Technical Security Conferences
“At the Black Hat USA conference

in Las Vegas, Andrea Barisani,
chief security engineer for secure
design consultancy Inverse Path,
will join with colleagues to show
how flaws in chip-and-PIN -- which
is becoming a standard in Europe
and Asia -- can be easily exploited.
3 Aug Las Vegas, USA BlackHat USA 2011 / DEFCON 19

27 May Berlin, Germany PH-Neutral 0x7db
17 May Amsterdam, Netherlands HITBSecConf2011
9 Mar Vancouver, Canada CanSecWest
Proprietary Page 14
7
September 26, 2011
Technical Security Conferences
“At the Black Hat USA conference

in Las Vegas, Andrea Barisani,
chief security engineer for secure
design consultancy Inverse Path,
will join with colleagues to show
how flaws in chip-and-PIN -- which
is becoming a standard in Europe
and Asia -- can be easily exploited.
Proprietary Page 15
Chip and PIN Definitely Broken?
Barisani says these flaws can be found in current and emerging credit card
systems, including the EuroPay-Mastercard-Visa (EMV) system that is being
implemented worldwide. While EMV supports three types of cards -- older
magnetic stripe cards, current chip cards, and more secure chip cards --
skimmers can force transactions to use the least secure transaction method,
he warns. EMV currently supports three different standards: static data
authentication, an upgrade from older magstripe cards; dynamic data
authentication, a more secure implementation that uses an encryption key to
scramble transaction information; and combined data authentication, which
implements more stringent security measures.
Attackers who can attach a skimming device to the point-of-sale terminal can
control the security negotiation between the terminal and the consumer's credit
card, Barisani explains. In order to support the older POS technologies, credit
and debit cards will transmit a user's PIN in the clear if required by the terminal.
A skimmer attached to the device can then scoop up the details of the credit
card.”
Proprietary Page 16
8
September 26, 2011
Chip and PIN Definitely Broken?
• CVM list modified so that terminal falls

back from Offline Enciphered PIN to
Plaintext PIN
• Offline data authentication would fail (as
CVM list is signed), and the card would
know that plaintext PIN occurred, so the
host could detect the attack had taken
place
• Any data ‘scooped’ is chip data – so
Magstripe
agst pe cclones
o es will not
ot have
a eCCVC1
C
• The attacker may successfully capture the PIN, but still needs to steal the card
• Traditional payment system defenses will apply
Proprietary Page 17
Smart Card Reverse Engineering
Reviving smart card analysis - Tarnovsky and Nohl
“Smart cards chips – originally invented as a protection for cryptographic keys – are
increasingly used to keep protocols secret. This talk challenges the chips' security measures
to unlock the protocols for public analysis.
These smart card chips are found in banking cards, authentication tokens, encryption
appliances and master key vaults
appliances, vaults.
The protection capabilities of the chip are increasingly used to also keep secret application
code running on the devices. For example, the protocols of modern EMV credit cards are not
publicly known.
Such obscurity is hindering analysis, hence letting logic and implementation flaws go
unnoticed in widely deployed systems, including credit card systems.
We demonstrate a method of extracting application code from smart cards with simple
equipment to open the application code for further analysis.”
Proprietary Page 18
9
September 26, 2011
Metal 2 (aluminium)
Passivation
Metal 1 (aluminium)
Silicon Oxide (insulator)
Polysilicon
Implanted N type drain
Feature size
Silicon substrate
Proprietary Page 19
Proprietary Page 20
10
September 26, 2011
Proprietary Page 21
• Over etching
• Tracks have
come loose
• Will cause
problems for
automated RE
Proprietary Page 22
11
September 26, 2011
Proprietary Page 23
Reverse Engineering
• The reported attack is on the encrypted ROM memory which is

fixed at manufacture – usually y contains the p
program
g code
• As it is just more RE, the attack itself is not new
• Defence is all about complexity of the encryption and the
technology feature size - as Nohl says
• Most new technology is 130nm or less
• In fact most sensitive data (PS Keys, PIN) on Payment cards is
encrypted using keys personalised at issuance, and so stored in
EEPROM
• Th encryption
The ti off d
data
t iis ttypically
i ll address
dd d
dependent,
d t th
thus
making identical data (eg opcodes) different
• Further discussion of state of the art continues at Industry Best

Practice forums such as JHAS and EMVCo Lab meetings but for
now the attack workfunction remains high
JHAS : JIL Hardware Attack Subgroup
Proprietary Page 24
12
September 26, 2011
Electronic Pickpocketing
US/Canada
News
during 2011
Proprietary Page 25
Ø1m
Target reader distance of a few cm Any more…100 Watts of power !

Proprietary Page 26
13
September 26, 2011
Contactless Pickpocketing
Now phones like the Google

Nexus S have integrated NFC
functionality, it has become
trivial to write apps using their
NFC readers
There are a few appearing on
the Android Marketplace right
now – e.g. Identity Stronghold
Note: This is NOT a new attack – just another easy way to demonstrate that
reading the data from a contactless card is straightforward - as designed
but the data itself is not useful – no name and no CVC1 or CVC2
It is protected from re-use by PayPass Magstripe dynamic CVC3 – or the
PayPass MChip dynamic EMV cryptograms
Proprietary Page 27
Security Evaluation
• MasterCard’s CAST program certifies all

Payment Applications used in Cards and
Mobile devices including PayPass
• The program has been running since 2003
• It has been adopted by EMVCo to cover IC’s and

now Platforms (IC + OS) as well as the Common
P
Paymentt Application
A li ti (CPA)
• MasterCard’s Analysis Laboratory (MCAL) continues
to monitor and research new threats and attacks
• Please….Sleep Well ☺
Proprietary Page 28
14

Emerging Threats Alan Mushing Prague For Release

Uploaded by

Copyright:

Available Formats

You might also like

Emerging Threats Alan Mushing Prague For Release

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Emerging Threats Alan Mushing Prague For Release

Uploaded by

Copyright:

Available Formats

September 26, 2011

Academy of Risk Management | Innovate. Collaborate. Educate.

“Arts and crafts retail chain Michaels is

“Experts warned last year that

A Cambridge University team

Read more: http://www.dailymail.co.uk/sciencetech/article-

• Attacker gets a set of Magstripe Track 2 Data and PIN

• Does Not clone the Chip

©2011 MasterCard. August 24, 2011

The affectionate introduction of

Chip and PIN is Broken equipment

February 11th, 2010

Chip and PIN is Broken?

Issuer Terminal Wedge Card

“During my MPhil within the Computer

The main goal of the SCD was to offer

Even more, we have tested the No PIN

After the “Chip and PIN is broken”

• MasterCard has an analysis facility in Europe

MasterCard Analysis Lab

Chip and PIN Broken?

Issuer Terminal Wedge Card

Chip and PIN Broken?

• Attacker still needs to steal card

• Chip and PIN not broken…but time to think about

Technical Security Conferences

“At the Black Hat USA conference

3 Aug Las Vegas, USA BlackHat USA 2011 / DEFCON 19

Technical Security Conferences

“At the Black Hat USA conference

Chip and PIN Definitely Broken?

Chip and PIN Definitely Broken?

• CVM list modified so that terminal falls

Smart Card Reverse Engineering

Reviving smart card analysis - Tarnovsky and Nohl

Silicon Oxide (insulator)

Implanted N type drain

• The reported attack is on the encrypted ROM memory which is

• Further discussion of state of the art continues at Industry Best

Target reader distance of a few cm Any more…100 Watts of power !

Now phones like the Google

• MasterCard’s CAST program certifies all

• It has been adopted by EMVCo to cover IC’s and

You might also like