Banking Security Architecture

Steven J. Murdoch
http://www.cl.cam.ac.uk/users/sjm217/

work with Saar Drimer, Ross Anderson, Mike Bond

Computer Laboratory www.torproject.org

SecAppDev, March 2012, Leuven, BE

 Chip & PIN has now been running in
the UK for about 5 years

Chip & PIN, based on the EMV

(EuroPay, MasterCard, Visa)
standard, is deployed throughout
most of Europe
In process of roll-out elsewhere
Customer inserts contact-smartcard
at point of sale, and enters their PIN
UK was an early adopter: rollout in
20032005; mandatory in 2006
Chip & PIN changed many things,
although not quite what people
expected
 Card payments in the UK are different
from the US (and elsewhere)

Before Chip & PIN After Chip & PIN

Cards magstrip magstrip and chip
Card verification magstrip chip if possible
ATM PIN used PIN used
Point-of-sale signature used PIN used
No difference between credit and debit cards
No ID check at point-of-sale (signature rarely checked either)
Introducing Chip & PIN really made two changes:
Chip used for authenticating card (ATM and PoS)
PIN used for authenticating customer (only new for PoS)
The effects of the two changes are often conflated
 UK fraud figures 20042010
Chip & PIN deployment period
300

250

200
Losses (m)

150

Cardnotpresent

Counterfeit

Lost and stolen

100

Mail nonreceipt



50

Cheque fraud





ID theft





Online banking



0

2004 2005 2006 2007 2008 2009 2010

Total, ex phone (m) 563.1 503 491.2 591.4 704.3 529.6 441
Year

Source: APACS
 Counterfeit fraud mainly exploited
backwards compatibility features

Upgrading to Chip & PIN was too complex and expensive to

complete in one step
Instead, chip cards continued to have a magstrip
Used in terminals without functioning chip readers (e.g. abroad)
Act as a backup if the chip failed
Chip also contained a full copy of the magstrip
Simplifies issuer upgrade
Chip transactions can be processed by systems designed to
process magstrip
Criminals changed their tactics to exploit these features, and so
counterfeit fraud did not fall as hoped
Fraud against UK cardholders moved outside of the UK
 Criminals could now get cash

Criminals collected:
card details by a double-swipe, or
tapping the terminal/phone line
PIN by setting up a camera, tapping
the terminal, or just watching
Cloned magstrip card then used in an
ATM (typically abroad)
In some ways, Chip & PIN made the
situation worse
PINs are used much more often (not
just ATM)
PoS terminals are harder to secure
than an ATM Tonight (ITV, 2007-05-04)
 Terminal tamper proofing is supposed
to protect the PIN in transit

In PoS transaction, PIN is sent from PIN

entry device (PED) to card for verification
Various standard bodies require that
PEDs be tamper proofed: Visa, EMV, PCI
(Payment Card Industry), APACS (UK
bank industry body)
Evaluations are performed to
well-established standards (Common
Criteria)
Visa requirement states that defeating
tamper-detection would take more than 10
hours or cost over USD $25,000 per PED
 Protection measures: tamper switches

Ingenico i3300
 Protection measures: tamper switches

Ingenico i3300
 Protection measures: tamper meshes

Ingenico i3300
 Protection measures: tamper meshes

Ingenico i3300
 BBC Newsnight filmed our
demonstration for national TV

BBC Newsnight, BBC2, 26 February 2008

 Holes in the tamper mesh allow the
communication line to be tapped

An easily accessible compartment can hide a recording device

 This type of fraud is still a serious
problem in the UK

Initially (2005), PEDs were

tampered on a small scale and
installed by someone
impersonating a service engineer
PED was collected later, and card
details extracted
Now PEDs are being tampered
with at or near their point of
manufacture
A cellphone module is inserted so
it can send back lists of card
numbers and PINs automatically
 Chip & PIN vulnerabilities

Fallback vulnerabilities are not strictly-speaking a Chip & PIN

vulnerability
However, vulnerabilities do exist with Chip & PIN
To understand these, we need some more background
information
To pay, the customer inserts their smart card into a payment
terminal
The chip and terminal exchange information, fulfiling three goals:

Card authentication: that the card presented is genuine

Cardholder verification: that the customer presenting the card is
the authorized cardholder
Transaction authorization: that the issuing bank accepts the
transaction
 Terminology
Payment system network
(MasterCard/Visa/etc.)

Issuing bank Acquiring bank

Cardholder Merchant
 Terminology
Payment system network
(MasterCard/Visa/etc.)
Authorization

Issuing bank Acquiring bank

Card issued Authorization

Card presented

Cardholder Merchant
 Terminology
Payment system network
(MasterCard/Visa/etc.)
Authorization

Issuing bank Acquiring bank

Payment

Card issued Payment Authorization Payment

Card presented

Cardholder Merchant
Goods received
 Simplified Chip & PIN transaction

$ result 5. Online transaction authorization (optional)

issuer
transaction;
cryptogram
merchant

1. Card details; digital signature $$$

card 3. PIN entered by customer;
transaction description

4. PIN OK (yes/no); customer

authorization cryptogram
PIN

2. PIN entered by customer

 The YES-card attack

Criminals can copy EMV

chip cards
This fake card will
contain the correct
digital signature
Also, it can be
programmed to accept
any PIN (hence YES)
However, the fake card
can be detected by
online transaction
authorization
 The YES-card attack

$
issuer

merchant

1. Card details; digital signature $$$

fake
card 3. Wrong PIN entered by crook;
transaction description

4. PIN OK (yes); crook

Wrong cryptogram
0000

2. Wrong PIN entered by crook

 Defending against the YES-card

YES-cards are responsible for a relatively small amount of fraud

Can be detected by online transaction authorization
Can also be detected by more advanced chip cards which can
produce a dynamic digital signature
DDA (dynamic data authentication), as opposed to SDA (static
data authentication)
Previously DDA cards were prohibitively expensive, but now cost
about the same as SDA cards
PIN verification can be performed online too, rather than allowing
the card to do so
Need to securely send the PIN back to the issuer
UK ATMs use online PIN verification
UK point-of-sale terminals use offline PIN verification
 Our attack was shown on BBC1s
consumer program, which aired
February 2007

We got our highest ratings of the run for the story (6.2 million, making
it the most watched factual programme of last week)... its provoked
quite a response from viewers. Rob Unsworth, Editor, Watchdog
Our demonstration helped many cardholders reach a favourable
resolution with banks
 The relay attack: Alice thinks she is
paying $20, but is actually charged
$2 000 for a purchase elsewhere

$
Dave
Alice
PIN

Honest cardholder Alice and merchant Dave are unwitting participants in the
relay attack
 The relay attack: Alice thinks she is
paying $20, but is actually charged
$2 000 for a purchase elsewhere

$
Bob PIN
Dave
Alice
PIN
Carol
$20 $2000

attackers can be on opposite

sides of the world

Alice inserts her card into Bobs fake terminal, while Carol inserts a fake
card into Daves real terminal. Using wireless communication the $2 000
purchase is debited from Alices account
 The no-PIN attack

The no-PIN attack

allows criminals to use a
stolen card without
knowing its PIN
It requires inserting a
device between the
genuine card and
payment terminal
This attack works even
for online transactions,
and DDA cards
 BBC Newsnight filmed our
demonstration for national TV

BBC Newsnight, BBC2, 11 February 2010

 The no-PIN attack

$ result 5. Online transaction authorization (optional)

issuer
transaction;
cryptogram
merchant

1. Card details; digital signature $$$

fake
card 3. Wrong PIN entered by crook;
transaction description

4. PIN OK (yes); crook

authorization cryptogram
0000
1/3/4. Card details; digital signature card
PIN; transaction description
PIN OK; cryptogram
2. Wrong PIN entered by crook
 Why does this attack work?
Complexity
4 000 pages of specication!
Data needs to be combined from several different sources and
specications (EMV, MasterCard, ISO, APACS)
Despite quantity, no specication actually describes the necessary
checks
Bad design of ags
Card produces a ag (card verication results CVR) which says
whether PIN verication succeeded
But this ag is in an issuer-specic format and so cannot be parsed
by the terminal
Flag produced by terminal (TVR) is set either if PIN verication
succeeded or terminal skipped check
Other ags may exist (country-specic, covered by APACS and
ISO), but evidently are not checked in practice
Implementation problems
Since issuers dont check ags, terminals mis-report state
 Current and proposed defences

Skimming
iCVV: Slightly modifying copy of magnetic strip stored on chip
Disabling fallback: Preventing magnetic strip cards from being
used in EMV-enabled terminals
Better control of terminals: Prevent skimmers from being installed
YES-card
Dynamic Data Authentication (DDA): Place a public/private
keypair on every card
Online authorization: Require that all transactions occur online
No-PIN attack
Defences currently still being worked on
Extra consistency checks at issuer may be able to spot the attack
Combined DDA/Application Cryptogram Generation (CDA): Move
public key authentication stage to the end
 Online banking fraud is a significant
and growing problem in the UK

174% increase in users

between 2001 and 2007
185% increase in fraud in
20072008 ( 21.4m in first 6
months of 2008)
Simple fraud techniques
dominate in the UK:
Phishing emails
Keyboard loggers
Still work, and still used by
fraudsters, due to the
comparatively poor security
 A variety of solutions have been
proposed to resist phishing

On-screen keyboards
Picture passwords
Device fingerprinting
One-time-passwords/iTAN

All of these defences have been

broken by fraudsters
Malware
Man in the Middle (MITM)
Combination: Man in the
Browser
 A variety of solutions have been
proposed to resist phishing

On-screen keyboards
Picture passwords
Device fingerprinting
One-time-passwords/iTAN

All of these defences have been

broken by fraudsters
Malware
Man in the Middle (MITM)
Combination: Man in the
Browser
 A variety of solutions have been
proposed to resist phishing

On-screen keyboards
Picture passwords
Device fingerprinting
One-time-passwords/iTAN

All of these defences have been

broken by fraudsters
Malware
Man in the Middle (MITM)
Combination: Man in the
Browser
 A variety of solutions have been
proposed to resist phishing

On-screen keyboards
Picture passwords
Device fingerprinting
One-time-passwords/iTAN

All of these defences have been

broken by fraudsters
Malware
Man in the Middle (MITM)
Combination: Man in the
Browser
 A variety of solutions have been
proposed to resist phishing
iTAN

Picture: Volksbank Dill eG

Customer must provide the requested one time password

 A variety of solutions have been
proposed to resist phishing

On-screen keyboards
Picture passwords
Device fingerprinting
One-time-passwords/iTAN

All of these defences have been

broken by fraudsters
Malware
Man in the Middle (MITM)
Combination: Man in the
Browser
 Man in the browser

SecureBank Inc. $

account: 6734 3249

code: 4068 3854
SecureBank Inc.
account: 9857 2745
code: 4068 3854

Malware embeds itself into the browser

Changes destination/amount of transaction in real-time
Any one-time password is valid, and mutual authentication succeeds
Patches up online statement so customer doesnt know
 Somehow the response must be bound
to the transaction to be authorised

Embed challenge
in a CAPTCHA
style image,
along with
transaction
Involving a
human can
defeat this
May move the
fraud to easier
banks

Picture: Volksbank Dill eG

 Some UK banks have rolled out
disconnected smart card readers

CAP (chip authentication programme) protocol specification secret,

but based on EMV (Europay, Mastercard, Visa) open standard for
credit/debit cards
 Reader prompts for input and displays
MAC generated by card

Customer enters PIN

Card verifies PIN
Customer enters transaction details (varies between banks)
Card calculates MAC over:
Counter on card
Information entered by customer
Result of PIN entry
Reader displays decimal value from:
Some bits from the counter
Some bits from the MAC
(specified by the cards bit filter)
 Usability failures aid fraudsters

CAP reader operates in three modes, which alters the information

prompted for and included in the MAC
Identify No prompt
Respond 8-digit challenge (NUMBER:)
Sign Destination account number (REF:) and amount

Banks have inconsistent usage

Barclays Identify for login, Sign for transaction
NatWest Respond with first 4 digits random and last 4 being the
end of the destination account number

Fraudsters can confuse customers to enter in the wrong thing

 Transaction mode not included in MAC

Input to MAC does not include the selected operation mode

Identify 000000000000 00000000

Respond 000000000000 <challenge>
Sign <amount> <account number>

A Sign response, with an empty/zero amount, is also a valid

Respond response
The account number field is overloaded as being nonce in one mode
and destination account number in another
This ambiguity can be exploited by fraudsters when fooling
customers to enter wrong thing
 Nonce is small or absent

SecureBank Inc.
login: Vic Tim
code: 7365 5748

PIN

$20

No nonce in Barclays variant so response stays valid; only a 4-digit

nonce with NatWest (weak 100 guesses = 63% success rate)
Fake point-of-sale terminal can get response in advance
Even if the nonce was big, a real-time attack still works
 BBC Inside Out

We demonstrated this attack on the BBC television programme,

Inside Out, earlier this year
CAP readers help muggers

CAP reader tells

someone whether a
PIN is correct
Offers assistance to
muggers
Affects customers with
CAP-enabled cards,
even if their bank
doesnt use CAP
EMV specification
always let this be built,
but now devices are
distributed for free
 Software implementation of CAP is
possible and desirable

CAP readers contain

no secrets; possible to
do black-box reverse
engineering
CAP stops automated
transactions: there is
demand for a PC
implementation
Some available now
If this software
becomes popular,
malware will attack it
Supply chains can be infiltrated

Chip & PIN terminals

have been found with
tapping devices
inserted at
manufacturer, which
send captured details
by mobile phone
There is even less
control over the supply
chain for CAP readers
Criminals could send
or sell trojaned readers
 What does this mean for customers?

CAP is far better than existing UK systems

Authentication codes are dynamic
Authentication codes are bound to transaction (although could
be better)

Is this better for customers? Maybe no (at least in the UK)

Consumer protection law is vague: you are protected unless the bank
considers you negligent
When the UK moved from signature to PIN for card payments,
customers found it harder to be refunded for fraud (now 20% are left
out of pocket)
The UK is moving from password to PIN for online banking. Might we
see the same pattern (it is too soon to tell)?
CAP further increases the customers
liability for online fraud
CAP further increases the customers
liability for online fraud
CAP further increases the customers
liability for online fraud
CAP further increases the customers
liability for online fraud
CAP further increases the customers
liability for online fraud
 Other authentication tokens fix many of
the issues in the UK CAP

HHD 1.3 (standard from ZKA, Germany) is stronger than UK CAP, but
more typing is required
Many more modes, selected by initial digits of challenge
Mode number alters the meaningful prompts
Up to 7 digit nonce for all modes
Nonce, and mode number, are included in MAC
PIN verification is optional

RSA SecurID and Racal Watchword do PIN verification on server,

and permit a duress PIN
 More improvements require higher
unidirectional bandwidth
For usability, customer should not have to type in full challenge
Allows versatility and better security
 Flicker TAN

Very similar to German CAP system

(HHD 1.3)
Rather than typing in transaction,
encoded in a flickering image
Easier to use, because no need to
type in information twice
Exactly as versatile and secure as
HHD 1.3
Customer needs to carry special
reader and their card
Flickering image may be annoying
Offered by Sparkasse
 USB connected readers

Class-3 smart card reader (with

keypad and display)
For use with HBCI/FinTS online
banking
Requires drivers to be installed, so
not usable while travelling
Also not usable from work (where a
lot of people do their online banking)
Can also be used for digital
signatures
Can have good security, but details
depend on protocol
Offered by Sparkasse
 Cronto PhotoTAN
Transaction description encoded in a
custom 2-D barcode
More versatile than HHD 1.3 (allows
for free text)
Available on mobile phone (Java,
Blackberry, Android, Symbian,
iPhone, etc. . . )
Also dedicated hardware, for users
without a suitable phone
Secure and convenient, because
most people keep their phone on
their person
Used by Commerzbank
I did this!
 Conclusions
Systems based on EMV are open to a variety of attacks
While the specication does not forbid implementing resistance
measures, it offers little help
In practice, implementers have slipped up, and customers have
been left liable
EMVs complexity, and large variety of options are particularly
problematic
In particular, not specifying security checks, and making
essential data items optional, are a fundamental problem of EMV
While the specication could be patched to x the particular
vulnerabilities identied, xing the systemic problems needs a
re-write of the protocol and specication
For online banking, transaction authentication is now essential,
which requires a trustworthy display
More: http://www.cl.cam.ac.uk/research/security/banking/