Optimised to Fail: Card Readers for Online Banking

Drimer, Saar; Murdoch, Steven J.; Anderson, Ross

doi:10.1007/978-3-642-03549-4_11

Cited by 45 publications

(41 citation statements)

References 4 publications

(6 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…EMV-CAP has been largely reverse-engineered [8,15] and an informative description is leaked (apparently accidentally) in [5,Appendix 1]. This has revealed some potential for ambiguities [8] (e.g.…”

Section: Background: Emv-capmentioning

confidence: 99%

“…This has revealed some potential for ambiguities [8] (e.g. between transactions to log-in and to transfer a zero amount) and, more worryingly, bad design decisions in some variants of EMV-CAP [15] (notably, not using unpredictable input, such as a nonce or transaction data, as input for the ARQC).…”

Section: Background: Emv-capmentioning

confidence: 99%

“…This overloading could be spotted in a high level spec that only considers the interaction with the user, if in such a spec one tries to make the semantics of pressing OK explicit. Overloading the semantics of actions or cryptograms is also noted as a potential problem in EMV-CAP [8].…”

Section: How Could -And Should -This Have Been Prevented?mentioning

confidence: 99%

“…As discussed in Section 2, unconnected smartcard readers for internet banking has been thoroughly investigated [8,15]. For contactless smartcard technology, such as Near Field Communication (NFC), there are several proposals [2,13,14] in the literature for secure internet banking.…”

Section: Related Work and Related Online Banking Systemsmentioning

confidence: 99%

See 3 more Smart Citations

Designed to Fail: A USB-Connected Reader for Online Banking

Blom¹,

Gans

Poll

et al. 2012

Secure IT Systems

View full text Add to dashboard Cite

We present a security analysis of an internet banking system used by one of the bigger banks in the Netherlands, in which customers use a USB-connected device -a smartcard reader with a display and numeric keyboard -to authorise transactions with their bank card and PIN code. Such a set-up could provide a very strong defence against online attackers, notably Man-in-the-Browser attacks, where an attacker controls the browser and host PC. However, we show that the system we studied is seriously flawed: an attacker who controls an infected host PC can get the smartcard to sign transactions that the user does not explicitly approve, which is precisely what the device is meant to prevent.The flaw is not due to a simple implementation bug in one of the components (e.g. the device or the software components on the PC). It is a more fundamental design flaw, introduced in assigning responsibilities to the different components and designing the protocols between them.The system we studied, used by the Dutch bank ABN-AMRO, was developed by the Swedish company Todos AB. This company has since been acquired by Gemalto. ABN-AMRO is one of the three biggest banks in the Netherlands, with 6.8 million customers. Given the popularity of internet banking in the Netherlands, this means that millions of these devices are in the field. The manufacturer claims this device is "the most secure sign-what-you-see end-user device ever seen" 3 ; this paper demonstrates this claim to be false.

show abstract

Section: Background: Emv-capmentioning

confidence: 99%

Section: Background: Emv-capmentioning

confidence: 99%

Section: How Could -And Should -This Have Been Prevented?mentioning

confidence: 99%

Section: Related Work and Related Online Banking Systemsmentioning

confidence: 99%

See 2 more Smart Citations

Designed to Fail: A USB-Connected Reader for Online Banking

Blom¹,

Gans

Poll

et al. 2012

Secure IT Systems

View full text Add to dashboard Cite

show abstract

“…This protocol enables a bank to use its issued base of EMV cards to generate codes for two-factor authentication: it issues each customer with a small low-cost reader, and when the customer logs on to the bank website she is asked for an authentication code which she can generate by inserting her card in the CAP reader and typing her PIN. (We described CAP in more detail in [7].) One key fact is that, to introduce CAP, only the card issuing bank had to change anything; no action was required of acquiring banks or of network switches.…”

Section: Introductionmentioning

confidence: 99%

Might Financial Cryptography Kill Financial Innovation? – The Curious Case of EMV

Anderson

Bond

Choudary

et al. 2012

Financial Cryptography and Data Security

Self Cite

View full text Add to dashboard Cite

Abstract. The credit card system has been one of the world's great successes because of its adaptability. By the mid-1990s, a credit card had become a mechanism for authenticating a transaction by presenting a username (the card number) and a password (the expiry date, plus often a CVV) that was already used in mail order and could be adapted with little fuss to the Internet. Now banks in Europe, and increasingly elsewhere, have moved to the EMV "Chip and PIN" system which uses not just smart cards but also "trusted" hardware. The cryptography supported by this equipment has made some kinds of fraud much rareralthough other kinds have increased, and the jury is still out on the net effect. In the USA in particular, some banks and others oppose EMV on the grounds that it will damage innovation to move to a monolithic and inflexible system. We discuss the effects that cryptographic lock-down might have on competition and innovation. We predict that EMV will be adapted to use cards as keys; we have found, for example, that the DDA signature can be used by third parties and expect this to be used when customers use a card to retrieve already-purchased goods such as air tickets. This will stop forged credit cards being used to board airplanes. We also investigate whether EMV can be adapted to move towards a world in which people can use bank cards plus commodity consumer electronics to make and accept payments. Can the EMV payment ecology be made more open and competitive, or will it have to be replaced? We have already seen EMV adapted to the CAP system; this was possible because only one bank, the card issuer, had to change its software. It seems the key to innovation is whether its benefits can be made sufficiently local and incremental. We therefore explore whether EMV can be adapted to peer-to-peer payments by making changes solely to the acquirer systems. Finally, we discuss the broader issue of how cryptographic protocols can be made extensible. How can the protocol designer steer between the Scylla of the competition authorities and the Charybdis of the chosen protocol attack?

show abstract

Traditional Authentication

Smith-Creasey

2023

SpringerBriefs in Computer Science

View full text Add to dashboard Cite

Optimised to Fail: Card Readers for Online Banking

Cited by 45 publications

References 4 publications

Designed to Fail: A USB-Connected Reader for Online Banking

Designed to Fail: A USB-Connected Reader for Online Banking

Might Financial Cryptography Kill Financial Innovation? – The Curious Case of EMV

Traditional Authentication

Contact Info

Product

Resources

About