European bank card chip-and-PIN protocol "fundamentally flawed"

[unixronin]

Researchers at Cambridge University have found a fundamental (and, by the sound of it, elementary) flaw in the chip-and-PIN protocol used to authenticate European bank cards, which allows a chip-and-PIN terminal to be tricked into authenticating a transaction with any chip-and-PIN card, regardless of whether the correct PIN is entered.  The required device is simple to construct and use.  Details of the attack here.

The crucial detail here is this one:

The majority of transactions require PIN verification.  The customer enters their number on a PIN entry device.  The PIN is then sent to the card, which compares it to a PIN that it stores on its chip.  If the PIN is correct, the card sends a verification code — 0x9000 — back to the terminal, which completes the transaction.

The problem here — and this really is a complete beginner's design error — is that the verification code sent back by the card is both fixed and sent in clear, and contains no mechanism whatsoever either to protect the conversation or to encode the data that it is verifying (or rejecting) in the reply.  So all an attacker need do is intercept the card's "reply" and replace it with the constant 0x9000 "Verified" response.

This has been a solved problem for over thirty years.  To be failing at it in a supposedly-secure financial transaction protocol introduced only four years ago lies somewhere between appalling and inexcusable.

---

Afterthought over supper:  The last paragraph above is probably over-simplified.  I should clarify that the problem of non-spoofable authentication remains to be fully solved.  However, techniques for exchanging data securely over an insecure channel have been known for more than thirty years.  Just as a first cut, a much better way of handling the PIN and verification exchange might be as follows: The terminal and the card use Diffie-Hellman key exchange or some other mechanism to establish a one-time shared secret.  The terminal encrypts the PIN with the shared secret, saves that value temporarily, then sends the PIN in clear¹ to the card.  The card then validates that PIN in a secure manner; if it matches, it too encrypts the PIN with the shared secret, and sends the ciphertext back.  If it does NOT match, the card encrypts a random false PIN and sends that instead.  The terminal compares that ciphertext to the one it generated; if they match, the transaction is authenticated.  Without knowing the shared secret, a man-in-the-middle attacker cannot spoof the correct response, because the attacker cannot know in advance what it will be.

This is of course an oversimplification, for two reasons:

• It handwaves the problem of securely authenticating the PIN;
• If a MITM attack is a possibility, then the terminal needs to be able to confirm that it is in fact talking to the card and not to the MITM, or the MITM could hypothetically simply spoof the entire handshake.

[1]  "In clear?  Isn't that insecure?"  Well, yes, in principle, but for the purposes of defeating this attack it wouldn't matter; not only does the attacker already know what PIN he just entered, but in this attack it's a false PIN anyway, so no actual sensitive information is exposed.  However, if the terminal sends the ciphertext of the PIN to the card, then the hypothetical possibility of a known-plaintext attack exists.  So in this — admittedly hypothetical and incomplete — example case, it is actually more secure to send the PIN candidate to the card in clear.

---

Afterthought two:  W00t!  I beat Bruce Schneier to this one!

Comments

[vetpsychwars.livejournal.com]

I point out that the US does not use a system anywhere related to this so there's no need to panic here.

[unixronin.livejournal.com]

Well, true in a way. The US doesn't even PRETEND to have a secure card-authentication system.

[randwolf.livejournal.com]

We had a card skimmed at a gas pump ATM last month. Moral: don't use gas-pump ATMs--they're appallingly vulnerable. I suppose we will end up with Mexican-style ATMs, eventually: use your card to open the door, then use the ATM inside the locked room.

[metahacker.livejournal.com]

Sorry to hear it. That makes you the first person I've heard to actually *be* skimmed, rather than just to hear about a friend of a friend.

Those are the dominant style of ATM here. What makes them less vulnerable to having a skimmer installed? It's not like you need your PIN to open the door, just something with a magstripe, and if they did require the pin at the door, well, just skim the door...

[randwolf.livejournal.com]

What makes them less vulnerable is that they are in a bank foyer and better guarded than gas station ATMs. The locks are only the first line of defense. I don't know much about Mexican security practices, but they are much more intensive than US.

[vetpsychwars.livejournal.com]

Sorry, dude. I worked in the industry and I have no evidence that you have. During authentication, a PIN is never transmitted. That's as far as I can go.

Well, I'll tell you this much too. The PIN is not on the card and never was.

[vetpsychwars.livejournal.com]

Here is a small piece of it.

http://publib.boulder.ibm.com/infocenter/zos/v1r9/index.jsp?topic=/com.ibm.zos.r9.csfb400/csfb4z80541.htm

Very small.

[vetpsychwars.livejournal.com]

Oh for crap's sake, it's all over the internet.

Communications between US ATMs and the switch and between the switch and the host are triple-DES.

So in any event, this UK shit can't happen in the US.

[unixronin.livejournal.com]

Nobody said the chip-and-PIN vulnerability DID affect the US. But if you compare the ATM backhauls to POS terminal handshaking, you're comparing apples to oranges.

I repeat: US credit cards do not even make a pretense of secure authentication. All anyone who steals your credit card has to do is use it for online or telephone purchases, or spend a few minutes practicing forging your signature well enough to fool a bored sales clerk who's never seen it before.

[masgramondou.livejournal.com]

More details at the blog of the researchers - http://www.lightbluetouchpaper.org/2010/02/11/chip-and-pin-is-broken/

There is in fact a second problem, in many places the DECT protocol is used to transmit the data between the card reader and the basestation which contacts the bank. DECT has now been cracked - http://www.theregister.co.uk/2010/02/08/dect_phone_encryption_cracked/

The combination of these two is that someone ought to be able to use a radio to do MITM by setting themselves in between the DECT handset and DECT basestation.