Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
chip and pin is broken

Chip and PIN is broken Steven Murdoch, Saar Drimer, Ross Anderson, - PowerPoint PPT Presentation

Jun 21, 2023 •17 likes •138 views

Faculty of Computer Science Institute for System Architecture, Operating Systems Group Chip and PIN is broken Steven Murdoch, Saar Drimer, Ross Anderson, Mike Bond Europay Mastercard Visa (EMV) 730 million cards worldwide

  1. Faculty of Computer Science Institute for System Architecture, Operating Systems Group Chip and PIN is broken Steven Murdoch, Saar Drimer, Ross Anderson, Mike Bond

  2. Europay – Mastercard – Visa (EMV) • 730 million cards worldwide • Solution to all the banks' problems: – Chip to prevent copying of a card – PIN to prevent abuse of stolen cards • PIN to prove customer's liability 2010-03-03 Chip&PIN is broken Slide 2 von MAXNR

  3. Card Fraud in the UK 2010-03-03 Chip&PIN is broken Slide 3 von MAXNR

  4. PIN and Chip protocol from 10,000 ft 1. Card authentication prove that card is correct → 2. Cardholder verification prove that customer owns the card → 3. Transaction authorization prove that transaction is valid → 2010-03-03 Chip&PIN is broken Slide 4 von MAXNR

  5. Card authentication 2010-03-03 Chip&PIN is broken Slide 5 von MAXNR

  6. Cardholder verification 2010-03-03 Chip&PIN is broken Slide 6 von MAXNR

  7. Transaction authentication 2010-03-03 Chip&PIN is broken Slide 7 von MAXNR

  8. The attack • TVR only records auth failures • IAD may contain info about PIN auth used – Issuer-specific, terminal cannot check • MITM: intercept PIN request and send 0x9000 to terminal • Result: – Terminal: PIN ok – Card: PIN never requested – Bank: no TVR failure, no PIN auth 2010-03-03 Chip&PIN is broken Slide 8 von MAXNR

  9. Hardware used 2010-03-03 Chip&PIN is broken Slide 9 von MAXNR

  10. What caused the vulnerability? • Closed protocol specification process • Huge spec – 707 pages for core EMV spec – 2,126 pages testing documentation – 810 pages VISA public extensions • No documentation of threat / security model 2010-03-03 Chip&PIN is broken Slide 10 von MAXNR

  11. Fixes? • Economic factor: – Customers can be held liable – No incentive for costly redeployment – Cooperation of banks and terminal vendors • Let terminal parse IAD – As the name says: issuer -specific data • Incorporate Cardholder Verification Method Results into ARQC – Possible with EMV, requires only cards and issuer backends to be fixed – Will stil take a long time 2010-03-03 Chip&PIN is broken Slide 11 von MAXNR

  12. Discussion • How to educate the uneducated? • Is there formal protocol validation? – Would it have helped? 2010-03-03 Chip&PIN is broken Slide 12 von MAXNR

Recommend

PIN - SO WHATS NE PIN - SO WHATS NE W SINCE W SINCE THE THE PIN - SO WHATS NE PIN -

PIN - SO WHATS NE PIN - SO WHATS NE W SINCE W SINCE THE THE PIN - SO WHATS NE PIN -

PIN - SO WHATS NE PIN - SO WHATS NE W SINCE W SINCE THE THE PIN - SO WHATS NE PIN - SO WHATS NE W SINCE W SINCE THE THE PIN - SO WHATS NE PIN - SO WHATS NE PIN - SO WHATS NE PIN - SO WHATS NE W SINCE W SINCE

437 views • 9 slides
Chip and Chip and PIN PIN is B is Brok oken en Steven J. Murdoch, Saar Drimer, Ross Anderson,

Chip and Chip and PIN PIN is B is Brok oken en Steven J. Murdoch, Saar Drimer, Ross Anderson,

Chip and Chip and PIN PIN is B is Brok oken en Steven J. Murdoch, Saar Drimer, Ross Anderson, Mike Bond University of Cambridge S&P 2010 Presented by: Yi Zhang September 1 2016 EMV Card As of early 2008, there were 730 million

143 views • 12 slides
Calibration des Microroc (II) Alex, Cyril, Giom, Jean, Max 09 Mai 2011, Annecy 1 Reminder 2

Calibration des Microroc (II) Alex, Cyril, Giom, Jean, Max 09 Mai 2011, Annecy 1 Reminder 2

Reminder Comparison single chip & ASU chip Chip to chip variations Outlook Calibration des Microroc (II) Alex, Cyril, Giom, Jean, Max 09 Mai 2011, Annecy 1 Reminder 2 Comparison single chip & ASU chip 3 Chip to chip variations 4

454 views • 7 slides
Forest Carbon Partnership Facility Republic of Congo ER-PIN Republic of Congo ER-PIN Republic

Forest Carbon Partnership Facility Republic of Congo ER-PIN Republic of Congo ER-PIN Republic

Forest Carbon Partnership Facility Republic of Congo ER-PIN Republic of Congo ER-PIN Republic of Congo Emission Reductions Program Ninth Meeting of the Carbon Fund (CF9) Brussels April 9-11, 2014 Republic of Congo ER-PIN ER Program

185 views • 15 slides
TK PIN COUPLINGS Version EN17.1 / 3.3.2017 / TEV MFG Components Oy | Pajatie 1, 82600 Tohmajrvi

TK PIN COUPLINGS Version EN17.1 / 3.3.2017 / TEV MFG Components Oy | Pajatie 1, 82600 Tohmajrvi

TK PIN COUPLINGS Version EN17.1 / 3.3.2017 / TEV MFG Components Oy | Pajatie 1, 82600 Tohmajrvi | mfgcomponents@mfg.fi | www.mfg.fi LINE-UP TK Standard Pin Coupling TKR Pin Coupling with TKB Pin Coupling with Axial Limitation

229 views • 9 slides
Insecure Direct Object Reference IDOR ( Broken Access Control ) IDOR ( Broken Access Control ) ~#

Insecure Direct Object Reference IDOR ( Broken Access Control ) IDOR ( Broken Access Control ) ~#

Insecure Direct Object Reference IDOR ( Broken Access Control ) IDOR ( Broken Access Control ) ~# whoami Eric Biako Bsc. IT, CEH v9 Information security officer @ E-connecta Moderator @ https://legalhackmen.com IDOR ( Broken Access Control )

519 views • 12 slides
Galatians Whos Your Mama? Broken people know theyre broken! They know they need Jesus

Galatians Whos Your Mama? Broken people know theyre broken! They know they need Jesus

Galatians Whos Your Mama? Broken people know theyre broken! They know they need Jesus & have given up on being their own savior! Abraham Sarah (wife) Isaac (son) Hagar (maidservant) Ishmael (son) Abraham, our broken spiritual

264 views • 21 slides
Final Assembly Chip Core Your final project chip consists of a core The Chip Core is

Final Assembly Chip Core Your final project chip consists of a core The Chip Core is

Final Assembly Chip Core Your final project chip consists of a core The Chip Core is everything that is inside and a pad ring the Pad Ring Core is the guts Try to floorplan your core so that its as small a rectangle as

234 views • 11 slides
Study Of Chip Breaker El-Sherbeeny, PhD 2014 Project-Group 6 TYPES ES OF F CHI HIP a)

Study Of Chip Breaker El-Sherbeeny, PhD 2014 Project-Group 6 TYPES ES OF F CHI HIP a)

Study Of Chip Breaker El-Sherbeeny, PhD 2014 Project-Group 6 TYPES ES OF F CHI HIP a) Continuous Chip b) Built-Up Edge Chip c) Serrated Chip d) Discontinuous Chip El-Sherbeeny, PhD 2014 Project-Group 6 I this project will

396 views • 11 slides
Australian Junior Resources Blue Chip Australian Junior Resources Blue Chip Australian Junior

Australian Junior Resources Blue Chip Australian Junior Resources Blue Chip Australian Junior

Australian Junior Resources Blue Chip Australian Junior Resources Blue Chip Australian Junior Resources Blue Chip Australian Junior Resources Blue Chip 15 December 15 December 2009 2009 Disclaimer This presentation should not be relied upon

608 views • 48 slides
Exploring Chip to Chip Photonic Networks Philip Watts Computer Laboratory University of Cambridge

Exploring Chip to Chip Photonic Networks Philip Watts Computer Laboratory University of Cambridge

Exploring Chip to Chip Photonic Networks Philip Watts Computer Laboratory University of Cambridge Acknowledgement: Royal Commission for the Exhibition of 1851 Exploring Chip to Chip Photonics p g p p Bandwidth improvements in

90 views • 8 slides
Review of prices for water and sewerage services in Broken Hill, and prices for the Broken Hill

Review of prices for water and sewerage services in Broken Hill, and prices for the Broken Hill

Review of prices for water and sewerage services in Broken Hill, and prices for the Broken Hill Pipeline, from 1 July 2019 Public Hearing 20 November 2018 Outline Overview of WaterNSW and Essential Water reviews Review of WaterNSWs prices

522 views • 22 slides
CLICK TO EDIT MASTER TITLE Rod Basket Hinge Pin Safety Moment STYLE Safety Alert &

CLICK TO EDIT MASTER TITLE Rod Basket Hinge Pin Safety Moment STYLE Safety Alert &

CLICK TO EDIT MASTER TITLE Rod Basket Hinge Pin Safety Moment STYLE Safety Alert & Corrective Action Click to edit Master subtitle style Safety Alert What Happened? The traveling block struck the rod basket pin knocking it out. The pin

533 views • 3 slides
Presentation of Employee Service Pins 10 -Year Pin Presented to Cale Smith Senior Officer,

Presentation of Employee Service Pins 10 -Year Pin Presented to Cale Smith Senior Officer,

Item No. 1 Presentation of Employee Service Pins 10 -Year Pin Presented to Cale Smith Senior Officer, Police Department 25 -Year Pin Presented to Ray Hinojosa Corporal, Police Department 25 -Year Pin Presented to David Allen G.I.S.

277 views • 24 slides
ANGELICA DASS PROJECT 3 SOURCE: SOURCE: https://www.pinterest.es/pin/

ANGELICA DASS PROJECT 3 SOURCE: SOURCE: https://www.pinterest.es/pin/

ANGELICA DASS PROJECT 3 SOURCE: SOURCE: https://www.pinterest.es/pin/ https://www.pinterest.es/pin/728035095986228857/ 728035095986228866/ ANGELICA DASS PROJECT 3 SOURCE: SOURCE: https://www.pinterest.es/pin/414401603210918071/

499 views • 20 slides
EASTER EGG DYEING SOURCE: SOURCE: https://www.pinterest.es/pin/41440160320

EASTER EGG DYEING SOURCE: SOURCE: https://www.pinterest.es/pin/41440160320

EASTER EGG DYEING SOURCE: SOURCE: https://www.pinterest.es/pin/41440160320 https://www.pinterest.es/pin/414401603207 7528236/ 528264/ EASTER EGG DYEING SOURCE: SOURCE: https://www.pinterest.es/pin/41440

166 views • 5 slides
Search for 3rd generation superpartners with the ATLAS experiment Keisuke Yoshihara (University

Search for 3rd generation superpartners with the ATLAS experiment Keisuke Yoshihara (University

Search for 3rd generation superpartners with the ATLAS experiment Keisuke Yoshihara (University of Pennsylvania) DPF2017 July 31 (Fermilab) Introduction The SM of particle physics is incomplete. Supersymmetry can be a new theory solving

357 views • 33 slides
New design of an acoustic array calibrator for underwater neutrino telescopes M. Saldaa, C.D.

New design of an acoustic array calibrator for underwater neutrino telescopes M. Saldaa, C.D.

2 nd International Electronic Conference on Sensors and Applications 15-30 November 2015 New design of an acoustic array calibrator for underwater neutrino telescopes M. Saldaa, C.D. Llorens, I.Felis, J. A. Martnez-Mora and M. Ardid UPV

528 views • 15 slides
Array-RQMC for Markov Chains with Random Stopping Times Pierre LEcuyer Maxime Dion Adam

Array-RQMC for Markov Chains with Random Stopping Times Pierre LEcuyer Maxime Dion Adam

1 Array-RQMC for Markov Chains with Random Stopping Times Pierre LEcuyer Maxime Dion Adam LArchev eque-Gaudet Informatique et Recherche Op erationnelle, Universit e de Montr eal 1. Markov chain setting, Monte Carlo,

796 views • 56 slides
Advanced Algorithms (XIII) Shanghai Jiao Tong University Chihao Zhang June 1, 2020 Total

Advanced Algorithms (XIII) Shanghai Jiao Tong University Chihao Zhang June 1, 2020 Total

Advanced Algorithms (XIII) Shanghai Jiao Tong University Chihao Zhang June 1, 2020 Total Variation Distance Total Variation Distance Let and be two distributions on Total Variation Distance Let and be two distributions on

1.05k views • 86 slides
Triple Therapy After PCI in AF: A Quagmire Soon to be Drained Freek W.A. Verheugt Department of

Triple Therapy After PCI in AF: A Quagmire Soon to be Drained Freek W.A. Verheugt Department of

Triple Therapy After PCI in AF: A Quagmire Soon to be Drained Freek W.A. Verheugt Department of Cardiology, Onze Lieve Vrouwe Gasthuis (OLVG) Amsterdam, Netherlands D ISCLOSURES FOR F REEK W. A. V ERHEUGT Research support/ Bayer HealthCare,

649 views • 25 slides
s rt

s rt

s rt rts t t rr rts t rr r

516 views • 28 slides
few TeV cosmic rays with the ARGO-YBJ experiment presented by R. Iuppa University of Rome Tor

few TeV cosmic rays with the ARGO-YBJ experiment presented by R. Iuppa University of Rome Tor

Detection of anisotropies in the arrival directions of few TeV cosmic rays with the ARGO-YBJ experiment presented by R. Iuppa University of Rome Tor Vergata INFN, sez.ne Tor Vergata on behalf of the ARGO-YBJ collaboration CRISM2011

248 views • 24 slides
DATA IS SEXY World Internet Data iTU Facebook 54 M

DATA IS SEXY World Internet Data iTU Facebook 54 M

DATA IS SEXY World Internet Data iTU Facebook 54 M 30 M 30M 13-40 = 37%

803 views • 21 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.