SlideShare une entreprise Scribd logo

Sploitego

London School of Cyber Security
London School of Cyber Security

Nadeem Douba, GWAPT, GPEN currently situated in the Ottawa (Ontario, Canada) valley, Nadeem provides technical security consulting services primarily to clients in the health, education, and public sectors. Nadeem has been involved within the security community for over ten years and has frequently presented talks in his local ISSA chapter, and most recently at DEF CON 20 on the topics of Open Source Intelligence and mobile security. He is also an active member of the open source software community and has contributed to projects such as libnet, Backtrack, and Maltego.

FormationÉconomie & financeBusiness
1  sur  99
Télécharger pour lire hors ligne
Modern payments security: EMV, NFC, etc.? Nikita Abdullin @0xABD nabdullin@gmail.com 14.05.2013 Hacker Hotshots
About me • Not a black khat :) • I’ve been implementing payment cards processing for the last 5 years • Russian DEFCON group DCG #7812 member • PhD undergrad in InfoSec
Modern payments security: EMV, NFC, etc.? Intro: Payment Cards The EMV standard Attacks on EMV Intro: NFC EMV & NFC = ? Attacks on EMV & NFC Future
Modern payments security: EMV, NFC, etc.? Intro: Payment Cards The EMV standard Attacks on EMV Intro: NFC EMV & NFC = ? Attacks on EMV & NFC Future
Intro: Payment cards • What will we cover today: – Payment technologies from the real world • EMV (Europay, MasterCard and Visa) – EMV-enabled integrated circuit cards & terminals • NFC (Near Field Communication) – Payment applications of NFC • EMV + NFC = ? – Attacks and countermeasures • Classification • Known vectors • New vectors
Intro: Payment cards • Why talk about it? – Real-world means: • Financial institutes – obscure and weird • Ubiquity • Hardware • Attacks in space and time – Strict standardization – Purely virtual payment technologies are all different and rapidly changing • Anyone can implement his own – And we are talking about serious business
Intro: Payment cards • Nilson Report, 2011, 2012 – The total number of purchases on all major worldwide card issuers (American Express, Diners Club, JCB, MasterCard, UnionPay and Visa) increased to a total of 135.33 billion, up 12.1 percent from 2010 on an additional 14.56 billion transactions, the report said. – By 2011, 13.45 billion payment cards worldwide – By 2016? 18.28 billion payment cards worldwide
Intro: Payment cards • As of early 2011, 1.2 billion EMV cards were deployed across the globe along with 18.7 million EMV terminals (via IBID) • Over 1.75 billion smartphones sold by 2012 (via Gartner) • By 2014, 44% of smartphones will be NFC- compatible (via NFC Forum) • More than 975 million contactless payment cards were shipped in 2012 (23% of all smart payment cards) (via Smart Payment Association)
Intro: Payment cards • History – Origins: 1890s – Appearance: 1920s – Popularity: Mid XX century – 1950: Diners Club – 1958: American Express – 1958: Bank of America BankAmericards (now Visa) – 1966: InterBank Card Association (now MasterCard) – 1967: Cash dispencer – 1969: First ATM and magnetic stripe
Meet the Card Gentlemen, do you know what this thing is?
Card standards • Standards family ISO/IEC 781X • 7810: Physical characteristics of credit card size document • 7811-1: Embossing • 7811-2: Magnetic stripe–low coercitivity • 7811-3: Location of embossed characters • 7811-4: Location of tracks 1 & 2 • 7811-5: Location of track 3 • 7811-6: Magnetic stripe-high coercitivity • 7813: Financial transaction cards
Card exterior Front: PAN(4), expiry date(6), Cardholder name(7) Back: Magnetic stripe (1), cardholder signature(2), CVV2 (2)
PAN • PAN Personal Account Number – From 13 to 19 digits – First 4 to 6 digits = BIN • Bank identification number – Last digit is a checksum digit (Luhn digit) • Checksum is calculated with Luhn algorithm
Magnetic Stripe • LoCo (Low coercitivity) • HiCo (High coercitivity) • Tracks – Track 1: – Track 2: – (Track 3) – mostly unused
Magnetic Stripe Data entity Track 1 Track2 PAN + + Cardholder name + Expiry date + + Service code + + Discretionary data: PVKI + + PVV + + CVC-1 (CVV-1) + +
Meet the Terminal • Terminal types: – ATM (Automated Teller Machine) – POS (Point Of Sale) – Imprinter – Others • SSD
Terminal Hardware • All devices: – Card Reader – PED (PIN Entry Device) – Receipt printer – Screen • ATM: – Note cassettes inside a safe box – Note dispencer – (Note acceptor)
Payment Systems • Why? – If N banks around the world want to accept each other’s cards, how many connections they would need? (Hint: ) • IPS bring standards & interoperability – Each IPS defines its own protocols and procedures • Direct connections are also used – Member bank connects directly to the IPS – Affiliates connect to the Member – IPS can act as an acquirer for the largest retailers 2 )1( NN
Payment Systems
Payment Systems
Payment Systems
Payment Systems • Notable IPS (International Payment Systems) – Visa – MasterCard (MC) – Japan Credit Bureau (JCB) – Diners Club (DC) – American Express (AMEX) – China Union Pay (CUP)
Cryptography & Security • Plastic – Holograms – Watermarks • Cryptography – DES (Replaced by DES) – 3DES • 3DES, mode: EDE, 2 keys: ABA
Cryptography & Security • Cardholder Authentication (Verification) – PIN – PVK (PIN Verification Key) – PVV (PIN Verification Value) – PVV = ENC(PVK)[f(PAN, PIN)] by issuer • Card Authentication (Verification) – CVV/CVC and CVV2/CVC2 – CVK (Card Verification Key) – CVV = ENC(CVK)[f(PAN || ExpDate || SvcCode)] by issuer – CVV2 = ENC(CVK)[f(PAN || ExpDate || ‘000’)] by issuer
Cryptography & Security • Encryption – PEK (PIN Encryption Key) – TPK (Terminal PIN Key) – TMK (Terminal Master Key) – Domain encryption • ZMK/ZCMK (Zone (Control) Master Key) • AWK (Acquirer Working Key) • IWK (Issuer Working Key) – Proprietary measures • MAC by terminal • Transport-level encryption
Cryptography & Security • HSM (Host Security Module) – Host command interface – Console admin interface • Smart cards for security officer authetication and master key storage – PKCS#11 API – LMK (Local Master Key) – Standards compliance • FIPS 140-1, FIPS 140-2/140-3 • PIN Printer – A secure printer directly connected to HSM
Processing cycle • Cardholder – Receive a card and sign it manually – Open PIN Envelope, read it and burn it • Issuer – Personalization – Embossing – Encoding – Issuer’s Host software • Authorization processing • Presentment processing • Card – Card is just a static read-only piece of plastic
Processing cycle • Acquirer – Manages terminals and provides services to merchants – Acquirer’s host software • Authorization processing • Presentment processing • Terminal – Reads card – Talks to acquirer’s host
Processing cycle • Transaction phases – Authorization – Clearing – Settlement – Dispute resolution
Authorization • Terminal reads card • If cardholder enters PIN: – Terminal calculates a PIN Block inside PED – PIN Block is encrypted under corresponding TPK • Auth message is sent to Acquirer’s host • Acquirer processes it and sends to IPS • IPS processes it and sends to Issuer • Issuer approves or rejects it and sends the answer back
Clearing • Terminal reconciliation • Acquirer demands satisfaction from the issuer and sends the clearing presentments through the IPS • IPS processes them and sends them to the Issuer • Issuer may not respond, money transfer is automatically performed at the next stage
Settlement • All parties settle their financial positions through the IPS – Consolidated funds transfer
Dispute resolution • Presentment: Original Sale • First Chargeback: A customer disputes a charge to his or her credit card company or bank and the bank responds with a retrieval request to dispute the transaction. • Second Presentation or Re-presentment: This is when the merchant has an opportunity to respond to the first chargeback. • Second Chargeback: If the second presentment is rejected by the cardholder, the issuing bank files a second chargeback. • IPS Arbitration: IPS staff handle the case manually
Data transfer • ISO 8583 Standard – Binary protocol – Presence of a fields is determined by bitmap • N x 64-bit bitmaps – Fields may be fixed or variable – Data may be encoded in raw binary, ASCII, BCD, etc. • The same for variable fields length
Terminal protocols • Terminals usually talk to acquirer’s host in their special protocols – ATM – POS – SSD • But some are built over ISO8583
Transaction types • ATM • Retail • CNP Retail • Note Acceptance • Special – Balance request – PIN Set/PIN Change – Address Verification
Fraud • PAN + Exp Date + CVV2 = enough for CNP fraud – CNP Fraud • Skimming – Cloning of magstripe with and w/o stealing the PIN – Clone is identical to the original card – http://www.google.com/trends/explore?#q=skimming • Other methods
http://www.google.com/trends/explore?#q=skimming
http://www.google.com/trends/explore?#q=skimming
Advances & countermeasures • DUKPT – Derived Unique Key Per Transaction • Anti-skimming – Terminal-only – Card and terminal • Magstipe is analog, not digital • e-commerce – (SET) – 3-D Secure • Finally, smart cards (ICC)
3-D Secure
Modern payments security: EMV, NFC, etc.? Intro: Payment Cards The EMV standard Attacks on EMV Intro: NFC EMV & NFC = ? Attacks on EMV & NFC Future
The EMV standard • What? – A protected microcontroller inside a card – Since 1993 • Why? – New interactive products – Liability Shift • The Four Books – ICC to Terminal Interface – Security and Key Management – Application Specification – Other Interfaces • ISO 7816
The EMV standard • What does the card use: – DES/3DES – RSA – SHA-1 • What does the card have: – Several kilobytes of EEPROM – Firmware • Java Card • MultOS • … – 1 Serial I/O port and a system of commands
The EMV standard • EMV card lifecycle – EMV Personalization • Pre-personalization – Card is interactive • During transaction – The card is powered on and the card makes the decision • New cardholder authentication methods – Biometrics • Issuer scripts and data storage for dynamic decisions – Counters – Card-level risk management
EMV basics • ISO/IEC 7816 – a family of standards for smart cards with contacts • Physical specs • I/O • Files • Commands • Applications
Physical specs • One serial I/O port • External power • External clock and reset • 6 meaningful contact pads and 2 unused • Contact dimensions and layout match the well-known SIM cards – Actually, there are SIM cards with EMV onboard :)
Physical specs
Physical specs • Voltage: 3 classes of operation – A – B – C
I/O • Insertion of the ICC into the IFD – connection and activation of the contacts. • Reset of the ICC – establishment of communication between the terminal and the ICC. • Execution of the transaction(s). • Deactivation of the contacts and removal of the ICC
I/O • Contact activation – Vcc level validation for 200 cycles • ICC Reset – Cold • > 200 cycles and pull up RST – Warm • > 200 cycles, pull down RST, > 200 cycles, pull up RST
I/O Rx (Card to Terminal) Tx (Terminal to Card)
Files • All data on card is stored as records listed in files • Mandatory – Application Expiry Date – Application Primary Account Number (PAN) – Card Risk Management Data Object List 1 (CDOL1) – Card Risk Management Data Object List 2 (CDOL2) • Application Elementary Files – Referenced by SFI – Contain only BERTLV data objects
Commands • Command APDU – CLA = Class Byte of the Command Message – INS = Instruction Byte of Command Message – P1 = Parameter 1 – P2 = Parameter 2 • Command is a N-byte string
Response • Response APDU – Status bytes • SW1 • SW2 • Response is a byte string too :)
Commands • APPLICATION BLOCK (post-issuance command) • APPLICATION UNBLOCK (post-issuance command) • CARD BLOCK (post-issuance command) • EXTERNAL AUTHENTICATE – verify a cryptogram • GENERATE APPLICATION CRYPTOGRAM • GET CHALLENGE • GET DATA • GET PROCESSING OPTIONS • INTERNAL AUTHENTICATE – calculation of SDA • PIN CHANGE/UNBLOCK (post-issuance command) • READ RECORD • VERIFY – verify PIN data
EMV crypto primitives • MKAC that it shares with the issuer, derived from the issuer’s master key MKI . • Session key SKAC can be computed, based on the transaction counter. • The issuer has a public-private key pair (PI , SI), and the terminal knows this public key PI • Cards that support asymmetric crypto also have a public-private key pair (PIC , SIC ).
EMV Transaction Flow • Initialization • Card/Data authentication – optional • Cardholder verififcation – optional • Actual transaction step A very nice presentation at 29C3 by Tim Becker “A rambling walk through an EMV transaction” http://events.ccc.de/congress/2012/Fahrplan/events/5237.en.html
Initialization • Command flow – T → C: SELECT APPLICATION – C → T: [PDOL] – T → C: GET PROCESSING OPTIONS [(data specified by the PDOL)] – C → T: (AIP, AFL) – Repeat for all records in the AFL: – T → C: READ RECORD (i) – C → T: (Contents of record i) • Return AFL and AIP
Card/Data authentication • SDA (Static Data Authentication) – Card provides Signed Static Application Data (SSAD) • DDA (Dynamic Data Authentication) – SDA + Sign(SIC)[ICC Dynamic Data, Hash(ICC Dynamic Data, data specified by DDOL)] • CDA (Combined Data Authentication) – SDAD = Sign(SIC)[nonce_IC , CID, AC, TDHC, H(nonce_IC , CID, AC, TDHC, nonce_Terminal].
Cardholder verification • CVM (Cardholder Verification Methods) – CVM List • Online PIN – the bank checks the PIN • Offline plaintext PIN – the chip checks the PIN – PIN is transmitted to the chip in the clear form • Offline encrypted PIN – chip checks the PIN – PIN is encrypted before it is sent to the card
Offline plaintext PIN • T → C: VERIFY(pin) • C → T: Success/ (PIN failed, tries left) / Failed
Offline encrypted PIN • T → C: GET CHALLENGE • C → T: nonce_IC • T → C: VERIFY(Encrypt (PIC)[PIN, nonce_IC , random padding]) • C → T: Success/ (PIN failed, tries left) / Failed
Transaction step • Offline – card sends a Transaction Certificate (TC) • Online – card sends an Authorization Request Cryptogram (ARQC) – If issuer approves, card sends a TC • If card itself refuses – Card provides Application Authentication Cryptogram (AAC)
Modern payments security: EMV, NFC, etc.? Intro: Payment Cards The EMV standard Attacks on EMV Intro: NFC EMV & NFC = ? Attacks on EMV & NFC Future
Attacks on EMV • Classification – Hardware vs. Software – Active vs. Passive – Intrusive vs. Non-intrusive – By localization: – By methods used
Attacks on EMV • Classification – By localization: • Malicious card • Malicious terminal • MITM
Attacks on EMV • Classification – By methods used • Communication lines eavesdropping & tampering • Purely cryptoanalytical methods • Fault attacks • Side-channel attacks – Power analysis » SPA (Single Power Analysis) » DPA (Differential Power Analysis) » DFA (Differential Fault Analysis) – TAA (Timing Analysis Attack) • Social Engineering
Known vectors • “Fallback” to magstripe = magstripe-only cloning • Relay attacks • Replay attacks (“YES”-cards = clones of SDA card) • MITM (Wedge) with CVM list downgrade • Pre-play attack • Joint encryption and signature • Fault analysis • Power analysis • Attacking HSM's
MITM (Wedge) with CVM list downgrade • Terminal might not check if authentication method is the same that the card approved – Only auth result is signed • Make the card think it was a signature-based transaction • Make the terminal think it was a PIN-based transaction • Easily prevented – by correct terminal software • Detected at host
Pre-play attack • Bond et al., Cambridge, 2012 • Random nonce sent by terminal? • In reality it is not so random – Older implementations • So a MITM device can gather a lot of cryptograms for known nonces • Then just predict when a gathered cryptogram will be correct for a known future nonce and use it with fake transaction data
Joint encryption and signature attack • Degabriele et al., CT-RSA 2012 • CDA cards • Offline transaction, card verifies PIN • Utilize known padding of encrypted EMV data – Bleichenbacher attack on RSA • Same RSA keypair used for signature and encryption
Joint encryption and signature attack
Fault analysis • Coron et al., CT-RSA 2010 • Currently CRT (Chinese Remainder Theorem) is used to reduce computational load on signer in RSA implementations – From mod N to mod p and mod q – Fault induced on one computation of two – “CJKNP” attack on RSA, 2009 • Partially unknown plaintexts • Consider EMV DDA: – Signed data includes partially known ASN.1 header – Attack uses orthogonal lattice techniques – Attack requires 10 faulty signatures to factor N under 1 second
Attacking HSM’s • EMV introduced new crypto primitives to be implemented on existing, non-flexible systems with decades of backward compatibility – The new crypto functions may have been implemented improperly • An attack by Ben Adida et al. and Ron Rivest (2005) on 3DES CBC MAC – Inject chosen plaintext in the MAC’ed message – Disclose encryption key – Two implementations • IBM 4758 • Thales RG7000 • Modern systems are not vulnerable
Countermeasures • Technical – Improve terminal software (!) – Improve host software – Improve personalization restrictions • Obey payment systems’ regulations – Distance Bounding • Saar Drimer and Steven J. Murdoch, Cambridge – Cardholder self-defence • Steven J. Murdoch, Cambridge • Invent an "Electronic attorney“ – legitimate cardholder’s shim (!?) • Organizational – Verify from the business level – Improve standards coverage
Future • Elliptic curves – ECIES (ISO/IEC 18033-2) for PIN – EC-DSA / EC-Schnorr (ISO/IEC 14888-3:2006) for signatures • More complex chip applets – More authentication schemes • Interactive cards with keyboard and display – More bugs? • Faster and more expensive ICC chips – Stronger crypto – Difficult and less practical hardware attacks (e.g. DPA)
Modern payments security: EMV, NFC, etc.? Intro: Payment Cards The EMV standard Attacks on EMV Intro: NFC EMV & NFC = ? Attacks on EMV & NFC Future
Intro: NFC • RFID – Radio Frequency Identification technologies – LF (Low frequency) • 125 KHz • 134 KHz – HF (High frequency) • 13.56 MHz – NFC » ISO/IEC 18092 (ECMA-340) » ISO/IEC 14443 » ISO/IEC 15693 – Others
NFC • NFC Devices – Tags – Smart cards – Readers – Mobile devices • NFC Security – NFC Ready and NFC Secure – Secure Element – Authentication – Encryption
NFC Data Transfer • NFC Roles by RF field source: • NFC Roles by protocol: Device A Device B Description Active Active RF field is generated by the device that sends data at the moment Active Passive RF field is generated by Device A only Passive Active RF field is generated by Device B only Initiator Target Active Possible Possible Passive Not Possible Possible
NFC Device Modes of Operation • Data exchange (P2P – NFC peer-to-peer) – Duplex data exchange – WiFi, Bluetooth, P2P Payment, Contacts, vCards, … • Reader/Writer mode (PCD – Proximity Coupling Device) – Mobile device reads tags/smartcards – WiFi Config, media linking • Tag emulation (PICC – Proximity Card) – Reader cannot distinguish between smartcard & tag emulation – Handset may contain/emulate multiple smartcards (smartcard chips)
NFC Security • Eavesdropping is easy (up to 10 meters in active mode) • DoS is easy • Datastream modification is possible • MITM is possible using full relay (when Alice and Bob can not talk to each other at all) – No NFC shims, unless some RF-shielding nano-materials appear :) – A fast relay is a practical attack both for eavesdropping and data tampering • Secure element • Additional levels of security are out of scope of NFC standards – Proprietary implementations
Secure element • Smart Card Alliance: “The secure element (SE) is a secure microprocessor (a smart card chip) that includes a cryptographic processor to facilitate transaction authentication and security, and provide secure memory for storing payment applications (e.g., American Express, Discover, MasterCard, Visa and other payment applications). SEs can also support other types of secure transactions, such as transit payment and ticketing, building access, or secure identification.”
Secure element • Secure elements in consumer devices – Contactless smart card – NFC SIM card + Handheld device • RF interface on handheld • Integrated RF interface • Flexible antenna – NFC SD Card + Handheld device • RF interface on handheld • Integrated RF interface – SE Embedded in a chip in a handheld device • RF interface on handheld
NFC Security • Secure Element is as secure as a regular (contactless) smartcard – Same security features – Same weaknesses • Side channels – Main weakness: Relay attack • Cannot be prevented by application-layer cryptographic protocols • Timing requirements by ISO 14443 are too loose to prevent relay over longer channel – Real devices may be even more relaxed to produce less timeouts in real life for the customers
NFC Reality • Mifare – Proprietary near-ISO compliant cards by Philips (NXP) – Worldwide deployment • European transport: subways, intercity trains... • Asia, South America, ... • Ski passes at modern ski resorts • ... finally, Moscow & Saint-Petersburg subway tickets
NFC Reality • Mifare security – MIFARE Ultralight – no encryption – Mifare Classic • Uses a weak crypto algorithm “Crypto-1”, 48-bit key • First attacks in 2000’s • Algorithm fully reverse-engineered from chip by 2008 – Insecure, minutes to retrieve secret key and fully clone card – Mifare DESFire • 3DES / AES • Successful DPA attack on 3DES Mifare DESFire in 2011
NFC Reality • Vulnerable smartphones – Various • Attacks on NFC P2P • JSR-177 – Android • Currently deployed custom stacks and drivers • Linux standard NFC stack • Userland vulnerabilites on handling NFC data
Modern payments security: EMV, NFC, etc.? Intro: Payment Cards The EMV standard Attacks on EMV Intro: NFC EMV & NFC = ? Attacks on EMV & NFC Future
EMV & NFC = ? • EMV & NFC = ? – EMV-compliant chip is a secure element – So we have contactless payment cards: • Visa PayWave • MasterCard PayPass • etc. – Mostly: dual interface (contacts + coil) for backward compatibility (some even have magstripe) – Personalized by contact and contactless interfaces alike – New threats
EMV & NFC = ? • Low-amount payments with little to no cardholder verification – Local transport tickets – Small retail purchases – Even cash withdrawal – … • An EMV card embedded inside a smartphone – Total payment convergence – Smartphone’s screen provides user interface – Multi-application EMV
Modern payments security: EMV, NFC, etc.? Intro: Payment Cards The EMV standard Attacks on EMV Intro: NFC EMV & NFC = ? Attacks on EMV & NFC Future
Attacks on EMV & NFC • Known vectors – PAN Gathering for subsequent CNP online fraud • Fake point-of-sale device – Relay attacks • Two NFC-enabled smartphones • New vectors – Power analysis – Smartphones
Known vectors • PAN Gathering for subsequent CNP e- commerce fraud – Fake point-of-sale device, e.g. selling candies – Customers pays with his card – Card details are used in CNP e-commerce fraud • Relay attacks – Two NFC-enabled smartphones – Implements known EMV attacks using the relay
New vectors • Power analysis – Card draws power from the same RF field that is used for data transfer – However, EMV chips are generally more secure than low-cost NFC solutions • Smartphones – Direct access to secure element – Consider all those rooted Androids…
Modern payments security: EMV, NFC, etc.? Intro: Payment Cards The EMV standard Attacks on EMV Intro: NFC EMV & NFC = ? Attacks on EMV & NFC Future
Future • Industry strengths – Security by obscurity • Industry weaknesses – Security by obscurity • New technology – Stronger cryptography • Perspectives – EMV – NFC – etc.?
Sploitego

Recommandé

Abdullin modern payments security. emv, nfc, etc
Abdullin modern payments security. emv, nfc, etcAbdullin modern payments security. emv, nfc, etc
Abdullin modern payments security. emv, nfc, etcDefconRussia
 
EMV chip cards
EMV chip cardsEMV chip cards
EMV chip cardsDilip Kumar
 
Chip and Skim: cloning EMV cards with the pre-play attack
Chip and Skim: cloning EMV cards with the pre-play attackChip and Skim: cloning EMV cards with the pre-play attack
Chip and Skim: cloning EMV cards with the pre-play attack- Mark - Fullbright
 
Introduction to emv
Introduction to emvIntroduction to emv
Introduction to emvAnil Chaurasiya
 
EMV Overview
EMV OverviewEMV Overview
EMV OverviewKona Software Lab Limited.
 
Smart Card EMV for Dummies
Smart Card EMV for DummiesSmart Card EMV for Dummies
Smart Card EMV for DummiesSilly Beez
 
Emv and fraud
Emv and fraudEmv and fraud
Emv and fraudUjwal Tamminedi
 
EMV 201 EMF June 2016
EMV 201 EMF June 2016EMV 201 EMF June 2016
EMV 201 EMF June 2016Philip Andreae
 

Recommandé

Abdullin modern payments security. emv, nfc, etc
Abdullin modern payments security. emv, nfc, etcAbdullin modern payments security. emv, nfc, etc
Abdullin modern payments security. emv, nfc, etcDefconRussia
 
EMV chip cards
EMV chip cardsEMV chip cards
EMV chip cardsDilip Kumar
 
Chip and Skim: cloning EMV cards with the pre-play attack
Chip and Skim: cloning EMV cards with the pre-play attackChip and Skim: cloning EMV cards with the pre-play attack
Chip and Skim: cloning EMV cards with the pre-play attack- Mark - Fullbright
 
Introduction to emv
Introduction to emvIntroduction to emv
Introduction to emvAnil Chaurasiya
 
EMV Overview
EMV OverviewEMV Overview
EMV OverviewKona Software Lab Limited.
 
Smart Card EMV for Dummies
Smart Card EMV for DummiesSmart Card EMV for Dummies
Smart Card EMV for DummiesSilly Beez
 
Emv and fraud
Emv and fraudEmv and fraud
Emv and fraudUjwal Tamminedi
 
EMV 201 EMF June 2016
EMV 201 EMF June 2016EMV 201 EMF June 2016
EMV 201 EMF June 2016Philip Andreae
 
Emv Explained in few words
Emv Explained in few words Emv Explained in few words
Emv Explained in few words Banque Populaire Du Rwanda
 
emv-ebook
emv-ebookemv-ebook
emv-ebookRichard Dover
 
Emv overview-payscape-2015 (1)
Emv overview-payscape-2015 (1)Emv overview-payscape-2015 (1)
Emv overview-payscape-2015 (1)Karina Khemani
 
Emv chip card buyers guide
Emv chip card buyers guideEmv chip card buyers guide
Emv chip card buyers guide3D Merchant powered by CenPOS
 
EMV: What you Need to Know
EMV: What you Need to KnowEMV: What you Need to Know
EMV: What you Need to KnowTotal Merchant Services
 
End-to-End Encryption for Credit Card Processing
End-to-End Encryption for Credit Card ProcessingEnd-to-End Encryption for Credit Card Processing
End-to-End Encryption for Credit Card ProcessingLennon808
 
Key Things to Know About EMV
Key Things to Know About EMVKey Things to Know About EMV
Key Things to Know About EMVCorral Solutions
 
Smart card emv for dummies
Smart card emv for dummiesSmart card emv for dummies
Smart card emv for dummiesBACKSEATRIDER
 
EMV Migration Webinar / Lessons Learned + Next Steps
EMV Migration Webinar / Lessons Learned + Next StepsEMV Migration Webinar / Lessons Learned + Next Steps
EMV Migration Webinar / Lessons Learned + Next StepsIngenico Group
 
What is A Smart Card
What is A Smart CardWhat is A Smart Card
What is A Smart CardPhilip Andreae
 
So you want to be an EMV Issuer...
So you want to be an EMV Issuer...So you want to be an EMV Issuer...
So you want to be an EMV Issuer...Ainsley Ward
 
EMV Payments: Changes at the Point of Sale
EMV Payments: Changes at the Point of SaleEMV Payments: Changes at the Point of Sale
EMV Payments: Changes at the Point of Sale- Mark - Fullbright
 
A Practical Guide to EMV
A Practical Guide to EMVA Practical Guide to EMV
A Practical Guide to EMVUpserve
 
EMV Credit Card Technology in Parking
EMV Credit Card Technology in ParkingEMV Credit Card Technology in Parking
EMV Credit Card Technology in ParkingParking & Traffic Consultants
 
EMV Card Migration: How the EMV Transaction Flow Works
EMV Card Migration: How the EMV Transaction Flow WorksEMV Card Migration: How the EMV Transaction Flow Works
EMV Card Migration: How the EMV Transaction Flow WorksAnnMargaret Tutu (AMT)
 
7 Ways to Make EMV Easier / Webinar
7 Ways to Make EMV Easier / Webinar7 Ways to Make EMV Easier / Webinar
7 Ways to Make EMV Easier / WebinarIngenico Group
 
ATM(AUTOMATIC TELLER MACHINE)-HISTORY,TYPES, WORKING, STRUCTURE
ATM(AUTOMATIC TELLER MACHINE)-HISTORY,TYPES, WORKING, STRUCTUREATM(AUTOMATIC TELLER MACHINE)-HISTORY,TYPES, WORKING, STRUCTURE
ATM(AUTOMATIC TELLER MACHINE)-HISTORY,TYPES, WORKING, STRUCTURERadhika Venkat
 
secure electronics transaction
secure electronics transactionsecure electronics transaction
secure electronics transactionHarsh Mehta
 
Semi-Integrated Payments / A Simplified Approach to EMV & PCI
Semi-Integrated Payments / A Simplified Approach to EMV & PCISemi-Integrated Payments / A Simplified Approach to EMV & PCI
Semi-Integrated Payments / A Simplified Approach to EMV & PCIIngenico Group
 
Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)Syed Taimoor Hussain Shah
 
Atm technology and operations
Atm technology and operationsAtm technology and operations
Atm technology and operationsAnil Chaurasiya
 
Embedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment IndustryEmbedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment IndustryNarudom Roongsiriwong, CISSP
 

Contenu connexe

Tendances

Emv overview-payscape-2015 (1)
Emv overview-payscape-2015 (1)Emv overview-payscape-2015 (1)
Emv overview-payscape-2015 (1)Karina Khemani
 
End-to-End Encryption for Credit Card Processing
End-to-End Encryption for Credit Card ProcessingEnd-to-End Encryption for Credit Card Processing
End-to-End Encryption for Credit Card ProcessingLennon808
 
Key Things to Know About EMV
Key Things to Know About EMVKey Things to Know About EMV
Key Things to Know About EMVCorral Solutions
 
Smart card emv for dummies
Smart card emv for dummiesSmart card emv for dummies
Smart card emv for dummiesBACKSEATRIDER
 
EMV Migration Webinar / Lessons Learned + Next Steps
EMV Migration Webinar / Lessons Learned + Next StepsEMV Migration Webinar / Lessons Learned + Next Steps
EMV Migration Webinar / Lessons Learned + Next StepsIngenico Group
 
So you want to be an EMV Issuer...
So you want to be an EMV Issuer...So you want to be an EMV Issuer...
So you want to be an EMV Issuer...Ainsley Ward
 
EMV Payments: Changes at the Point of Sale
EMV Payments: Changes at the Point of SaleEMV Payments: Changes at the Point of Sale
EMV Payments: Changes at the Point of Sale- Mark - Fullbright
 
A Practical Guide to EMV
A Practical Guide to EMVA Practical Guide to EMV
A Practical Guide to EMVUpserve
 
EMV Card Migration: How the EMV Transaction Flow Works
EMV Card Migration: How the EMV Transaction Flow WorksEMV Card Migration: How the EMV Transaction Flow Works
EMV Card Migration: How the EMV Transaction Flow WorksAnnMargaret Tutu (AMT)
 
7 Ways to Make EMV Easier / Webinar
7 Ways to Make EMV Easier / Webinar7 Ways to Make EMV Easier / Webinar
7 Ways to Make EMV Easier / WebinarIngenico Group
 
ATM(AUTOMATIC TELLER MACHINE)-HISTORY,TYPES, WORKING, STRUCTURE
ATM(AUTOMATIC TELLER MACHINE)-HISTORY,TYPES, WORKING, STRUCTUREATM(AUTOMATIC TELLER MACHINE)-HISTORY,TYPES, WORKING, STRUCTURE
ATM(AUTOMATIC TELLER MACHINE)-HISTORY,TYPES, WORKING, STRUCTURERadhika Venkat
 
secure electronics transaction
secure electronics transactionsecure electronics transaction
secure electronics transactionHarsh Mehta
 
Semi-Integrated Payments / A Simplified Approach to EMV & PCI
Semi-Integrated Payments / A Simplified Approach to EMV & PCISemi-Integrated Payments / A Simplified Approach to EMV & PCI
Semi-Integrated Payments / A Simplified Approach to EMV & PCIIngenico Group
 

Tendances (20)

Emv Explained in few words
Emv Explained in few words Emv Explained in few words
Emv Explained in few words
 
emv-ebook
emv-ebookemv-ebook
emv-ebook
 
Emv overview-payscape-2015 (1)
Emv overview-payscape-2015 (1)Emv overview-payscape-2015 (1)
Emv overview-payscape-2015 (1)
 
Emv chip card buyers guide
Emv chip card buyers guideEmv chip card buyers guide
Emv chip card buyers guide
 
EMV: What you Need to Know
EMV: What you Need to KnowEMV: What you Need to Know
EMV: What you Need to Know
 
End-to-End Encryption for Credit Card Processing
End-to-End Encryption for Credit Card ProcessingEnd-to-End Encryption for Credit Card Processing
End-to-End Encryption for Credit Card Processing
 
Key Things to Know About EMV
Key Things to Know About EMVKey Things to Know About EMV
Key Things to Know About EMV
 
Smart card emv for dummies
Smart card emv for dummiesSmart card emv for dummies
Smart card emv for dummies
 
EMV Migration Webinar / Lessons Learned + Next Steps
EMV Migration Webinar / Lessons Learned + Next StepsEMV Migration Webinar / Lessons Learned + Next Steps
EMV Migration Webinar / Lessons Learned + Next Steps
 
What is A Smart Card
What is A Smart CardWhat is A Smart Card
What is A Smart Card
 
So you want to be an EMV Issuer...
So you want to be an EMV Issuer...So you want to be an EMV Issuer...
So you want to be an EMV Issuer...
 
EMV Payments: Changes at the Point of Sale
EMV Payments: Changes at the Point of SaleEMV Payments: Changes at the Point of Sale
EMV Payments: Changes at the Point of Sale
 
A Practical Guide to EMV
A Practical Guide to EMVA Practical Guide to EMV
A Practical Guide to EMV
 
EMV Credit Card Technology in Parking
EMV Credit Card Technology in ParkingEMV Credit Card Technology in Parking
EMV Credit Card Technology in Parking
 
EMV Card Migration: How the EMV Transaction Flow Works
EMV Card Migration: How the EMV Transaction Flow WorksEMV Card Migration: How the EMV Transaction Flow Works
EMV Card Migration: How the EMV Transaction Flow Works
 
7 Ways to Make EMV Easier / Webinar
7 Ways to Make EMV Easier / Webinar7 Ways to Make EMV Easier / Webinar
7 Ways to Make EMV Easier / Webinar
 
ATM(AUTOMATIC TELLER MACHINE)-HISTORY,TYPES, WORKING, STRUCTURE
ATM(AUTOMATIC TELLER MACHINE)-HISTORY,TYPES, WORKING, STRUCTUREATM(AUTOMATIC TELLER MACHINE)-HISTORY,TYPES, WORKING, STRUCTURE
ATM(AUTOMATIC TELLER MACHINE)-HISTORY,TYPES, WORKING, STRUCTURE
 
secure electronics transaction
secure electronics transactionsecure electronics transaction
secure electronics transaction
 
Semi-Integrated Payments / A Simplified Approach to EMV & PCI
Semi-Integrated Payments / A Simplified Approach to EMV & PCISemi-Integrated Payments / A Simplified Approach to EMV & PCI
Semi-Integrated Payments / A Simplified Approach to EMV & PCI
 
Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)
 

Similaire à Sploitego

Atm technology and operations
Atm technology and operationsAtm technology and operations
Atm technology and operationsAnil Chaurasiya
 
Embedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment IndustryEmbedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment IndustryNarudom Roongsiriwong, CISSP
 
EMV Vending Secure Card Reader and Payment Solution
EMV Vending Secure Card Reader and Payment SolutionEMV Vending Secure Card Reader and Payment Solution
EMV Vending Secure Card Reader and Payment SolutionStuart McGregor
 
Iiw13 identifying with_your_bank
Iiw13 identifying with_your_bankIiw13 identifying with_your_bank
Iiw13 identifying with_your_bankSteve Sidner
 
ELECTRONIC PAYMENT SYSTEM
ELECTRONIC PAYMENT SYSTEMELECTRONIC PAYMENT SYSTEM
ELECTRONIC PAYMENT SYSTEM60ml
 
Electronic payment system
Electronic payment systemElectronic payment system
Electronic payment system60ml
 
Embedded system in Smart Cards
Embedded system in Smart CardsEmbedded system in Smart Cards
Embedded system in Smart CardsRebecca D'souza
 
How do at ms work.ppt
How do at ms work.pptHow do at ms work.ppt
How do at ms work.pptNaveen Sihag
 
Credit Cards & Smart Cards - Darkside
Credit Cards & Smart Cards - DarksideCredit Cards & Smart Cards - Darkside
Credit Cards & Smart Cards - DarksideFilipe Mello
 
Hack in Cash out OWASP London
Hack in Cash out OWASP LondonHack in Cash out OWASP London
Hack in Cash out OWASP LondonPayment Village
 
The electronic payment systems
The electronic payment systemsThe electronic payment systems
The electronic payment systemsVishal Singh
 
EMV Unattended Secure Card Reader and Payment Solution
EMV Unattended Secure Card Reader and Payment SolutionEMV Unattended Secure Card Reader and Payment Solution
EMV Unattended Secure Card Reader and Payment SolutionStuart McGregor
 
Revisiting atm vulnerabilities for our fun and vendor’s
Revisiting atm vulnerabilities for our fun and vendor’sRevisiting atm vulnerabilities for our fun and vendor’s
Revisiting atm vulnerabilities for our fun and vendor’sOlga Kochetova
 
Prez ispay 2014_us
Prez ispay 2014_usPrez ispay 2014_us
Prez ispay 2014_usEmma Garnier
 
Magnetic stripe on the back of credit card
Magnetic stripe on the back of credit cardMagnetic stripe on the back of credit card
Magnetic stripe on the back of credit cardVaishnavi
 
The Long Road to EMV: An In-Depth Look at EMV and How It Will Impact IADs
The Long Road to EMV: An In-Depth Look at EMV and How It Will Impact IADsThe Long Road to EMV: An In-Depth Look at EMV and How It Will Impact IADs
The Long Road to EMV: An In-Depth Look at EMV and How It Will Impact IADskahunaworld
 
DZ CARD Group presentation 2016_Ahmed_ALI
DZ CARD Group presentation 2016_Ahmed_ALIDZ CARD Group presentation 2016_Ahmed_ALI
DZ CARD Group presentation 2016_Ahmed_ALIAhmed ALI
 
Understanding the Role of Hardware Data Encryption in EMV and P2PE
Understanding the Role of Hardware Data Encryption in EMV and P2PEUnderstanding the Role of Hardware Data Encryption in EMV and P2PE
Understanding the Role of Hardware Data Encryption in EMV and P2PEGreg Stone
 
Electronic Payment Fundamentals: When Tech Embracing Payment Industry
Electronic Payment Fundamentals: When Tech Embracing Payment IndustryElectronic Payment Fundamentals: When Tech Embracing Payment Industry
Electronic Payment Fundamentals: When Tech Embracing Payment IndustryGoutama Bachtiar
 

Similaire à Sploitego (20)

Atm technology and operations
Atm technology and operationsAtm technology and operations
Atm technology and operations
 
Embedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment IndustryEmbedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment Industry
 
EMV Vending Secure Card Reader and Payment Solution
EMV Vending Secure Card Reader and Payment SolutionEMV Vending Secure Card Reader and Payment Solution
EMV Vending Secure Card Reader and Payment Solution
 
Iiw13 identifying with_your_bank
Iiw13 identifying with_your_bankIiw13 identifying with_your_bank
Iiw13 identifying with_your_bank
 
ELECTRONIC PAYMENT SYSTEM
ELECTRONIC PAYMENT SYSTEMELECTRONIC PAYMENT SYSTEM
ELECTRONIC PAYMENT SYSTEM
 
Electronic payment system
Electronic payment systemElectronic payment system
Electronic payment system
 
Embedded system in Smart Cards
Embedded system in Smart CardsEmbedded system in Smart Cards
Embedded system in Smart Cards
 
How do at ms work.ppt
How do at ms work.pptHow do at ms work.ppt
How do at ms work.ppt
 
Credit Cards & Smart Cards - Darkside
Credit Cards & Smart Cards - DarksideCredit Cards & Smart Cards - Darkside
Credit Cards & Smart Cards - Darkside
 
Hack in Cash out OWASP London
Hack in Cash out OWASP LondonHack in Cash out OWASP London
Hack in Cash out OWASP London
 
The electronic payment systems
The electronic payment systemsThe electronic payment systems
The electronic payment systems
 
EMV Unattended Secure Card Reader and Payment Solution
EMV Unattended Secure Card Reader and Payment SolutionEMV Unattended Secure Card Reader and Payment Solution
EMV Unattended Secure Card Reader and Payment Solution
 
Revisiting atm vulnerabilities for our fun and vendor’s
Revisiting atm vulnerabilities for our fun and vendor’sRevisiting atm vulnerabilities for our fun and vendor’s
Revisiting atm vulnerabilities for our fun and vendor’s
 
Technical Challenges Facing e-Payment
Technical Challenges Facing e-PaymentTechnical Challenges Facing e-Payment
Technical Challenges Facing e-Payment
 
Prez ispay 2014_us
Prez ispay 2014_usPrez ispay 2014_us
Prez ispay 2014_us
 
Magnetic stripe on the back of credit card
Magnetic stripe on the back of credit cardMagnetic stripe on the back of credit card
Magnetic stripe on the back of credit card
 
The Long Road to EMV: An In-Depth Look at EMV and How It Will Impact IADs
The Long Road to EMV: An In-Depth Look at EMV and How It Will Impact IADsThe Long Road to EMV: An In-Depth Look at EMV and How It Will Impact IADs
The Long Road to EMV: An In-Depth Look at EMV and How It Will Impact IADs
 
DZ CARD Group presentation 2016_Ahmed_ALI
DZ CARD Group presentation 2016_Ahmed_ALIDZ CARD Group presentation 2016_Ahmed_ALI
DZ CARD Group presentation 2016_Ahmed_ALI
 
Understanding the Role of Hardware Data Encryption in EMV and P2PE
Understanding the Role of Hardware Data Encryption in EMV and P2PEUnderstanding the Role of Hardware Data Encryption in EMV and P2PE
Understanding the Role of Hardware Data Encryption in EMV and P2PE
 
Electronic Payment Fundamentals: When Tech Embracing Payment Industry
Electronic Payment Fundamentals: When Tech Embracing Payment IndustryElectronic Payment Fundamentals: When Tech Embracing Payment Industry
Electronic Payment Fundamentals: When Tech Embracing Payment Industry
 

Plus de London School of Cyber Security

How To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsHow To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsLondon School of Cyber Security
 
Website Impersonation Attacks. Who is REALLY Behind That Mask?
Website Impersonation Attacks. Who is REALLY Behind That Mask?Website Impersonation Attacks. Who is REALLY Behind That Mask?
Website Impersonation Attacks. Who is REALLY Behind That Mask?London School of Cyber Security
 
Changing the Mindset: Creating a Risk-Conscious Culture - Hacker Hotshots
Changing the Mindset: Creating a Risk-Conscious Culture - Hacker HotshotsChanging the Mindset: Creating a Risk-Conscious Culture - Hacker Hotshots
Changing the Mindset: Creating a Risk-Conscious Culture - Hacker HotshotsLondon School of Cyber Security
 

Plus de London School of Cyber Security (20)

The Panama Papers Hack
The Panama Papers HackThe Panama Papers Hack
The Panama Papers Hack
 
ISIS and Cyber Terrorism
ISIS and Cyber TerrorismISIS and Cyber Terrorism
ISIS and Cyber Terrorism
 
Silk Road & Online Narcotic Distribution
Silk Road & Online Narcotic DistributionSilk Road & Online Narcotic Distribution
Silk Road & Online Narcotic Distribution
 
Ashely Madison Hack
Ashely Madison HackAshely Madison Hack
Ashely Madison Hack
 
How To Protect Your Website From Bot Attacks
How To Protect Your Website From Bot AttacksHow To Protect Your Website From Bot Attacks
How To Protect Your Website From Bot Attacks
 
How To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsHow To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and Forensics
 
How To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and TrainingHow To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and Training
 
Advanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA EnvironmentsAdvanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA Environments
 
What Everybody Ought to Know About PCI DSS and PA-DSS
What Everybody Ought to Know About PCI DSS and PA-DSSWhat Everybody Ought to Know About PCI DSS and PA-DSS
What Everybody Ought to Know About PCI DSS and PA-DSS
 
Building an Effective Cyber Intelligence Program
Building an Effective Cyber Intelligence ProgramBuilding an Effective Cyber Intelligence Program
Building an Effective Cyber Intelligence Program
 
Crowdsourced Vulnerability Testing
Crowdsourced Vulnerability TestingCrowdsourced Vulnerability Testing
Crowdsourced Vulnerability Testing
 
Memory forensics and incident response
Memory forensics and incident responseMemory forensics and incident response
Memory forensics and incident response
 
Gauntlt Rugged By Example
Gauntlt Rugged By ExampleGauntlt Rugged By Example
Gauntlt Rugged By Example
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?
 
Website Impersonation Attacks. Who is REALLY Behind That Mask?
Website Impersonation Attacks. Who is REALLY Behind That Mask?Website Impersonation Attacks. Who is REALLY Behind That Mask?
Website Impersonation Attacks. Who is REALLY Behind That Mask?
 
Legal Issues in Mobile Security Research
Legal Issues in Mobile Security ResearchLegal Issues in Mobile Security Research
Legal Issues in Mobile Security Research
 
Blind XSS
Blind XSSBlind XSS
Blind XSS
 
Changing the Mindset: Creating a Risk-Conscious Culture - Hacker Hotshots
Changing the Mindset: Creating a Risk-Conscious Culture - Hacker HotshotsChanging the Mindset: Creating a Risk-Conscious Culture - Hacker Hotshots
Changing the Mindset: Creating a Risk-Conscious Culture - Hacker Hotshots
 
Sploitego
SploitegoSploitego
Sploitego
 
Bulletproof IT Security
Bulletproof IT SecurityBulletproof IT Security
Bulletproof IT Security
 

Dernier

SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxThe byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxShobhayan Kirtania
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 

Dernier (20)

SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxThe byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 

Sploitego

  • 1. Modern payments security: EMV, NFC, etc.? Nikita Abdullin @0xABD nabdullin@gmail.com 14.05.2013 Hacker Hotshots
  • 2. About me • Not a black khat :) • I’ve been implementing payment cards processing for the last 5 years • Russian DEFCON group DCG #7812 member • PhD undergrad in InfoSec
  • 3. Modern payments security: EMV, NFC, etc.? Intro: Payment Cards The EMV standard Attacks on EMV Intro: NFC EMV & NFC = ? Attacks on EMV & NFC Future
  • 4. Modern payments security: EMV, NFC, etc.? Intro: Payment Cards The EMV standard Attacks on EMV Intro: NFC EMV & NFC = ? Attacks on EMV & NFC Future
  • 5. Intro: Payment cards • What will we cover today: – Payment technologies from the real world • EMV (Europay, MasterCard and Visa) – EMV-enabled integrated circuit cards & terminals • NFC (Near Field Communication) – Payment applications of NFC • EMV + NFC = ? – Attacks and countermeasures • Classification • Known vectors • New vectors
  • 6. Intro: Payment cards • Why talk about it? – Real-world means: • Financial institutes – obscure and weird • Ubiquity • Hardware • Attacks in space and time – Strict standardization – Purely virtual payment technologies are all different and rapidly changing • Anyone can implement his own – And we are talking about serious business
  • 7. Intro: Payment cards • Nilson Report, 2011, 2012 – The total number of purchases on all major worldwide card issuers (American Express, Diners Club, JCB, MasterCard, UnionPay and Visa) increased to a total of 135.33 billion, up 12.1 percent from 2010 on an additional 14.56 billion transactions, the report said. – By 2011, 13.45 billion payment cards worldwide – By 2016? 18.28 billion payment cards worldwide
  • 8. Intro: Payment cards • As of early 2011, 1.2 billion EMV cards were deployed across the globe along with 18.7 million EMV terminals (via IBID) • Over 1.75 billion smartphones sold by 2012 (via Gartner) • By 2014, 44% of smartphones will be NFC- compatible (via NFC Forum) • More than 975 million contactless payment cards were shipped in 2012 (23% of all smart payment cards) (via Smart Payment Association)
  • 9. Intro: Payment cards • History – Origins: 1890s – Appearance: 1920s – Popularity: Mid XX century – 1950: Diners Club – 1958: American Express – 1958: Bank of America BankAmericards (now Visa) – 1966: InterBank Card Association (now MasterCard) – 1967: Cash dispencer – 1969: First ATM and magnetic stripe
  • 10. Meet the Card Gentlemen, do you know what this thing is?
  • 11. Card standards • Standards family ISO/IEC 781X • 7810: Physical characteristics of credit card size document • 7811-1: Embossing • 7811-2: Magnetic stripe–low coercitivity • 7811-3: Location of embossed characters • 7811-4: Location of tracks 1 & 2 • 7811-5: Location of track 3 • 7811-6: Magnetic stripe-high coercitivity • 7813: Financial transaction cards
  • 12. Card exterior Front: PAN(4), expiry date(6), Cardholder name(7) Back: Magnetic stripe (1), cardholder signature(2), CVV2 (2)
  • 13. PAN • PAN Personal Account Number – From 13 to 19 digits – First 4 to 6 digits = BIN • Bank identification number – Last digit is a checksum digit (Luhn digit) • Checksum is calculated with Luhn algorithm
  • 14. Magnetic Stripe • LoCo (Low coercitivity) • HiCo (High coercitivity) • Tracks – Track 1: – Track 2: – (Track 3) – mostly unused
  • 15. Magnetic Stripe Data entity Track 1 Track2 PAN + + Cardholder name + Expiry date + + Service code + + Discretionary data: PVKI + + PVV + + CVC-1 (CVV-1) + +
  • 16. Meet the Terminal • Terminal types: – ATM (Automated Teller Machine) – POS (Point Of Sale) – Imprinter – Others • SSD
  • 17. Terminal Hardware • All devices: – Card Reader – PED (PIN Entry Device) – Receipt printer – Screen • ATM: – Note cassettes inside a safe box – Note dispencer – (Note acceptor)
  • 18. Payment Systems • Why? – If N banks around the world want to accept each other’s cards, how many connections they would need? (Hint: ) • IPS bring standards & interoperability – Each IPS defines its own protocols and procedures • Direct connections are also used – Member bank connects directly to the IPS – Affiliates connect to the Member – IPS can act as an acquirer for the largest retailers 2 )1( NN
  • 22. Payment Systems • Notable IPS (International Payment Systems) – Visa – MasterCard (MC) – Japan Credit Bureau (JCB) – Diners Club (DC) – American Express (AMEX) – China Union Pay (CUP)
  • 23. Cryptography & Security • Plastic – Holograms – Watermarks • Cryptography – DES (Replaced by DES) – 3DES • 3DES, mode: EDE, 2 keys: ABA
  • 24. Cryptography & Security • Cardholder Authentication (Verification) – PIN – PVK (PIN Verification Key) – PVV (PIN Verification Value) – PVV = ENC(PVK)[f(PAN, PIN)] by issuer • Card Authentication (Verification) – CVV/CVC and CVV2/CVC2 – CVK (Card Verification Key) – CVV = ENC(CVK)[f(PAN || ExpDate || SvcCode)] by issuer – CVV2 = ENC(CVK)[f(PAN || ExpDate || ‘000’)] by issuer
  • 25. Cryptography & Security • Encryption – PEK (PIN Encryption Key) – TPK (Terminal PIN Key) – TMK (Terminal Master Key) – Domain encryption • ZMK/ZCMK (Zone (Control) Master Key) • AWK (Acquirer Working Key) • IWK (Issuer Working Key) – Proprietary measures • MAC by terminal • Transport-level encryption
  • 26. Cryptography & Security • HSM (Host Security Module) – Host command interface – Console admin interface • Smart cards for security officer authetication and master key storage – PKCS#11 API – LMK (Local Master Key) – Standards compliance • FIPS 140-1, FIPS 140-2/140-3 • PIN Printer – A secure printer directly connected to HSM
  • 27. Processing cycle • Cardholder – Receive a card and sign it manually – Open PIN Envelope, read it and burn it • Issuer – Personalization – Embossing – Encoding – Issuer’s Host software • Authorization processing • Presentment processing • Card – Card is just a static read-only piece of plastic
  • 28. Processing cycle • Acquirer – Manages terminals and provides services to merchants – Acquirer’s host software • Authorization processing • Presentment processing • Terminal – Reads card – Talks to acquirer’s host
  • 29. Processing cycle • Transaction phases – Authorization – Clearing – Settlement – Dispute resolution
  • 30. Authorization • Terminal reads card • If cardholder enters PIN: – Terminal calculates a PIN Block inside PED – PIN Block is encrypted under corresponding TPK • Auth message is sent to Acquirer’s host • Acquirer processes it and sends to IPS • IPS processes it and sends to Issuer • Issuer approves or rejects it and sends the answer back
  • 31. Clearing • Terminal reconciliation • Acquirer demands satisfaction from the issuer and sends the clearing presentments through the IPS • IPS processes them and sends them to the Issuer • Issuer may not respond, money transfer is automatically performed at the next stage
  • 32. Settlement • All parties settle their financial positions through the IPS – Consolidated funds transfer
  • 33. Dispute resolution • Presentment: Original Sale • First Chargeback: A customer disputes a charge to his or her credit card company or bank and the bank responds with a retrieval request to dispute the transaction. • Second Presentation or Re-presentment: This is when the merchant has an opportunity to respond to the first chargeback. • Second Chargeback: If the second presentment is rejected by the cardholder, the issuing bank files a second chargeback. • IPS Arbitration: IPS staff handle the case manually
  • 34. Data transfer • ISO 8583 Standard – Binary protocol – Presence of a fields is determined by bitmap • N x 64-bit bitmaps – Fields may be fixed or variable – Data may be encoded in raw binary, ASCII, BCD, etc. • The same for variable fields length
  • 35. Terminal protocols • Terminals usually talk to acquirer’s host in their special protocols – ATM – POS – SSD • But some are built over ISO8583
  • 36. Transaction types • ATM • Retail • CNP Retail • Note Acceptance • Special – Balance request – PIN Set/PIN Change – Address Verification
  • 37. Fraud • PAN + Exp Date + CVV2 = enough for CNP fraud – CNP Fraud • Skimming – Cloning of magstripe with and w/o stealing the PIN – Clone is identical to the original card – http://www.google.com/trends/explore?#q=skimming • Other methods
  • 40. Advances & countermeasures • DUKPT – Derived Unique Key Per Transaction • Anti-skimming – Terminal-only – Card and terminal • Magstipe is analog, not digital • e-commerce – (SET) – 3-D Secure • Finally, smart cards (ICC)
  • 42. Modern payments security: EMV, NFC, etc.? Intro: Payment Cards The EMV standard Attacks on EMV Intro: NFC EMV & NFC = ? Attacks on EMV & NFC Future
  • 43. The EMV standard • What? – A protected microcontroller inside a card – Since 1993 • Why? – New interactive products – Liability Shift • The Four Books – ICC to Terminal Interface – Security and Key Management – Application Specification – Other Interfaces • ISO 7816
  • 44. The EMV standard • What does the card use: – DES/3DES – RSA – SHA-1 • What does the card have: – Several kilobytes of EEPROM – Firmware • Java Card • MultOS • … – 1 Serial I/O port and a system of commands
  • 45. The EMV standard • EMV card lifecycle – EMV Personalization • Pre-personalization – Card is interactive • During transaction – The card is powered on and the card makes the decision • New cardholder authentication methods – Biometrics • Issuer scripts and data storage for dynamic decisions – Counters – Card-level risk management
  • 46. EMV basics • ISO/IEC 7816 – a family of standards for smart cards with contacts • Physical specs • I/O • Files • Commands • Applications
  • 47. Physical specs • One serial I/O port • External power • External clock and reset • 6 meaningful contact pads and 2 unused • Contact dimensions and layout match the well-known SIM cards – Actually, there are SIM cards with EMV onboard :)
  • 49. Physical specs • Voltage: 3 classes of operation – A – B – C
  • 50. I/O • Insertion of the ICC into the IFD – connection and activation of the contacts. • Reset of the ICC – establishment of communication between the terminal and the ICC. • Execution of the transaction(s). • Deactivation of the contacts and removal of the ICC
  • 51. I/O • Contact activation – Vcc level validation for 200 cycles • ICC Reset – Cold • > 200 cycles and pull up RST – Warm • > 200 cycles, pull down RST, > 200 cycles, pull up RST
  • 52. I/O Rx (Card to Terminal) Tx (Terminal to Card)
  • 53. Files • All data on card is stored as records listed in files • Mandatory – Application Expiry Date – Application Primary Account Number (PAN) – Card Risk Management Data Object List 1 (CDOL1) – Card Risk Management Data Object List 2 (CDOL2) • Application Elementary Files – Referenced by SFI – Contain only BERTLV data objects
  • 54. Commands • Command APDU – CLA = Class Byte of the Command Message – INS = Instruction Byte of Command Message – P1 = Parameter 1 – P2 = Parameter 2 • Command is a N-byte string
  • 55. Response • Response APDU – Status bytes • SW1 • SW2 • Response is a byte string too :)
  • 56. Commands • APPLICATION BLOCK (post-issuance command) • APPLICATION UNBLOCK (post-issuance command) • CARD BLOCK (post-issuance command) • EXTERNAL AUTHENTICATE – verify a cryptogram • GENERATE APPLICATION CRYPTOGRAM • GET CHALLENGE • GET DATA • GET PROCESSING OPTIONS • INTERNAL AUTHENTICATE – calculation of SDA • PIN CHANGE/UNBLOCK (post-issuance command) • READ RECORD • VERIFY – verify PIN data
  • 57. EMV crypto primitives • MKAC that it shares with the issuer, derived from the issuer’s master key MKI . • Session key SKAC can be computed, based on the transaction counter. • The issuer has a public-private key pair (PI , SI), and the terminal knows this public key PI • Cards that support asymmetric crypto also have a public-private key pair (PIC , SIC ).
  • 58. EMV Transaction Flow • Initialization • Card/Data authentication – optional • Cardholder verififcation – optional • Actual transaction step A very nice presentation at 29C3 by Tim Becker “A rambling walk through an EMV transaction” http://events.ccc.de/congress/2012/Fahrplan/events/5237.en.html
  • 59. Initialization • Command flow – T → C: SELECT APPLICATION – C → T: [PDOL] – T → C: GET PROCESSING OPTIONS [(data specified by the PDOL)] – C → T: (AIP, AFL) – Repeat for all records in the AFL: – T → C: READ RECORD (i) – C → T: (Contents of record i) • Return AFL and AIP
  • 60. Card/Data authentication • SDA (Static Data Authentication) – Card provides Signed Static Application Data (SSAD) • DDA (Dynamic Data Authentication) – SDA + Sign(SIC)[ICC Dynamic Data, Hash(ICC Dynamic Data, data specified by DDOL)] • CDA (Combined Data Authentication) – SDAD = Sign(SIC)[nonce_IC , CID, AC, TDHC, H(nonce_IC , CID, AC, TDHC, nonce_Terminal].
  • 61. Cardholder verification • CVM (Cardholder Verification Methods) – CVM List • Online PIN – the bank checks the PIN • Offline plaintext PIN – the chip checks the PIN – PIN is transmitted to the chip in the clear form • Offline encrypted PIN – chip checks the PIN – PIN is encrypted before it is sent to the card
  • 62. Offline plaintext PIN • T → C: VERIFY(pin) • C → T: Success/ (PIN failed, tries left) / Failed
  • 63. Offline encrypted PIN • T → C: GET CHALLENGE • C → T: nonce_IC • T → C: VERIFY(Encrypt (PIC)[PIN, nonce_IC , random padding]) • C → T: Success/ (PIN failed, tries left) / Failed
  • 64. Transaction step • Offline – card sends a Transaction Certificate (TC) • Online – card sends an Authorization Request Cryptogram (ARQC) – If issuer approves, card sends a TC • If card itself refuses – Card provides Application Authentication Cryptogram (AAC)
  • 65. Modern payments security: EMV, NFC, etc.? Intro: Payment Cards The EMV standard Attacks on EMV Intro: NFC EMV & NFC = ? Attacks on EMV & NFC Future
  • 66. Attacks on EMV • Classification – Hardware vs. Software – Active vs. Passive – Intrusive vs. Non-intrusive – By localization: – By methods used
  • 67. Attacks on EMV • Classification – By localization: • Malicious card • Malicious terminal • MITM
  • 68. Attacks on EMV • Classification – By methods used • Communication lines eavesdropping & tampering • Purely cryptoanalytical methods • Fault attacks • Side-channel attacks – Power analysis » SPA (Single Power Analysis) » DPA (Differential Power Analysis) » DFA (Differential Fault Analysis) – TAA (Timing Analysis Attack) • Social Engineering
  • 69. Known vectors • “Fallback” to magstripe = magstripe-only cloning • Relay attacks • Replay attacks (“YES”-cards = clones of SDA card) • MITM (Wedge) with CVM list downgrade • Pre-play attack • Joint encryption and signature • Fault analysis • Power analysis • Attacking HSM's
  • 70. MITM (Wedge) with CVM list downgrade • Terminal might not check if authentication method is the same that the card approved – Only auth result is signed • Make the card think it was a signature-based transaction • Make the terminal think it was a PIN-based transaction • Easily prevented – by correct terminal software • Detected at host
  • 71. Pre-play attack • Bond et al., Cambridge, 2012 • Random nonce sent by terminal? • In reality it is not so random – Older implementations • So a MITM device can gather a lot of cryptograms for known nonces • Then just predict when a gathered cryptogram will be correct for a known future nonce and use it with fake transaction data
  • 72. Joint encryption and signature attack • Degabriele et al., CT-RSA 2012 • CDA cards • Offline transaction, card verifies PIN • Utilize known padding of encrypted EMV data – Bleichenbacher attack on RSA • Same RSA keypair used for signature and encryption
  • 73. Joint encryption and signature attack
  • 74. Fault analysis • Coron et al., CT-RSA 2010 • Currently CRT (Chinese Remainder Theorem) is used to reduce computational load on signer in RSA implementations – From mod N to mod p and mod q – Fault induced on one computation of two – “CJKNP” attack on RSA, 2009 • Partially unknown plaintexts • Consider EMV DDA: – Signed data includes partially known ASN.1 header – Attack uses orthogonal lattice techniques – Attack requires 10 faulty signatures to factor N under 1 second
  • 75. Attacking HSM’s • EMV introduced new crypto primitives to be implemented on existing, non-flexible systems with decades of backward compatibility – The new crypto functions may have been implemented improperly • An attack by Ben Adida et al. and Ron Rivest (2005) on 3DES CBC MAC – Inject chosen plaintext in the MAC’ed message – Disclose encryption key – Two implementations • IBM 4758 • Thales RG7000 • Modern systems are not vulnerable
  • 76. Countermeasures • Technical – Improve terminal software (!) – Improve host software – Improve personalization restrictions • Obey payment systems’ regulations – Distance Bounding • Saar Drimer and Steven J. Murdoch, Cambridge – Cardholder self-defence • Steven J. Murdoch, Cambridge • Invent an "Electronic attorney“ – legitimate cardholder’s shim (!?) • Organizational – Verify from the business level – Improve standards coverage
  • 77. Future • Elliptic curves – ECIES (ISO/IEC 18033-2) for PIN – EC-DSA / EC-Schnorr (ISO/IEC 14888-3:2006) for signatures • More complex chip applets – More authentication schemes • Interactive cards with keyboard and display – More bugs? • Faster and more expensive ICC chips – Stronger crypto – Difficult and less practical hardware attacks (e.g. DPA)
  • 78. Modern payments security: EMV, NFC, etc.? Intro: Payment Cards The EMV standard Attacks on EMV Intro: NFC EMV & NFC = ? Attacks on EMV & NFC Future
  • 79. Intro: NFC • RFID – Radio Frequency Identification technologies – LF (Low frequency) • 125 KHz • 134 KHz – HF (High frequency) • 13.56 MHz – NFC » ISO/IEC 18092 (ECMA-340) » ISO/IEC 14443 » ISO/IEC 15693 – Others
  • 80. NFC • NFC Devices – Tags – Smart cards – Readers – Mobile devices • NFC Security – NFC Ready and NFC Secure – Secure Element – Authentication – Encryption
  • 81. NFC Data Transfer • NFC Roles by RF field source: • NFC Roles by protocol: Device A Device B Description Active Active RF field is generated by the device that sends data at the moment Active Passive RF field is generated by Device A only Passive Active RF field is generated by Device B only Initiator Target Active Possible Possible Passive Not Possible Possible
  • 82. NFC Device Modes of Operation • Data exchange (P2P – NFC peer-to-peer) – Duplex data exchange – WiFi, Bluetooth, P2P Payment, Contacts, vCards, … • Reader/Writer mode (PCD – Proximity Coupling Device) – Mobile device reads tags/smartcards – WiFi Config, media linking • Tag emulation (PICC – Proximity Card) – Reader cannot distinguish between smartcard & tag emulation – Handset may contain/emulate multiple smartcards (smartcard chips)
  • 83. NFC Security • Eavesdropping is easy (up to 10 meters in active mode) • DoS is easy • Datastream modification is possible • MITM is possible using full relay (when Alice and Bob can not talk to each other at all) – No NFC shims, unless some RF-shielding nano-materials appear :) – A fast relay is a practical attack both for eavesdropping and data tampering • Secure element • Additional levels of security are out of scope of NFC standards – Proprietary implementations
  • 84. Secure element • Smart Card Alliance: “The secure element (SE) is a secure microprocessor (a smart card chip) that includes a cryptographic processor to facilitate transaction authentication and security, and provide secure memory for storing payment applications (e.g., American Express, Discover, MasterCard, Visa and other payment applications). SEs can also support other types of secure transactions, such as transit payment and ticketing, building access, or secure identification.”
  • 85. Secure element • Secure elements in consumer devices – Contactless smart card – NFC SIM card + Handheld device • RF interface on handheld • Integrated RF interface • Flexible antenna – NFC SD Card + Handheld device • RF interface on handheld • Integrated RF interface – SE Embedded in a chip in a handheld device • RF interface on handheld
  • 86. NFC Security • Secure Element is as secure as a regular (contactless) smartcard – Same security features – Same weaknesses • Side channels – Main weakness: Relay attack • Cannot be prevented by application-layer cryptographic protocols • Timing requirements by ISO 14443 are too loose to prevent relay over longer channel – Real devices may be even more relaxed to produce less timeouts in real life for the customers
  • 87. NFC Reality • Mifare – Proprietary near-ISO compliant cards by Philips (NXP) – Worldwide deployment • European transport: subways, intercity trains... • Asia, South America, ... • Ski passes at modern ski resorts • ... finally, Moscow & Saint-Petersburg subway tickets
  • 88. NFC Reality • Mifare security – MIFARE Ultralight – no encryption – Mifare Classic • Uses a weak crypto algorithm “Crypto-1”, 48-bit key • First attacks in 2000’s • Algorithm fully reverse-engineered from chip by 2008 – Insecure, minutes to retrieve secret key and fully clone card – Mifare DESFire • 3DES / AES • Successful DPA attack on 3DES Mifare DESFire in 2011
  • 89. NFC Reality • Vulnerable smartphones – Various • Attacks on NFC P2P • JSR-177 – Android • Currently deployed custom stacks and drivers • Linux standard NFC stack • Userland vulnerabilites on handling NFC data
  • 90. Modern payments security: EMV, NFC, etc.? Intro: Payment Cards The EMV standard Attacks on EMV Intro: NFC EMV & NFC = ? Attacks on EMV & NFC Future
  • 91. EMV & NFC = ? • EMV & NFC = ? – EMV-compliant chip is a secure element – So we have contactless payment cards: • Visa PayWave • MasterCard PayPass • etc. – Mostly: dual interface (contacts + coil) for backward compatibility (some even have magstripe) – Personalized by contact and contactless interfaces alike – New threats
  • 92. EMV & NFC = ? • Low-amount payments with little to no cardholder verification – Local transport tickets – Small retail purchases – Even cash withdrawal – … • An EMV card embedded inside a smartphone – Total payment convergence – Smartphone’s screen provides user interface – Multi-application EMV
  • 93. Modern payments security: EMV, NFC, etc.? Intro: Payment Cards The EMV standard Attacks on EMV Intro: NFC EMV & NFC = ? Attacks on EMV & NFC Future
  • 94. Attacks on EMV & NFC • Known vectors – PAN Gathering for subsequent CNP online fraud • Fake point-of-sale device – Relay attacks • Two NFC-enabled smartphones • New vectors – Power analysis – Smartphones
  • 95. Known vectors • PAN Gathering for subsequent CNP e- commerce fraud – Fake point-of-sale device, e.g. selling candies – Customers pays with his card – Card details are used in CNP e-commerce fraud • Relay attacks – Two NFC-enabled smartphones – Implements known EMV attacks using the relay
  • 96. New vectors • Power analysis – Card draws power from the same RF field that is used for data transfer – However, EMV chips are generally more secure than low-cost NFC solutions • Smartphones – Direct access to secure element – Consider all those rooted Androids…
  • 97. Modern payments security: EMV, NFC, etc.? Intro: Payment Cards The EMV standard Attacks on EMV Intro: NFC EMV & NFC = ? Attacks on EMV & NFC Future
  • 98. Future • Industry strengths – Security by obscurity • Industry weaknesses – Security by obscurity • New technology – Stronger cryptography • Perspectives – EMV – NFC – etc.?