Monday, November 30, 2009

Breaking The SmartCard Payment Security System

In the recent years, there has been a huge amount of development within e-commerce industry. One of the remarks to secure POS(point of sale) and other electronic payments is to use SmartCard Payment System (Chip & PIN technology). Its simple procedure allow customers to insert contact-smartcard at any POS and enter the PIN code into PED (Pin Entry Device) before authorizing the transaction.

SmartCard Protocol

1. Card To PED
Cardholder details captured (cardholder name, account, expiry, CVC, etc) and other magnetic strip information.

2. PED Display
Transaction description (currency type, value) and PIN entered by customer.

3. Final Authorization
PIN verification results and authorization code.

For this protocol standard to work securely, it is required to develop PED being tamper proofed. This foundation has been forced and practiced widely by VISA, EMV, PCI and APACS (UK). The evaluation of PED is then performed by well-established standards such as "Common Criteria".

Protection Measures and Possible Tampering

Tampered Switches within PED

Dione Xtreme

Ingenico i3300

Tamper Resistance

As of the current protection mechanisms deployed under PED help banks to secure their keys but not the actual customer details. Cardholder details including PIN code are sent unencrypted between card and PED. Thus, if a fraudster intercept these details a fake or clone of the card can be used to withdraw cash on ATMs worldwide depending on the capability of card type and issuer. Following are the key points highlighting weaknesses from the past done by various researchers.

-Loop holes in the tamper mesh allows commnication to be intercepted. Such that an easily accessible compartment can hide a recording device.

-Dione PED is vulnerable to route the card details outside resistance controller. A customized FPGA design can be used to capture the data.
-The relay attack scenario.


Root Causes For SmartCard Security Failure

-Engineering Challanges: 3,662 pages of Visa Chip & PIN specifications.
-Economic Incentives: Standard PED security works well to protect bank keys but customer's PIN left vulnerable.
-Certification Failure: PED passed its necessary certification requirements despite of the technical/design flaws mentioned above.


Security Measures

-PED design can be improved but the smartcard communication with PED is inherently difficult to protect.
-Encrypted PIN verification is mandatory and the copy of magnetic strip data should never be stored on the chip.
-Banks can improve the security but are not responsible for any fraud, putting liability on banks correct the incentives.
-Protocol designers making unrealistic assumptions of tamper resistance can put the bank customers at risk of fraud.