Understanding Security APIs - CrySyS Lab
Understanding Security APIs - CrySyS Lab
Understanding Security APIs - CrySyS Lab
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Chapter 3<br />
Origins of <strong>Security</strong> API Attacks<br />
This chapter summarises the history of discovery and publication of API attacks<br />
on HSMs. It explains what an API attack is, how the attacks were discovered, and<br />
shows the core ideas behind them. The attacks described have been built up into<br />
the toolkit described in section 7.2. For simplicity, the story of their discovery is<br />
told only in the context of financial security systems, though the same techniques<br />
have been successfully applied to a range of other non-financial applications.<br />
3.1 Early <strong>Security</strong> API Failures<br />
Anderson was one of the first to introduce hardware security module failures to<br />
the academic community. After spending a number of years working in financial<br />
security, in 1992 he became involved in a class action law suit in the UK, pertaining<br />
to so-called ‘phantom withdrawals’: unexplained losses of money from customer<br />
accounts. Anderson condensed much of his understanding into an academic paper<br />
“Why Cryptosystems Fail” [3]. This paper focussed on the known failure modes<br />
of ATM banking systems, including several procedural and technical failures in the<br />
use of security modules. A cryptographic binding error was typical of the failures<br />
Anderson described:<br />
“One large UK bank even wrote the encrypted PIN to the card strip. It took the criminal<br />
fraternity fifteen years to figure out that you could change the account number<br />
on your own card’s magnetic strip to that of your target, and then use it with your<br />
own PIN to loot his account.”<br />
However, the paper stopped short of including a description of what we would nowadays<br />
call an API attack. Several years later, Anderson described in “Low Cost Attacks<br />
on Tamper Resistant Devices” [6], an incident where a dangerous transaction<br />
was deliberately added to a security module API.<br />
Many banks at the time calculated customer PINs by encrypting the customer’s<br />
Primary Account Number (PAN) with a secret key, then converting the resulting<br />
21