Understanding Security APIs - CrySyS Lab
Understanding Security APIs - CrySyS Lab
Understanding Security APIs - CrySyS Lab
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Figure 3.1: The RG7000 Hardware <strong>Security</strong> Module<br />
3.2.1 XOR to Null Key Attack<br />
Until recently ATMs had to support offline operation, so when banks set up new<br />
ATMs, they needed a way to securely transfer the PIN derivation keys used to<br />
calculate customer PINs from PANs. The VSM used a system of dual control to<br />
achieve this. The idea was that two service engineers would each take one component<br />
of a master key to the ATM, and enter it in. Once both components were entered,<br />
the ATM could combine the components using the XOR function. The resulting<br />
‘Terminal Master Key’ (TMK) would be shared with the VSM and could be used<br />
for communicating all the other keys. A transaction was first run twice at the VSM<br />
to generate the components:<br />
HSM -> Printer : TMK1 (Generate Component)<br />
HSM -> Host : { TMK1 }Km<br />
HSM -> Printer : TMK2 (Generate Component)<br />
HSM -> Host : { TMK2 }Km<br />
The VSM only had very limited internal storage, yet there might be many different<br />
ATMs it needed to hold keys for. The paradigm of working with encrypted keys<br />
evolved: instead of keeping keys internally, the VSM only held a few master keys,<br />
and other keys were passed in as arguments to each transaction encrypted under one<br />
of these master keys. So, in response to the above transaction, the VSM returned an<br />
encrypted copy of the component to the host computer, encrypted under its master<br />
key, Km (and of course printed a clear copy onto a special sealed mailer for the<br />
23