Understanding Security APIs - CrySyS Lab
Understanding Security APIs - CrySyS Lab
Understanding Security APIs - CrySyS Lab
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
• Procedural control bypass. Procedural controls can be subtly modified to allow<br />
key material change or discovery by one or a few of the authorised parties<br />
in collusion. They can only be completely bypassed by targeting weak links<br />
further up the chain. For instance, older banking HSMs use key switches<br />
for authorisation. If there is a reissue procedure for lost keys, a requisition<br />
form could be forged by the attacker, completely bypassing the rest of the<br />
procedures protecting the bank’s legitimate copy.<br />
• Key material discovery. Occasionally gross misunderstandings of the secrecy<br />
requirements on key components are made. There are reports of key components<br />
being stored in public correspondence files [3], instead of being destroyed<br />
after use. An attacker could exploit a failure such as this to discover a transport<br />
key, and unpick the rest of the system from there.<br />
• Brute force cryptographic attacks. Older bank systems still using DES are<br />
nowadays vulnerable to brute force key material guessing attacks. Insiders<br />
with HSM access may be able to use techniques such as a meet-in-the-middle<br />
attack (see section 7.2.2) to bring the key search within range of a desktop<br />
PC. Outsiders may need to invest roughly £10000 to build equipment that<br />
can crack DES keys in a reasonable time period.<br />
• Falsely disputed transactions. Every bank customer has a simple strategy<br />
available to defraud the bank – make some ATM withdrawals outside their<br />
normal pattern of usage, and claim they are phantoms. This strategy relies<br />
upon the legal precedent making customer reimbursement likely.<br />
• HSM vulnerability disclosure. Discovering and disclosing vulnerabilities without<br />
ever being in a clear position to exploit them can support goals of extortion<br />
and blackmail.<br />
4.2 Electronic Payment Schemes<br />
The existing electronic payment schemes based on magstripe cards have used HSMs<br />
for some time to protect communications links between banks, and to hold keys<br />
which are used to verify the genuineness of a card presented to a Point of Sale<br />
(POS) machine (using the CVV values). These contain secure microcontrollers such<br />
as the Dallas DS5002. In large supermarkets and chain stores, HSMs may also<br />
be used as concentrators for networks of tills handling card and PIN information.<br />
HSMs are also an integral part of the back-end systems at banks which process these<br />
transactions, preventing operations centre employees from exploiting their positions.<br />
The EMV standard is currently being rolled out, which aims to replace current<br />
magstripe technology with PIN on chip smartcards. The EMV standard is named<br />
after the three member organisations that created it: Europay, Mastercard and<br />
33