|
Chip and PIN is Broken!
Chip used in new credit cards, etc. has been broken by Ross Anderson and
his lads at Cambridge. Hell, I have one of these (my Visa card). Chip and PIN is Broken http://www.cl.cam.ac.uk/research/sec...nd10chipbroken Incidentally, I'd still hate these type of credit cards even if the chip were invulnerable. The PIN now effectively takes the place of a signature. But digital signatures are a curse - they cause a gigantic shift from traditional written signatures. Under the law regarding written signatures as it has stood for centuries everywhere, it is the person *relying* on the signature who must validate it and who therefore takes the hit if it is a forgery, etc. With digital signatures (as the PIN effectively is) the burden shifts from the recipient to the *issuer* - an outrageous proposition, but one that banks, etc. love. Regards, PS It's now up to *me* to prove that some frudulent use of my new chipped card is indeed fraudulent. But if the current crack had been done by, say, a Russian hacking group and not published by Cambridge, proving that fraud would be a burden totally beyond the capacity of any ordinary citizen to do. Moreover, the new digital signatures impose a "duty of care" that was never there with tradtional written signatures. I must safeguard (in principle forever) my PIN, whereas with traditional signatures all I have to do is only sign something if I wish to (with no resultant ongoing duty regarding the signature thereafter). |
Re: Chip and PIN is Broken!
["Followup-To:" header set to alt.computer.security.]
On 2010-02-12, nemo_outis <abc@xyz.com> wrote: > Chip used in new credit cards, etc. has been broken by Ross Anderson and > his lads at Cambridge. Hell, I have one of these (my Visa card). > > Chip and PIN is Broken > http://www.cl.cam.ac.uk/research/sec...nd10chipbroken > > Incidentally, I'd still hate these type of credit cards even if the chip > were invulnerable. The PIN now effectively takes the place of a signature. > But digital signatures are a curse - they cause a gigantic shift from > traditional written signatures. As the paper says, this is all an attempt by the banks to shuffle off responsibility for fraud by dumping the responsibility onto the customers. Instead of the merchant/bank having to verify signatures, they can simply verfiy a number ( a pin) and can blame the customer if anything goes wrong. > > Under the law regarding written signatures as it has stood for centuries > everywhere, it is the person *relying* on the signature who must validate > it and who therefore takes the hit if it is a forgery, etc. With digital > signatures (as the PIN effectively is) the burden shifts from the recipient > to the *issuer* - an outrageous proposition, but one that banks, etc. love. > > Regards, > > PS It's now up to *me* to prove that some frudulent use of my new chipped > card is indeed fraudulent. But if the current crack had been done by, say, > a Russian hacking group and not published by Cambridge, proving that fraud > would be a burden totally beyond the capacity of any ordinary citizen to > do. > > Moreover, the new digital signatures impose a "duty of care" that was never > there with tradtional written signatures. I must safeguard (in principle > forever) my PIN, whereas with traditional signatures all I have to do is > only sign something if I wish to (with no resultant ongoing duty regarding > the signature thereafter). Agreed. They claim it makes the cards safer, but I think the primary thing it does is to offload responsibility. > > > > |
Re: Chip and PIN is Broken!
On Fri, 12 Feb 2010 20:53:11 GMT, unruh
<unruh@wormhole.physics.ubc.ca> wrote: >["Followup-To:" header set to alt.computer.security.] >On 2010-02-12, nemo_outis <abc@xyz.com> wrote: >> Chip used in new credit cards, etc. has been broken by Ross Anderson and >> his lads at Cambridge. Hell, I have one of these (my Visa card). >As the paper says, this is all an attempt by the banks to shuffle off >responsibility for fraud by dumping the responsibility onto the >customers. Instead of the merchant/bank having to verify signatures, >they can simply verfiy a number ( a pin) and can blame the customer if >anything goes wrong. Your PIN is 4 decimal digits, isn't it ? So there are --worldwide-- no more than 9.999 different 'signatures' around. Any guess as to with how many folks you share your 'personal electronic signature' ? -- met vriendelijke groet, Gerard Bok |
Re: Chip and PIN is Broken!
bok118@zonnet.nl (Gerard Bok) wrote in
news:4b75e403.10428761@News.Individual.NET: > On Fri, 12 Feb 2010 20:53:11 GMT, unruh > <unruh@wormhole.physics.ubc.ca> wrote: > >>["Followup-To:" header set to alt.computer.security.] >>On 2010-02-12, nemo_outis <abc@xyz.com> wrote: >>> Chip used in new credit cards, etc. has been broken by Ross Anderson >>> and his lads at Cambridge. Hell, I have one of these (my Visa >>> card). > >>As the paper says, this is all an attempt by the banks to shuffle off >>responsibility for fraud by dumping the responsibility onto the >>customers. Instead of the merchant/bank having to verify signatures, >>they can simply verfiy a number ( a pin) and can blame the customer >>if anything goes wrong. > > Your PIN is 4 decimal digits, isn't it ? > So there are --worldwide-- no more than 9.999 different > 'signatures' around. Any guess as to with how many folks you > share your 'personal electronic signature' ? > It's not the 4-digit problem that bothers me so much. After all, the chance that a thief randomly entering a pin guess for a stolen card will get it right is very slim. No, the problem is the "moral hazard" regarding the banks (and related financial institutions) that profit so much from these cards. In the past the banks have fobbed off the risk onto the merchants; with this latest twist the banks have fobbed off the risks onro the consumer. But, either way, risks never "mature' for those who profit most - the banks. The banks always (cleverly but dishonestly) "displace" the risks. And, aside from the affront this is to natural justice, it causes a more practical problem: the banks have little incentive to really strengthen these systems and not do a slipshod job. Regards, |
Re: Chip and PIN is Broken!
On Sat, 13 Feb 2010 00:38:52 GMT, "nemo_outis" <abc@xyz.com>
wrote: >bok118@zonnet.nl (Gerard Bok) wrote in >news:4b75e403.10428761@News.Individual.NET: > >> On Fri, 12 Feb 2010 20:53:11 GMT, unruh >> <unruh@wormhole.physics.ubc.ca> wrote: >> >>>["Followup-To:" header set to alt.computer.security.] >>>On 2010-02-12, nemo_outis <abc@xyz.com> wrote: >>>> Chip used in new credit cards, etc. has been broken by Ross Anderson >>>> and his lads at Cambridge. Hell, I have one of these (my Visa >>>> card). >> >>>As the paper says, this is all an attempt by the banks to shuffle off >>>responsibility for fraud by dumping the responsibility onto the >>>customers. Instead of the merchant/bank having to verify signatures, >>>they can simply verfiy a number ( a pin) and can blame the customer >>>if anything goes wrong. >> >> Your PIN is 4 decimal digits, isn't it ? >> So there are --worldwide-- no more than 9.999 different >> 'signatures' around. Any guess as to with how many folks you >> share your 'personal electronic signature' ? >> > >It's not the 4-digit problem that bothers me so much. After all, the >chance that a thief randomly entering a pin guess for a stolen card will >get it right is very slim. Well, with 3 attempts it is 1 in 3.333. Far better than in most lotteries. (Do you know a system admin that allows passwords of less than 8 characters ? 10E14 or more guess rate :-) >No, the problem is the "moral hazard" regarding the banks Vital characteristic of a signature is imho it's uniqueness. There is nothing unique about 4 digits ;-) If it is not unique, don't call it signature as it in now way identifies someone. -- met vriendelijke groet, Gerard Bok |
Re: Chip and PIN is Broken!
> Chip used in new credit cards, etc. has been broken by Ross Anderson and
> his lads at Cambridge. Hell, I have one of these (my Visa card). > > Chip and PIN is Broken > http://www.cl.cam.ac.uk/research/sec...nd10chipbroken > > Incidentally, I'd still hate these type of credit cards even if the chip > were invulnerable. The PIN now effectively takes the place of a signature. > But digital signatures are a curse - they cause a gigantic shift from > traditional written signatures. > > Under the law regarding written signatures as it has stood for centuries > everywhere, it is the person *relying* on the signature who must validate > it and who therefore takes the hit if it is a forgery, etc. With digital > signatures (as the PIN effectively is) the burden shifts from the recipient > to the *issuer* - an outrageous proposition, but one that banks, etc. love. > > Regards, > > PS It's now up to *me* to prove that some frudulent use of my new chipped > card is indeed fraudulent. But if the current crack had been done by, say, > a Russian hacking group and not published by Cambridge, proving that fraud > would be a burden totally beyond the capacity of any ordinary citizen to > do. > > Moreover, the new digital signatures impose a "duty of care" that was never > there with tradtional written signatures. I must safeguard (in principle > forever) my PIN, whereas with traditional signatures all I have to do is > only sign something if I wish to (with no resultant ongoing duty regarding > the signature thereafter). These are very good points in my opinion. I hate promoting increasing of the multitude of laws we already have, but we probably need to lobby our representatives for legeslation to protect us here. |
Re: Chip and PIN is Broken!
bok118@zonnet.nl (Gerard Bok) writes: > Vital characteristic of a signature is imho it's uniqueness. > There is nothing unique about 4 digits ;-) > If it is not unique, don't call it signature as it in now way > identifies someone. human signature is used to imply intent, agrees, authorizes, approves. for pin-debit at check-out counters ... the PIN entry is part of two-factor authentication; the act of pressing the "yes" button (or touch screen field) is the part of the transaction that is taken as implying intent, agrees, authorizes, approves. an interface might have something like "please re-entry your pin if you agree" ... the act of PIN-entry is the part of demonstrating human intent (in response to the interface request). we had been been brought in to help word-smith the cal. state electronic signature legislation ... one of the points that the lawyers made was that there had to be some sort of human interaction to demonstrate human intent. there was some issue with the things called "digital signatures" .... resulting in cognitive dissonance (possibly because "human signature" and "digital signature" both contained the word "signature") .... where lots of "digital signatures" were being performed w/o the necessary corresponding aspect that demonstrated human intent, agrees, authorizes, approves. old reference to "yes card" presentation at cartes2002 about trivial to clone card. http://web.archive.org/web/200304170...artes2002.html there were similar presentations at the ATM Integrity Task Force meetings. -- 42yrs virtualization experience (since Jan68), online at home since Mar1970 |
Re: Chip and PIN is Broken!
bok118@zonnet.nl (Gerard Bok) wrote in
news:4b769c65.956418@News.Individual.NET: .... >>> Your PIN is 4 decimal digits, isn't it ? >>> So there are --worldwide-- no more than 9.999 different >>> 'signatures' around. Any guess as to with how many folks you >>> share your 'personal electronic signature' ? >>> >> >>It's not the 4-digit problem that bothers me so much. After all, the >>chance that a thief randomly entering a pin guess for a stolen card >>will get it right is very slim. > > Well, with 3 attempts it is 1 in 3.333. Far better than in most > lotteries. (Do you know a system admin that allows passwords of > less than 8 characters ? 10E14 or more guess rate :-) > >>No, the problem is the "moral hazard" regarding the banks > > Vital characteristic of a signature is imho it's uniqueness. > There is nothing unique about 4 digits ;-) > If it is not unique, don't call it signature as it in now way > identifies someone. > First of all the banks just call it a PIN, not a signature (they DON'T want to draw attention to the change!). Second, in this application the vital aspect of the PIN is not that it identifies someone but that it *authorizes* a transaction in the *name* of someone - which is precisely what a manuscript signature would do. In this context the PIN supplants the manuscript signature which would ordinarily have been required and is the *functional equivalent* of that manuscript signature - which is why it is appropriate to refer to the PIN analogically as a "signature" As for whether a 4-digit PIN is sufficient for ordinary commerce, it appears to be. One-shot guessing is not a practical strategy for card thieves, and certainly does not occur enough (if at all) to constitute a significant problem. And even 4 digits taxes the memory of a goodly proportion of the population, with resulting bank costs for resetting, etc. What supposedly *uniquely* identifies a person is possession of the card AND knowledge of the PIN. And, for that, 4 digits are more than sufficient. (Even, say, a 6-digit PIN might well not be unique among a large bank's set of cardholders - but, fortunately, uniqueness is an irrelevant property.) No, the incremental benefit of a 5, 6 or N-digit PIN would be minuscule. (And for the banks, not just minuscule, but actually zero or even negative if reset costs, etc. are considered!) But, as Anderson et al. and I point out, that is precisely the nature of the problem - the banks don't give a flying **** whether or not 4 digits are sufficient because they have displaced this risk (and many others) onto others and no longer bear it. Regards, PS The current PIN problem discussed in the paper arises, not because of the limited number of PIN digits, but because it is possible to thwart the overarching validation protocol. And that would be equally true for a 20-digit PIN! |
Re: Chip and PIN is Broken!
On Sat, 13 Feb 2010 17:37:36 GMT, "nemo_outis" <abc@xyz.com> wrote:
<snip> Although you are right that it shifts responsibility to the user rather than it being the job of the entity accepting the card to verify a signature, in practice the signature verification was often badly done as I found out using someone else's card by mistake one day and signing with a totally different sig nobody picked up on it. Now in the event it was fraudulent of course its harder for the bank to claim its the card owners fault. However even if th bank pays the cost of fraud, that cost comes back to the cardholders by way of charges. I never understood why photoid on cards never took off. That provides another security feature. -- Jim Watt http://www.gibnet.com |
Re: Chip and PIN is Broken!
On 2010-02-16, Jim Watt <jimwatt@aol.no_way> wrote:
> On Sat, 13 Feb 2010 17:37:36 GMT, "nemo_outis" <abc@xyz.com> wrote: > ><snip> > > Although you are right that it shifts responsibility to the > user rather than it being the job of the entity accepting the > card to verify a signature, in practice the signature verification > was often badly done as I found out using someone else's card > by mistake one day and signing with a totally different sig > nobody picked up on it. If it was badly done, the persons who did it badly paid ( the mercant or the bank.) If chip and pin is badly done, the user pays. Since it is the merchant/bank that has the control, forcing the user to pay for their incompetence seems a bit rich, and puts the rewards in entirely the wrong place ( the bank gets rewarded for their own incompetence-- they collect the fees etc, even if they screwed up). > > Now in the event it was fraudulent of course its harder for the > bank to claim its the card owners fault. However even if th > bank pays the cost of fraud, that cost comes back to the cardholders > by way of charges. Maybe, or maybe it comes out of theprofits. If card company A has competition from B ( visa from mastercard, amex, diners,...) and if visa's costs are way out of line they cannot pass it on, or they lose all their customers. Now however, they screw up and they sue you. > > I never understood why photoid on cards never took off. That > provides another security feature. Sure, but it makes issuing and reissuing harder. > -- > Jim Watt > http://www.gibnet.com |
| All times are GMT. The time now is 01:43 PM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.