Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more ➡
Download
Standard view
Full view
of .
Add note
Save to My Library
Sync to mobile
Look up keyword or section
Like this
1Activity
×
P. 1
Pin Machine for Atms

Pin Machine for Atms

Ratings: (0)|Views: 876|Likes:
Published by bull517
Several vulnerabilities have been found in the EMV system (also known as Chip and
PIN). Saar Drimer and Steven Murdoch have successfully implemented a relay attack
against EMV using a fake terminal. Recently the same authors have found a method to
successfully complete PIN transactions without actually entering the correct PIN. The
press has published this vulnerability but they reported such scenario as being hard to
execute in practice because it requires specialized and complex hardware.
Several vulnerabilities have been found in the EMV system (also known as Chip and
PIN). Saar Drimer and Steven Murdoch have successfully implemented a relay attack
against EMV using a fake terminal. Recently the same authors have found a method to
successfully complete PIN transactions without actually entering the correct PIN. The
press has published this vulnerability but they reported such scenario as being hard to
execute in practice because it requires specialized and complex hardware.

More info:

Published by: bull517 on Feb 18, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See More
See less

11/15/2011

pdf

text

original

 
The Smart Card Detective:a hand-held EMV interceptor
Omar S. Choudary
University of CambridgeComputer LaboratoryDarwin CollegeJune 2010
This dissertation is submitted for the degree of Master of Philosophy in Advanced Computer Science
 
Declaration
I Omar Salim Choudary of Darwin College, being a candidate for the M.Phil in AdvancedComputer Science, hereby declare that this report and the work described in it are myown work, unaided except as may be specified below, and that the report does not containmaterial that has already been used to any substantial extent for a comparable purpose.The word count, including footnotes, bibliography and appendices is 14978.
Signed:Date:
 
The Smart Card Detective: a hand-held EMV interceptor
Omar Choudary
Abstract
Several vulnerabilities have been found in the EMV system (also known as Chip andPIN). Saar Drimer and Steven Murdoch have successfully implemented a relay attackagainst EMV using a fake terminal. Recently the same authors have found a method tosuccessfully complete PIN transactions without actually entering the correct PIN. Thepress has published this vulnerability but they reported such scenario as being hard toexecute in practice because it requires specialized and complex hardware.As proposed by Ross Anderson and Mike Bond in 2006, I decided to create a miniatureman-in-the-middle device to defend smartcard users against relay attacks.As a result of my MPhil project work I created a hand-held device, called
Smart CardDefender
(SCD), which intercepts the communication between smartcard and terminal.The device has been built using a low cost ATMEL AT90USB1287 microcontroller andother readily available electronic components. The total cost of the SCD has been around
£
100, but an industrial version could be produced for less than
£
20.I implemented several applications using the SCD, including the defense against the relayattack as well as the recently discovered vulnerability to complete a transaction withoutusing the correct PIN.All the applications have been successfully tested on CAP readers and live terminals.Even more, I have performed real tests using the SCD at several shops in town.From the experiments using the SCD, I have noticed some particularities of the CAPprotocol compared to the EMV standard. I have also discovered that the smartcard doesnot follow the physical transport protocol exactly. Such findings are presented in detail,along with a discussion of the results.

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->