Secure Payment Networks

6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
1
Attacks and CyberSecurity
CyberSecurity are things that are done to protect a person, organization,
or country and their computer information against crime or attacks carried
out using the internet:
https://dictionary.cambridge.org/dictionary/english/cybersecurit

6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
2
Cybersecurity risk for banks

Risk = f (Threat, Vulnerability, Consequences)

(Source : IMF…International Monetary Fund)

6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
3
 The Security Problem…

Some of the most common types of violations include:

Breach of Confidentiality - Theft of private or confidential information, such as credit-card

numbers, trade secrets, patents, secret formulas, manufacturing procedures, medical
information, financial information, etc.
Breach of Integrity - Unauthorized modification of data, which may have serious indirect
consequences. For example a popular game or other program's source code could be
modified to open up security holes on users systems before being released to the public.
Breach of Availability - Unauthorized destruction of data, often just for the "fun" of
causing havoc and for bragging rites. Vandalism of web sites is a common form of this
violation.
Theft of Service - Unauthorized use of resources, such as theft of CPU cycles, installation of
daemons running an unauthorized file server, or tapping into the target's telephone or
networking services.
Denial of Service, DOS - Preventing legitimate users from using the system, often by
overloading and overwhelming the system with an excess of requests for service.

6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
4
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
5
IT- Attacks, Cybersecurity

Host Backend

Connection
WAN

Frontend
W/LAN

Frontend Device

6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
6
 Layers of Attacks

The increase of international

transactions through eCommerce and
by accepting compromises for
standardization are reducing the
security level.

Especially the use of digital signature

on low level creates new
opportunities for hackers to get real
identities of clients.

Source: Lepschies S 180 ff

6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
7
 Stakeholder risks

All stakeholder of payment processes are in principle potential victims for hacks. Weekest
point is the frontend meaning the customer of a bank. Clients are mostly not trained and
the security of front end devices is much less than for example of the equipment of a bank.
Reasons for attacks on client side are:

Through a broad spread of eCommerce solutions users users can`t be trained professional.
High level on security leads to additional costs and reduces somethimes the „easy to use“
process flow.

Since the client holds access codes to transfer value this creates risks:

During Authentication
During transfer of value to banks or other clients
During storage

6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
8
 Social Engineering

We define it as, “Any act that influences a person to take an action that
may or may not be in their best interest.” We have defined it in very broad
and general terms because we feel that social engineering is not always
negative, but encompasses how we communicate with our parents,
therapists, children, spouses and others.
https://www.social-engineer.org

6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
9
Password-Based Attacks

A common denominator of most operating system and network security

plans is password-based access control. This means your access rights to
a computer and network resources are determined by who you are, that
is, your user name and your password.
Older applications do not always protect identity information as it is
passed through the network for validation. This might allow an
eavesdropper to gain access to the network by posing as a valid user.
When an attacker finds a valid user account, the attacker has the same
rights as the real user. Therefore, if the user has administrator-level
rights, the attacker also can create accounts for subsequent access at a
later time.
After gaining access to your network with a valid account, an attacker can
do any of the following:
* Obtain lists of valid user and computer names and network information.
* Modify server and network configurations, including access controls
and routing tables.
* Modify, re-route, or delete your data.
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
10
Encryption based Hacks

The attack leverages a side-

channel leak via cache
access timings of these
implementations in order to
break the RSA key exchanges
of TLS implementations. The
attack is interesting from
multiple points of view
(besides the fact that it
affects many major TLS
implementations):

Source: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/february/downgrade-attack-on-tls-1.3-and-
vulnerabilities-in-major-tls-libraries/

6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
11
 Sniffer Attack

A sniffer is an application or device that can read, monitor, and capture

network data exchanges and read network packets. If the packets are not
encrypted, a sniffer provides a full view of the data inside the packet. Even
encapsulated (tunneled) packets can be broken open and read unless they are
encrypted and the attacker does not have access to the key.
Using a sniffer, an attacker can do any of the following:
Analyze your network and gain information to eventually cause your network
to crash or to become corrupted.
Read your communications.

6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
12
Man in the middle attacks

6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
13
 Phishing

Phishing is typically carried out by email spoofing[4] or instant messaging,[5] and it often directs users to enter
personal information at a fake website, the look and feel of which are almost identical to the legitimate one.

Communications reporting to be from social web sites, auction sites, banks, online payment processors are often
used to pure victims. Phishing emails may contain links to websites that are infected with malware.]
The United States Computer Emergency Readiness Team (US-CERT) defines phishing as a form of social
engineering that uses email or malicious websites (among other channels) to solicit personal information from an
individual or company by posing as a trustworthy organization or entity. Phishing attacks often use email as a
vehicle, sending email messages to users that appear to be from an institution such as a banking or financial
institution through which the individual has an account.
The goal of a phishing attempt is to trick the recipient into taking the attacker’s desired action, such as providing
login credentials or other sensitive information. For instance, a phishing email appearing to come from a bank may
warn the recipient that their account information has been compromised, directing the individual to a website
where their username and/or password can be reset. This website is also fraudulent, designed to look legitimate,
but exists solely to collect login information from phishing victims.
These fraudulent websites may also contain malicious code which executes on the user’s local machine when a
link is clicked from a phishing email to open the website.

So phishing types are: Link manipilation, clone phishing, spear phishing etc.

Therefore a 2-Factor Authentication is mandatory for some processes as well as transaction verification and
signing

https://digitalguardian.com; https://en.wikipedia.org/wiki/Phishing#Techniques
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
14
 Compromised-Key Attack

A key is a secret code or number necessary to interpret secured information.

Although obtaining a key is a difficult and resource-intensive process for an
attacker, it is possible. After an attacker obtains a key, that key is referred to
as a compromised key.

An attacker uses the compromised key to gain access to a secured

communication without the sender or receiver being aware of the attack.
With the compromised key, the attacker can decrypt or modify data, and try
to use the compromised key to compute additional keys, which might allow
the attacker access to other secured communications.

6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
15
 Reengineering of chip cards
Already simple chip cards can be used as storage media for public keys.

State-of-the-art chip cards include a microcontroller, EEPROM; ROM and flash. A

disadvantage of EEPROM is that a content change of a memory cell leads to a measurable
power consumption. Hackers are using this method in different ways to get information.
One fact is that they test stohlen cards with such a low power that the error counter in the
memory cell of the EEPROM does not change. So more than 3 trials are possible.
Another disadvantage of EEPROM is the so called floating gate,.
Attacks through re-engineering are expensive and time-consuming, therefore the best
protection is to reduce profit by:
• Limitation of value,
• Limitation of time
• Restriction of transactions with certain criteria
• Restrictions through organisational environment
• EEPROM protection coating so that the circuit recognizes attacks.

Source: https://www.youtube.com/watch?v=N6ZgYO-pbtg
http://gauss.ececs.uc.edu/Courses/c653/lectures/SideC/intro.pdf (whitepaper discretics)
Lepschies S 182 ff

6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
16
 Application-Layer Attack

An application-layer attack targets application servers by deliberately causing a

fault in a server's operating system or applications. This results in the attacker
gaining the ability to bypass normal access controls. The attacker takes
advantage of this situation, gaining control of your application, system, or
network, and can do any of the following:
Read, add, delete, or modify your data or operating system.
Introduce a virus program that uses your computers and software applications
to copy viruses throughout your network.
Introduce a sniffer program to analyze your network and gain information that
can eventually be used to crash or to corrupt your systems and network.
Abnormally terminate your data applications or operating systems.
Disable other security controls to enable future attacks.

6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
17
Viruses 1/2
A virus is a fragment of code embedded in an otherwise legitimate program, designed to replicate itself ( by infecting
other programs ), and ( eventually ) wreaking havoc.
Viruses are more likely to infect PCs than UNIX or other multi-user systems, because programs in the latter systems
have limited authority to modify other programs or to access critical system structures ( such as the boot block. )
Viruses are delivered to systems in a virus dropper, usually some form of a Trojan Horse, and usually via e-mail or
unsafe downloads.
Viruses take many forms ( see below. ) Figure 15.5 shows typical operation of a boot sector virus:

6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
18
Viruses 2/2
Some of the forms of viruses include:

File - A file virus attaches itself to an executable file, causing it to run the virus code first and then jump to the start of the
original program. These viruses are termed parasitic, because they do not leave any new files on the system, and the
original program is still fully functional.
Boot - A boot virus occupies the boot sector, and runs before the OS is loaded. These are also known as memory viruses,
because in operation they reside in memory, and do not appear in the file system.
Macro - These viruses exist as a macro ( script ) that are run automatically by certain macro-capable programs such as MS
Word or Excel. These viruses can exist in word processing documents or spreadsheet files.
Source code viruses look for source code and infect it in order to spread.
Polymorphic viruses change every time they spread - Not their underlying functionality, but just their signature, by which
virus checkers recognize them.
Encrypted viruses travel in encrypted form to escape detection. In practice they are self-decrypting, which then allows
them to infect other files.
Stealth viruses try to avoid detection by modifying parts of the system that could be used to detect it. For example the
read( ) system call could be modified so that if an infected file is read the infected part gets skipped and the reader would
see the original unadulterated file.
Tunneling viruses attempt to avoid detection by inserting themselves into the interrupt handler chain, or into device
drivers.
Multipartite viruses attack multiple parts of the system, such as files, boot sector, and memory.
Armored viruses are coded to make them hard for anti-virus researchers to decode and understand. In addition many files
associated with viruses are hidden, protected, or given innocuous looking names such as "...".

6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
19
 Denial-of-Service Attack

Unlike a password-based attack, the denial-of-service attack prevents normal

use of your computer or network by valid users.
After gaining access to your network, the attacker can do any of the following:
Randomize the attention of your internal Information Systems staff so that they
do not see the intrusion immediately, which allows the attacker to make more
attacks during the diversion.

• Send invalid data to applications or network services, which causes

abnormal termination or behavior of the applications or services.

• Flood a computer or the entire network with traffic until a shutdown occurs
because of the overload.

* Block traffic, which results in a loss of access to network resources by

authorized users.

6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
20
…more about Secure Communication
Have a look on that:

https://www.cs.uic.edu/~jbell/CourseNotes/OperatingSystems/15_Security.html

This is a brief one-chapter introduction to a very large and important topic.

Students interested in the topic of Computer Security may want to consider
following this course up with CS 487- Building Trustworthy Computer
Systems, CS 587 Computer Systems Security, or CS 588 Security and Privacy
in Networked and Distributed Systems.

6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
21
Implementation of Cryptography

Network communications are implemented in multiple layers - Physical, Data

Link, Network, Transport, and Application being the most common breakdown.
Encryption and security can be implemented at any layer in the stack, with pros
and cons to each choice:
Because packets at lower levels contain the contents of higher layers,
encryption at lower layers automatically encrypts higher layer information
at the same time.
However security and authorization may be important to higher levels
independent of the underlying transport mechanism or route taken.
At the network layer the most common standard is IPSec, a secure form of the
IP layer, which is used to set up Virtual Private Networks, VPNs.
At the transport layer the most common implementation is SSL, described
below.

6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
22
 VPN

6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
23
Protection Example: RCoBrSystem
(Remote controlled browser System)

Source: BSI Source: BSI

6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
24
Hardware Security Module

A hardware security module (HSM) is a physical computing device

that safeguards and manages digital keys for strong authentication and
provides cryptoprocessing. These modules traditionally come in the
form of a plug-in card or an external device that attaches directly to a
computer or network server.

6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
25
 Backup

6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
26