Analysis: Identifying crypto holes in Eftpos machines

Powered by SC Magazine
 

Key handling borked.

Security experts charged with testing Australia’s PIN-Entry Devices (PED) before they hit supermarkets have discovered cryptographic holes in nine in ten Eftpos terminals.

The devices encrypt user PINs to prevent information from being intercepted while in transmission. Secret keys are held by sending and receiving parties so that encrypted messages can be read.

But if the keys are stolen, then all the secrecy afforded by even the best modern cryptography systems is lost.

According to Witham Laboratories, up to 90 percent of Eftpos transaction machines fail to secure secret keys before reaching the last stage of production.

The vulnerabilities are typically caught by examiners before the devices hit supermarkets.

Such security checks are required under Australian law. Elsewhere in the world where such laws do not exist, PINs have been siphoned from Eftpos terminals using stolen crypto keys, according to Witham Labs technical manager Andrew Jamieson.

Witham Labs was one of seven organisations in the world certified by the Australian Payments Clearing Association and the Payments Card Industry (PCI) Council to test the security of PIN-Entry Devices (PEDs) such as automatic teller and Eftpos machines.

Jamieson, who has worked with payment systems for more than 15 years, dives deep into the cryptography architecture built into the devices, trying to find vulnerabilities that could expose financial information.

He said that almost all PIN-entry devices he received had security holes where the encryption key used to protect transaction data could be compromised.

"Ninety percent would be non-compliant with key management," Jamieson said.

"These are devices fully-manufactured, with all the marketing and research done, ready for market but are sent to us as a last requirement step before they can be sold."

Andrew Jamieson

The failures of key management were well documented. It was partly responsible for allowing Polish codebreakers to crack the Nazi Enigma cipher machine.

As far back as 1883, the importance of key management was detailed by Dutch cryptographer Auguste Kerckhoffs who observed that a cryptographic system should be secure if everything is known except the key.

"We are lucky now to exist in a time when this can be true - the algorithms we have, such as AES, are very secure," Jamieson said.

"Therefore, the key is the point of attack, and the management of that key is usually the weakest point in the chain." 

Key improvements

Cryptographic key management in Eftpos devices was set to improve under a PCI Council mandate for minimum security requirements for PIN security.

Previously, the drafting of minimum requirements had been driven by Visa and Mastercard.

The PCI council adopted a Visa draft of 32 high-level requirements for PIN security, and called for industry input by the end of July 2011.

The requirements identified "minimum security requirements for PIN-based transactions, outline the minimum acceptable requirements for securing PINs and encryption keys and assist all retail electronic payment system participants in establishing assurances that cardholder PINs will not be compromised”.

PCI council general manager Bob Russo said that by assuming control, the council hoped to “streamline" efforts by merchants, processers and financial institutions to secure PIN data.

“Organisations will have one set of criteria for the protection of PIN data that is recognised by all payment card brands," he said.

Standardisation efforts were also underway to improve the use and understanding of Format Preserving Encryption (FPE).

FPE allowed data formats to be preserved through the encryption process. It could encrypt and de-identify data without changing its length, type, format, or structure.

That effort had been led by standards bodies NIST and ISO, in cooperation with vendors including Voltage and Ingenico, who each had proprietary FPE methods.

“Because FPE is new, there are currently no standards,” Jamieson said.

“There’s a lot of misinformation and a lack of understanding about the technology.”

This led to implementation and integration problems, he said.

Keep it simple

Cryptographic security depended on simple principles:

  • Use Triple DESAESRSA, or ECC
  • Never let anyone know any part of any key
  • Generate keys randomly
  • Only encrypt keys under another key of equal or greater strength
  • Only store plaintext keys in a secure cryptographic device
  • Only use any key for one purpose
  • Don't allow Triple DES keys to be split up

Jamieson advised that any key management scheme could be use if these principles were applied. He warned that complex systems should be avoided, as should moves to create proprietary architectures.

"Key management is one of those things where the more complex you make it, the harder it is to secure," he said.

"As you get more complicated, you introduce more margin for error, and the slightest error in key management can render your systems insecure."

Jamieson suggested using key management schemes such as ANSI X9.24 DUKPT for triple DES key management, with SSL v3 / TLS for more complex data flows.

"If someone is telling you that they can do better, I would be asking for independent evaluation to prove that there are no insecurities."

Copyright © SC Magazine, Australia


Analysis: Identifying crypto holes in Eftpos machines
The Enigma machine was a WWII code breaker.
 
 
 
Top Stories
Matching databases to Linux distros
Reviewed: OS-repository DBMSs, MariaDB vs MySQL.
 
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
Who'd have picked a BlackBerry for the Internet of Things?
[Blog] BlackBerry has a more secure future in the physical world.
 
 
The Enigma machine was a WWII code breaker.
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  71%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  10%
TOTAL VOTES: 764

Vote