Weighing Down “The Unbearable Lightness of PIN Cracking” (Extended Version)⋆
نویسنده
چکیده
Responding to the PIN cracking attacks from Berkman and Ostrovsky (FC 2007), we outline a simple solution called salted-PIN. A randomly generated salt value of adequate length (e.g. 128-bit) is stored on a bank card in plaintext, and in an encrypted form at a verification facility under a bank-chosen salt key. Instead of sending the regular user PIN, salted-PIN requires an ATM to generate a Transport Final PIN from a user PIN, account number, and the salt value (stored on the bank card) through, e.g., a pseudo-random function. We explore different attacks on this solution, and propose three variants of salted-PIN that can protect against known attacks. Depending on the solution variation, attacks at a malicious intermediate switch now may only reveal the Transport Final PIN; both the user PIN and salt value remain beyond the reach of an attacker’s switch. Salted-PIN requires modifications to service points (e.g. ATM, point-of-sale), issuer/verification facilities, and bank cards; however, changes to intermediate switches are not required.
منابع مشابه
Weighing Down "The Unbearable Lightness of PIN Cracking"
Responding to the PIN cracking attacks from Berkman and Ostrovsky (FC 2007), we outline a simple solution called salted-PIN. Instead of sending the regular user PIN, salted-PIN requires an ATM to generate a Transport Final PIN from a user PIN, account number, and a salt value (stored on the bank card) through, e.g., a pseudo-random function. We explore different attacks on this solution, and pr...
متن کاملThe Unbearable Lightness of PIN Cracking
We describe new attacks on the financial PIN processing API. The attacks apply to switches as well as to verification facilities. The attacks are extremely severe allowing an attacker to expose customer PINs by executing only one or two API calls per exposed PIN. One of the attacks uses only the translate function which is a required function in every switch. The other attacks abuse functions t...
متن کاملThe Unbearable Lightness of Regulatory Costs
The Article counters the presumption that increased environmental regulation necessarily decreases economic prosperity. It analyzes the European chemical regulatory structure and deduces that any costs imposed on the consumer are minimal, and more cost effective than watered-down American regulations covering the same subject matter with approximately the same cost imposed on the consumer-taxpa...
متن کامل