I'm not going to bother flagging such duplication any more. Even though I find it frustrating to see conversations split across effectively duplicate submissions, it will continue to happen, and I'm just wasting time.
I’m not why this topic has got so little interest. Maybe because it looks like a UK-only issue? EMV chip and pin has been introduced in Canada, and the authors say it is being adopted in the USA. The scheme is designed to put liability with the card holder, so insecurities should be given widespread attention to stop banks from being able to blame their customers for problems with the system.
Chip and PIN (EMV) is the main payment protocol for credit transactions in Europe. It is a big deal. The problem is that the cardholder authentication step is not properly tied to the bank authorization. Instead the bank only finds out "verification succeded" without knowing which type of verification was used (signature or PIN).
In particular, the MITM between the card and terminal does not interfere until the Terminal tries to send the PIN to the card. It blocks this message and instead says:
(As Card) "Dear Terminal, the entered PIN is ok"
(As Terminal) "Dear Card, let's assume I took a signature and continue straight on to authorizing the transaction"
I think the best decision would have been for the card to include the authentication method as part of the MAC for the transaction (PIN, signature, etc.) In particular, if the TVR message had the auth type requested (not just error codes), it would be MACd in the ARQC message and the bank could verify if the Terminal is lying in saying the card verified the PIN ok.
8 comments
[ 8.3 ms ] story [ 53.1 ms ] threadhttp://news.ycombinator.com/item?id=1118659
links to the web site version which is here:
http://www.lightbluetouchpaper.org/2010/02/11/chip-and-pin-i...
However, I refer you to this comment and its parents: http://news.ycombinator.com/item?id=1122023
I'm not going to bother flagging such duplication any more. Even though I find it frustrating to see conversations split across effectively duplicate submissions, it will continue to happen, and I'm just wasting time.
I’m not why this topic has got so little interest. Maybe because it looks like a UK-only issue? EMV chip and pin has been introduced in Canada, and the authors say it is being adopted in the USA. The scheme is designed to put liability with the card holder, so insecurities should be given widespread attention to stop banks from being able to blame their customers for problems with the system.
In particular, the MITM between the card and terminal does not interfere until the Terminal tries to send the PIN to the card. It blocks this message and instead says:
(As Card) "Dear Terminal, the entered PIN is ok"
(As Terminal) "Dear Card, let's assume I took a signature and continue straight on to authorizing the transaction"
I think the best decision would have been for the card to include the authentication method as part of the MAC for the transaction (PIN, signature, etc.) In particular, if the TVR message had the auth type requested (not just error codes), it would be MACd in the ARQC message and the bank could verify if the Terminal is lying in saying the card verified the PIN ok.