Formal analysis of PIN block attacks

Graham Steel

doi:10.1016/j.tcs.2006.08.042

Formal analysis of PIN block attacks

Graham Steel

School of Informatics

Research output: Contribution to journal › Article › peer-review

Abstract

Personal identification number (PIN) blocks are 64-bit strings that encode a PIN ready for encryption and secure transmission in banking networks. These networks employ tamper-proof hardware security modules (HSMs) to perform sensitive cryptographic operations, such as checking the correctness of a PIN typed by a customer. The use of these HSMs is controlled by an API designed to enforce security. PIN block attacks are unanticipated sequences of API commands which allow an attacker to determine the value of a PIN in an encrypted PIN block. This paper describes a framework for formal analysis of such attacks. Our analysis is probabilistic, and is automated using constraint logic programming and probabilistic model checking.

Original language	English
Pages (from-to)	257-270
Number of pages	14
Journal	Theoretical Computer Science
Volume	367
Issue number	1-2
DOIs	https://doi.org/10.1016/j.tcs.2006.08.042
Publication status	Published - 2006

Access to Document

10.1016/j.tcs.2006.08.042

http://www.sciencedirect.com/science/article/pii/S0304397506005810

AUTOMATED ANALYSIS OF SECURITY CRITICAL SYSTEMS
Bundy, A. & Fleuriot, J.
EPSRC
1/10/04 → 30/09/07
Project: Research

Cite this

@article{af57637bf482460cb4dea975554a2736,

title = "Formal analysis of PIN block attacks",

abstract = "Personal identification number (PIN) blocks are 64-bit strings that encode a PIN ready for encryption and secure transmission in banking networks. These networks employ tamper-proof hardware security modules (HSMs) to perform sensitive cryptographic operations, such as checking the correctness of a PIN typed by a customer. The use of these HSMs is controlled by an API designed to enforce security. PIN block attacks are unanticipated sequences of API commands which allow an attacker to determine the value of a PIN in an encrypted PIN block. This paper describes a framework for formal analysis of such attacks. Our analysis is probabilistic, and is automated using constraint logic programming and probabilistic model checking.",

author = "Graham Steel",

year = "2006",

doi = "10.1016/j.tcs.2006.08.042",

language = "English",

volume = "367",

pages = "257--270",

journal = "Theoretical Computer Science",

issn = "0304-3975",

publisher = "Elsevier",

number = "1-2",

}

TY - JOUR

T1 - Formal analysis of PIN block attacks

AU - Steel, Graham

PY - 2006

Y1 - 2006

N2 - Personal identification number (PIN) blocks are 64-bit strings that encode a PIN ready for encryption and secure transmission in banking networks. These networks employ tamper-proof hardware security modules (HSMs) to perform sensitive cryptographic operations, such as checking the correctness of a PIN typed by a customer. The use of these HSMs is controlled by an API designed to enforce security. PIN block attacks are unanticipated sequences of API commands which allow an attacker to determine the value of a PIN in an encrypted PIN block. This paper describes a framework for formal analysis of such attacks. Our analysis is probabilistic, and is automated using constraint logic programming and probabilistic model checking.

AB - Personal identification number (PIN) blocks are 64-bit strings that encode a PIN ready for encryption and secure transmission in banking networks. These networks employ tamper-proof hardware security modules (HSMs) to perform sensitive cryptographic operations, such as checking the correctness of a PIN typed by a customer. The use of these HSMs is controlled by an API designed to enforce security. PIN block attacks are unanticipated sequences of API commands which allow an attacker to determine the value of a PIN in an encrypted PIN block. This paper describes a framework for formal analysis of such attacks. Our analysis is probabilistic, and is automated using constraint logic programming and probabilistic model checking.

U2 - 10.1016/j.tcs.2006.08.042

DO - 10.1016/j.tcs.2006.08.042

M3 - Article

SN - 0304-3975

VL - 367

SP - 257

EP - 270

JO - Theoretical Computer Science

JF - Theoretical Computer Science

IS - 1-2

ER -

Formal analysis of PIN block attacks

Abstract

Access to Document

Fingerprint

Projects

AUTOMATED ANALYSIS OF SECURITY CRITICAL SYSTEMS

Cite this