Thinking Inside the Box: System-Level Failures of Tamper Proofing

Saar Drimer, Steven J. Murdoch, Ross Anderson

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract / Description of output

PIN entry devices (PEDs) are critical security components in EMV smartcard payment systems as they receive a customer's card and PIN. Their approval is subject to an extensive suite of evaluation and certification procedures. In this paper, we demonstrate that the tamper proofing of PEDs is unsatisfactory, as is the certification process. We have implemented practical low-cost attacks on two certified, widely-deployed PEDs - the Ingenico 13300 and the Dione Xtreme. By tapping inadequately protected smartcard communications, an attacker with basic technical skills can expose card details and PINs, leaving cardholders open to fraud. We analyze the anti-tampering mechanisms of the two PEDs and show that, while the specific protection measures mostly work as intended, critical vulnerabilities arise because of the poor integration of cryptographic, physical and procedural protection. As these vulnerabilities illustrate a systematic failure in the design process, we propose a methodology for doing it better in the future. These failures also demonstrate a serious problem with the Common Criteria. So we discuss the incentive structures of the certification process, and show how they can lead to problems of the kind we identified. Finally we recommend changes to the Common Criteria framework in light of the lessons learned.
Original languageEnglish
Title of host publication2008 IEEE Symposium on Security and Privacy Proceedings
PublisherIEEE
Pages281-295
Number of pages15
ISBN (Print)978-0-7695-3168-7
DOIs
Publication statusPublished - 28 May 2008
Event2008 IEEE Symposium on Security and Privacy
- Berkeley, United States
Duration: 18 May 200821 May 2008
https://www.ieee-security.org/TC/SP2008/oakland08.html

Publication series

NameIEEE Symposium on Security and Privacy
PublisherIEEE
ISSN (Print)1081-6011
ISSN (Electronic)2375-1207

Symposium

Symposium2008 IEEE Symposium on Security and Privacy
Abbreviated titleSP 2008
Country/TerritoryUnited States
CityBerkeley
Period18/05/0821/05/08
Internet address

Fingerprint

Dive into the research topics of 'Thinking Inside the Box: System-Level Failures of Tamper Proofing'. Together they form a unique fingerprint.

Cite this