Security experts charged with testing Australia’s PIN-Entry Devices (PED) before they hit supermarkets have discovered cryptographic holes in 9 out of 10 Eftpos terminals.
The devices encrypt user PINs to prevent information from being intercepted while in transmission. Secret keys are held by sending and receiving parties so that encrypted messages can be read.
But if the keys are stolen, then all the secrecy afforded by even the best modern cryptography systems is lost.
According to Witham Laboratories, up to 90 percent of Eftpos transaction machines fail to secure secret keys before reaching the last stage of production.
The vulnerabilities are typically caught by examiners before the devices hit supermarkets.
Such security checks are required under Australian law. Elsewhere in the world where such laws do not exist, PINs have been siphoned from Eftpos terminals using stolen crypto keys, according to Witham Labs technical manager Andrew Jamieson.
Witham Labs was one of seven organisations in the world certified by the Australian Payments Clearing Association and the Payments Card Industry (PCI) Council to test the security of PIN-Entry Devices (PEDs) such as automatic teller and Eftpos machines.
Jamieson, who has worked with payment systems for more than 15 years, dives deep into the cryptography architecture built into the devices, trying to find vulnerabilities that could expose financial information.
He said that almost all PIN-entry devices he received had security holes where the encryption key used to protect transaction data could be compromised.
"Ninety percent would be non-compliant with key management," Jamieson said.
"These are devices fully-manufactured, with all the marketing and research done, ready for market but are sent to us as a last requirement step before they can be sold."
Andrew Jamieson
|
The failures of key management were well documented. It was partly responsible for allowing Polish codebreakers to crack the Nazi Enigma cipher machine.
As far back as 1883, the importance of key management was detailed by Dutch cryptographer Auguste Kerckhoffs who observed that a cryptographic system should be secure if everything is known except the key.
"We are lucky now to exist in a time when this can be true - the algorithms we have, such as AES, are very secure," Jamieson said.
"Therefore, the key is the point of attack, and the management of that key is usually the weakest point in the chain."
Key improvements
Cryptographic key management in Eftpos devices was set to improve under a PCI Council mandate for minimum security requirements for PIN security.
Previously, the drafting of minimum requirements had been driven by Visa and Mastercard.
The PCI council adopted a Visa draft of 32 high-level requirements for PIN security, and called for industry input by the end of July 2011.
The requirements identified "minimum security requirements for PIN-based transactions, outline the minimum acceptable requirements for securing PINs and encryption keys and assist all retail electronic payment system participants in establishing assurances that cardholder PINs will not be compromised”.
PCI council general manager Bob Russo said that by assuming control, the council hoped to “streamline" efforts by merchants, processers and financial institutions to secure PIN data.
“Organisations will have one set of criteria for the protection of PIN data that is recognised by all payment card brands," he said.
Standardisation efforts were also underway to improve the use and understanding of Format Preserving Encryption (FPE).
FPE allowed data formats to be preserved through the encryption process. It could encrypt and de-identify data without changing its length, type, format, or structure.
That effort had been led by standards bodies NIST and ISO, in cooperation with vendors including Voltage and Ingenico, who each had proprietary FPE methods.
“Because FPE is new, there are currently no standards,” Jamieson said.
“There’s a lot of misinformation and a lack of understanding about the technology.”
This led to implementation and integration problems, he said.
Keep it simple
Cryptographic security depended on simple principles:
- Use Triple DES, AES, RSA, or ECC
- Never let anyone know any part of any key
- Generate keys randomly
- Only encrypt keys under another key of equal or greater strength
- Only store plaintext keys in a secure cryptographic device
- Only use any key for one purpose
- Don't allow Triple DES keys to be split up
Jamieson advised that any key management scheme could be use if these principles were applied. He warned that complex systems should be avoided, as should moves to create proprietary architectures.
"Key management is one of those things where the more complex you make it, the harder it is to secure," he said.
"As you get more complicated, you introduce more margin for error, and the slightest error in key management can render your systems insecure."
Jamieson suggested using key management schemes such as ANSI X9.24 DUKPT for triple DES key management, with SSL v3 / TLS for more complex data flows.
"If someone is telling you that they can do better, I would be asking for independent evaluation to prove that there are no insecurities."
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
