24C3 - 1.01

24th Chaos Communication Congress
Volldampf voraus!

Speakers
Steven J. Murdoch
Schedule
Day Day 3 (2007-12-29)
Room Saal 1
Start time 18:30
Duration 01:00
Info
ID 2289
Event type lecture
Track Hacking
Language en
Feedback

Relay attacks on card payment: vulnerabilities and defences

Keeping your enemies close

Relay attacks allow criminals to use credit or debit cards for fraudulent transactions, completely bypassing protections in today's electronic payment systems. This talk will show how using easily available electronics, it is possible to carry out such attacks. Also, we will describe techniques for improving payment systems, developed by Saar Drimer and me, in order to close this vulnerability.

The UK, like many other countries, has moved from comparatively insecure magnetic stripe cards to smartcards, for electronic payment. These smartcards, capable of sophisticated cryptography, provide a high assurance of tamper resistance and while implementation standards varies, have the potential to provide good security. Although extracting secrets out of smartcards requires resources beyond the means of many would-be thieves, the manner in which they are used can still be exploited for fraud.

Cardholders authorize financial transactions by presenting the card and disclosing a PIN to a terminal without any assurance as to the amount being charged or who is to be paid, and have no means of discerning whether the terminal is authentic or not. Even the most advanced smartcards cannot protect customers from being defrauded by the simple relaying of data from one location to another. We describe the development of such an attack, and show results from live experiments on the UK's EMV implementation, Chip & PIN. We discuss previously proposed defences, and show that these cannot provide the required security assurances. A new defence based is described and implemented, which requires only modest alterations to current hardware and software. This allows payment terminals to securely establish a maximum distance bound between itself and the legitimate card. As far as we are aware, this is the first complete design and implementation of a secure distance bounding protocol. Future smartcard generations could use this design to provide cost-effective resistance to relay attacks, which are a genuine threat to deployed applications.

This work was done with Saar Drimer, University of Cambridge Computer Laboratory.