Presentation on theme: "Why Cryptosystems Fails by Prof. Ross J Anderson Presented by – Pulkit Mehndiratta (MT10015) Robin K Verma (MT 10017)"— Presentation transcript:
Why Cryptosystems Fails by Prof. Ross J Anderson Presented by – Pulkit Mehndiratta (MT10015) Robin K Verma (MT 10017)
About the Author Prof. Ross John Anderson Born: 15 September 1956 (age 54) Nationality: British He is Professor of Security Engineering at the Computer Laboratory, and a Fellow of the Royal Society, the Royal Academy of Engineering, the Institution of Engineering and Technology, the Institute of Mathematics and its Applications, and the Institute of Physics. PhD From University of Cambridge, under the supervision of Roger Needham, year 1995. Research Topics: Economics and psychology of information security – including security and human behaviour Peer-to-Peer and social network systems – including the Eternity Service, cocaine auctions and suicide bombing Reliability of security systems – including bank fraud and hardware hacking Robustness of cryptographic protocols – including API attacks Analysis and design of cryptographic algorithms – including Tiger and Serpent Information hiding – including Soft Tempest and stego file systems Security of clinical information systems – including NHS databases Privacy and freedom issues – including FIPR Designed BEAR, LION (block ciphers) and Tiger cryptographic primitives with Eli Biham. Coauthored with Eli Biham and Lars Knudsen the block cipher Serpent, one of the finalists in the AES competition. Designed the stream cipher Pike, after he broke FISH in 1994
The main idea The author analyzes the result of a survey of the failure modes of retail banking system, where he concludes that the threat model used by the cryptosystem designers was wrong because most of the frauds in the system were caused by implementation errors and management failures not the cryptanalysis.
What is cryptosystem? Cryptosystem is used as shorthand for "cryptographic system". A cryptographic system is any computer system that involves cryptography. Other terminology: Cryptology is the study of Cryptography and Cryptanalysis, the author defines it as the science of code and cipher systems. Cryptography is the practice and study of hiding information. Cryptanalysis is the study of methods for obtaining the meaning of hidden information. Cipher is any method of encrypting text (concealing its readability and meaning). Cipher-text the encrypted text message.
Uses of Cryptology Cryptology is used in following fields: By the Governments and Military By the Banks in ATMs and e-commerce Others like e-mails, key management, digital signatures etc. We focus on the use of cryptology in Banking Sector mainly.
Information Security an engineering problem or matter of National Interest? This Question is raised when cryptology is used for securing military communication or diplomatic communication in a country. These two areas of application have high level of Confidentiality and Integrity requirements. The Threat model is very demanding as the issue of National Security and Diplomatic interests are directly dependent on success of the cryptosystem. Cryptosystem designers work is quite challenging here, as there is no failure feedback provided to them, which means they cant learn from common management and implementation errors which happen across the globe. The failures which occur are not disclosed to global audience by wrapping it up in the box of National Security.
Banking Need of cryptology – Information security is directly connected to financial interests of different parties Area of Focus Automatic Teller Machines (ATM ) Credit cards PIN key generation Crypto Algorithms and Techniques
ATM Frauds Legal framework Consumer friendly: banks are forced to refund all disputed transactions unless they are prove fraud by the customer. Example USA policy. Bank friendly: Banks simply deny any responsibility for the fraud which happens and blame that it is the user who must have violated their secure code of conduct to let the fraud happen. Example Briton and India’s policies.
Simple and unsophisticated attacks The attacks which require no or very less technical knowhow of the system. Type 1. Insider Attacks – Bank Statistics – Bank teller/clerk issue extra card – Maintenance Engineer retrofitted an ATM with a mini PC to record account numbers and PIN’s Then produced bogus cards – Dual Control of cards and pins dropped to cut costs
ATM cloning fraud: Police to zero in on SBI employees [Chandigarh] Times of India, Sep 3, 2010 | by Yadav, Deepak CHANDIGARH: Days after the ATM fraud, UT police crime branch plans to grill the State Bank of India (SBI) employees and officials. Initial probe had also suspected the role of some permanent or contractual SBI staffers. Sources in UT police said the probe team has prepared a detailed questionnaire which would be given to SBI authorities for answering. Though its details have not been disclosed, sources said some questions would be on ATMs equipped with CCTV cameras. Besides, inquiries would be made about employees involved in loading of currency in ATM machines. "Negligence on the part of bank has come to the fore, as it has been found that some of its ATM booths do not have security guards. It is too early to say anything as the probe is on, but it seems that it might be the handiwork of some insiders, who know about the technicalities of withdrawing money fraudulently from ATMs," a senior cop said. References: http://timesofindia.indiatimes.com/ An Example
ATM insider attack example: Above is pseudo key pad, installed over the original one to deceive people
Example: ATM Skimming What is ATM Skimming? ATM Skimming is a method where criminals capture the data from the magnetic strip on the back of ATM cards. Along with the collection of this data, the method also involves capturing the PIN as well which is discussed below. The devices used for capturing the details of ATM cards are often the size of a deck of cards or smaller and are fastened to, or in close proximity of, the ATMs factory installed card reader. And they are often very difficult to see unless you are looking for them. PIN Capturing To be worthwhile, ATM card skimming groups also need to capture the PIN. Without the PIN, the cards details are worthless (unless it is a credit card). The most common methods of capturing the PIN are either by a very small video camera, or with another keypad which piggy backs on top of the original keypad. Once the details from the cards magnetic strip are captured, along with the PIN, the electronic data is encoded onto fraudulent cards and the captured PINs are used to withdraw money from the victims accounts. ATM Skimmer which attaches over the original
Example: ATM Skimming contd. Spotting ATM Skimmers The only real way to combat this is by spotting these devices on ATMs before we use them. As we will see, the difficult thing about all of this is that these devices are often professionally manufactured and appear to be original parts of the real ATM. Added to this, is that people often feel rushed when they are using ATMs as they have usually been lining up and have people waiting for them. The criminals that place ATM skimmers are no doubt aware of this and use this fact as a kind of Social Engineering to minimize the risk that they will be spotted. There are two things we need to look out for: 1. The card reader, and 2. A small video camera or modified keypad. This is the rear of the previous card reader
Type 2 : Outsider Attack – Simple yet Effective: Observing customers entering PIN’s and pick up discarded receipts – Jackpotting (Jolly Roger) ATM networks do not encrypt/authenticate the authorization response to the ATM Attacker can then record a ‘pay’ response and replay it until the ATM is empty – Postal Interception Similar to Credit Cards – False Terminals Harvest account numbers and PIN’s from unknowing customers – PIN’s not derived from account number Encrypted PIN’s on a file – Programmer could look for other accounts with the same encrypted PIN as their own – Encrypted PIN’s written to the card stripe Thief could then change the account number of their card and access and other account using their PIN ATM Frauds contd.
SBI ATM fraud May 22, 2010 By P.L.Choudhary I am operating SB account no xxxxxxxxxxx in SBI Kathua (J&K). On 7 Apr 2010 I have gone to Jammu on few days leave. I used my ATM card to withdraw money from ATM at Bahu Plaza Jammu. Since my ATM card was not being accepted by the ATM machine AND THE ATM machine was showing as “INVALID CARD” repeatedly, a smart young boy came to me and asked me whether I need help. I gave the card to this boy who put some saliva on the back side of the card and put it in ATM machine but the machine again did not accept. He tried two three times and finally the card was accepted by the ATM machine. He told me to enter the PIN and did so. In this process he replaced my ATM card and gave me SBI ATM card of some other person. I did not notice any fraud at that point of time. I used the card again on third day and found that the card which I was having has been blocked. The details of the card are CTM CUM DEBIT CARD NO xxxxxxxxxxxxxxxxxxx and its owner is Mr MAHABIR. I immediately contacted my Bank Manager of SBI Kathua, who informed me that a sum of Rs 80,000/- has been withdrawn from my account on 07 Apr 10 and 09 Apr 10. I instructed my bank to block the card immediately and lodged an FIR with Police Station Trikutta Nagar Jammu on 09 Apr10. I have handed over the Photographs AND videos of the boy who withdraw money from account but no action has been taken by the police so far. On 18 May 10 I got a call from Mr Ramji from Allhabad that his card has been replaced in the same process and the thief has handed him over my card. Resource: http://www.indiaconsumerforum.org http://www.indiaconsumerforum.org An Example
In the slides below you see an individual who apparently is making a bank transaction at the ATM. What he really is doing is placing a trap in the ATM machine to capture the next user card. Altering the ATMs is a risky business, these individuals work in teams. The lookout warns of any possible eye witnesses / or of the next potential victim. ATM fraud: How is it done?
In the picture below, we see the next client using the ATM, after the trap has been set. He inserts his card and begins his transaction… The ATM card is confiscated, and the customer is confused, asking himself, Why has my card been confiscated? However, we see the cavalry coming to help…
Here we see the thief pretending to help. What he is really doing is trying to gain the chump PIN, now that he has captured his card. The good Samaritan convinces the chump He can recover the card, if he presses his PIN at the same time the Samaritan presses cancel and enter. After several attempts the chump is convinced his card has been confiscated. The chump and the Samaritan leave the ATM. Satisfied the area is clear, the thief returns to recover the confiscated card from his trap. He not only has the card, he also has the PIN the chump provided unknowingly. In possession of the card and the PIN he leaves the ATM with $4000 from the chumps’ account.
The trap is made up of XRAY film, which is the preferred material by thieves; simply because of the black color which is similar in appearance to the slot on the card reader. The trap is then inserted into the ATM slot. Care is taken not to insert the entire film into the slot; the ends are folded and contain glue strips for better adhesion to the inner and outer surface of the slots… Once the ends are firmly glued and fixed to the slot, it is almost impossible to detect by unsuspecting clients…
Slits are cut into both sides of the trap; this prevents your card being returned prior to completing your transaction… As soon as the Chump is gone, and they have your PIN, The thief can remove the glued trap, by grasping the folded tips, he simply pulls the trap out that has retained your card… 1.-Once your card has been confiscated, observe the ATM slot and the card reader for any signs of tampering. Should you see the film tips glued to the slot, unglue, pull the trap out and recover your card. 2.- Report IMMEDIATELY to the Bank. References: http://desinotes.com/how-atm-fraud-is-done/
ICICI Bank Complaints - internet money transfer to invalid account number Posted: 2008-04-18 by Ranjan Internet money transfer to invalid account number Hello, I have my salary account with ICICI Bank, Indira Nagar branch, Bangalore. On 11th March 2008 i have wrongly transferred Rs5500/- to an account under UCO Bank, Indira Nagar branch, Bangalore. Soon after the remittance, i have visited to my salary account branch and intimated this fact but i'm being told that nothing can be done as the payment already been processed to UCO Bank irrespective whether account is a valid account or not. account number to which i remitted the money is 209010045672 which doesnot belong to UCO Bank at all. Then i have visited uco bank too but nothing happend till date and i have not received my money yet. Thanks Ranjan Similar Complaints Posted: 2008-04-05 by Mustafa Poonawala Renew of Over draft without permission & debited processing charge Posted: 2008-04-18 by Sharad Maheshwari Even though the transaction was unsuccessful the cash amount of 5000/ was deducted from my account. (PHANTOM WITHDRAWAL) Below is the transaction detail. 04/02/2008 MAT/CASH WDL/20080203022857/0 DR INR 5, 000.00 Misc. Example
ICICI Bank Posted: 2008-07-19 by Amit Babbar BANK FRAUD Hi, I am Amit I just would like to inform that someone has used my checkbook and xerox paper for personal loan I don’t know when he took a loan from ICICI but i have received a call from bank that your EMI is due, you haven’t paid any of your EMIs. I don’t know what is happening here I need a resolution that why it happened with me???? I need a resolution that what can I do in this case?????????????? PLS SEND ME A MAIL AT email@example.com Responses 427 days ago by Dhasa I created an salary account in ICICI with minimum balance is zero. but they converted the account as a normal account and they charged Rs.800 without any pre information. 418 days ago by Aabidah I REQUEST PEOPLE HERE TO TELL YOUR FRIENDS AND RELATIVES TO CLOSE THEIR ICICI BANK ACCOUNT. Discussing here or on any forum and blog is not the solution. Lets start asking people to close their ICICI Bank accounts and that will be correct way to teach a lesson to them. Source: http://www.consumercomplaints.in/http://www.consumercomplaints.in/ Misc. Example
Before going to this topic let us see how actually ATM Encryption works and how is this information stored on ATM card: – Account Number: 8807012345691715 – PIN Key: FEFEFEFEFEFEFEFE – Result of DES: A2CE126C69AEC82D – Result decimalized:0224126269042823 – Natural PIN: 0224 – Offset: 6565 – Customer PIN: 6789 Terms: Natural PIN: The original key generated by the Bank computer (the default key that comes with an ATM card) Customer PIN: The new PIN which user creates. Offset: The difference between Customer PIN and Natural PIN. This is the Information which is stored on the Bank database. More complex ATM frauds
PIN key exchange Terminal Key PIN Key Encrypts Sends to ATM Machine Terminal key is brought to the ATM machine in two pieces Terminal Key Used to decrypt this msg. to get the PIN Key Local ATM’s END Bank's Key Generator's END PIN key is the key that ATM machine uses to carry out operations of authentication of the user information.
ATM with different Banks working together Local ATM’s Working Key (x) PIN Key (y’) Encrypts Sends to own Bank (say ) X X decrypts with Working Key (x) Bank X X encrypts PIN Key (y’) with Working Key (y) of Bank Y Y decrypts with Working Key (y) and then authenticates PIN Key(y’) Bank Y Working key is the key the ATM machine shares with its bank. It is used to send data between ATM and the bank in encrypted form. The key is Symmetric in nature.
Exchange of Working keys among Local Banks Bank X Working Key (x) Encrypts with Shared Zone Key (z) Bank Y Working Key (y) Encrypts with Shared Zone Key (z) Bank Z Working Key (z) Encrypts with Shared Zone Key (z)
ATM card storage(magnetized strip) Terms on this Page: Card Verification Value(CVV)- VISA OR [Card Verification Code(CVC )- MasterCard] -The values are calculated by encrypting the bank card number (also known as the primary account number or PAN), expiration date and service code with encryption keys (often called Card Verification Key or CVK) known only to the issuing bank, and decimalizing the result. LRC –Two dimension parity checking References: - http://www.phrack.org/ http://money.howstuffworks.com/
Problems with encryption products – Banks without Security Modules Encryption is then handled in Software Biggest problem is that the PIN key can easily be found by system programmers (There compulsion is that in case of debugging PIN key is required, so programmer can eventually find it out ) Even if security is added at a later date is unlikely to fix the problem – PIN key is so valuable to networked ATM’s that knowledge will likely remain among programming staff More complex ATM frauds contd.
Inferior Security Products – Backdoors in security module’s SW – Security modules enclosures could be comprised Often possible to penetrated by drilling or cutting – Tamper protection implemented with wires leading to switches Maintenance engineer could easily cut, then have access to keys on next visit Poor Implementation or Operating Procedures – Ignoring response codes ‘Key Parity Error’ programmer altering live module – Giving the PIN key to a facilities management firm Employee turnover Outside firms may not share banks security culture – Poor Design Psychology Banks end up sharing sensitive information – “Security by Obscurity” often does more harm than good Not properly incorporated in operational procedures Should be explicitly stated in all manuals and training courses More complex ATM frauds contd.
Cryptanalysis – Banks using weak Encryption Algorithms Home-grown algorithms – Respectable Algorithm poorly implemented Using a key that is too small to provide the necessary security (RSA with 100-400 bit key) Writing the PIN to the card track – DES Keys can be found by brute force Once found all PINs could be decrypted Countries in chaos have proper equipment More complex ATM frauds contd.
Original goal of ATM crypto security – No system fraud could take place without at least two bank staff – Why has this not happened? Poor Implementation Unorganized and Uniformed Administration Higher emphasis on Quality Control Concerns for the Future – Current Security Systems Built from components that were not well understood Administration support requirements not clearly defined – These current issues will slow transition Making it harder to integrate new components Decreasing the likelihood of proper long term maintenance More complex ATM frauds contd.
Implications for Equipment Vendors Re-evaluate the system level approach to designing and evaluating security – What should they keep in mind while designing? Autonomous Systems Modifiable Systems that require proper administration and maintenance Develop a certification process to address the human environment that the system will operate Courses of action – Designs systems that can be easily integrated and maintained by a general computer staff – Train and certify client personnel to perform integration and maintenance – Provide their own personnel to implement, support and manage the system
Why the Threat Model was Wrong? Threat was misjudged – Expected criminals with a high level of technical expertise Customer’s Abilities relentlessly Misjudged – Assumed the implementers at customer sites would have appropriate expertise for the job – Or that they would enlist the help of quality consulting to complete the task Why this misjudgment happened? – Companies imported help from the military sector The military model strictly focused on security – Human factors Many organizations security teams were nonexistent or limited Some Consulting firms miss represent their technical expertise in the area of computer security
Confirmation of this Analysis The military sector also had the exact same experiences: – Specifically reported by an senior NSA scientist The vast majority of failures are occurring at the level of implementation The NSA is not more clever than the civilian population, just better informed The threat profiles developed by the NSA for its own use are classified
Shift to New Security Paradigm? Evidence that a shift is necessary, Shift from building evaluated products to focusing on quality control products within the client organization. Author suggests a metaphor to safety critical systems – Competing Philosophies Railway Signaling Systems vs. Aviation Paradigm
Present day scenario of the Banking sector 1. Bank Security has evolved in terms of technology – new and strong cryptographic techniques invented –new modes of accessing banking services ATMs Online Banking Mobile banking TV banking Consequently there are more ways than before to carry out frauds. 2. There is more awareness among people about the safe use of these services Consequently there is a bound on the no of frauds.
Conclusions / Discussion Why Have Cryptosystems been Failing? – Cryptosystems designers have a lack of feedback on how their systems fail Therefore they have been designing towards the wrong end – Many security products are so complex and tricky to use they are rarely used properly As a result most security failures are due to implementation and management errors
References 1.Prof. Ross J. Anderson’s home page: http://www.cl.cam.ac.uk/~rja14/ 2.India Consumer Form: http://www.indiaconsumerforum.org/ 3.PTLB home page: http://www.ptlb.in/ 4.Legal service India article: http://www.legalserviceindia.com/article/l261- Bank-Frauds.html/ 5.State Bank of India : https://www.onlinesbi.com/ 6.ICICI Bank: http://www.icicibank.com/ 7.How Stuff Works: http://money.howstuffworks.com/