Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Man-in-the-Middle Defence (… or – rehabilitating Charlie …) Ross Anderson, Mike Bond Computer Security Group Cambridge Security Protocols Workshop28th.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "The Man-in-the-Middle Defence (… or – rehabilitating Charlie …) Ross Anderson, Mike Bond Computer Security Group Cambridge Security Protocols Workshop28th."— Presentation transcript:

1 The Man-in-the-Middle Defence (… or – rehabilitating Charlie …) Ross Anderson, Mike Bond Computer Security Group Cambridge Security Protocols Workshop28th March ‘06

2 Talk Structure Real-life Middlemen The Middleman and EMV –The customer is cut out of the deal –Adding an attorney Other Middleman Defences – HSMs The Dining Attorneys Problem Conclusions

3 Protocol history Needham-Schroder – assume principals follow the protocol faithfully The NS ‘bug’ – if Alice is dishonest, she can cache a ticket and delay the protocol run We had to change the whole threat model once we started to consider dishonest insiders… What about e-commerce?

4 Real Commerce E-commerce assumes 2 honest parties – buyer and seller (sometimes we add the bank too) But very often, the threat is not Charlie but Bob – the person you’re deliberately dealing with! In real life, we use middlemen to represent our interests to those who might harm us – lawyers, tax accountants, priests,… Often protocols are designed to exclude the middleman Thankfully, the design is often incompetent

5 EMV Protocol Loop Issuing BankAcquiring BankTerminal Card Customer Personalisation Centre PIN Issuer MerchantHSM

6 EMV Protocol Loop Issuing BankAcquiring BankTerminal Card Customer Personalisation Centre PIN Issuer MerchantHSM

7 Terminal to Card With SDA, the transaction and PIN go in clear from terminal to card; card returns a MAC You can capture PAN and PIN to make a mag- stripe card, or change the amount, or forward the transaction, or … (Mike’s talk yesterday) Problem: the card represents the bank, and the terminal represents the merchant. Either (or both) can be bent. No-one represents the customer! But we can fix that …

8 Meet my Attorney Our interceptor displays the transaction amount requested. If the customer presses ‘OK’, it then inputs the correct PIN, and writes an audit trial entry A real-world implementation will be not much bigger than a credit card It protects you against crooked merchants, and against crooked banks

9 Other man-in-the-middle defences Things like firewalls and anti-virus software are familiar – but there’s much more Hardware Security Modules (HSMs) guard the crypto keys used by banks in EMV, ATM and other systems An HSM exposes a “Security API” to the bank’s host computer, which aims to permit legitimate uses of the keys but prevent wholesale abuse (e.g. theft of a million PINs). To a first approximation, all APIs are broken. We’ve broken all of them at least once and we keep finding new breaks. New vulnerabilities are routinely mandated by interbank standards bodies…

10 Hardware Security Modules

11 Solution Put the IBM 4758 in a PC Run our software on the PC Put the PC in a tin box with tamper-responding lid switches Allow through only the protocols, and the parameters, that you actually use Keep an audit trail on disk Provide a trustworthy user interface Both IBM, and we, have to screw up

12 Composing Middlemen What if there are multiple interceptors? If my attorney is next to my card, it protects me from an interceptor between that and the terminal (or hidden in the terminal) We already have the theory – ‘Cascade Ciphers: the Importance of Being First’ by Maurer and Massey When ciphers are composed, they are as strong as the last one Special case: ciphers that commute are as strong as the best one

13 The Dining Attorneys How can five interceptors commute? Easy: the card, the terminal and the attorneys communicate using a dependable broadcast protocol Any bad advice can be countered with a denunciation This actually happens – big business deals involve meetings with multiple specialists (lawyers, accountants, bankers, brokers …)

14 Conclusions The middleman has had a bum rap in the literature But he’s ubiquitous in real life Even a lawyer who’s on trial hires another lawyer! Keeping up with criminal law is a speciality So is keeping up with viruses, with HSM API flaws, with EMV flaws, with phishing scams,… Having pluggable middlemen is likely to be cheaper than fixing everything in the world every month It’s the place to put the security maintainability, and to put the human back into the protocol Usability and maintainability are the two big problems!

Download ppt "The Man-in-the-Middle Defence (… or – rehabilitating Charlie …) Ross Anderson, Mike Bond Computer Security Group Cambridge Security Protocols Workshop28th."

Similar presentations

Quality of Service 3 rd General Body Meeting - MPFI.

Quality of Service 3 rd General Body Meeting - MPFI.
Card Verification Support

Card Verification Support
Chapter 4: Requirements Engineering

Chapter 4: Requirements Engineering
Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.

Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.
Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 

Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 
CSE331: Introduction to Networks and Security Lecture 22 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 22 Fall 2002.
Copyright, 1995-2007 1 Can Mobile Payments be 'Secure Enough'? Roger Clarke, Xamax Consultancy, Canberra Visiting Professor in eCommerce at Uni of Hong.

Copyright, Can Mobile Payments be 'Secure Enough'? Roger Clarke, Xamax Consultancy, Canberra Visiting Professor in eCommerce at Uni of Hong.
SECURITY CHECK Protecting Your System and Yourself Source:

SECURITY CHECK Protecting Your System and Yourself Source:
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Chapter 10  ATM 1 Automatic Teller Machines. Chapter 10  ATM 2 Automatic Teller Machines  “…one of the most influential technological innovations of.

Chapter 10  ATM 1 Automatic Teller Machines. Chapter 10  ATM 2 Automatic Teller Machines  “…one of the most influential technological innovations of.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Chapter 9 Banking and Book keeping Protecting yourself from you.

Chapter 9 Banking and Book keeping Protecting yourself from you.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.
Verified by Visa and MasterCard SecureCode – or, How Not to Design Authentication Steven Murdoch and Ross Anderson Cambridge.

Verified by Visa and MasterCard SecureCode – or, How Not to Design Authentication Steven Murdoch and Ross Anderson Cambridge.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies

Similar presentations

Ads by Google