Chapter 10  ATM 1 Automatic Teller Machines. Chapter 10  ATM 2 Automatic Teller Machines  “…one of the most influential technological innovations of.

Slides:



Advertisements
Similar presentations
Why Cryptosystems Fail Nick Feamster CS 6262 Spring 2009.
Advertisements

Identity theft Protecting your credit identity. Identity Theft Three hundred forty three million was lost from consumers in 2002 The number of complaints.
Card Verification Support
Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.
COMPUTER CRIMES CREDIT CARD FRAUD “A BILLION DOLLAR PROBLEM”
Chapter 14 Physical Tamper Resistance Hack a lock:
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
Lecture 9 e-Banking. Introduction The most used methods to pay for a service or merchandise are: –The real money (so called “cash”) –cheque (or check.
CEL: Computers in Banking and Retail
Digital Signatures and Hash Functions. Digital Signatures.
ICT at Work Banking and Finance.
Direct Attacks on Computational Devices
GCSE ICT Computers and the Law. Computer crime The growth of use of computerised payment systems – particularly the use of credit cards and debit cards.
Improving ATM Security via Facial Recognition CPSC510 James Maxlow November 25 th, 2002.
Next Generation Two Factor Authentication. Laptop Home / Other Business PC Hotel / Cyber Café / Airport Smart Phone / Blackberry 21 st Century Remote.
Information System Design IT60105
Prepare a deposit slip Record entries in a check register
Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Chapter 9 Banking and Book keeping Protecting yourself from you.
Why Cryptosystems Fail?
Why cryptosystems Fail Ross Anderson Proceeding of the 1 st ACM Conference on Computer and Communications Security, 1993 SSR Jiyeon Park.
CMSC 414 Computer (and Network) Security Lecture 24 Jonathan Katz.
ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS eCommerce Technology Lecture 9 Micropayments I.
Checking Account Debit Card Safety Tips card-safety-10-tips.htm October.
Credit Card And Prepaid Process Edward M. Kwang President.
3.1 Business and employment. Banking and Finance.
Why Cryptosystems Fail Ross Anderson Presented by Su Zhang 1.
1 PIN Security Management and Concerns Susan Langford Sr. Cryptographer CACR Information Security Workshop.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
GCSE Information Technology Input Devices and Methods Objectives:  To understand what input devices are.  Identify their individual uses  Be able to.
By: Piyumi Peiris 11 EDO. Swipe cards are a common type of security device used by many people. They are usually a business-card-sized plastic card with.
Standard Grade Computing COMMERCIAL DATA PROCESSING CHAPTER 13.
Will You Ever Use Your ATM Again? Presented by: Bob Clary Carolyn McLellan Jane Mosher Karen Weil-Yates.
Why Cryptosystems Fail Prepared by Geoffrey Foote CSC 593 Secure Software Engineering Seminar Spring Semester 2006 Instructors: Dr. Charles Frank Dr. James.
1 Why Cryptosystems Fail Ross Anderson University Computer Laboratory Cambridge
Unit 4: Banking Section 4: Making bank technology work for you.
Chapter 3, Section 3 ELECTRONIC BANKING.
Standard Grade Computing Studies Commercial Data Processing START.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
API-Level Attacks on Embedded Systems By Mike Bond and Ross Anderson “… by presenting valid commands to the security processor, but in an unexpected sequence,
Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.
Commercial Data Processing Credit. Management Information CDP makes it easier for managers to control and process the information that is needed in the.
GOALS BUSINESS MATH© Thomson/South-WesternLesson 3.2Slide 1 3.2Electronic Banking Record electronic banking transactions Find account balance when banking.
Chapter 14 Network Encryption
Business Math 3-2 Electronic Banking. Start up Marc uses his charge card to pay for almost everything he buys. Lenore pays for most of her purchases with.
ANS(Prepared by: Mazhar Javed )1 Computer crime The growth of use of computerised payment systems – particularly the use of credit cards and debit cards.
Learning Intentions Explain what an ATM is and the facilities offered Identify the stages of withdrawing cash from an ATM List the advantages and disadvantages.
Decimalisation Table Attacks for PIN cracking “ It takes an average of 15 guesses to determine a four digit PIN using this technique, instead of the 5000.
Why Cryptosystems Fail R. Anderson, Proceedings of the 1st ACM Conference on Computer and Communications Security, 1993 Reviewed by Yunkyu Sung
Protecting Your Assets By Preventing Identity Theft 1.
TODAY’S AGENDA 1.Budgeting Project review- they are due electronically tomorrow 2.Budgeting Quiz (DVD) and test questions afterwards 3.Ch. 10 Baking 4.Ch.
ATM Fraud. Lost/stolen cards The Lost or Stolen physical card is becoming less of a target The data that can be skimmed is much more valuable and any.
© Thomson/South-Western ECONOMIC EDUCATION FOR CONSUMERS Slide 1 Chapter 7 LESSON 7.3 Electronic Banking Objectives: By the end of class, students will.
Electronic Banking & Security Electronic Banking & Security.
EMV Operation and Attacks Tyler Moore CS7403, University of Tulsa Reading: Anderson Security Engineering, Ch (136—138), (328—343) Papers.
 At the end of the class students should:  distinguish between data and information.  explain the characteristics and forms of Information Processing.
Legacy Payment Systems Tyler Moore CS7403, University of Tulsa Reading: Anderson Security Engineering, Ch (136—138), (328—343)
Transaction processing systems
SECURITY FEATURES OF ATM
UNIT 19 Data Security 2.
Why Cryptosystems Fail Ross Anderson University Computer Laboratory
How An ATM Work's Prepaid by, kakani Dinesh.
WHY CRYPTOSYSTEMS FAIL
Zcash Mining – A Guide For Beginners. Zcash (also known as ZEC and seventeenth most valued cryptocurrency with market capitalization of $500 million)
Shopping experience! Avoiding online fraud Ian Ramsey C of E School
Level 1 Module 2 Lesson 5 AXS Machines.
G061 - Network Security.
Presentation transcript:

Chapter 10  ATM 1 Automatic Teller Machines

Chapter 10  ATM 2 Automatic Teller Machines  “…one of the most influential technological innovations of the 20th century”  Began in 1968, more than 500,000 today  One of the first commercial use of crypto (block ciphers), tamper resistant hardware, security protocols, etc.  The “killer app” for commercial crypto

Chapter 10  ATM 3 ATMs  An interesting case study o What was done correctly o What was done incorrectly

Chapter 10  ATM 4 ATM Security Module  Security module implemented in tamper-resistant hardware o IBM 4758 crypto processor o Security module is at bank o All crypto computations done in security module, such as PIN verification

Chapter 10  ATM 5 ATM Security Module  IBM PIN generation o Acct number N on magnetic stripe o PIN key K (in tamper-resistant hardware) o “Natural PIN” is F(E(N, K)), where encryption E is DES, and F is a function o PIN = natural PIN + offset (so customers can choose their own PIN)  Note: PIN verification relies on N and secret K, and is done in security module

Chapter 10  ATM 6 IBM PIN Gen Example  Account number:  PIN key K:  DES encrypt E(N,K):  Decimalize:  Natural PIN:  Offset:  Customer PIN: FEFEFEFEFEFEFEFE A2CE126C69AEC82D

Chapter 10  ATM 7 More ATM Security  PIN encrypted with “terminal master key” and sent to security module  ‘Dual controls” --- terminal master key entered in 2 parts (2 people)  PIN “translation” (from one ATM network to another) done in security module

Chapter 10  ATM 8 Problems  Early on, encryption done in software  Not feasible for all pairs of banks to share keys, so KDC used (VISA)  Large number of trans, so corners cut o “Optimization is the process of taking something that works and replacing it with something that doesn’t quite, but is cheaper”  Most ATMs use 56-bit DES

Chapter 10  ATM 9 What goes wrong  ATM system designed to stop sophisticated attacks  In practice, the real issues are o Processing errors --- e.g., computer crashes o Only 0.001% probability, but 5 billion ATM trans  Card theft from mail  Fraud by bank staff o Laptop inside ATM to record PIN’s o Key for test system used for real system

Chapter 10  ATM 10 Unexpected Attacks  Shoulder surfing to get PIN, copy acct number from receipt  One system --- telephone calling card, ATM thought previous card inserted  One system --- output 10 bills when 14- digit test sequence entered  One bank issued same PIN to everybody  Fake ATM to collect PINs  Steal the ATM (camera is inside ATM)

Chapter 10  ATM 11 ATMs  Biggest mistake in design of ATM system: “… worried to much about criminals being clever instead of worrying about customers and banks being stupid”

Chapter 10  ATM 12 ATM legal issues  In US, banks carry risk of ATM technology o must refund most disputed transaction o costs average bank $15K/year in fraud  In much of Europe, customer bore cost o Banks claimed ATMs infallible o John Munden case  British policeman, found his acct $700 short  Bank: no bugs in code since written in assembler  Munden convicted and fired  Overturned on appeal: bank would not release its code

Chapter 10  ATM 13 ATM legal issues  If Munden case had occurred in California, “he would have won enormous punitive damages”  Lessons o Non-repudiation is critical --- camera in ATM would have solved Munden case immediately o In general, security system must be able to withstand examination by hostile experts

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.