[Gllug] OT - chip & pin

Alain Williams addw at phcomp.co.uk
Mon Apr 3 14:18:44 UTC 2006 

On Mon, Apr 03, 2006 at 01:49:06PM +0000, Benedikt Heinen wrote:
> >I will accept it if the card is plugged into the numeric keypad, I am 
> >much more reluctant to do so if my PIN has to travel down a wire into a 
> >till.
> 
> But - if you plug the card into the keyboard, does that "prove" that the 
> PIN doesn't go down the wire?  That would only make sense, if the keyboard 
> itself was tamper-proof and sealed by a reputed manufacturer. Since that 
> isn't the (*obvious*) case, I might think it just as likely, that the 
> keyboard, pin display and card adapter is nothing more than a dumb 
> terminal and will relay information back and forth to the processing unit 
> outside.  (this might actually make sense from the manufacturer's point of 
> view - since everyone can take the keyboard and everything into their own 
> hands and potentially even drop it, the less processing logic there is 
> built into the keyboard, the less there is to be replaced/repaired if some 
> dolt breaks it).

The following suggests that the keyboard is indeed tamper proof, etc, but
is exceedingly short on details.

	http://www.chipandpin.co.uk/reflib/guideline_G6_certification_Process_v2_0.pdf

It really needs someone who has the background to not only understand this but
have had the time to read all of this ... I googled Ross Anderson on this and
found:

	http://news.bbc.co.uk/1/hi/business/4108433.stm

	"The sort of thing that I expect to go wrong is that villains will set up in business with equipment that will capture customer pins,"


	http://www.theregister.co.uk/2004/12/20/pin_security_warning/



I need to read his home page:

	http://www.cl.cam.ac.uk/~rja14/



I suppose that the only truely secure mechanism is to have your own card reader & keypad
that you connect to the retailer's system, the retailer would get his protection because
the card would contain something like your SSL private key and could thus validate against
your public key that it could obtain (in real time) from the bank.

Problems:
1) you need to keep your own reader from being tampered with

2) the shops need to be able to connect to the banks *at all times* to validate your
   public key.

(2) will prevent that idea from taking off.

-- 
Alain Williams
Parliament Hill Computers Ltd.
Linux Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256  http://www.phcomp.co.uk/

#include <std_disclaimer.h>
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list