BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:Thinking inside the box: system-level failures of tamper proofing 
 - Steven J. Murdoch (Computer Laboratory\, University of Cambridge)
DTSTART:20080509T150000Z
DTEND:20080509T153000Z
UID:TALK12166@talks.cam.ac.uk
CONTACT:Steven J. Murdoch
DESCRIPTION:PIN entry devices (PEDs) are critical security components in E
 MV smartcard payment systems as they receive a customer’s card and PIN. 
 Their approval is subject to an extensive suite of evaluation and certific
 ation procedures. In this paper\, we demonstrate that the tamper proofing 
 of PEDs is unsatisfactory\, as is the certification process.\n\nWe have im
 plemented practical low-cost attacks on two certified\, widely-deployed PE
 Ds\n– the Ingenico i3300 and the Dione Xtreme. By tapping inadequately p
 rotected smartcard communications\, an attacker with basic technical skill
 s can expose card details and PINs\, leaving cardholders open to fraud. We
  analyze the anti-tampering mechanisms of the two PEDs and show that\, whi
 le the specific protection measures mostly work as intended\, critical vul
 nerabilities arise because of the poor integration of cryptographic\, phys
 ical and procedural protection.\n\nAs these vulnerabilities illustrate a s
 ystematic failure in the design process\, we propose a methodology for doi
 ng it better in the future. They also demonstrate a serious problem with t
 he Common\nCriteria. We discuss the incentive structures of the certificat
 ion process\, and show how they can lead to problems of the kind we identi
 fied. Finally\, we recommend changes to the Common Criteria framework in l
 ight of the\nlessons learned.
LOCATION:Computer Laboratory\, William Gates Building\, Room FW11
END:VEVENT
END:VCALENDAR