BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Talks.cam//talks.cam.ac.uk// X-WR-CALNAME:Talks.cam BEGIN:VEVENT SUMMARY:Keep your enemies close: Distance bounding against smartcard relay attacks - Saar Drimer\, CL DTSTART:20070727T150000Z DTEND:20070727T153000Z UID:TALK7698@talks.cam.ac.uk CONTACT:Saar Drimer DESCRIPTION:Modern smartcards\, capable of sophisticated cryptography\, pr ovide a high assurance of tamper resistance and are thus commonly used in payment applications. Although extracting secrets out of smartcards requir es resources beyond the means of many would-be thieves\, the manner in whi ch they are used can be exploited for fraud. Cardholders authorize financi al transactions by presenting the card and disclosing a PIN to a terminal without any assurance as to the amount being charged or who is to be paid\ , and have no means of discerning whether the terminal is authentic or not . Even the most advanced smartcards cannot protect customers from being de frauded by the simple relaying of data from one location to another. \nWe describe the development of such an attack\, and show results from live ex periments on the UK's EMV implementation\, \\emph{Chip \\& PIN}. We discus s previously proposed defences\, and show that these cannot provide the re quired security assurances. A new defence based on a distance bounding pro tocol is described and implemented\, which requires only modest alteration s to current hardware and software. As far as we are aware\, this is the f irst complete design and implementation of a secure distance bounding prot ocol.\nFuture smartcard generations could use this design to provide cost- effective resistance to relay attacks\, which are a genuine threat to depl oyed applications.\nWe also discuss the security-economics impact to custo mers of enhanced authentication mechanisms.\n\nI'll be giving a 25-30 minu te practice presentation.\n\nPaper can be found at:\n\nhttp://www.cl.cam.a c.uk/~sd410/papers/sc_relay.pdf\n LOCATION:Computer Laboratory\, William Gates Building\, Room FW11 END:VEVENT END:VCALENDAR