More text!
This commit is contained in:
jaseg
parent
f2b3523e3a
commit
716f72d190
1 changed files with 57 additions and 2 deletions
|
|
@ -146,8 +146,63 @@ networks, almost all payment terminals on the market irrespective of their count
|
|||
standards. Adding on to PCI's ecosystem impact, its security standards are thought out well and provide a higher level
|
||||
of security than one might expect from an industry association.
|
||||
|
||||
The concrete requirements in the PCI SSC standards boil down to a list of logical requirements regarding key handling
|
||||
that
|
||||
Physical security standards in card payment applications both on the client side -- payment terminals -- and on the
|
||||
server side -- HSM appliances -- are more stringent than one might expect since the finance industry has been reluctant
|
||||
to adopt modern cryptography. Not only are modern cryptographic protocols like Secure Multiparty Computation (SMPC) or
|
||||
Zero-Knowledge Proofs (ZKPs) not commonly used. Even asymmetric cryptography has only been adopted reluctantly, and
|
||||
ancient ciphers such as Triple DES are still commonly referenced in industry
|
||||
standards~\cite{pci_security_standards_council_payment_2025}. As a result, increased hardware security is necessary to
|
||||
safeguard weak symmetric keys, compensating for the systems' modest cryptographic security.
|
||||
|
||||
Since card payment terminals are widely deployed, many different models from various manufacturers are available. Each
|
||||
manufacturer tends to have their own, patented tamper-sensing implementation. Being manufactured at scale, card payment
|
||||
terminals are cost-sensitive devices, which is reflected in the construction of their tamper-sensing implementations.
|
||||
|
||||
\subsubsection{HSM Appliances}
|
||||
|
||||
For datacenter applications, HSMs are sold both as add-in cards and as standalone rackmount appliances with a network
|
||||
interface. In practice, the standalone appliances are just low-end computers in a rackmount enclosure that expose the
|
||||
API of an internal HSM add-in card to the network. In this survey, we were only able to procure a single such HSM since
|
||||
these devices are expensive, and even used specimens of older models are usually listed for several hundreds to several
|
||||
thousands of EUR. The one sample we procured was a 2011 model Utimaco CryptoServer LAN. Our unit was a white-label
|
||||
variant procured by premium TV encryption technology provider Irdeto, presumably used in Germany to produce
|
||||
cryptographic key streams for TV signal encryption. We bought the device from a recycling company specialized on
|
||||
datacenter components. The device was sold with any HDDs removed. The device consisted of an older mainboard for
|
||||
embedded applications containing an Intel Core 2 Duo-brand processor and 2 GiB of DDR2 RAM, which was connected to the
|
||||
HSM add-in card through PCI. The device contained a small Lithium backup battery on the add-in card, and another, larger
|
||||
battery in an enclosure at the front of the device that was connected to the card through a cable. The device did not
|
||||
contain any obvious case intrusion sensors.
|
||||
|
||||
\subsubsection{ATM Encrypting Pin Pads}
|
||||
|
||||
ATMs are built in a modular construction approach. Physically, the enclosure of an ATM is not its only security
|
||||
barrier. Besides the enclosure, there are two security barriers worthy of note. First, the bank notes in the machine are
|
||||
stored in an automatic cash dispenser that is built into a traditional vault inside the machine. This vault primarily
|
||||
acts as a mechanical barrier to discourage theft, but it also often includes tamper sensors that activate an Intelligent
|
||||
Banknote Neutralisation System (IBNS). The IBNS is designed to spread hard-to-remove ink over the bank notes inside the
|
||||
vault when tampered. The permanently stained bank notes are not accepted by banks or retailers anymore.
|
||||
% FIXME cite https://www.oberthurcp.com/hubfs/Oberthur_December2020/Pdf/IBNS_Introduction_to_ink_staining_Oberthur_Cash_Protection_2019.pdf
|
||||
% archive: https://web.archive.org/web/20250822134238/https://www.oberthurcp.com/hubfs/Oberthur_December2020/Pdf/IBNS_Introduction_to_ink_staining_Oberthur_Cash_Protection_2019.pdf
|
||||
% FIXME cite https://www.ecb.europa.eu/euro/banknotes/damaged/html/index.en.html
|
||||
% FIXME cite https://www.bcl.lu/en/Banknotes-and-Coins/remboursement/billets-macules1/index.html
|
||||
|
||||
Besides the vault, the other secondary security barrier is located inside the ATM's pin pad. While all communication
|
||||
with the customer's card passes through an end-to-end encrypted channel from the bank's backends into the card's
|
||||
smartcard IC, the customer must necessarily enter their pin in plain text. To prevent leakage of the plaintext PIN, the
|
||||
PIN is encrypted inside the PIN pad itself. To this end, the PIN pad contains a microcontroller handling the encryption.
|
||||
Often, both the circuit board containing the PIN pad's keyboard matrix and this microcontroller are shielded by a
|
||||
tamper-sensing mesh to prevent physical attacks such as the installation of a skimming device that would record and
|
||||
transmit the plaintex PIN.
|
||||
|
||||
We acquired three different EPPs for analysis: Two designed by Sagem and apparently re-sold as a whitelabel product by
|
||||
Cryptera and Diebold, respectively, and one made by and branded NCR. All three devices have robust stainless steel front
|
||||
cases.
|
||||
|
||||
\subsubsection{Other miscellaneous devices}
|
||||
|
||||
Sometimes, tamper-sensing meshes show up in other types of devices. We acquired two such devices. First, we acquired a
|
||||
Neopost franking machine, a type of device that is used to directly print a code on an envelope that replaces a
|
||||
conventional postage stamp.
|
||||
|
||||
\section{Conclusion}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue