A Finextra member 27 February, 2009, 11:09 0 likes

Go

     Go

            Gadg

                    e

                      t.

                         ...

Nick Collin - Collin Consulting Ltd - London 27 February, 2009, 12:14 0 likes

What is it with Ross Anderson? 

CAP is a good, pragmatic solution to the increasingly severe problems of phishing and card-not-present fraud.  No security solution is 100% safe; in the real world, as opposed to Cambridge University, criteria such as cost, usability and practicality are important.  CAP is highly secure, but it also meets these criteria, which is why, the last time I checked, it has been adopted by about 20 large banks which between them have rolled out about 20 million CAP readers in Europe alone.

The Anderson paper makes various obscure points to suggest that, in theory, under extreme conditions, CAP is not 100% secure.  OK, fine, but that doesn't mean it's not a good solution, and it certainly justify the relentlessly negative tone and lack of objectivity of the paper - for example the title "Optimised to Fail", or this gem from the text "the system has literally been optimised to death".  Similarly the Finextra title "Researchers crack e-banking card readers".  Come on guys, be reasonable!

A Finextra member 27 February, 2009, 18:15 0 likes

'Chip and Pin' technology has its place, but as is with many technologies used to stop online fraud, card fraud, etc then it is one of the more robust layers used. Even though the initial stats show some promise, the real story will be in a year or two whether the Chip and Pin has really slowed the incidence of card fraud.  

Yes it is correct to say nothing is 100% secure, but Ross Anderson points out that the testing shows it still needs a lot of work. We still need to make all this technology user friendly, ensure the computing devices the technology is plugged into is not compromised and as we all know it is about a combination of layers addressing all possible weakpoints.

This is not the silver bullet.

More importantly the cost of customer acquisition, ease of use and deployment cannot be too inhibitive.

Joe Pitcher - Irrelevant - Wirral 02 March, 2009, 11:25 0 likes

Ross Anderson is well known for his dislike of EMV and Chip in general. Read any of his articles on www.chipandspin.co.uk . He is clearly very knowledgeable and educated but the findings of a scientist in a lab are very different to the reality of deploying a system which balances cost against risk.
A Cambridge professor with expensive lab equipment and specialist training may find faults with a system, will the average fraudster? At the point that the type of attacks Anderson describes become real and widespread CAP will be redundant. Until then I don't see a viable alternative.
I do however agree with one statement he makes. "The basic principle behind CAP - a trusted user interface and secure cryp-tographic microprocessor - is sound". The faults Anderson has highlighted are either theoretical or due to specific implementations - not CAP itself. In the real world it's still the best solution I have seen. I'm sure better solutions exist in laboratories but at the moment they are not solutions in the real world. When/if they hit the street and are at a cost comparable to a CAP reader great, until then CAP is a huge improvement on CVC and address verification systems.

A Finextra member 02 March, 2009, 14:30 0 likes

So ...

Ross Anderson hits the headlines once again, and I for one am getting a little bit tired of reading about this over-exposed donkey with the chip on his shoulder.

Come on now Ross, you have all of the Cambridge University facilities available to you -  more than any crim!  You have a morbid dislike of the banks, for some reason, spurring you on.  You have reputations to maintain, both for you and for the university.   So many incentives, so many resources, and yet so little to show for it.

I think the time has come to respond to the challenge: show us how you have broken EMV, or any other payment infrastructure for that matter; show us how you have managed to manufacture a fake card, and how you can use it to make purchases using my account; show us how you can extract a PIN from the internal systems of banks, and use it nick my money. 

You can't because you haven't!!!  The time has come to put up or shut up.

A Finextra member 29 October, 2009, 09:03 0 likes

Let's see. I think it's fair to say that comments against Ross Anderson are coming from gents that are in the chip and pin business.

A Finextra member 30 October, 2009, 06:27 0 likes

Perhaps they are in the 'the chip and pin out of business' group - or soon may be.

Stephen Wilson - Lockstep Consulting - Sydney 02 November, 2009, 11:40 0 likes

Do Marite and Dean have anything to say about the substantive issues that others on this thread have raised about the Cambridge attacks?  Or are they content to shoot messengers for being pro Chip-and-PIN?  Yes many of us are pro chip, but we're engaging with the substance of the Cambridge research, and finding that the research isn't actually so profound as to merit sarcastic yelps of joy from EMV critics.

Marite and Dean are anti-chip, but they're silent on the technical issues. They seem to swallow uncritically every bit of bad news about EMV generated by theoreticians.

[Elsewhere Dean is far from silent on pseudo-technical issues, but he has yet to offer a single non-trivial truth about smartcards.]

Like the others, I really don't see that the latest Cambridge attacks are momentous.  Sure, obtaining CAP codes via a tampered terminal is a bit of an eye opener, but the secrets are no good in the vast majority of CAP implementations where codes aren't replayable.

More generally, looking at the significance of this whole line of inquiry ... if the Mafia can mount large scale insider attacks on terminal equipment, then what do the Cambridge folks and their acolytes expect anyone to do about that?

Steven Murdoch - University College London - London 02 November, 2009, 12:17 0 likes

Hi Stephen,

"Sure, obtaining CAP codes via a tampered terminal is a bit of an eye opener, but the secrets are no good in the vast majority of CAP implementations where codes aren't replayable."

In the Barclays CAP implementation, codes are replayable. In the NatWest/RBS implementation they are not, but that's irrelevant because you can perform a real time man-in-the-middle attack so that the resulting authentication code is used while it is still valid. I am not aware of any CAP implementation which can resist this attack. Could you say which particular implementation you are thinking of?

Stephen Wilson - Lockstep Consulting - Sydney 02 November, 2009, 17:25 0 likes

If you're mounting a real time MitM attack, you don't need to have tampered with a retail terminal to get the CAP OTP; you just trap the user's OTP as they enter it. 

Steven Murdoch - University College London - London 02 November, 2009, 18:59 0 likes

Hi Stephen,

"If you're mounting a real time MitM attack, you don't need to have tampered with a retail terminal to get the CAP OTP; you just trap the user's OTP as they enter it."

By a real-time MitM attack, I don't mean on on the customer's PC, I mean one on the tampered retail terminal. This would allow criminals to carry out successful attacks against people who:
1) Have no malware on their PC; and
2) Will not visit a malicious website (whether by DNS spoofing or social engineering tricks)

Conventional OTP tokens are not vulnerable to this attack, but because CAP uses the same card and PIN for point of sale and online banking, it can be attacked in this way.

Stephen Wilson - Lockstep Consulting - Sydney 02 November, 2009, 19:19 0 likes

I see.  But still, tampering with a retail terminals on a large scale is still much more difficult than mounting a conventional MitM attack at the browser isn't it?

Steven Murdoch - University College London - London 08 November, 2009, 22:15 0 likes

Hi Stephen,

"But still, tampering with a retail terminals on a large scale is still much more difficult than mounting a conventional MitM attack at the browser isn't it?"

Probably, but this isn't an either/or situation; smart criminals will do both.

MitM trojans will pick up credentials for customers who have malware on their PC. However, businesses are more likely to have effective malware protection measures to resist this threat.

Criminals could use attacks like I demonstrated to attack high-value targets. In these cases the investment, manpower and risk necessary to pull off the attack, would be justified by the large payoff, even on a small scale.

South African criminal gangs are already taking this approach (known as whale phishing), and I see no reason crooks in the UK will not follow, if they haven't already.