A security weakness in payment systems?
One may remember the discovery of power analysis (SPA, Simple Power Analysis and DPA, Differential Power Analysis) in 1998 by Cryptography Research and how the industry reacted. Paul Kocher discovery consisted in analyzing the power consumption of a smart card and to be able to catch keys or codes or any cryptography secret. At the same time, Paul Kocher worked on counter measures to ensure a cryptosystem, a smart card for instance, would become resistant to SPA/DPA attacks. Many industrialists accepted some consulting by Cryptography Research, and then, products were protected against power analysis attacks. The industry as a whole reacted by reassuring statements to the outer world, while intensively working on solving the issue.
In the years 1998-2000, France faced the Humpich affair. An independent hacker, Serge Humpich, succeeded in making some fraud on the authentication system that was implemented along with B0 mask in the payment system managed by the GIE Carte Bancaire. The industry reaction had been a combination of denial and legal action against the fraudster. At the same time, the industry worked on the correction of the security issue, and after a few months, and the implementation of upgraded version of cards and of terminals software, this attack was no longer feasible.
Now, Algorithmic Research comes with an attack on payment systems that consists in exploiting some weaknesses that happen when a pin code is verified on line. Such verification takes place when a transaction is made with a magstripe card on an on-line POS terminal and when a card is used in an ATM and the pin is verified on line. The remote device encrypts the pin code with a DES/3DES function, and transmits the result to an authorization center, most of the time managed by the card issuer. ARX say they have found some weakness in the API that gives access to the Hardware Security Module (HSM) that is used to verify a PIN code either at the issuer's authorization center or at a third party authorization center. The same HSMs are used on network switches that transmit the encrypted pin code over networks to reach the authorization center. According to ARX, an insider at an authorization center or even at a switch could use the API in a certain manner to generate false pins from a HSM.
As this attack can only be performed with an online verification, this pushes for the adoption of smart cards into payment systems. The old B0, B0' French banking system has allowed off-line pin verification for years. Of course, in EMV, the smart card computing power is used to perform an off-line verification of the pin at all times. This is complemented with an on-line card or cardholder verification when necessary. An attack on on-line systems reinforces the off-line systems industry: the smart card.
Of course, ARX also comes with a solution to the issue. ARX proposes its 'Private Server HSM' which provides an alternative to the default API. What's going to happen now? Security experts will come up with a statement explaining the whole industry everything is under control. And at the same time, they will upgrade the system in order to make it resistant to this new type of attack.
This is the way the payment industry progresses: through a series of crisis. By repetitive crisis, the whole systems become more resistant as it becomes more complex. Payment systems are based on confidence: cardholders will only use a system if they are confident their money is treated in a secure manner. Several forces are at work in payment systems: the marketing push for offer diversification and new products and services introduction, the communication works at keeping and always reinforcing the image of confidence, and, at the same time, security experts are making the system evolve and become more robust.
The industry has already resisted several attacks. It will resist this one too.