Announcement

Collapse
No announcement yet.

Intresting article on Europes credit card Chip Authentication Protocol

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Intresting article on Europes credit card Chip Authentication Protocol

    If your into security protocols you might find this article interesting. It's in the European credit card security protocol known as CAP that some British banks have already rolled out. Some guy's used FPGA's to reverse engineer the protocol. They critic it and suggest some changes. One of the more interesting areas they discuss is the fact that the card reader will state if a PIN entry is wrong or not. So now we have muggers that kidnap people and torture them to get the pin and they can find out if the victim is lying.



    Previously, muggers marched a victim to an ATM to ensure he gave them the right PIN. Now, with CAP, criminals have a portable device that will tell them if their victim is lying. While the EMV protocol always permitted such a device to be built, that requires technical skill, and wasn’t in practice done. CAP has made the capability ubiquitous. It reduces the risk to muggers, as now they can keep their victims in a quiet place, and not risk being caught or seen by CCTV by going near an ATM. It would have been easy enough for the banks to design CAP without revealing the result of the PIN verification, but they failed to foresee the risk.

    Don't think I'm making this up

    In July 2008 two French students were tortured to death in their London residence six days after it was broken into and a computer stolen. Days after the murders the police revealed that the attackers were after the students’ card PINs [6]. In February 2007, two Manchester men murdered a 62 year old security guard after he refused to reveal his card’s PIN

    I have never had to design a security protocol (just test em) but, man having to design something with the thought of muggers and kidnappers in mind....whoa

    Anyways interesting read

    http://www.cl.cam.ac.uk/~sjm217/pape...9optimised.pdf
    Tags: None
    #2
    I think they should come up with an emergency PIN that, when used, will spit out $300.00 of bills that have RFID chips in them, shows the balance as zero and alerts authorities.
    [img]https://farm5.staticflickr.com/4373/35734799443_53cb20ef13_z.jpg[/img]


    Killed by CLRs since 2004. WOOT!
    Support Cainslair. Donate here! [url]http://www.cainslair.org/billspaypal.php?[/url]

    Comment

      #3
      Originally posted by Duke{CLR} View Post
      I think they should come up with an emergency PIN that, when used, will spit out $300.00 of bills that have RFID chips in them, shows the balance as zero and alerts authorities.
      That is an excellent idea and one or two competing card systems have it. It's called a Duress Pin. It allows some money out and immediately sets alarm bells off

      Comment

        #4
        you should be given two pin codes.
        One that activates an series of cameras in a NET around the two blocks of the bank for 5 minutes and one that is your own.

        The camera net would take photos of cars and etc from several angles, from areas beyond the reach of the bank, and etc.

        The RFID idea is not a good idea because if I put those bills into a static bag, the signals will not be tracked. I then take the bills home and put them into a bucket of water, drop a wire in the bucket, and plug the wire into the wall. ZAP no more RFID.

        From a person who knows how to find, track, and arrest people, you really need a way to trigger an alarm and then take a survey of as much real estate in the area of the bank as you can.

        Most home alarms have a code you use to trigger a silent alarm so that if you have a gun to your head asking you to disable, you can call for help.

        Why not at the bank too?

        Comment

        Previous template Next

        Cain's Lair Forums Statistics

        Collapse
        Topics: 26,187   Posts: 269,854   Members: 6,183   Active Members: 4
        Welcome to our newest member, Fermin13Q.

        Today's Birthdays

        Collapse

        There are no members with birthdays today.

        Top Active Users

        Collapse
        There are no top active users.

        More Posts

        Collapse
        • Reply to Hi guys!
          by Apache Warrior
          Hello Ghost. I hope you are doing well.
          Apache
          5 Jan 2025, 11:35 AM
        • Reply to Hi guys!
          by GhostHunter2024
          HAPPY NEW YEAR !!
          Well - just got back on my PC and played Delta Force game, Path of Exil 2, Diablo 4, BO6 and some WItcher3 , Ghost Recon Breakpoint...
          4 Jan 2025, 05:07 AM
        • Reply to New OLD "Private" is BACK to the LAIR
          by GhostHunter2024
          Yes, indeed. Have hardly time to GAME, to busy in the real world. Will see what 2025 brings and what games ?!
          Oh btw HAPPY NEW YEAR !!
          Best...
          4 Jan 2025, 05:02 AM
        View All
        Working...
        X