Securing the Internet - Chip and PIN

Dave -   In recent years, credit and debit card issuers have replaced signature strips with computer chips and we now type in a pin when we want to buy something.  It's said to be more secure, but how does this technology actually work and does it too have an Achilles heel?  Steven Murdoch is from the computer security group of Cambridge University and he investigates the safety of banking systems.  Now Chip and PIN is something I use every day.  I don't really think about it.  How does it actually work, Steven?

Steven -   So, your credit or debit cards has got a computer chip in it and this is essentially a small computer.  It's not very far away in terms of computation power from the PCs that were on people's desks in the 1980s and it's got some special software loaded onto it.  And more importantly, it's got some cryptographic keys loaded onto it by the bank which issued you the card.  And these keys are used to allow the card to prove that it's present at a particular point in time and allow it to calculate a digital signature over that transaction, and then the bank which issued you the card can verify the digital signature.

Dave -   So, that's essentially when you put your pin number into the machine and the shop tells it that you want to pay 20 pounds, all that kind of gets mixed up together and sent back to the bank?

Steven -   So, with Chip and PIN, the PIN aspect of it and digital signature aspect of it are almost completely separate.  And in fact, that's the root of some of the security vulnerabilities.  So in addition to all the digital signatures and keys, it's also got a copy of your PIN and when you type in your PIN, that gets sent to the card.  The card compares it and then if it's happy it says yes and if it's unhappy, it says no.  And hopefully, it also tells the bank whether the PIN was correct or not, but that's actually one of the mistakes that was made in Chip and PIN.

Dave -   So how can you attack this if you're a nefarious person?

Steven -   Well, one way that we discovered back in 2010 that this could be attacked is because - well as I was saying, the digital signature is not mixed up with the PIN.  So, what you can do is put a little bit of electronics between the card and the terminal, and then when the PIN is sent to the card, this bit of electronics intercepts it and then just sends the answer 'yes' back to the terminal.  And the terminal will be happy.  The card never received a PIN, but it turns out the cards are happy not seeing a PIN at all because at least it didn't fail, it just never saw something, and the banks, when they get that message back from the card, see a message from the card, a legitimate card, digitally signed that says that everything is fine, but in fact, the PIN that was typed in was wrong.

Dave -   So, as long as you can kind of hide the electronics from the person in the shop, you could essentially use a stolen credit card without anyone knowing.

Steven -   Yes, so when we initially mentioned this to the banks, we told them before we disclosed publicly to allow them to fix it.  They didn't, but we at least we gave them a chance.  They said that this will be infeasible to do and in fact, one of my colleagues, Omar Choudary, built some electronics that could be put up the sleeve and he was able to use that without being noticed, and it turns out that they caught some criminals, who were doing an even more sophisticated variant of this attack.  They embedded the evil computer into a stolen card so the card looked perfectly legitimate, it just had one good chip and one evil chip.

Chris -   When you're doing this work Steven, do you have a sort of Chip and PIN machine in your office and you're continuously running up a huge credit card bill, in order to test these things out?  Do people give you their gadgets to try?  Is that how it works?

Steven -   So, one thing we did do, is we bought a lot of Chip and PIN terminals off eBay.  When a shop goes bankrupt or they upgrade they sell their old ones. The other thing that we did was when we go to the local café in the university and then run through a 5 pounds minimum transaction and experiment that way.

Dave -   So, are they very suspicious of you at the local?

Steven -   I think they recognise us and they're not too worried when we plug evil electronics into their terminal because they get paid and in the end we do all our experiments on our own cards.

Dave -   Fair enough.  So, is this possible to solve, this problem?  I guess it just involves some way of checking, of combining the two together.

Steven -   Yes, it is possible to solve.  We mentioned some ways that the banks could do this in our academic paper and this is essentially doing more robust checks at the bank.  It turns out that this was more difficult to do because there's lots of bugs in the system and sometimes the banks were seeing transactions that were supposedly suspicious.  It looked like this attack was happening, but actually, it was just a bug at some point in the system, the data got corrupted.  And the banks have a big challenge here because they've got so many transactions.  Only a tiny, tiny proportion of them is going to be fraudulent.  So if they start rejecting transactions because they think they're suspicious, they'll mainly be rejecting legitimate transactions, not fraudulent ones.

Chris -   Have you any idea, Steven, of the scale of abuse of the system then?  Do you know whether people are implementing the strategy that you proved could work and if they are, how much money this is costing us?

Steven -   It's very hard to tell because there aren't good statistics that are collected on this.  We're pretty confident that the banks weren't looking for this attack before we told them about this attack and that means that there's no way of knowing what was going on before that stage.  We now know that some criminals are doing that because they got caught in France and there's a trial going on at the moment.  But in general, when fraud happens, if it's not one of the standard techniques that the banks know about, the customer loses the money and the banks don't keep totals of how much customers lose, only how much that they lose and shops lose.

Chris -   And conveniently, they've said that it's so secure that if someone has a transaction, they must have shared the PIN with someone.  So it's no longer the bank's responsibility,  it's your problem.  So they've kind of conveniently passed the buck onto the customer too, haven't they?

Steven -   Yes, this is one of the very unfair things that's happened with Chip and PIN.  Now, the responsibility from fraud has been put on the customers, even when it's a flaw in the bank computer systems.

Chris -   Steven, thank you very much.