The Unbearable Lightness of PIN Cracking

14 years 1 months ago

Download www.scs.carleton.ca

Responding to the PIN cracking attacks from Berkman and Ostrovsky (FC 2007), we outline a simple solution called salted-PIN. A randomly generated salt value of adequate length (e.g. 128-bit) is stored on a bank card in plaintext, and in an encrypted form at a veriﬁcation facility under a bank-chosen salt key. Instead of sending the regular user PIN, salted-PIN requires an ATM to generate a Transport Final PIN from a user PIN, account number, and the salt value (stored on the bank card) through, e.g., a pseudo-random function. We explore diﬀerent attacks on this solution, and propose three variants of salted-PIN that can protect against known attacks. Depending on the solution variation, attacks at a malicious intermediate switch now may only reveal the Transport Final PIN; both the user PIN and salt value remain beyond the reach of an attacker’s switch. Salted-PIN requires modiﬁcations to service points (e.g. ATM, point-of-sale), issuer/veriﬁcation facilities, and bank cards;...

Omer Berkman, Odelia Moshe Ostrovsky

Real-time Traffic

FC 2007 | Salt Value | Transport Final PIN | User Pin |

claim paper

Post Info
More Details (n/a)

Added	07 Jun 2010
Updated	07 Jun 2010
Type	Conference
Year	2007
Where	FC
Authors	Omer Berkman, Odelia Moshe Ostrovsky

Comments (0)

Sciweavers

The Unbearable Lightness of PIN Cracking

FC 2007 | Salt Value | Transport Final PIN | User Pin |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers