Abstract
In the field of eCommerce, online-banking is one of the major application requiring the usage of modern cryptography to protect the confidentiality and integrity of financial transactions between users and the banking system. In banking applications of some countries, the authorization of user transactions is performed with support of cryptographic One-Time-Password (OTP) tokens implementing ANSI X9.9-based challenge-response protocols.
The legacy ANSI X9.9 standard is a DES-based authentication method on which we will demonstrate an attack based on a special-purpose hardware cluster. In this work we show how to break such an OTP-token with little effort in terms of costs and time. With an investment of about US $ 10,000 we are able to perform an attack which computes the key of a DES-based OTP token in less than a week having only three challenge-response pairs. Our attack can even be scaled linearly according to the budget of the attacker resulting in even faster breaking times. With this work, we want to point out once more that the immediate migration from legacy products using the DES algorithm is absolutely mandatory for security critical applications.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Accredited Standards Committee X3. American National Standard X3.92: Data Encryption Algorithm (DEA) (1981)
Accredited Standards Committee X9. American National Standard X9.9: Financial Institution Message Authentication (1994)
ActivIdentity. Token-based Identity Systems (OTP Tokens) (2007), http://www.activeidentity.com
Blaze, M., Diffie, W., Rivest, R.L., Schneier, B., Shimomura, T., Thompson, E., Wiener, M.: Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security: A Report by an Ad Hoc Group of Cryptographers and Computer Scientists. Technical report (January 1996), http://www.counterpane.com/keylength.html
Coppersmith, D., Knudsen, L.R., Mitchell, C.J.: Key recovery and forgery attacks on the macDES MAC algorithm. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, p. 184. Springer, Heidelberg (2000)
Diffie, W., Hellman, M.E.: Exhaustive cryptanalysis of the NBS DES. Computer 10(6), 74–84 (1977)
Electronic Frontier Foundation. Cracking DES: Secrets of Encryption Research, Wiretap Politics & Chip Design. O’Reilly & Associates Inc. (July 1998)
International Organization for Standardization (ISO). ISO 8730/8731:1990 – Banking – Requirements for message authentication (1990)
International Organization for Standardization (ISO). ISO 16609:2004 – Banking – Requirements for message authentication using symmetric techniques (2004)
Kumar, S., Paar, C., Pelzl, J., Pfeiffer, G., Schimmler, M.: Breaking Ciphers with COPACOBANA - A Cost-Optimized Parallel Code Breaker. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 101–118. Springer, Heidelberg (2006)
National Institute for Standards and Technology (NIST). FIPS PUB 113: Standard for computer data authentication (May 1985)
National Institute for Standards and Technology (NIST). FIPS PUB 46-2: Data Encryption Standard (DES) (1993)
National Institute for Standards and Technology (NIST). FIPS PUB 46-3: Data Encryption Standard (DES) and Triple DES (TDES) (1999)
National Institute for Standards and Technology (NIST). FIPS 197: Advanced Encryption Standard (AES) (2001)
National Institute of Standards and Technology. Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher (May 2004), http://csrc.nist.gov/publications/nistpubs/800-67/SP800-67.pdf
Preneel, B., Van Oorschot, P.C.: Key recovery attack on ANSI X9.19 retail MAC. In: Electronics Letters, vol. 32(17), pp. 1568–1569. IEEE, Dept. of Electr. Eng., Katholieke Univ, Leuven (1996)
Rouvroy, G., Standaert, F.-X., Quisquater, J.-J., Legat, J.-D.: Design Strategies and Modified Descriptions to Optimize Cipher FPGA Implementations: Fast and Compact Results for DES and Triple-DES. In: Cheung, Y.K.P., Constantinides, G.A. (eds.) FPL 2003. LNCS, vol. 2778, pp. 181–193. Springer, Heidelberg (2003)
RSA - The Security Division of EMC2. RSA SecurID (2007), http://www.rsa.com/
Sciengines GmbH. COPACOBANA - A Codebreaker for DES and other Ciphers. project and company website (2008), http://www.copacobana.org http://www.sciengines.de
Verisign. Activcard tokens. Data Sheet, http://www.verisign.com.au/guide/activcard/ActivCard_Tokens.pdf
Wiener, M.J.: Efficient DES Key Search. In: Stallings, W.R. (ed.) Practical Cryptography for Data Internetworks, pp. 31–79. IEEE Computer Society Press, Los Alamitos (1996)
Wiener, M.J.: Efficient DES Key Search: An Update. CRYPTOBYTES 3(2), 6–8 (1997)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Güneysu, T., Paar, C. (2008). Breaking Legacy Banking Standards with Special-Purpose Hardware. In: Tsudik, G. (eds) Financial Cryptography and Data Security. FC 2008. Lecture Notes in Computer Science, vol 5143. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85230-8_10
Download citation
DOI: https://doi.org/10.1007/978-3-540-85230-8_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85229-2
Online ISBN: 978-3-540-85230-8
eBook Packages: Computer ScienceComputer Science (R0)