Skip to main content
SpringerLink
Log in

Weighing Down “The Unbearable Lightness of PIN Cracking”

  • Conference paper
Financial Cryptography and Data Security (FC 2008)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5143))

Included in the following conference series:

Abstract

Responding to the PIN cracking attacks from Berkman and Ostrovsky (FC 2007), we outline a simple solution called salted-PIN. Instead of sending the regular user PIN, salted-PIN requires an ATM to generate a Transport Final PIN from a user PIN, account number, and a salt value (stored on the bank card) through, e.g., a pseudo-random function. We explore different attacks on this solution, and propose a variant of salted-PIN that can significantly restrict known attacks. Salted-PIN requires modifications to service points (e.g. ATMs), issuer/verification facilities, and bank cards; however, changes to intermediate switches are not required.

Version: June 13, 2008.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Algorithmic Research (ARX). PrivateServer Switch-HSM. White paper, http://www.arx.com/documents/Switch-HSM.pdf

  2. Berkman, O., Ostrovsky, O.M.: The unbearable lightness of PIN cracking. In: Dietrich, S., Dhamija, R. (eds.) FC 2007. LNCS, vol. 4886. Springer, Heidelberg (2007)

    Google Scholar 

  3. Bond, M.: Attacks on cryptoprocessor transaction sets. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  4. Bond, M., Zielinski, P.: Decimalisation table attacks for PIN cracking. Technical report (UCAM-CL-TR-560), Computer Laboratory, University of Cambridge (2003)

    Google Scholar 

  5. Clulow, J.: The design and analysis of cryptographic APIs for security devices. Masters Thesis, University of Natal, Durban, South Africa (2003)

    Google Scholar 

  6. Mannan, M., van Oorschot, P.: Weighing down The Unbearable Lightness of PIN Cracking (extended version). Technical report, School of Computer Science, Carleton University (2008), http://www.scs.carleton.ca/research/tech_reports/

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, Carleton University,  

    Mohammad Mannan & P. C. van Oorschot

Authors
  1. Mohammad Mannan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. P. C. van Oorschot
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Gene Tsudik

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mannan, M., van Oorschot, P.C. (2008). Weighing Down “The Unbearable Lightness of PIN Cracking”. In: Tsudik, G. (eds) Financial Cryptography and Data Security. FC 2008. Lecture Notes in Computer Science, vol 5143. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85230-8_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-85230-8_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-85229-2

  • Online ISBN: 978-3-540-85230-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation