Abstract
Responding to the PIN cracking attacks from Berkman and Ostrovsky (FC 2007), we outline a simple solution called salted-PIN. Instead of sending the regular user PIN, salted-PIN requires an ATM to generate a Transport Final PIN from a user PIN, account number, and a salt value (stored on the bank card) through, e.g., a pseudo-random function. We explore different attacks on this solution, and propose a variant of salted-PIN that can significantly restrict known attacks. Salted-PIN requires modifications to service points (e.g. ATMs), issuer/verification facilities, and bank cards; however, changes to intermediate switches are not required.
Version: June 13, 2008.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Algorithmic Research (ARX). PrivateServer Switch-HSM. White paper, http://www.arx.com/documents/Switch-HSM.pdf
Berkman, O., Ostrovsky, O.M.: The unbearable lightness of PIN cracking. In: Dietrich, S., Dhamija, R. (eds.) FC 2007. LNCS, vol. 4886. Springer, Heidelberg (2007)
Bond, M.: Attacks on cryptoprocessor transaction sets. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162. Springer, Heidelberg (2001)
Bond, M., Zielinski, P.: Decimalisation table attacks for PIN cracking. Technical report (UCAM-CL-TR-560), Computer Laboratory, University of Cambridge (2003)
Clulow, J.: The design and analysis of cryptographic APIs for security devices. Masters Thesis, University of Natal, Durban, South Africa (2003)
Mannan, M., van Oorschot, P.: Weighing down The Unbearable Lightness of PIN Cracking (extended version). Technical report, School of Computer Science, Carleton University (2008), http://www.scs.carleton.ca/research/tech_reports/
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mannan, M., van Oorschot, P.C. (2008). Weighing Down “The Unbearable Lightness of PIN Cracking”. In: Tsudik, G. (eds) Financial Cryptography and Data Security. FC 2008. Lecture Notes in Computer Science, vol 5143. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85230-8_14
Download citation
DOI: https://doi.org/10.1007/978-3-540-85230-8_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85229-2
Online ISBN: 978-3-540-85230-8
eBook Packages: Computer ScienceComputer Science (R0)