Create an Account
username: password:
 
  MemeStreams Logo

Decimalisation Table Attacks for PIN Cracking [PDF]

search

Darwin
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Darwin's topics
Arts
  Movies
   Comedy
  Electronic Music
Tech Industry
Games
Health and Wellness
Miscellaneous
Current Events
Recreation
Science
  Chemistry
Society
  Politics and Law
   Intellectual Property
Technology
  Computers
   Computer Security
    Cryptography
   PC Hardware
   Software Development
    Open Source Development
    Perl Programming
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Decimalisation Table Attacks for PIN Cracking [PDF]
Topic: Cryptography 1:43 am EST, Feb 25, 2003

We present an attack on hardware security modules used by retail banks for the secure storage and verification of customer PINs in ATM (cash machine) infrastructures.

By using adaptive decimalisation tables and guesses, the maximum amount of information is learnt about the true PIN upon each guess. It takes an average of 15 guesses to determine a four digit PIN using this technique, instead of the 5000 guesses intended.

In a single 30 minute lunch-break, an attacker can thus discover approximately 7000 PINs rather than 24 with the brute force method. With a $300 withdrawal limit per card, the potential bounty is raised from $7200 to $2.1 million and a single motivated attacker could withdraw $30-50 thousand of this each day.

This attack thus presents a serious threat to bank security.

Ross Anderson's students are getting into the act.

(You can also find a mirror copy of this paper, with slightly different formatting, at http://cryptome.org/dtapc.pdf )

Decimalisation Table Attacks for PIN Cracking [PDF]



 
 
Powered By Industrial Memetics
RSS2.0