Create an Account
username: password:
 
  MemeStreams Logo

Decimalisation Table Attacks for PIN Cracking [PDF]

search

Jeremy
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Jeremy's topics
Arts
  Literature
   Classical
   Fiction
   Horror
   Non-Fiction
   Sci-Fi/Fantasy Literature
  Movies
   Movie Genres
    Action/Adventure
    Cult Films
    Documentary
    Drama
    Horror
    Independent Films
    Film Noir
    Sci-Fi/Fantasy Films
    War
  Music
   Music Styles
    Classical
    Electronic Music
    Rap & Hip Hop
    IDM
    Jazz
    World Music
  TV
   TV Documentary
   TV Drama
   SciFi TV
Business
  Finance & Accounting
  Industries
   Tech Industry
   Telecom Industry
  Management
  Markets & Investing
Games
  Video Games
   PC Video Games
   Console Video Games
Health and Wellness
  Medicine
Home and Garden
  Cooking
  Entertaining
Miscellaneous
  Humor
  MemeStreams
   Using MemeStreams
Current Events
  War on Terrorism
  Elections
  Israeli/Palestinian
Recreation
  Cars and Trucks
  Travel
Local Information
  United States
   California
    SF Bay Area
   Events in Washington D.C.
   News for Washington D.C.
   Georgia
    Atlanta
     Atlanta Events
Science
  Biology
  History
  Math
  Medicine
  Nano Tech
  Physics
Society
  Economics
  Education
  Futurism
  International Relations
  History
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
  Military
  Philosophy
Technology
  Biotechnology
  Computers
   Computer Security
    Cryptography
   PC Hardware
   Human Computer Interaction
   Computer Networking
   Macintosh
   Software Development
    Open Source Development
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Decimalisation Table Attacks for PIN Cracking [PDF]
Topic: Cryptography 1:26 pm EST, Feb 22, 2003

We present an attack on hardware security modules used by retail banks for the secure storage and verification of customer PINs in ATM (cash machine) infrastructures.

By using adaptive decimalisation tables and guesses, the maximum amount of information is learnt about the true PIN upon each guess. It takes an average of 15 guesses to determine a four digit PIN using this technique, instead of the 5000 guesses intended.

In a single 30 minute lunch-break, an attacker can thus discover approximately 7000 PINs rather than 24 with the brute force method. With a $300 withdrawal limit per card, the potential bounty is raised from $7200 to $2.1 million and a single motivated attacker could withdraw $30-50 thousand of this each day.

This attack thus presents a serious threat to bank security.

Ross Anderson's students are getting into the act.

(You can also find a mirror copy of this paper, with slightly different formatting, at http://cryptome.org/dtapc.pdf )

Decimalisation Table Attacks for PIN Cracking [PDF]



 
 
Powered By Industrial Memetics
RSS2.0