[17001] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: FW: ATM machine security

daemon@ATHENA.MIT.EDU (Lee Parkes)
Thu Mar 3 19:22:32 2005

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 3 Mar 2005 23:29:38 +0100
From: Lee Parkes <leep@bogus.net>
To: Chris Trott <chris.trott@plett.com.au>
Cc: 'crypto' <cryptography@metzdowd.com>
In-Reply-To: <20050223152445.BA6FFF2BA@red.metdow.com>

On Thu, Feb 24, 2005 at 02:24:38AM +1100, Chris Trott wrote:
> 
> 
> My Apologies to the original poster here, but does this seem like a little
> human engineering to anyone else? 

No problem. As it happens the project I'm working on isn't for ATMs but for
a system that shares some similarities: 

* Located in potentially hostile environments
* Subject to abuse and civil disobedience
* Use of crypto and anti tampering devices
* Compliance with a standard outlined by the police and understood in the
  legal system [1]

[1] The standards are 9 years old, but they were, at the time, in line with
what the financial industry used. However, as we all know, industry has moved
on and we are looking to see if the vendors are keeping up with better practice
than was available 9 years ago.

One of the main things I'm looking for is not so much *how* to break into an
ATM, but what happens when one is, for example, are the keys (if pre-shared)
deleted? One vendor of the system has the key encryption key (KEK) stored on
a smartcard, which won't be deleted if power is lost. This goes against the
police guidelines, but there may be a precedent in the financial industry that
says "Hey, that's ok if you do X,Y and Z". My employer is looking for that sort
of information, especially if it is easily understood by lawyers. The financial
industry provided the best background for a legal system to understand.

> I mean sounds to me like your project is a search for weakness in the ATM
> system in preparation for an attack, or have I misjudged and you are the
> well meaning integrating party who have commissioned a number of 'suppliers'
> build a new ATM system (or ATM like system) while methodically attempting to
> avoid past errors. 

I work for a large global Professional Services company, but I prefer to keep
queries like this to my private email address. But, and you'll just _have_ to
trust me on this one, I don't do anything illegal because I know I'd get 
caught :) Besides, doing fun stuff and getting paid for it is far better than
being in jail..

> If you are accepting bids from suppliers who already produce ATMs ie NEC or
> the like, how would your request help ? would you be expecting them to
> subvert the existing standards to prevent attacks ?

See above, but basically the bidders need to be able to justify that the system
they are going to use has safeguards in place. We aren't talking about money
here, but there is a watertight need to maintain evidential integrity of the
data transmitted across the network. The network itself will be protected via
VPN *BUT* it will be assumed to be a hostile network, and potentially an
attacker could harvest enough packets to make a brute force attack viable.

> competing standards, differing levels of what would be considered secure
> etc. 

Standards, so many to choose from :)

> Just curious, or was it paranoid, - who said that ?

/me looks over his shoulder

:)

Lee

-- 
--
leep@bogus.net DOC #25 GLASS #136
I Need A Reason To Stand Up And Fight
Need To Believe What I See - The Silver Drop - Mnemic

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post