1. Automatic Teller Machines Chapter 10  ATM 1

2. Automatic Teller Machines • “…one of the most influential technological innovations of the 20th century” • Began in 1968, more than 500,000 today • One of the first commercial use of crypto (block ciphers), tamper resistant hardware, security protocols, etc. • The “killer app” for commercial crypto Chapter 10  ATM 2

3. ATMs • An interesting case study • What was done correctly • What was done incorrectly Chapter 10  ATM 3

4. ATM Security Module • Security module implemented in tamper-resistant hardware • IBM 4758 crypto processor • Security module is at bank • All crypto computations done in security module, such as PIN verification Chapter 10  ATM 4

5. ATM Security Module • IBM PIN generation • Acct number N on magnetic stripe • PIN key K (in tamper-resistant hardware) • “Natural PIN” is F(E(N, K)), where encryption E is DES, and F is a function • PIN = natural PIN + offset (so customers can choose their own PIN) • Note: PIN verification relies on N and secret K, and is done in security module Chapter 10  ATM 5

6. Account number: PIN key K: DES encrypt E(N,K): Decimalize: Natural PIN: Offset: Customer PIN: 8807012345691715 FEFEFEFEFEFEFEFE A2CE126C69AEC82D 0224126269042823 0224 6565 6789 IBM PIN Gen Example Chapter 10  ATM 6

7. More ATM Security • PIN encrypted with “terminal master key” and sent to security module • ‘Dual controls” --- terminal master key entered in 2 parts (2 people) • PIN “translation” (from one ATM network to another) done in security module Chapter 10  ATM 7

8. Problems • Early on, encryption done in software • Not feasible for all pairs of banks to share keys, so KDC used (VISA) • Large number of trans, so corners cut • “Optimization is the process of taking something that works and replacing it with something that doesn’t quite, but is cheaper” • Most ATMs use 56-bit DES Chapter 10  ATM 8

9. What goes wrong • ATM system designed to stop sophisticated attacks • In practice, the real issues are • Processing errors --- e.g., computer crashes • Only 0.001% probability, but 5 billion ATM trans • Card theft from mail • Fraud by bank staff • Laptop inside ATM to record PIN’s • Key for test system used for real system Chapter 10  ATM 9

10. Unexpected Attacks • Shoulder surfing to get PIN, copy acct number from receipt • One system --- telephone calling card, ATM thought previous card inserted • One system --- output 10 bills when 14-digit test sequence entered • One bank issued same PIN to everybody • Fake ATM to collect PINs • Steal the ATM (camera is inside ATM) Chapter 10  ATM 10

11. ATMs • Biggest mistake in design of ATM system: “… worried to much about criminals being clever instead of worrying about customers and banks being stupid” Chapter 10  ATM 11

12. ATM legal issues • In US, banks carry risk of ATM technology • must refund most disputed transaction • costs average bank $15K/year in fraud • In much of Europe, customer bore cost • Banks claimed ATMs infallible • John Munden case • British policeman, found his acct $700 short • Bank: no bugs in code since written in assembler • Munden convicted and fired • Overturned on appeal: bank would not release its code Chapter 10  ATM 12

13. ATM legal issues • If Munden case had occurred in California, “he would have won enormous punitive damages” • Lessons • Non-repudiation is critical --- camera in ATM would have solved Munden case immediately • In general, security system must be able to withstand examination by hostile experts Chapter 10  ATM 13