NatWest card reader
in [UK Linux]
|
From: Nix on 10 Jul 2007 18:15 On 10 Jul 2007, Tim Southerwood spake thusly: > Gordon wrote: >> If this reader has no connection to Natwest, how does the website know >> that the (presumably random) number that its generated is correct? [...] > Same way that your car knows that the random number that your radio keyfob > is sending is valid. Pseudo random sequence is one technique, where both > ends have the same algorithm - this stops replay attacks. There are > probably other ways too. I presume this is a similar scheme to RSA SecureID (or even SecureID itself: SecureID tokens are bloody expensive in small numbers but a bank will be buying them in bulk), in which case there is a cryptographically strong transform from the time of day (generally rounded to the minute) and a secret key which varies per device; the host computer has access to the same key and of course it knows the time, so it can tell what number your device will display at a given moment. One neat trick is that the host checks the value you enter against a couple of possibilities on either side of the correct number temporally, and if what you entered matches one of those it notes that your clock is probably off and by how much and uses this time delta in future. So the clocks don't need to be perfectly synchronized; as long as you sign in at least every few months it should still work. (OPIE is a similar scheme which uses the generated number as an index into a lexicon like /usr/dict/words so you can type in English instead of numbers.) -- `... in the sense that dragons logically follow evolution so they would be able to wield metal.' --- Kenneth Eng's colourless green ideas sleep furiously
From: Alex Butcher on 11 Jul 2007 04:52 On Tue, 10 Jul 2007 23:15:43 +0100, Nix wrote: > On 10 Jul 2007, Tim Southerwood spake thusly: >> Gordon wrote: >>> If this reader has no connection to Natwest, how does the website know >>> that the (presumably random) number that its generated is correct? > [...] >> Same way that your car knows that the random number that your radio >> keyfob is sending is valid. Pseudo random sequence is one technique, >> where both ends have the same algorithm - this stops replay attacks. >> There are probably other ways too. > > I presume this is a similar scheme to RSA SecureID (or even SecureID > itself: SecureID tokens are bloody expensive in small numbers but a bank > will be buying them in bulk), in which case there is a cryptographically > strong transform from the time of day (generally rounded to the minute) > and a secret key which varies per device; I doubt very much that the time of day is included in the hash; that would require that either a) the chip on the card was powered or b) that the reader was powered (and stayed powered, even across a number of years, and in transit to the customer) and the bank kept track of the ID of each unit. The latter is made unlikely by the comment from Paul Cage later in this thread that says that the Barclays and NatWest readers are interchangeable. This suggests that the readers are just interfaces to crypto functionality embedded on the card's chip. My guess is that it's a challenge-response system that uses a key embedded on the card's chip (which is necessary for chip-and-PIN authentication anyway). > One neat trick is that the host checks the value you enter against a > couple of possibilities on either side of the correct number temporally, > and if what you entered matches one of those it notes that your clock is > probably off and by how much and uses this time delta in future. So the > clocks don't need to be perfectly synchronized; as long as you sign in at > least every few months it should still work. That's the theory, but in practice, the variability of clocks can sometimes cause operational difficulties. Best Regards, Alex. -- Alex Butcher, Bristol UK. PGP/GnuPG ID:0x5010dbff "[T]he whole point about the reason why I think it is important we go for identity cards and an identity database today is that identity fraud and abuse is a major, major problem. Now the civil liberties aspect of it, look it is a view, I don't personally think it matters very much." - Tony Blair, 6 June 2006 <http://www.number-10.gov.uk/output/Page9566.asp>
From: Tony Houghton on 11 Jul 2007 07:23 In <pan.2007.07.11.08.52.26.325742(a)assursys.co.uk>, Alex Butcher <alex.butcher.news1006(a)assursys.co.uk> wrote: > On Tue, 10 Jul 2007 23:15:43 +0100, Nix wrote: > >> I presume this is a similar scheme to RSA SecureID (or even SecureID >> itself: SecureID tokens are bloody expensive in small numbers but a bank >> will be buying them in bulk), in which case there is a cryptographically >> strong transform from the time of day (generally rounded to the minute) >> and a secret key which varies per device; > > I doubt very much that the time of day is included in the hash; that would > require that either a) the chip on the card was powered or b) that the > reader was powered (and stayed powered, even across a number of years, > and in transit to the customer) and the bank kept track of the ID of each > unit. The latter is made unlikely by the comment from Paul Cage later in > this thread that says that the Barclays and NatWest readers are > interchangeable. This suggests that the readers are just interfaces to > crypto functionality embedded on the card's chip. My guess is that it's a > challenge-response system that uses a key embedded on the card's chip > (which is necessary for chip-and-PIN authentication anyway). And let's not forget the banks aren't so interested in preventing fraud as in shifting the blame to the customer. I wonder if that's why some of them insist on Windows: "It wasn't our fault; the customer must have been infected with a key logger." -- TH * http://www.realh.co.uk
From: Ian Rawlings on 11 Jul 2007 09:55 On 2007-07-11, Tony Houghton <h(a)realh.co.uk> wrote: > I read somewhere that shifting the blame was the real motivation behind > chip & pin. I read somewhere that elvis is alive and well and living on mars, and that the 9/11 world trade centre was brought about by a cabal of powerful jews, and that microsoft really created linux and apple to avoid monopoly competition rules, etc etc Chip and pin was to cut down on fraud because signature checks were so laughable, the banks can't afford for people to go back to stuffing money under mattresses. Those who just don't trust banks etc will always view everything they do through cynical eyes however, but this doesn't make them right. The banks' past behaviour doesn't fit in with the idea of them trying to pass the blame onto the consumer, it's just not good for their business. The credit card companies are trying to pass the blame onto the vendor however, or rather to extract cash from them to enrol them in useless security schemes which are pretty much compulsory. -- Blast off and strike the evil Bydo empire!
From: Tony van der Hoff on 11 Jul 2007 10:13
On 11 Jul at 14:29 Tony Houghton <h(a)realh.co.uk> wrote in message <slrnf99mpl.df6.h(a)realh.co.uk> [snip] > I read somewhere that shifting the blame was the real motivation behind > chip & pin. > Whilst I no longer work in the security industry, I think that is an excessively cynical interpretation of the situation. Ithe motivation behind chip and pin was to increase security, as signatures were too easy to forge, and too hard to verify. At the same time, in order to make the scheme work, the responsibility for ensuring the safety of the PIN was placed upon the customer, and the responsibility for ensuring the safety of the equipment was placed upon the retailer. Provided the customer and retailer fulfil their not very onerous obligations, the issuer still takes responsibility for any fraud. This, to me at least, does not seem unreasonable. Previously, the issuers took all responsibility for any fraud, whether or not the customer/retailer were grossly negligent. I know we all like to complain about the banking industry (they're in the same category as the government, estate agents, the health service, and the weather), but in this instance it seems somewhat unwarranted. On the previous topic, I have had, for over a year, a (largeish) keyring device from LloydsTSB with a 6-digit LCD, which displays a pseudo-random number when I turn it on. I have to enter this number, as well as my userid and password to access my online banking accounts. It doesn't read the card, and, of course, has to be carried around. However, it sounds like it's a lot more portable than the Natwest/Barclays solution. I hope LTSB don't follow their lead... -- Tony van der Hoff | mailto:tony(a)vanderhoff.org Buckinghamshire, England |