1 / 13

Dawie Joubert

Information Security Vulnerabilities within EMV-AFC, their Consequences and Possible Remedies SATC: Urban Transport, Policy and Planning Session (1A ) 7 July 2014. Dawie Joubert. Contents. Introduction Information Security Source of Vulnerabilities Current Vectors of Attack

aerona
Download Presentation

Dawie Joubert

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security Vulnerabilities within EMV-AFC, their Consequences and Possible RemediesSATC: Urban Transport, Policy and Planning Session (1A)7 July 2014 Dawie Joubert

  2. Contents • Introduction • Information Security • Source of Vulnerabilities • Current Vectors of Attack • Proposed Remedies • Questions

  3. Introduction • The author participated in the DoT AFC EMV Team; • The DoT AFC Certification Authority cannot fix what is not in their power to fix; • Bleeding edge initiatives will have costs; • The “issues” were identified from the start. Their impact was unknown; • EMV is not the problem; • The AFC Data Structure is not the problem; • This presentation address the “glue” that is needed in-between the EMV and AFC.

  4. Information Security • Generally has four components: • Confidentiality; • Integrity; • Availability; and • Non-Repudiation. • Why information security in AFC: • “Trust” that you are paying/using the correct amount (commuter); • “Trust” that you are being paid/provided the correct amount (authority); • “Trust” that you share a prepaid product correctly (between authorities); and • “Trust” that your prepaid product/points are used within limits (authority); “Trust is like a piece of paper. Once it is crumpled, it can’t be perfect again” - Unknown

  5. Source of Vulnerabilities • The “glue” between EMV and AFC: • Information about products, usage, and service entry/exits are stored by using the “glue” of the card; • The “glue” divorces/ring-fences EMV and AFC from one another; • There is no collaboration between EMV and AFC while getting to the result. All you know is the result. You don’t know the data/information that was used to generate the result; Source: http://www.vexplor.com/bcr.html

  6. Source of Vulnerabilities – cont’d • The “glue” exposes portions of AFC: • Temporary (tap-on/tap-off) and usage information is stored in portions of the “glue” which can be manipulated without EMV’s knowledge; • The “glue” don’t keep track of this information; • These exposed areas are “free-for-all”; • Recent initiatives strives to use these exposed portions for a “points” system to “compensate” for bank charges; Source: http://www.breezy.com/

  7. Current Vectors of Attack • Authorities can take “incorrect” money/products from the smart card, the commuter has no proof that the information used to calculate the transaction was correct; “Read AFC” “Deduct EMV” “EMV Proof” “Update AFC” “EMV” “AFC”

  8. Current Vectors of Attack – cont’d • Authorities can provide incorrect information about a transport product usage; “EMV” “AFC”

  9. Current Vectors of Attack – cont’d • Commuters can provide old valid state information, and thereby either re-playing products or tap-on/tap-off states; “Backup” “EMV” “AFC”

  10. Proposed Remedies • Assume current EMV implementers play ball: • Require the “glue” to keep track of the “Temporary” information: • For instance: Force the use of a built-in counter that increments every time you write to a portion that EMV do not track. This counter must not be allowed to “roll-over”. If it does, the glue must “dissolve”; or • Use the arranged “marriage” concept below but: Instead of supplying the information afterwards, as an update, let the custom EMV command supply the new AFC info. • Arrange an EMV marriage: • For instance: VISA has their own EMV approved command. Lets specify a Public Transport EMV command that uses the AFC data during a Financial Transaction, and thus “marry” the EMV cryptogram with the AFC Data Structure. This will require that the AFC Data Structure must always be presented with the Financial Transaction to be considered a legitimate transaction; Source: http://www.vexplor.com/bcr.html

  11. Proposed Remedies – cont’d “Read AFC” “Deduct EMV + Update AFC” “EMV + AFC Proof” “EMV” “AFC” Source: http://www.vexplor.com/bcr.html

  12. Proposed Remedies – cont’d • Assume current EMV implementers don’t play ball: • Create an EMV compliant implementation; • Stats SA says: • +/- 82% of SA citizens needs transport; • +/- 67% of households are solely dependant upon Public Transport and have no access to a private vehicles; • +/- 53 million Citizens; • +/- 29 million Citizens needs public transport; • Lets assume: • +/- 2 trips per individual; • +/- R5 per trip; • +/- 15 days in a month is used for travel; and • Our “banking fees” is 0,5%; • Do you think we can implement a public transport ring fenced EMV Transport solution for: R22 million/month? Source: http://www.vexplor.com/bcr.html

  13. Questions? THANK YOU Dawie Joubert Namela Consulting Tel: +27 12 349 1886 dawie@namela.co.za

More Related