StorefrontBacktalk

Thinking About Security ROI From The Thief’s Perspective

Written by Evan Schuman

June 24th, 2010

Retail IT execs have always been very good at making risk-based security budget decisions. They know how to calculate the probability of a certain attack method being used against them, its chances for success and the likely cost to the chain if it succeeds. And they know how to use that information as a way to negotiate with the CFO’s people to justify security investments. Security return-on-investment (ROI) arguments are old hat when dealing with black hats and bean counters.

But what about looking at the security ROI challenge from the cyberthief’s perspective? That means examining the techniques and seeing which delivers the best value for the profit-oriented criminal. A good example of this approach is differential power analysis (DPA) and Chip-and-PIN payment cards.

DPA, which essentially examines microprocessor power level changes and tries to figure out authorization codes from the subtle power changes, has been found to be effective against Chip-and-PIN cards, especially older ones. But the cost—in terms of equipment, time and specialized skill—to capture one card’s data is too high to make it profitable, given that most profitable card data theft operations need to steal more than a million cards.

In other words, it’s not necessarily enough to determine whether you’re at risk of a successful attack. You also need to project whether it’s profitable enough for a professional thief to bother with.

One cryptographer, who works for a major retailer’s security operation, summarized his view of the challenge (anonymously, of course).

“DPA is a known attack vector, and researchers have demonstrated its validity in the lab. That means a well-funded criminal group could duplicate the attack. But today DPA works on one chip at a time, and it requires laboratory equipment and a very skilled researcher a long time to successfully recover a key. It’s not an attack that can be done with a skimmer in the back of a restaurant,” the retail security cryptographer said. “So the problem is, what value can be derived from an attack on a specific card? What secret keys can be recovered? If it’s just the account holder’s private key at risk, the criminals won’t be able to afford an attack. If you stole my wallet, I’ll report the theft long before you could recover my key. Even if you automated the attack and analysis, and shrunk the gear to a single laptop, it still takes many thousands of iterations to recover the data, and those iterations take time. It’s not an instant-break method.”

In short, why would a self-respecting cyberthief bother? “Today, I see much more practical attacks on the EMV protocols than on the chips. The offline reader spoofing and man-in-the-middle attacks are already demonstrated attacks on the current EMV systems. Fraudulent readers or spy cameras could still skim PINs in the anticipation of stealing the physical cards,” said the cryptographer. “Malware could infect POS terminals to redirect payments to criminal third parties. And there’s still the loophole of legacy mag-stripes on current smartcards being exploited in non-smartcard locations.”

Ahhh, but security ROI matters are rarely so black and white. Benjamin Jun, VP of technology at Cryptography Research, argues that the DPA target has morphed, making the ROI equation much more complex.

In a recent change, almost all Chip-and-PIN cards today (Jun estimates it at “more than 95 percent”) have built-in countermeasures to make the thief’s ROI even more challenging, truly making the card attacks quite useless and impractical. But it’s an entirely different story for the card terminal, where countermeasures are very scarce, and Jun couldn’t (wouldn’t?) name a single terminal vendor whose systems are protected against DPA attacks.

Jun sees the terminal as a much more dangerous entry point than the card, and for two distinct reasons. First, access to the terminal will discover many cards in a day, although not nearly the numbers that a cyberthief ring would need. But the second reason addresses that issue: terminal access is an excellent way to access the backend database on the central servers. And that, as cyberthief ringleader Albert Gonzalez knows well, is the Holy Grail of card data.

“DPA is effective because you’re eavesdropping silicon as it actually works,” Jun said, adding that terminal access can allow the thief “to masquerade as the terminal and then eavesdrop on communication with the server, which could be used as an infiltration point. Then you can vacuum clean card information as it’s communicated to the server.”

Getting the access to the power levels is often not difficult; finding and opening a shopping mall’s phone closet can be straightforward, especially if the thieves bother renting the proper uniforms.

How many retailers are even demanding terminals be protected against DPA attacks, let alone feature adequate countermeasures? Until terminal vendors start routinely seeing such demands on retail requests for proposals (RFPs), this problem will likely only be addressed after some major breaches. Thus far, none have been reported.

Is it better to wait for those breaches or start modifying your standard terminal RFPs?

Posted in IT Strategy/Industry, Payment Systems, Security/Fraud

3 Comments | Read Thinking About Security ROI From The Thief’s Perspective

A Reader Says:
June 24th, 2010 at 9:05 am
Actually, all PCI-PED certified payment terminals are strongly protected against attacks, including DPA.
Retail CSO Says:
June 27th, 2010 at 4:54 pm
The quote from the “retail security cryptographer” sounds just like what people were saying about skimming a few years ago (i.e., it’s one card at a time and requires sophisticated knowledge about magnetic fields).

I was at a hacker conference, where I saw a demo of power analysis with really cheap hardware done by hobbyists — and the key recovery was basically instantaneous too. I’m sure it takes some knowledge to figure out the first attack on a given device, but the attack I watched was just about instantaneous.

Some of the testing labs charge a lot for DPA testing, so they have a vested interest in making DPA look difficult… but if the chain-smoking hacker kids can do it, I’m sure the guys who are doing skimming today could too if they tried.

I’m also interested in the reader comment that “all PCI-PED certified terminals are strongly protected against attacks, including DPA”. I don’t know how well they are protected against DPA, but the I’ve seen some pretty scary vulnerabilities in PCI-certified terminals. The smart card guys do seem to have their act together pretty well on the security front nowadays, but terminal makers have a history of cutting corners and I don’t ever recall seeing PED vendors advertising DPA protection.
A Reader Says:
July 1st, 2010 at 9:58 am
Read the POS PED requirements, specifically A6 and A7. “To determine any PIN-security-related cryptographic key resident in the PED or ICC reader, by penetration of the PED or ICC reader and/or by monitoring emanations from the PED or ICC reader (including power fluctuations), requires an attack potential of at least 35 for identification and initial exploitation as defined in Appendix B of the PCI POS PED DTRs.”

It’s a pretty clear requirement that a compliant pad should not leak energy traces. But to your point, it’s probably treated like anything else PCI related. Certify everything, and if there’s a leak, claim it was out of compliance.

StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Kindle Convenience - StorefrontBacktalk is now available natively on the Kindle so you can read us on the place without a connection.

Read StorefrontBacktalk's Retailing Column every month at Retail-Week.com. Please click here for an archive of those columns.

Read StorefrontBacktalk's Retail Realities Column every week at CBSNews.com. Please click here for an archive of those columns.