Virtually Instant Card-Swipe Encryption Device To Be Unveiled Next Week
Written by Evan SchumanAmidst the sea of security announcements slated for next week is a card swipe device that claims almost instant encryption of cards, avoiding the problem of card data being grabbed before encryption.
Such claims are commonplace, but the VeriShield Protect from Verifone is making claims that—if ultimately proven true—would significantly advance retail payment security.
The new unit uses Hidden Triple Data Encryption Standard (H-TDES) from a company called Semtek Innovation Solutions Corp.. It’s hardware unit is designed to deactivate if anyone succeeds in opening the case, making the planting of physical data-capture devices more challenging.
"As soon as the device is opened, it’s supposed to shut down and blow away the security module" and "internal security shields" have been added to "prevent anyone from drilling holes," said Jeff Wakefield, Verifone’s VP of marketing.
It is being as an upgrade to existing MX800 devices and will be available to upgrade Vx devices later this year, the vendor said.
Like all hardware encryption, the Verifone card swipe device still allows a small window where the data is captured and it resides in memory before it’s encrypted. "There is a slight window, a fraction of a second. Literally a millisecond," he said, before amending that to "a matter of milliseconds." But he argues—and most security consultants agree—that the time is likely too short to be of major opportunity for cyber thieves. "It would take several people working in collusion," Wakefield said.
"There’s nothing we can do to make breaches impossible, but I think this is a significant leap forward because we’re protecting the data at the millisecond it enters the system," Wakefield said.
The company’s position is that VeriShield "encrypts the personal account number and magnetic-stripe track data in a manner that other applications interpret as valid card data," according to a Verifone document. "The data is encrypted within the tamper resistant security modules of VeriFone’s PCI PED-approved payment systems so that it can safely be transmitted over retailer networks to a centralized secure decryption appliance from Semtek Innovative Solutions Corp., the developer of H-TDES."
It will also include a real-time status and alert system "to monitor compliance of each and every transaction as it occurs," the company said, dubbing that part of the offering a Cipher Device Metrics Server (CDMS).
Wakefield said the pricing was quite varied, but said that the terminals themselves will run from about $25 to $50 per terminal but he added in that "in addition there may be key injection, module loading and deployment fees involved."
One retailer—who is in negotiations with Verifone and asked that he remain anonymous—said the last bid received from Verifone was about $100/terminal (including many of the other fees), but he added it needs to be much lower.
Wakefield, who said five retailers are negotiating to buy the units, although he wouldn’t say who, argues that it’s the hardware-based encryption that makes his firm’s offering interesting.
"There’s no one else doing hardware-based encryption. If you do software-based encryption, by default, that key is stored somewhere in software," he said, adding that they ship the hardware keys to retailers in three shipping methods. "I’d almost say that software encryption is not sure. Software encryption is proven to be breakable. Hardware encryption has never been broken yet."
Security vendors and consultants generally agreed that hardware-based encryption is superior, but there are some questions (admittedly, many from security vendor rivals) about the strength of the encryption being used by Verifone.
Steve Sommers, an applications development VP for rival Shift4, for example, questioned whether Verifone is placing compatibility over security. "While I don’t consider myself an encryption expert, my 20-plus years of experience with encryption technology at the bit and byte level tells me that squeezing 128+ bit encrypted data (a PCI requirement) into the confines of what ‘existing POS applications interpret as valid card data’ is not possible without data loss or sacrificing encryption strength," Sommers said.
Wakefield replied that, by adhering to today’s standards, it will be easier to integrate into existing retail POS environments.
"By maintaining the same format used to transmit transactions as is used today, the only systems that need to change are the systems that need to decrypt the data," Wakefield said. "If the (package) required a change in message formats, then the entire retail system that processed messages would have to change."
Some questioned just how compatible these systems will be for anyone who isn’t already using not only equipment from Verifone, but the latest equipment from Verifone.
"This won’t work for merchants that don’t have Verifone equipment capable of upgrading to this newest version," said Gartner security analyst Avivah Litan. "So, personally, I think it’s too bad that Verifone has an exclusive on this technology in the U.S. It locks lots of merchants out if they are not using Verifone equipment. It’s not at all clear that their vendors will enable interoperability with the Verifone readers. I suspect they won’t without a price."
Asked about Sommers’ encryption comment, Semtek CEO Patrick Hazel replied in effect that pragmatics require some compromises but that that is true for all security.
"The question correctly alludes to several constraints when dealing with ciphers across existing track data without a modification of length. A block cipher using 112 bit TDES keys on a 64 bit block requires a ciphertext of 20 decimal digits or 16 hex characters, both difficult to characterize in a short decimal track 2. (AES with a block size of 128 bits underscores this problem to an even greater extent.) Fixed length ciphers do not work well against the length variabilities present in track data," Hazel said. "So the breakthrough here was to create a variable length cipher while still maintaining cipher integrity. We used some attributes of Feistel or Rijndael techniques to overcome some of these limitations."
"Encryption techniques are formally evaluated based on their ability to protect both data and keys from various types of attacks when the attacker is circumscribed by fixed resources or time. Otherwise, no crypto technique would be judged ‘secure’ since the theoretical ability always exists to break any cipher given infinite resources and time," Hazel said. "This point is important, and crucial, to having any kind of practical discussion about the commercial legitimacy of any new cipher technique. Any cipher technique can be theoretically dismissed and what does that gain any of us?"
-Marc
April 4th, 2008 at 10:50 pm
After reading the Semtek chief”s statement in your article, especially the statements regarding “Rijndael [AES] or Feistel techniques”, I’m not personally convinced that they haven’t rolled their own algorithm. What he described sounds “more complex than it should be” which is a definitely a flag. If they tried to write their own low-level encryption routine instead of using ordinary 3DES, it’s possible they unwittingly compromised the security of the standard encryption.
One of the modes of operation applicable to any block cipher is called output feedback mode (OFB http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Output_feedback_.28OFB.29 ), which long ago solved the problem of encrypting variable data with a fixed block size algorithm by turning it into a key generator for a stream cipher. (So long ago that its patent has already expired.) Why would he claim they had to use these Feistel or AES techniques when there’s already an industry accepted solution?
There are ways to accomplish the task they describe using nothing more complex than 3DES and some simple transformations that mathematically retain the security of the underlying encryption.
To provide for backward compatibility, using 3DES in OFB mode the output could be masked down to the same size as the current character set size of the track, as long as the decrypting end also masked off the high bits. They theoretically could even leave the ISO-7813 sentinels, format codes, and parity characters unencrypted — even though that seems like a crib for a cryptanalyst, it shouldn’t come as a surprise to anyone that a magnetic card reader head is outputting encrypted track data.
There is even a fairly simple way to retain the PAN as digits, and the cardholder name as alphanumeric characters, while retaining the full security of the 3DES algorithm.
If Semtek is confident of their security, they should publish their algorithms and protocols so that they can be given a proper cryptographic review by qualified experts. (See Kerckhoff’s Principle http://en.wikipedia.org/wiki/Kerckhoffs%27_principle ) Until they do, their algorithm will carry a cloud of doubt.
April 7th, 2008 at 1:31 pm
Your last statement about proper cryptographic review by experts was the point of my quoted comment. Until the algorithms are proven secure and have test cases and numbers backing up how long a brute force attack would take to crack the data, this technology will have a hard time getting traction. On the other hand, if it can be proven secure by the cypher experts, then it will be a great addition to the PCI security toolbox.