Bitcoin Forum
November 12, 2024, 10:34:06 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Distributed BTC/USD exchange using regular chip-and-pin credit cards  (Read 2609 times)
drazvan (OP)
Full Member
***
Offline Offline

Activity: 191
Merit: 100



View Profile WWW
November 19, 2013, 05:16:50 PM
 #1

Hello everyone,

I was trying to figure out how we could create a truly decentralized BTC to USD (or any other currency) exchange, without requiring physical proximity or wire transfers and still make it as good as a BTC to cash exchange (no chargeback, etc).

So here's what I came up with: what if, in exchange for a certain amount in BTC, I am able to allow another Bitcoin users to remotely use my chip-and-pin card to buy goods (or withdraw money from an ATM) possibly half-way across the world? I would have a tiny smartcard reader at home and software running on my computer that relays requests from a remote ATM or POS to the credit card inserted into the reader. It is actually possible to screen the transaction before it hits the smartcard chip and even assign a one-time-use PIN to the remote user.

The remote user would need an emulated smartcard that actually relays requests to/from the actual card sitting in a reader somewhere. Initially this would be connected to some computer or phone via cable, at a later time it could simply be something like the Coin (https://onlycoin.com/), talking to your phone over Bluetooth.

This could also be made considerably easier if the ATM or POS support NFC transactions (believe it or not, ATMs in Europe have started to offer this option - you no longer insert the card but only touch the ATM (not POS!) with the card). Then the person who wants to withdraw the cash could simply use his phone to emulate a card (Android 4.4 KitKat for instance has native software NFC card emulation) and tunnel the requests to the real card where the card owner screens the transaction and approves/denies it.

The beauty of this is that in the end, one party gets Bitcoins and the other one gets cash from the ATM. Just like in a face-to-face transaction, but possibly from different corners of the world, to/from people that have never met before.

Would you be interested in this? I have prototyped part of it (the tunneling of requests to/from a real card and using NFC at the other end to emulate it to a POS or ATM), the transaction screening part is not done yet. The plan is to make this part of OtherCoin (https://bitcointalk.org/index.php?topic=321085), my off-chain Bitcoin payment system, but I have the feeling that this could be interesting outside my system as well.

Let me know what you think.
Razvan
Mavi
Member
**
Offline Offline

Activity: 80
Merit: 10



View Profile
November 19, 2013, 07:37:23 PM
 #2

Interesting, but not usefull.
drazvan (OP)
Full Member
***
Offline Offline

Activity: 191
Merit: 100



View Profile WWW
November 19, 2013, 07:59:05 PM
 #3

Interesting, but not usefull.

Care to elaborate? You see no value in being able to immediately get cash for your Bitcoins at any ATM (without waiting for weeks to withdraw from the exchange)? Or buying Bitcoins with your credit card with no minimums or restrictions from a remote user? Or the fact that all of the above happens in a distributed fashion, directly between seller and buyer, with no central authority and no transaction logs?
Mavi
Member
**
Offline Offline

Activity: 80
Merit: 10



View Profile
November 19, 2013, 08:19:31 PM
 #4

Interesting, but not usefull.

Care to elaborate? You see no value in being able to immediately get cash for your Bitcoins at any ATM (without waiting for weeks to withdraw from the exchange)? Or buying Bitcoins with your credit card with no minimums or restrictions from a remote user? Or the fact that all of the above happens in a distributed fashion, directly between seller and buyer, with no central authority and no transaction logs?

I know but we need hardware for that, and there is security issues. Also you can not able to manipulate smartcard for temporary pin code, AFAIK its encrypted. Short story it is not usefull for everyone.

// sorry for my bad english.
drazvan (OP)
Full Member
***
Offline Offline

Activity: 191
Merit: 100



View Profile WWW
November 19, 2013, 08:25:11 PM
 #5

I know but we need hardware for that, and there is security issues.

You also need hardware to mine Bitcoins and I haven't heard miners complaining about it. You also need hardware to secure your wallets (like the Trezor). Is there any reason you dislike hardware?


Also you can not able to manipulate smartcard for temporary pin code, AFAIK its encrypted. Short story it is not usefull for everyone.

// sorry for my bad english.

Think again: http://hackaday.com/2010/02/12/chip-and-pin-broken-and-other-security-threats/ . The owner can also type the PIN locally and ignore whatever the remote terminal (the ATM) is sending.
Mavi
Member
**
Offline Offline

Activity: 80
Merit: 10



View Profile
November 19, 2013, 09:06:54 PM
 #6

I know but we need hardware for that, and there is security issues.

You also need hardware to mine Bitcoins and I haven't heard miners complaining about it. You also need hardware to secure your wallets (like the Trezor). Is there any reason you dislike hardware?


Also you can not able to manipulate smartcard for temporary pin code, AFAIK its encrypted. Short story it is not usefull for everyone.

// sorry for my bad english.

Think again: http://hackaday.com/2010/02/12/chip-and-pin-broken-and-other-security-threats/ . The owner can also type the PIN locally and ignore whatever the remote terminal (the ATM) is sending.


Most people can't afford to buy hardware. And most of the ATMs doesn't have NFC support, yet. The world doesn't ready for your project.
This is just my opinion, it's up to you.
tucenaber
Sr. Member
****
Offline Offline

Activity: 337
Merit: 252


View Profile
November 19, 2013, 11:21:11 PM
 #7

Very cool.

Does the method depend on breaking the law, by using this security flaw in the chip-and-pin system? I guess that would be bad.
drazvan (OP)
Full Member
***
Offline Offline

Activity: 191
Merit: 100



View Profile WWW
November 20, 2013, 10:38:40 AM
 #8

Does the method depend on breaking the law, by using this security flaw in the chip-and-pin system? I guess that would be bad.

No, the flaw described in that paper I linked to is only needed if you don't actually know the PIN of the card - in our case, the PIN _is_ known, the card owner knows it. The security of the system is not in the PIN itself, you could even give it to the person withdrawing the funds because transactions are screened before they hit the actual chip - remember, the credit card is inserted into a reader connected to a computer that the credit card owner controls. So each request for payment or withdrawal can be screened and abnormal transaction requests can be blocked before they even hit the smartcard chip.

So while it's still a "man in the middle" type of process, it's not used to attack the card but to screen each request and make sure the card owner approves.

StarfishPrime
Sr. Member
****
Offline Offline

Activity: 358
Merit: 250


View Profile
November 20, 2013, 04:15:00 PM
Last edit: November 20, 2013, 04:29:35 PM by StarfishPrime
 #9

The broken security described in the Cambridge "Chip and Pin broken" paper is specific to the EMV architecture. It does not affect other chip and pin protocols like opencxp (opencxp.org).

Proprietary crypto standards that rely on technical details not being made public will always be compromised. Asymmetrical cryptography never requires this.

Any architecture relying on proprietary 'secure' smart-cards, microprocessors, secret vendor keys, etc. can only provide a transitory perception of actual security. Eventually they will be hacked if the incentive is high enough (i.e. $700 bitcoins). It's always happened: Smartcards (OK, Statoil, EMV etc..) RFID tags (Shell Paypass, etc.), DVD 'secret keys' ... it always ends the same way.

What's really incredible is that such a huge, recent worldwide rollout could include such a fundamental design flaw.

It's actually getting worse, not better: The Visa NFC launch allows card data to be read by NFC in plain text right from the card (user name, card number)

                         
    ¦                     
  ¦    ¦¦¦               
¦¦  ¦¦¦¦                 
                             ¦¦  ¦¦¦¦
                          ¦ ¦¦ ¦¦¦¦                     
                         ¦¦¦¦¦¦¦¦
                        ¦¦¦¦¦¦¦
                        ¦¦¦¦¦¦
                  ¦¦¦  ¦¦¦¦¦¦
                   ¦ ¦¦¦¦¦¦

                    ¦¦  ¦ ¦¦¦¦
                    ¦¦    ¦¦¦¦
                    ¦¦  ¦ ¦¦¦¦
                   ¦¦¦  ¦ ¦¦¦¦¦
                ¦¦¦¦    ¦ ¦¦¦¦¦¦¦¦
             ¦¦¦¦¦    ¦ ¦¦ ¦¦¦¦¦¦¦¦¦¦
          ¦¦¦¦¦       ¦  ¦   ¦¦¦¦¦¦¦¦¦¦¦
        ¦¦¦¦         ¦        ¦¦¦¦¦¦¦¦¦¦¦¦
     ¦¦¦¦          ¦      ¦    ¦¦¦¦¦¦¦¦¦¦¦¦¦¦
    ¦¦¦         ¦¦         ¦   ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
   ¦¦        ¦¦         ¦¦  ¦   ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
  ¦¦       ¦          ¦ ¦¦   ¦  ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
 ¦¦¦     ¦¦          ¦   ¦    ¦  ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
¦¦¦     ¦          ¦      ¦   ¦¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
¦¦¦    ¦        ¦¦         ¦¦  ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
¦¦¦   ¦¦     ¦¦         ¦   ¦  ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
¦¦¦   ¦     ¦¦         ¦¦¦   ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
 ¦¦   ¦¦    ¦        ¦    ¦  ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
 ¦¦    ¦   ¦        ¦¦    ¦  ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
  ¦¦    ¦  ¦¦       ¦     ¦  ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
   ¦¦    ¦  ¦      ¦      ¦  ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
    ¦¦¦   ¦ ¦¦     ¦¦     ¦  ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
     ¦¦¦   ¦ ¦¦     ¦¦    ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
       ¦¦¦¦  ¦ ¦¦    ¦  ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
          ¦¦¦¦¦¦  ¦¦  ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
             ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
                        ¦¦

.
TorCoin.....
¦
¦
¦
¦
  Fully Anonymous TOR-integrated Crypto
               ¦ Windows     ¦ Linux     ¦ GitHub     ¦ macOS
     ¦
     ¦
     ¦
     ¦
.
   ANN THREAD
     ¦
     ¦
     ¦
     ¦
[/center]
drazvan (OP)
Full Member
***
Offline Offline

Activity: 191
Merit: 100



View Profile WWW
November 20, 2013, 05:31:46 PM
 #10

For this particular application, it doesn't really matter what protocol is used between the terminal and the card, as long as a middle man can intercept the transaction request, show the value of the transaction to the user (or check it against a preauthorized amount - the equivalent of the BTC being transferred the other way) and then forward it (or not) to the card.

Regarding smartcards, they are perfectly safe if the effort expended to extract the secrets costs more than the value of the secrets obtained. Smartcards also have a significant advantage compared to online systems - you need physical access to them in order to try to extract their secrets. A chip and pin card in your pocket cannot be attacked since you have no interface to it.

callem
Member
**
Offline Offline

Activity: 130
Merit: 10


View Profile
November 20, 2013, 06:16:02 PM
 #11

Drazvan: Have you seen the draft white paper at opencxp.org? It addresses many of the same issues you've been working on. If you do read it I'd value any thoughts you may have before we release it in final form. It's different from most smartcard proposals since it doesn't rely on 'smart' features, but uses inexpensive versions (eeprom cards) as just one of many possible storage media.

Also: The NFC Yubikey (neo) can't really independently sign bitcoin transactions - or can it? I'm having a hard time seeing how that would work.

drazvan (OP)
Full Member
***
Offline Offline

Activity: 191
Merit: 100



View Profile WWW
November 20, 2013, 06:38:11 PM
 #12

@callem @StarfishPrime I've just (very quickly) read the OpenCXP document but I don't see how it relates to what I've proposed here. It appears to be a protocol that would allow secure POS terminals to process (=sign!) transactions on behalf of users for in-person transactions.

What I'm proposing here is simply a way to reuse the existing credit card processing infrastructure and existing ATMs around the world to create a distributed BTC/USD exchange. You pay BTC to someone and in turn that someone allows you to withdraw funds from / charge his credit card remotely for the corresponding amount in USD.

If you're referring to the OtherCoin project, we can move the conversation to that thread (https://bitcointalk.org/index.php?topic=321085) - but I still don't see how OpenCXP would apply since it appears to be designed for consumer to merchant transactions, fully registered in the blockchain, not off-chain anonymous person to person transactions like the Othercoin.

Regarding the Yubikey Neo, yes, it can sign Bitcoin transactions. The problem with it is that it has no screen, so you can't verify the details of the transaction unless you trust the terminal. There are ways to make an untrusted (public) terminal into a trusted one but I won't go into details here.
callem
Member
**
Offline Offline

Activity: 130
Merit: 10


View Profile
November 20, 2013, 07:42:08 PM
 #13

..
What I'm proposing here is simply a way to reuse the existing credit card processing infrastructure and existing ATMs around the world to create a distributed BTC/USD exchange. You pay BTC to someone and in turn that someone allows you to withdraw funds from / charge his credit card remotely for the corresponding amount in USD.
..

I didn't realize this was somehow going to use the existing bank ATM infrastructure. Interesting idea. Banks may have an issue with card emulation though, especially involving bitcoin.

If you're referring to the OtherCoin project, we can move the conversation to that thread (https://bitcointalk.org/index.php?topic=321085) - but I still don't see how OpenCXP would apply since it appears to be designed for consumer to merchant transactions, fully registered in the blockchain, not off-chain anonymous person to person transactions like the Othercoin.

Regarding the Yubikey Neo, yes, it can sign Bitcoin transactions. The problem with it is that it has no screen, so you can't verify the details of the transaction unless you trust the terminal. There are ways to make an untrusted (public) terminal into a trusted one but I won't go into details here.

I'll take a closer look at Othercoin. There would certainly be some advantages to an off blockchain P2P system for certain applications. Interesting about the Yubikey being able to sign transactions, that might be useful in some situations.
 

Mavi
Member
**
Offline Offline

Activity: 80
Merit: 10



View Profile
November 20, 2013, 09:24:46 PM
 #14

I found another problem, this project relies on trust. I can easily call the cops and tell them you stole my card. ATMs has camera, bum, you are in jail.
Another problem, if this guy is some kind of fugitive, when he use your card information you are in trouble too.

I know i'm paranoid, but it is possible. You know what, if this guy don't use regular exchanges, he is most likely a criminal. (due to AML/KYC)
drazvan (OP)
Full Member
***
Offline Offline

Activity: 191
Merit: 100



View Profile WWW
November 20, 2013, 09:40:06 PM
 #15

I found another problem, this project relies on trust. I can easily call the cops and tell them you stole my card. ATMs has camera, bum, you are in jail.
Another problem, if this guy is some kind of fugitive, when he use your card information you are in trouble too.

I know i'm paranoid, but it is possible. You know what, if this guy don't use regular exchanges, he is most likely a criminal. (due to AML/KYC)

Well, not exactly ... I mean yes, you could call the cops and tell them I stole your card. But the fact that there is no central authority doesn't mean no logs are kept at all. I can show the cops the transaction (as logged by my device), the outgoing Bitcoin transfer to your address. They could then simply email the issuer (us) and get details on how this works. Then you get arrested for attempted fraud (declaring your card as stolen when in fact you have authorized the transaction and received goods (in the form of Bitcoin) in return immediately). I would say it's rather risky. Also, if you declare the card stolen, the bank cancels it immediately, so you can only do this once (and be left without the card for a few days until a new one is issued). If your new card mysteriously gets "stolen" again, your bank will most probably "get medieval on your a**" for trying to defraud them.

Also, "if this guy don't use regular exchanges, he is most likely a criminal" - sure ... and if he uses Bitcoins he must be a criminal as well, we all know Bitcoins are only used to buy drugs and pay for kiddie porn ... </sarcasm> . You do know Bitcoins can also be exchanged in person (http://www.localbitcoins.com/), some people just don't want to go through the hassle of opening an account with a big exchange, submitting tons of personal data, then waiting for weeks to deposit or withdraw their money (due to various "unexpected banking problems" or what they're called nowadays).
Mavi
Member
**
Offline Offline

Activity: 80
Merit: 10



View Profile
November 20, 2013, 10:22:06 PM
 #16

I found another problem, this project relies on trust. I can easily call the cops and tell them you stole my card. ATMs has camera, bum, you are in jail.
Another problem, if this guy is some kind of fugitive, when he use your card information you are in trouble too.

I know i'm paranoid, but it is possible. You know what, if this guy don't use regular exchanges, he is most likely a criminal. (due to AML/KYC)

Well, not exactly ... I mean yes, you could call the cops and tell them I stole your card. But the fact that there is no central authority doesn't mean no logs are kept at all. I can show the cops the transaction (as logged by my device), the outgoing Bitcoin transfer to your address. They could then simply email the issuer (us) and get details on how this works. Then you get arrested for attempted fraud (declaring your card as stolen when in fact you have authorized the transaction and received goods (in the form of Bitcoin) in return immediately). I would say it's rather risky. Also, if you declare the card stolen, the bank cancels it immediately, so you can only do this once (and be left without the card for a few days until a new one is issued). If your new card mysteriously gets "stolen" again, your bank will most probably "get medieval on your a**" for trying to defraud them.

Also, "if this guy don't use regular exchanges, he is most likely a criminal" - sure ... and if he uses Bitcoins he must be a criminal as well, we all know Bitcoins are only used to buy drugs and pay for kiddie porn ... </sarcasm> . You do know Bitcoins can also be exchanged in person (http://www.localbitcoins.com/), some people just don't want to go through the hassle of opening an account with a big exchange, submitting tons of personal data, then waiting for weeks to deposit or withdraw their money (due to various "unexpected banking problems" or what they're called nowadays).


Still, it is risky for both sides. Don't get me wrong, your project is very good as concept, it nice to be able to exchance currency without central authority but think that way: I'm criminal, i used your card, police came to your apartment and arrest you. You need a good lawyer for explaining all this. Nobody wants to be in court room.

If you know how to prevent that, tell us about it.
fordlincoln
Full Member
***
Offline Offline

Activity: 152
Merit: 100


View Profile
November 21, 2013, 06:34:26 AM
 #17

awesome idea, it has commercial value and you would be able to sell the patent or go open source and start a revolution.
drazvan (OP)
Full Member
***
Offline Offline

Activity: 191
Merit: 100



View Profile WWW
November 21, 2013, 04:04:41 PM
 #18

@fordlincoln Thank you! I really appreciate the support!

@Mavi I don't know where you live, but if your local police force can arrest you just because a random guy claims you stole something from him, I wouldn't want to live there. Of course, they are free to investigate and you have proof of what happened, so it should only take a few minutes to explain (and the guy that wrongfully reported it will be in serious trouble). Following your line of reasoning, if I sell my TV to my neighbor, I can then call the cops and have him arrested for stealing my TV. Or I could buy a new Macbook Air on Amazon then call my bank and say it wasn't me (although there is proof it has been delivered to my door and I signed for it).

What I'm trying to say is that yes, there are crazy people out there, but doing what you're describing means messing with 2 relatively powerful entities: the police and your bank. I might not know who you are, but your bank does and holds your money and the police also does can can make your life miserable if you waste their time (and taxpayers money).
Mavi
Member
**
Offline Offline

Activity: 80
Merit: 10



View Profile
November 21, 2013, 04:21:13 PM
 #19

@fordlincoln Thank you! I really appreciate the support!

@Mavi I don't know where you live, but if your local police force can arrest you just because a random guy claims you stole something from him, I wouldn't want to live there. Of course, they are free to investigate and you have proof of what happened, so it should only take a few minutes to explain (and the guy that wrongfully reported it will be in serious trouble). Following your line of reasoning, if I sell my TV to my neighbor, I can then call the cops and have him arrested for stealing my TV. Or I could buy a new Macbook Air on Amazon then call my bank and say it wasn't me (although there is proof it has been delivered to my door and I signed for it).

What I'm trying to say is that yes, there are crazy people out there, but doing what you're describing means messing with 2 relatively powerful entities: the police and your bank. I might not know who you are, but your bank does and holds your money and the police also does can can make your life miserable if you waste their time (and taxpayers money).

You misunderstood me. Let's say i'm already a criminal, police looking for me everywhere, an ATM camera took my picture while i was using your card information for money withdraw. So, you unintentionally helped me. I don't know about your country but here you have to go through legal process, may take years.
drazvan (OP)
Full Member
***
Offline Offline

Activity: 191
Merit: 100



View Profile WWW
April 01, 2014, 04:06:22 PM
Last edit: April 01, 2014, 05:17:10 PM by drazvan
 #20

(God, I picked the wrong day to announce this Smiley ). This is NOT an April Fool's day prank, this actually exists and works as seen in the video Smiley. Donations are welcome if you'd like to see this happen sooner ( 1Razvan4KEK2q5DNxemvsHwGncF1T3NqR ).

Hello again everyone,

I have finally completed the prototype for this idea and posted a quick demo video on YouTube at https://www.youtube.com/watch?v=ZsOzeELdjxM .

The video shows a contactless MasterCard card connected to a Raspberry Pi and allowing remote users to charge it in exchange for BTC. At the terminal, there's a Nexus 5 phone that relays requests from the POS to the card over 3G / Tor. In the video you see the screen populate with the information as the terminal sends it to the card and as the card replies. You'll see the credit card number, expiration date, the amount being charged, the currency and so on.

As soon as the phone has enough data to determine the amount the terminal wants to charge, it starts the Bitcoin client so that you can pay the corresponding amount in BTC. When the BTC payment is complete, it notifies the Raspberry Pi that acts as the credit card proxy. The Raspberry Pi verifies the transaction and if the amount in BTC is sufficient it allows the remote terminal to charge the card (if you're familiar with the EMV protocol, that's the GENERATE_AC command - it never reaches the card unless a corresponding BTC payment has been sent).

Both the phone (Nexus 5) and the Raspberry Pi use the TOR network (https://www.torproject.org/) to communicate to preserve anonymity. Also (since I'm sure someone will ask), there is not enough information sent over the wire for an attacker to clone the card. Magstripe transactions are also blocked because for those the actual amount being charged is not sent to the card, so Card2Coin has no idea how much you want to pay and what is the corresponding BTC amount to charge.

The beauty of this system is that it can form the basis of a distributed BTC exchange by allowing you to charge someone else's credit card in exchange for your BTC. You buying habits are hidden (since you would use a different card, potentially from a different country or continent, for each purchase). The TOR network hides the location of the parties. Finally, transactions made through this system show up as "card present" (the POS in the store thinks it's talking to a physically present credit card), so they cannot be easily reversed (if at all).

Feel free to ask questions, I'm sure there will be quite a few.

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!