grue
Legendary
Offline
Activity: 2058
Merit: 1434
|
|
April 03, 2012, 03:59:14 PM |
|
assuming you can even implement a protocol that doesn't allow the private keys to be leaked
A lot of smartcard apps are poorly designed. But it isn't black magic or anything. It's definitely doable. Look at the satellite TV access cards. They can be reverse engineered, if you have access to the card itself and a scanning electron microscope. if you can install an overlay between the keys and the actual circuit board, you can easily capture the pin, and launch a replay attack. a much better way is to have a portable wallet that "pays" a merchant by transferring a signed tx, which the merchant can verify and broadcast.
|
|
|
|
Realpra
|
|
April 03, 2012, 05:44:04 PM |
|
If you can install an overlay between the keys and the actual circuit board, you can easily capture the pin, and launch a replay attack.
Well... can't the card be locked immediately after a purchase (say 30-90 s). That way the merchant would have to wait for you to come back AND remember who you were? (he only gets 3 PIN attempts) As for special override PINs I did not know about that? Is it real does that exist? It seems to defeat the point of even making a smartcard... If it does what stops anyone from hacking any VISA card in the world?
|
|
|
|
benjamindees
Legendary
Offline
Activity: 1330
Merit: 1000
|
|
April 03, 2012, 06:13:43 PM |
|
if you can install an overlay between the keys and the actual circuit board, you can easily capture the pin, and launch a replay attack.
a much better way is to have a portable wallet that "pays" a merchant by transferring a signed tx, which the merchant can verify and broadcast.
I'm not even going to ask what you thought it was we were discussing. Some of you need to do some basic research before posting in this thread. Or at the very least, read what others post. I've tried to follow this thread, but it meanders a bit.
Is the basic idea under discussion having a wallet-only client running in a small hardware device that can interact with POS terminals?
Most of the smartcards that I've seen are just (tiny) general purpose CPUs embedded in a card, usually with a small ROM containing a secret key. This is not a useful model for bitcoin. For bitcoin, you need the secrets in RAM (flash, etc) because you need to be able to add new secrets. You also need to make sure that you don't ever let the device communicate with a hostile device using the same physical pins that can be used to reprogram or dump it.
You, for instance, don't have a clue.
|
Civil Liberty Through Complex Mathematics
|
|
|
Realpra
|
|
April 03, 2012, 06:36:16 PM Last edit: April 03, 2012, 07:28:28 PM by Realpra |
|
You [EDIT: grue], for instance, don't have a clue.
So smartcards are still saf-ish? EDIT: Looked it up a bit: http://en.wikipedia.org/wiki/Smart_card_securityhttp://en.wikipedia.org/wiki/Smart_cardhttp://en.wikipedia.org/wiki/Mifarehttp://people.cs.uchicago.edu/~dinoj/smartcard/security.htmlSo okay hacking the card is totally possible in a few ways: 1. Physical abuse. 2. Storing PINs and waiting for the customer to return. 3. Advanced hacking after stealing card. HOWEVER: Special access pin connectors do NOT exists. Once the private keys are loaded to the card and programmed as NEVER-access level you have no practical way of getting them. To summarize as I see it: * If you only store what you spend in a week on your card the cost to the attacker would be MUCH MUCH higher than the return. * If your card is stolen it can NOT be forced (by common thieves). * Over-/double-charge using either my checksum scheme or "super cards" would be impossible. * Even if no police will help you most merchants would not take the extreme risk of robbing a return customer for very little gain - it would loose him his customers rather quickly. * Even storing the PIN and later overcharging would require a good deal of programming + being a merchant + getting a victim to come by minimum twice. If people use BTC cards with a bit of care (like all else, including normal BTC) smard cards will be completely safe (safe as VISA or more anyway).
|
|
|
|
benjamindees
Legendary
Offline
Activity: 1330
Merit: 1000
|
|
April 03, 2012, 07:15:42 PM |
|
For some inexplicable reason people want to discuss the mangled, incompetent bullshit put out by credit card companies as though it has anything to do with either 1) smart cards or 2) Bitcoin. Here's a reality check: credit card companies aren't interested in smart cards. It destroys their entire business model, which is based on trust, and which therefore requires fraud to be possible.
That video someone posted earlier is completely irrelevant. They're talking about glorified credit cards.
PIN numbers are completely irrelevant. Why would typing a static pin number into a hostile terminal gain me any security at all?
Skimming is completely irrelevant. Smart cards have protected memory. If they don't, then they aren't smart cards.
Dumping memory is completely irrelevant. Like "oh shit" we left a major glaring design flaw and just allow the memory to be dumped, through the exact same pins no less?
There are some realistic hacks (power analysis) against older smart cards. But you're not going to be able to sign Bitcoin transactions on those anyways.
And ANY APPLICATION THAT DOESN'T INVOLVE SIGNING TRANSACTIONS ON THE CARD ITSELF ISN'T EVEN A SMART CARD APP SO WHY THE HELL IS IT BEING DISCUSSED IN THIS THREAD?
|
Civil Liberty Through Complex Mathematics
|
|
|
Realpra
|
|
April 03, 2012, 07:38:41 PM |
|
PIN numbers are completely irrelevant. Why would typing a static pin number into a hostile terminal gain me any security at all?
Alright first; GREAT post. Cleared things up - nice to see my research was correct. I disagree with the PIN thing though: It offers some safety: 1. PIN is used and the card is locked 30-90 sec. 2. User removes card and leaves. 3. Merchant secretly stored the PIN. 4. Merchant does not have the card - how will he use his stolen PIN? 5. He has to either A rob the guy or B get the person to come back another time. 6. He can then destroy ALL reputation he had to make 5. happen for maybe 40-200$! WITHOUT a PIN: 1. Send money request of "ALL YOUR BASE... PLZ". 2. Done. 3. His reputation is still ruined, but it was a lot easier to do the stealing. (90% of the times you use your card a new place, you will never use it there again - hence you're safe)
|
|
|
|
benjamindees
Legendary
Offline
Activity: 1330
Merit: 1000
|
|
April 03, 2012, 07:51:35 PM |
|
You're right I glossed over the one benefit of a PIN. A PIN protects against someone stealing your card and using it. That's all. It doesn't protect against hostile merchants. That's what transaction signing is for.
|
Civil Liberty Through Complex Mathematics
|
|
|
BitcoinAndie
Newbie
Offline
Activity: 46
Merit: 0
|
|
April 03, 2012, 11:20:40 PM |
|
Think more along the lines of a small custom device with a screen, a couple of buttons, and a serial port (or serial over USB, or serial over bluetooth, or serial over NFC, etc). The programming interface, if it has one, must be internal, or it must load software from a memory card (like SD).
What about SIM cards?
|
|
|
|
kjj
Legendary
Offline
Activity: 1302
Merit: 1026
|
|
April 03, 2012, 11:54:29 PM |
|
Think more along the lines of a small custom device with a screen, a couple of buttons, and a serial port (or serial over USB, or serial over bluetooth, or serial over NFC, etc). The programming interface, if it has one, must be internal, or it must load software from a memory card (like SD).
What about SIM cards? I wouldn't trust a device without a display and keypad (or at least a pair of buttons!) built-in. I also dislike the idea of a device just signing a transaction presented to it, rather than generating the entire transaction internally. But, this can be overcome. Also, in my opinion, the device must generate all keys after it enters my exclusive possession, and it must include a genuine entropy source. This may be extra paranoid on my part, but I'm not sure I even like the idea of importing keys into the device.
|
17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8 I routinely ignore posters with paid advertising in their sigs. You should too.
|
|
|
BitcoinAndie
Newbie
Offline
Activity: 46
Merit: 0
|
|
April 04, 2012, 12:02:38 AM |
|
3. Third market?
Well if the intent is to enable payments with less friction (expense) and fewer middlemen, for people under duress, then the next markets should be strategic in terms of assisting people with the means of survival (food, shelter, clothing) Using Greece as an example, food and beverage distributors who can link into their regional supply chains (Europe) as well as local retail distribution would probably make a lot of sense. But still noodling on the central role of smart cards. I totally get why smart cards could provide access and anonymity on a distributed basis, and that the plastic and its chip has little inherent value until loaded with BTCs. But introducing a new product into a system, a product that requires additional hardware no matter how pocket sized, by its very definition attracts attention. If a citizen is stopped and searched will the mere possession of a branded smart card become probably cause? If only we could start a new healthy vitamin enriched beverage line sold via vending machines that has free mini smart cards attached to the bottles, and folks have to take those BTC cards into their local stores to be read so that they can see if they won the "BIG PRIZE" which of course is the act of buying and reading the cards.... now that would be a clever trick.
|
|
|
|
grue
Legendary
Offline
Activity: 2058
Merit: 1434
|
|
April 04, 2012, 12:32:52 AM Last edit: April 04, 2012, 12:43:32 AM by grue |
|
If you can install an overlay between the keys and the actual circuit board, you can easily capture the pin, and launch a replay attack.
Well... can't the card be locked immediately after a purchase (say 30-90 s). but then the smart card will need an internal power source, which will definitely not fit in a card. If it does what stops anyone from hacking any VISA card in the world?
visa/mastercard is supposedly secure because POS terminals that can process EMV transactions have to be tamper evident (sealed with sticker), and can't have removable faceplates, which should remove the risk of physical keylogging attacks. maximum rage
1. get yourself a bitcoin POS terminal 2. open it up, and place a circuit that monitors keypad input (remember, this is inside the unit, so 99.9% of the users won't notice) 3. get yourself an arduino and program it so it can do everything a normal POS terminal can do 4. hook the keylogging circuit to the arduino 5. close the entire unit, and make everything look legit 6. place it in your store 7. wait for a customer to buy something 8. the payment gets processed as usual, but now the merchant can charge the customer again, because the card is still inside, and the pin has been logged.
|
|
|
|
|
grue
Legendary
Offline
Activity: 2058
Merit: 1434
|
|
April 04, 2012, 01:33:35 AM |
|
no, i'm arguing about how secure a smartcard system (in general) can be. it's very hard to keep your keys secure if the terminal that you're using can't be trusted. as long as the interface between the card and the user isn't protected, there will always be a risk of a man-in-the-middle attack. if you have a solution to prevent the attack i mentioned earlier, i will be glad to hear it. One of these measures is to house your security information on a computer chip within the card as opposed to displaying it on the card. Another is a unique display window that reveals a security code necessary to complete a transaction. Each code can only be used once, so even if your card information were stolen, a thief would be unable to effect a transaction without having physical possession of the card and its security code. This window can also display account information such as your last transaction, your balance, how much you have spent this month, even messages from your bank. too bad i got both
|
|
|
|
BitcoinAndie
Newbie
Offline
Activity: 46
Merit: 0
|
|
April 04, 2012, 01:46:13 AM Last edit: April 04, 2012, 02:34:43 AM by BitcoinAndie |
|
Thanks for link. Excellent Technology! benjamindees here's a question for you. Could we issue these cards here in the US, buy the hardware and use the chip as form of Cold Storage? With an eye toward make these cards dual wallets (USD & BTCs)?
|
|
|
|
benjamindees
Legendary
Offline
Activity: 1330
Merit: 1000
|
|
April 04, 2012, 04:20:06 AM |
|
grue, do you understand that the entire point of a smart card is that the private key never leaves the card? Basically, the POS terminal just sends the balance due to your card, which displays it for you. You then press the button to verify, and the card creates the transaction and signs it. No need to trust anything.
This is what I have proposed. If you'd like to discuss any flaws you see in what I have proposed, I'd love to hear them. benjamindees here's a question for you. Could we issue these cards here in the US, buy the hardware and use the chip as form of Cold Storage? With an eye toward make these cards dual wallets (USD & BTCs)?
No idea. I haven't had a chance to speak with the manufacturer. Obviously that would depend on particulars such as being able to source cards with the features you'd need, including memory and cryptographic requirements. For long-term storage, you'd probably also want to know what happens when the battery runs out. As for dual-usage, I can fairly confidently predict that no credit card company would consent to this. I'm guessing that you mean for some type of proprietary payment network? Which, sounds like an interesting idea and I'm sure would work in theory.
|
Civil Liberty Through Complex Mathematics
|
|
|
kjj
Legendary
Offline
Activity: 1302
Merit: 1026
|
|
April 04, 2012, 05:10:23 AM |
|
grue, do you understand that the entire point of a smart card is that the private key never leaves the card? Basically, the POS terminal just sends the balance due to your card, which displays it for you. You then press the button to verify, and the card creates the transaction and signs it. No need to trust anything.
This is what I have proposed. If you'd like to discuss any flaws you see in what I have proposed, I'd love to hear them. This is exactly right. The card must sign the transaction itself, and it must do so only after showing the transaction to the user and getting confirmation. But the details are tricky.
|
17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8 I routinely ignore posters with paid advertising in their sigs. You should too.
|
|
|
Realpra
|
|
April 04, 2012, 08:16:07 AM |
|
but then the smart card will need an internal power source, which will definitely not fit in a card.
Timing mechanisms: 1. Capacitor: * Not a full power supply, could keep it running for those 30-90sec or at least enough for you to pull the card out. * Just before it runs out it unlocks the card. 2. Clock: * While the card has power from the terminal it counts chip cycles. * The time from giving PIN and pulling the card will only be half the necessary waiting time. * The other half will be counted down in the next terminal used at another merchant. * This adds maybe 10s of waiting time when you start to use your card. * This waiting can be mitigated by slotting in the card while the cashier is scanning your wares. I believe that solves things? BitCoinAndie: 1. I don't think new supercards are the way, at least right now - as it has been said we don't want to have to train people in new tech + they may be expensive hindering BTC market penetration. 2. For the paranoid super users it may be an option though - our protocol should just allow for communication with both types of card. 3. One-time codes are safe, but I don't think it is practical without super cards - which I again do not see as an option. Using Greece as an example, food and beverage distributors who can link into their regional supply chains (Europe) as well as local retail distribution would probably make a lot of sense [EDIT: As a third market]. I think I kinda mentioned it in my second market ("businessmen"), but yes definitely a good way to go. I think a "third generation" market would be something like my grandma using it. First market would be "converts" and BTC dependent business start-ups (run by converts).
|
|
|
|
grue
Legendary
Offline
Activity: 2058
Merit: 1434
|
|
April 04, 2012, 03:48:33 PM Last edit: April 04, 2012, 04:17:55 PM by grue |
|
grue, do you understand that the entire point of a smart card is that the private key never leaves the card?
and do you realize that my attack simply involves making a second transaction, which for all intents and purposes is identical to a normal transaction? until there's a way to prevent the attack, i don't see any point in discussing merchant adoption of an insecure system.
|
|
|
|
BitcoinAndie
Newbie
Offline
Activity: 46
Merit: 0
|
|
April 04, 2012, 04:07:36 PM |
|
BitCoinAndie: 1. I don't think new supercards are the way, at least right now - as it has been said we don't want to have to train people in new tech + they may be expensive hindering BTC market penetration.
Well, I may have been a bit hasty in writing that opinion. Since then I've taken a look at the vid that benjamindees has posted, and the technology is indeed impressive. If these cards and readers are adopted in the broader marketplace then repurposing them will indeed have been a great insight. The logic behind decisioning in this matter is simple. The S curves for the merchant and consumer adoption rates are not uniform. In this case we would be somewhat dependent upon merchant adoption rates as you'd want merchants in "closed" or "protected" markets to blend in with the "norm." More importantly, for distributed or open systems, it is far better to have a symbiotic relationship with the dominant design. I am a huge proponent of commensalism, (a class of relationship between two organisms where one organism benefits but the other is neutral-- with no ill effects or benefit) when designing alternative payment systems. Best practice would suggest that the next step is to get a sense of the reaction to this technology. Is MC going to push it across their installed base? Do the biggest card issuers see an advantage in adopting this new technology, and if so, will they push the cycle time (meaning faster than the normal replacement rate of the cards already in the hands of their customers) What are the odds makers predicting (Gartner Group, Sullivan and Frost, etc.) in terms of adoption rates? The above notwithstanding, I continue to believe that we must crack the code on mobile devices, as card usage will likely NEVER take root on most of this planet. Indeed, the average person throughout the Pacific Rim, Central and South America and Africa are already embracing "mobile banking." (The top 10 telcos are making a big push, Verizon is # 18 globally and the Gates Foundation has mounted a major offensive.) It can be difficult for most of us to appreciate just how large this market is (people not petro dollars) b/c we tend to travel the Epcot Center route when doing business within but particularly outside our western democracies. Of equally important consideration, since a good deal of the world's supply chains originate in these markets, overlooking them would be a fatal error over the long run. Using Greece as an example, food and beverage distributors who can link into their regional supply chains (Europe) as well as local retail distribution would probably make a lot of sense [EDIT: As a third market]. I think I kinda mentioned it in my second market ("businessmen"), but yes definitely a good way to go.
I think a "third generation" market would be something like my grandma using it.
Guess I misunderstood, and assumed that the "businesses" in your outline are elements of markets by "Geography." I'd suggest that we separate Businesses from Geographies, making "Grandma" 4th generation. Yes, there will be significant overlap between these two markets, (like a Rubix cube) however, both categories are sufficiently large and complex that breaking them into two will make them easier to understand and our work less prone to error. I would further argue that one tends to think of countries from the bottom up (conditions on the ground) and Industries regionally and ultimately Globally, or top down. Of course, all change resides in the individual and thus is local by definition. So designs derived in think tanks, no matter how diverse and multicultural, will be best customized and disseminated by actual users under their actual market conditions.
|
|
|
|
benjamindees
Legendary
Offline
Activity: 1330
Merit: 1000
|
|
April 04, 2012, 08:45:26 PM Last edit: April 05, 2012, 03:55:27 AM by benjamindees |
|
and do you realize that my attack simply involves making a second transaction, which for all intents and purposes is identical to a normal transaction? until there's a way to prevent the attack, i don't see any point in discussing merchant adoption of an insecure system.
grue, I understand that your attack has relevance to standard smart cards. How much relevance, I'm not sure, since those basically require you to trust the POS terminal regardless. But I want you to look again at the hardware I'm proposing be used, and to think about the process flow: - The terminal sends the transaction amount to the smart card.
- The transaction amount is displayed on the smart card.
- The user presses the button on the smart card to verify the amount.
- The smart card creates and signs the transaction.
There is no way to create multiple transactions without consent. There is no way to create transactions with the wrong amount without consent. No sensitive information is transferred to the terminal. All transactions are created on the card itself using Bitcoin keys that never leave the card.
|
Civil Liberty Through Complex Mathematics
|
|
|
|