Breaking Legacy Banking Standards with Special-Purpose Hardware
In the field of eCommerce, online-banking is one of the major application requiring the usage of modern cryptography to protect the confidentiality and integrity of financial transactions between users and the banking system. In banking applications of some countries, the authorization of user transactions is performed with support of cryptographic One-Time-Password (OTP) tokens implementing ANSI X9.9-based challenge-response protocols.
The legacy ANSI X9.9 standard is a DES-based authentication method on which we will demonstrate an attack based on a special-purpose hardware cluster. In this work we show how to break such an OTP-token with little effort in terms of costs and time. With an investment of about US $ 10,000 we are able to perform an attack which computes the key of a DES-based OTP token in less than a week having only three challenge-response pairs. Our attack can even be scaled linearly according to the budget of the attacker resulting in even faster breaking times. With this work, we want to point out once more that the immediate migration from legacy products using the DES algorithm is absolutely mandatory for security critical applications.
KeywordsANSI X9.9 Banking Cryptanalysis Special-Purpose Hardware
Unable to display preview. Download preview PDF.
- 1.Accredited Standards Committee X3. American National Standard X3.92: Data Encryption Algorithm (DEA) (1981)Google Scholar
- 2.Accredited Standards Committee X9. American National Standard X9.9: Financial Institution Message Authentication (1994)Google Scholar
- 3.ActivIdentity. Token-based Identity Systems (OTP Tokens) (2007), http://www.activeidentity.com
- 4.Blaze, M., Diffie, W., Rivest, R.L., Schneier, B., Shimomura, T., Thompson, E., Wiener, M.: Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security: A Report by an Ad Hoc Group of Cryptographers and Computer Scientists. Technical report (January 1996), http://www.counterpane.com/keylength.html
- 7.Electronic Frontier Foundation. Cracking DES: Secrets of Encryption Research, Wiretap Politics & Chip Design. O’Reilly & Associates Inc. (July 1998)Google Scholar
- 8.International Organization for Standardization (ISO). ISO 8730/8731:1990 – Banking – Requirements for message authentication (1990)Google Scholar
- 9.International Organization for Standardization (ISO). ISO 16609:2004 – Banking – Requirements for message authentication using symmetric techniques (2004)Google Scholar
- 11.National Institute for Standards and Technology (NIST). FIPS PUB 113: Standard for computer data authentication (May 1985)Google Scholar
- 12.National Institute for Standards and Technology (NIST). FIPS PUB 46-2: Data Encryption Standard (DES) (1993)Google Scholar
- 13.National Institute for Standards and Technology (NIST). FIPS PUB 46-3: Data Encryption Standard (DES) and Triple DES (TDES) (1999)Google Scholar
- 14.National Institute for Standards and Technology (NIST). FIPS 197: Advanced Encryption Standard (AES) (2001)Google Scholar
- 15.National Institute of Standards and Technology. Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher (May 2004), http://csrc.nist.gov/publications/nistpubs/800-67/SP800-67.pdf
- 16.Preneel, B., Van Oorschot, P.C.: Key recovery attack on ANSI X9.19 retail MAC. In: Electronics Letters, vol. 32(17), pp. 1568–1569. IEEE, Dept. of Electr. Eng., Katholieke Univ, Leuven (1996)Google Scholar
- 17.Rouvroy, G., Standaert, F.-X., Quisquater, J.-J., Legat, J.-D.: Design Strategies and Modified Descriptions to Optimize Cipher FPGA Implementations: Fast and Compact Results for DES and Triple-DES. In: Cheung, Y.K.P., Constantinides, G.A. (eds.) FPL 2003. LNCS, vol. 2778, pp. 181–193. Springer, Heidelberg (2003)Google Scholar
- 18.RSA - The Security Division of EMC2. RSA SecurID (2007), http://www.rsa.com/
- 20.Verisign. Activcard tokens. Data Sheet, http://www.verisign.com.au/guide/activcard/ActivCard_Tokens.pdf
- 21.Wiener, M.J.: Efficient DES Key Search. In: Stallings, W.R. (ed.) Practical Cryptography for Data Internetworks, pp. 31–79. IEEE Computer Society Press, Los Alamitos (1996)Google Scholar
- 22.Wiener, M.J.: Efficient DES Key Search: An Update. CRYPTOBYTES 3(2), 6–8 (1997)Google Scholar