Cryptography Reference
In-Depth Information
Note that it would be dangerous simply to encrypt the PIN directly during
this process, since the limited number of PINs will result in a limited number
of possible ciphertexts representing encrypted PINs. If the same key were to be
used to encrypt several PINs then an attacker could conduct a dictionary attack
that matched a ciphertext representing an unknown PIN against a 'dictionary'
of ciphertexts corresponding to known PINs. This threat is prevented by two
important mechanisms:
Use of a PIN block
. The PIN is never encrypted directly. Instead a
PIN block
is formed, one example of which consists of a 64-bit string containing
the PIN being XORed to a 64-bit string containing the
Personal Account
Number
(PAN) corresponding to the card. This means that two cards with
the same PIN will not be encrypted to the same ciphertext under the same
encryption key.
Session key encryption
. Further security is provided by ensuring that ATMs use
session keys, which are generated for a single PIN encryption event and then
destroyed.
CARD VERIFICATION VALUES
One major problem with magnetic stripe cards is that they are relatively easy to
clone. Early payment cards only included routine information such as the PAN
and expiry date on the magnetic stripe. Since this information is easily obtained
by a potential attacker (most of it is even displayed on the card itself, or can be
obtained from receipts), it was very easy for an attacker to forge such a card.
The problem was alleviated by the inclusion of a cryptographic value known
as the
Card Verification Value
(CVV) on the magnetic stripe (we adopt Visa
terminology here, while MasterCard uses the term
Card Validation Code
for the
same concept). The CVV consists of three digits that are extracted from a hex
ciphertext, which is computed by encrypting the routine card information using
a key known only to the issuer. The CVV is not displayed on the card and can
only be created and verified by the card issuer.
Of course the CVV can be obtained by an attacker who has read off all the
information contained on the magnetic stripe, for example, a rogue merchant.
Payment cards thus include a second CVV value, CVV2, which is a cryptographic
value computed in a similar (but slightly different) way to the CVV. The CVV2 is
displayed on the reverse of the payment card, but is not included in the magnetic
stripe. The CVV2 is primarily used as a simple check of the physical presence
of a card, particularly in transactions made over the telephone or online (see
Section 12.4.4).
PIN VERIFICATION VALUE
In order to improve availability, PCOs also provide a service which allows PINs
to be verified when the card issuer is unable to process PIN verification requests.
This is conducted using a
PIN Verification Value
(PVV), which is computed in
a similar way to the CVVs, except that the PIN itself forms part of the plaintext
