Chip and PIN

Nicholas Bohm ukcrypto at chiark.greenend.org.uk
Sat, 26 Jan 2008 11:22:57 +0000 

lists@notatla.org.uk wrote:
> Nicholas Bohm wrote:
> 
>> The banks have fielded a system that relies on shared secrets.  The fact
>> that the secret has been used in an ATM is evidence either that the
>> customer used it, or that an insider has purloined the secret from the
>> bank, or that a third party has intercepted it (shoulder-surfing, skimmers).
> 
>> In an era in which assymetric cryptography makes reliance on shared
>> secrets unnecessary, those who field systems that rely on shared secrets
>> should not be allowed to claim that use of the secret is proof of use by
>> the customer.  That would give them a decent incentive to deploy more
>> secure systems.  In the meantime some crooks would get away with fraud.
>>  But that seems to me better than leaving the banks and the Ombudsman
>> service to exercise a discretion about who they will believe and who
>> they will not without any disclosure of any convincing evidence.
> 
> I think that's not quite a fair assessment.  The PIN is shared between
> the customer's brain and (as I understand it) a pool of HSMs and also
> exposed to keyboards in various places of modest security.
> 
> Replacement with public key technology might require one of
>  - the customer to have incredible mental arithmetic
>  - using a key stored on the card; proving possession of the card and not much else
>  - replacing the card with a portable computer adequate in both power and security.
> 
> Mere existence of assymetric cryptography and making practical use of it with
> most of the population are two different things.  But I agree with the need to
> restore balance to the adjuducation process.

I accept of course that assymetric technology would have to be deployed
to make its benefits available; and it certainly seems to me that if it
is to be trustworthy for the customer, that would entail the development
of a portable device with adequate computational power and its own
facilities for entering and viewing data.  (This might amount to that
fabled entity, a secure signature creation device.)

Such a device would not be cheap to develop.  But if the banks bore the
fraud risk in the way I suggest they should, it might be worth their
while.  Otherwise I think it will never happen.

Nicholas
-- 
Salkyns, Great Canfield, Takeley,
Bishop's Stortford CM22 6SX, UK

Phone  01279 870285    (+44 1279 870285)
Mobile  07715 419728    (+44 7715 419728)

PGP public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF